Security Best Practices

Last modified: January 5, 2021


This document describes some security best practices you can use to protect your cPanel & WHM users, files, and websites.

Server security is vital to keep your server, websites, and other data secured. Almost every day, entities who want to steal or use your information create new methods of attacks and hacks. For this reason, it is important to secure and update your servers constantly.

The following cPanel documentation includes information on how to secure your server:

You can’t protect your server from all security issues. However, preparing your server for attacks and knowing what to do in case hackers compromise your server is an important prevention measure.

Hackers compromised my server. Now, what?

After hackers compromise your website or cPanel account, start the recovery process. Use backups to restore your website or account back to a point before the compromise. This is a fast and easy method to return your properties back to normal.

Next, figure out how the attack or hack happened. Start with the point of entry.

The most common way that hackers attack websites is through insecure plugins, themes, or components that various content management system (CMS) software use. WordPress®, Joomla!®, and Drupal™ are some of the most commonly-used CMS software. CMS software is very secure and these companies issue security patches quickly when they find a compromise. However, the companies that create underlying plugins and themes for a CMS may not check for security implications or update them frequently.

The second most common attack method is via a secretly-installed trojan on a user’s main computer. Trojans steals passwords without the user’s knowledge. When that user logs in to their cPanel page or uploads changes via FTP, the Trojan sends their password to hackers. Then the hackers use it to gain access to that system.

What should I look for?

There are three main reasons hackers hack websites:

Hackers want to use the website to send out spam or phishing emails

Check your email filters and forwarders to see if anything was added that looks suspicious or you did not add yourself. Some hacks remove all email passwords and add a single user for sending out mass email.

Hackers want to gain access to your data, mailing lists, credit card information, and other unique information

Review the following to see if the hackers added anything malicious:

  • Your cron jobs list
  • Email users list
  • Passwords

Hackers want to access your website to make it download malicious software

Hackers will download malicious software onto your end users’ machines. Or they’ll want to install malicious software for use on your website. And hackers can do this without your users knowing that they compromised their systems. The malicious software can include additional backdoors that will allow hackers to regain access to the server. With a backdoor in place, hackers have the ability to run arbitrary code as the website’s user. This means that they can modify or delete any files owned by that user.

I don’t have backups. Is there any hope?

If you don’t have backups, then you will need to manually clean the website. This requires security experience and may be best handled by a security professional that can help you. The following websites provide more information:

Additional Documentation