Cpanel website provides some good tips to harden your server
After login to whm, go to configserver security & firewall and add your IP to the “allow ip” list.
https://documentation.cpanel.net/display/CKB/How+to+Prevent+Email+Abuse
WHM > Server Configuration > Tweak Settings, Mail -> Set Initial default/catch-all forwarder destination to false
https://documentation.cpanel.net/display/CKB/Tips+to+Make+Your+Server+More+Secure
go to security center -> security advisor and follows the advise from there.
-> Allow modsecurity and rebuilt apache.
-> Update password strength to something greater than 70
-> disable ssh password authentication
-> run security advisor and update as necessary
go to service configuration -> service manager and disables unused services like mailman.
if php is showing ini_set error, go to home -> service configuration -> php configuration editor and remove ini_set under safe_mode. might as well allow proc_open for composer. restart apache
If cannot access files after updating or transferring cpanel accts, try changing permission for all files. suphp means owner and group user must be acct user and all dir must be 755 and file 644.
find /home/user/public_html -type d -exec chmod 755 {} \;
find /home/user/public_html -type f -exec chmod 644 {} \;
To optimise php, use apc cache with fcgi
http://virtualhosts.dk/centos-6-with-cpanel-and-whm-using-litespeed-webserver-and-php-apc/step-6-install-php-apc-alternative-php-cache
or better still go for hhvm (but cpanel doesnt yet support this)
https://codeable.io/community/speed-up-wp-admin-redis-hhvm/