How to harden and optimise whm/cpanel

Cpanel website provides some good tips to harden your server

After login to whm, go to configserver security & firewall and add your IP to the “allow ip” list.

https://documentation.cpanel.net/display/CKB/How+to+Prevent+Email+Abuse

WHM > Server Configuration > Tweak Settings, Mail -> Set Initial default/catch-all forwarder destination to false

https://documentation.cpanel.net/display/CKB/Tips+to+Make+Your+Server+More+Secure

go to security center -> security advisor and follows the advise from there.
-> Allow modsecurity and rebuilt apache.
-> Update password strength to something greater than 70
-> disable ssh password authentication
-> run security advisor and update as necessary

go to service configuration -> service manager and disables unused services like mailman.

if php is showing ini_set error, go to home -> service configuration -> php configuration editor and remove ini_set under safe_mode. might as well allow proc_open for composer. restart apache

If cannot access files after updating or transferring cpanel accts, try changing permission for all files. suphp means owner and group user must be acct user and all dir must be 755 and file 644.

find /home/user/public_html -type d -exec chmod 755 {} \;
find /home/user/public_html -type f -exec chmod 644 {} \;

To optimise php, use apc cache with fcgi

http://virtualhosts.dk/centos-6-with-cpanel-and-whm-using-litespeed-webserver-and-php-apc/step-6-install-php-apc-alternative-php-cache

or better still go for hhvm (but cpanel doesnt yet support this)

https://codeable.io/community/speed-up-wp-admin-redis-hhvm/

Like it.? Share it:

Comments are closed.