{"id":8926,"date":"2022-01-26T12:31:17","date_gmt":"2022-01-26T12:31:17","guid":{"rendered":"https:\/\/cpanelplesk.com\/wp62\/?p=8926"},"modified":"2022-02-01T13:38:23","modified_gmt":"2022-02-01T13:38:23","slug":"easy-68-steps-secure-harden-whm-cpanel-checklist","status":"publish","type":"post","link":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist","title":{"rendered":"Easy 68 step checklist to secure & harden your WHM\/cPanel server"},"content":{"rendered":"
I have written this checklist to secure your newly installed cPanel server. We will keep improving it over time, by adding in details for each point.
\nTo harden your cPanel server can be split into six areas.\n<\/div>\n

\nServer security overall (not very much related to cPanel)<\/p>\n

\nServer Check (13 steps)<\/a>
\nSSH\/Telnet Check (7 Steps)<\/a>
\nMail Check (4 Steps)<\/a>
\nApache Check (9 Steps)<\/a>
\nPHP Check (4 Steps)<\/a>
\nWHM Settings Check (32 Steps)<\/a>\n<\/div>\n
<\/div>\n
\n

Server Check (13 steps)<\/h3>\n
    \n
  1. Secure temp folder, Check \/tmp permissions<\/b>
    \n \/tmp should be chmod 1777\n <\/li>\n
  2. Check \/tmp ownership
    \n <\/b>\/tmp should be owned by root:root\n <\/li>\n
  3. Check the permission of tmp folder in \/var > \/var\/tmp
    \n <\/b>\/var\/tmp should be chmod 1777\n <\/li>\n
  4. Check the ownership of tmp folder in \/var > \/var\/tmp
    \n <\/b>\/var\/tmp should be owned by root:root\n <\/li>\n
  5. Check permission of \/tmp folder within \/user > \/usr\/tmp
    \n <\/b>\/usr\/tmp should be chmod 1777\n <\/li>\n
  6. Check ownership of tmp folder within user folder > \/usr\/tmp
    \n <\/b>\/usr\/tmp should be owned by root:root\n <\/li>\n
  7. Check for DNS random query source port
    \n <\/b>ISC recommends that you do not configure BIND to use a static query port. You should remove\/disable the
    \n query-source line that specifies port 53 from the named configuration files\n <\/li>\n
  8. Check nobody cron
    \n <\/b>Check for cron You have a nobody cron log file \u2013 you should check that this has not been created by an
    \n exploit.\n <\/li>\n
  9. Check Perl version
    \n <\/b>The version of Perl (v5.032000) is out of date, and you should upgrade it.\n <\/li>\n
  10. Check SUPERUSER accounts
    \n <\/b>You have accounts other than root set up with UID 0. This is a considerable security risk. You should use
    \n su, or best of all, sudo for such access\n <\/li>\n
  11. Check for dhclient
    \n <\/b>In a standard hosting environment, DHCP is no longer needed. Infect it hinders badly with cPanel standard
    \n hosting operations. In a shared hosting server, this setting poses a security risk. You should configure all
    \n network cards with static IPs.\n <\/li>\n
  12. Check for swap file
    \n <\/b>Swap files are necessary for any server, as it is used when RAM runs out. Do not have a swap file is a
    \n performance and stability risk. Make sure your server has a swap file configured, preferably a dedicated
    \n partition for it. How to create a swap file, we have written a tutorial for it. << link >>create
    \n a swap file on the existing partition for the Cpanel server\n <\/li>\n
  13. Check server services
    \n <\/b>The following services come with all cPanel servers by default but are not needed at all by almost all the
    \n shared hosting servers.
    \n Each service can usually be disabled using:
    \n \/bin\/systemctl stop [service]
    \n \/bin\/systemctl disable [service]\n <\/li>\n<\/ol>\n<\/div>\n
    <\/div>\n
    \n

    SSH\/Telnet Check (7 Steps)<\/h3>\n
      \n
    1. Check if SSHv1 is disabled<\/b>
      \n SSHv1 is long gone, make sure it is disabled from \/etc\/ssh\/sshd_config and setting:Protocol 2\n <\/li>\n
    2. Move SSH on a non-standard port (other than 22)<\/b>
      \n Almost all password brute force attacks are made on a standard ssh port. You should consider moving SSH
      \n to a non-standard port. If you are using a firewall, open your new port in the firewall to avoid locking
      \n yourself out. Here is in detail how to change your SSH port.\n <\/li>\n
    3. Check SSH PasswordAuthentication<\/b>
      \n This is recommended but could be hard to practice if you do not use a password manager. By using this
      \n option, chances to get nailed by a brute force attack reach zero. To do it, disable
      \n PasswordAuthentication and only allow access with PubkeyAuthentication\n <\/li>\n
    4. Check SSH UseDNS<\/b>
      \n You need to disable UseDNS by editing \/etc\/ssh\/sshd_config and setting: UseDNS no. With this enabled,
      \n lfd will be unable to track SSHD login failures, successfully as the log files will not report IP
      \n addresses\n <\/li>\n
    5. Disable telnet, make sure port 23 is not in use<\/b>
      \n Telnet is an insecure protocol, and it is not needed by most shared hosting servers. You should disable
      \n the telnet daemon if it is running.\n <\/li>\n
    6. Check shell limits\/ enable Shell Fork Bomb Protection<\/b>
      \n DOS exploits often can very easily take of server resources with shell access is not well configured.
      \n cPanel has given a very good way to mitigate such problems. Use WHM options to enable “Shell Fork Bomb
      \n Protection”\n <\/li>\n
    7. Enable Background Process Killer<\/b>
      \n Another good tool provided by cPanel, All options You should be enabled in WHM > “Background Process
      \n Killer”\n <\/li>\n<\/ol>\n<\/div>\n
      <\/div>\n
      \n

      Mail Check (4 Steps)<\/h3>\n
        \n
      1. Check root email forwarder<\/b>
        \n The root email must have a forwarder, so you, as the server admin, receive all critical server emails.\n <\/li>\n
      2. Exim for extended logging for tracking SPAM (log_selector)<\/b>
        \n If you want to track and catch spam, you must enable exim extend logging. to do that, in “Exim Configuration
        \n Manger” > “Advanced Editor” > log_selector add log_selector = +arguments +subject +received_recipients\n <\/li>\n
      3. Check weak SSL\/TLS Ciphers in exim config (tls_require_ciphers)<\/b>
        \n Cipher list
        \n [ECDHE-ECDSA-AES128-GCM-SHA256
        \n ECDHE-RSA-AES128-GCM-SHA256
        \n ECDHE-ECDSA-AES256-GCM-SHA384
        \n ECDHE-RSA-AES256-GCM-SHA384
        \n ECDHE-ECDSA-CHACHA20-POLY1305
        \n ECDHE-RSA-CHACHA20-POLY1305
        \n DHE-RSA-AES128-GCM-SHA256
        \n DHE-RSA-AES256-GCM-SHA384]
        \n Due to weaknesses in the SSLv2 cipher, you should disable WHM > Exim Configuration Manager > Allow
        \n weak SSL\/TLS ciphers to be used, and also ensure tls_require_ciphers in \/etc\/exim.conf does not allow SSLv2
        \n as OpenSSL currently shows that it does\n <\/li>\n
      4. Check exim for secure authentication<\/b>
        \n You should require clients to connect with SSL or issue the STARTTLS command before they are allowed to
        \n authenticate with the server otherwise, passwords may be sent in plain text in WHM > Exim Configuration
        \n Manager Check dovecot weak SSL\/TLS Ciphers (ssl_cipher_list)<\/p>\n

        Cipher list <\/p>\n

        [ ECDHE-ECDSA-AES128-GCM-SHA256
        \n ECDHE-RSA-AES128-GCM-SHA256
        \n ECDHE-ECDSA-AES256-GCM-SHA384
        \n ECDHE-RSA-AES256-GCM-SHA384
        \n ECDHE-ECDSA-CHACHA20-POLY1305
        \n ECDHE-RSA-CHACHA20-POLY1305
        \n DHE-RSA-AES128-GCM-SHA256
        \n DHE-RSA-AES256-GCM-SHA384 ].
        \n Due to weaknesses in the SSLv2 cipher, you should disable SSLv2 in WHM > Mailserver Configuration >
        \n SSL Cipher List > Remove +SSLv2 or Add -SSLv2\n <\/li>\n<\/ol>\n<\/div>\n

        <\/div>\n
        \n

        Apache Check (9 Steps)<\/h3>\n
          \n
        1. Check apache version<\/b>
          \n The minimum apache version you should be using is v2.2*, which is the minimum recommended by the apache
          \n organization.\n <\/li>\n
        2. Check Apache for ModSecurity<\/b>
          \n If you are running a shared hosting server, ModSecurity is a must-have. If you have not compiled Apache with
          \n it, recompile it with the ModSecurity option. It prevents the exploitation of vulnerable web scripts.\n <\/li>\n
        3. Check Apache for mod_cloudflare\u00a0<\/b>
          \n This module logs the real user’s IP address to Apache. A must-have as more and more users are moving to
          \n Cloudflare.\n <\/li>\n
        4. Check Apache for FrontPage\u00a0<\/b>
          \n Microsoft Frontpage Extensions were EOL in 2006, and there is no support for bugs or security issues. It is
          \n a huge security risk, and nobody uses it nowadays.\n <\/li>\n
        5. Check Apache weak SSL\/TLS Ciphers (SSLCipherSuite)\u00a0<\/b>
          \n Cipher list
          \n [ ECDHE-ECDSA-AES128-GCM-SHA256
          \n ECDHE-RSA-AES128-GCM-SHA256
          \n ECDHE-ECDSA-AES256-GCM-SHA384
          \n ECDHE-RSA-AES256-GCM-SHA384
          \n ECDHE-ECDSA-CHACHA20-POLY1305
          \n ECDHE-RSA-CHACHA20-POLY1305
          \n DHE-RSA-AES128-GCM-SHA256
          \n DHE-RSA-AES256-GCM-SHA384
          \n TLS_AES_256_GCM_SHA384
          \n TLS_CHACHA20_POLY1305_SHA256
          \n TLS_AES_128_GCM_SHA256 ].\u00a0
          \n Due to known and well-exploited weaknesses in the SSLv2 cipher, you as a server admin should avoid using it. to do that disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > and then Add -SSLv2 to SSLCipherSuite and\/or remove +SSLv2.\u00a0After it, you need to save and rebuild the configuration and then restart Apache.\n <\/li>\n
        6. Disable Apache for TraceEnable\u00a0<\/b>
          \n You should disable TraceEnable in:<\/p>\n

          WHM > Apache Configuration > Global Configuration > Trace Enable > Off
          \n Again to make these changes take effect, click rebuild apache configuration and then restart it. As any changes made to httpd.conf will not take effect with doing this.<\/p>\n<\/li>\n

        7. Disable apache ServerSignature\u00a0<\/b>
          \n You should set apache ServerSignature to Off in:<\/p>\n

          WHM > Apache Configuration > Global Configuration > Server Signature > Off
          \n As usual, save, rebuild configuration, and restart Apache.<\/p>\n<\/li>\n

        8. Set Apache for ServerTokens appropriately\u00a0<\/b>
          \n Set Apache ServerTokens to ProductOnly, to do that:<\/p>\n

          WHM > Apache Configuration > Global Configuration > Server Tokens > Product Only.
          \n Save, rebuild configuration, and restart Apache.<\/p>\n<\/li>\n

        9. Check Apache for FileETag\u00a0<\/b>
          \n FileETag should always be set to None for shared hosting servers. to do that
          \n WHM > Apache Configuration > Global Configuration > File ETag > None. and then save, rebuild configuration and restart apache.\n <\/li>\n<\/ol>\n<\/div>\n
          <\/div>\n
          \n

          PHP Check (4 Steps)<\/h3>\n
            \n
          1. Check PHP version<\/b>
            \n Any version of PHP older than v7.2.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v7.3+:\n <\/li>\n
          2. Check php for enable_dl or disabled dl()<\/b>
            \n To prevent your users from loading PHP modules that would affect all other users, you need to set:
            \n enable_dl = Off<\/p>\n

            All necessary dynamic libraries should be loaded directly in the PHP configuration.\n <\/li>\n

          3. Disable dangerous PHP functions<\/b>
            \n There are PHP functions that are rarely used by the common application, wordpress, Joomla, Moodle, etc., but often exploited by hackers. The most common of these functions are as listed below. Disable them in php.ini file
            \n disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open\n <\/li>\n
          4. Check PHP for register_globals<\/b>
            \n You should set:register_globals = Off
            \n It is not needed nowadays and should only be enabled until it is absolutely necessary. It is such a significant security risk that it should be evaluated carefully against benefits.\n <\/li>\n<\/ol>\n<\/div>\n
            <\/div>\n
            \n

            WHM Settings Check (32 Steps)<\/h3>\n
              \n
            1. Check cPanel login is SSL only (Must have)<\/b>
              \n In tweak settings, choose the option
              \n WHM > Tweak Settings > “Choose the closest matched domain for which the system has a valid certificate when redirecting from non-SSL to SSL URLs”\n <\/li>\n
            2. Check boxtrapper is disabled<\/b>
              \n Boxtrapper is a good feature, and in the past, it has been used very well, but with the emergence of new spam avoiding techniques, it is no longer relevant. It can lead to your server being listed in common RBLs. The ultimate effect of it can be an increase in overall spam load instead of decreasing it. In my opinion, it will soon be removed from future WHM\/cPanel versions. You should disable it without a thought.
              \n to do that, in WHM > Tweak Settings > BoxTrapper Spam Trap\n <\/li>\n
            3. Disable GreyListing <\/b>
              \n Gray listing will delay necessary emails to be delayed for hours, at least when your server receives from a certain domain\/ server for the first time. This results in increased support load and often leads to lost legitimate emails.
              \n Other than the above problems, it also, at times, cause problems with “password verification” systems.\n <\/li>\n
            4. Check if popbeforesmtp is disabled<\/b>
              \n Many server admins will not agree to it, as if enabled, it offers smooth email connections for outlook users of all versions. For other admins and for me too, using “pop before SMTP” is a security risk. SMTP AUTH option should be used in lieu of it.
              \n You should disable it in WHM > Tweak Settings > “Allow users to relay mail if they use an IP address through which someone has validated an IMAP or POP3 login”\n <\/li>\n
            5. Check max emails per hour is set<\/b>
              \n This is the ultimate solution to not get your IPs listed in RBLs. By limiting maximum emails a Cpanel account can send in one hour, you certainly limit the damage by potential spammers on the server,
              \n To set a value, goto WHM > Tweak Settings > Max hourly emails per domain\n <\/li>\n
            6. Check Reset Password for cPanel accounts<\/b>
              \n I believe this cannot be implemented for a shared environment, as end-users will need it. But with some users who cannot protect their accounts, this poses a potential security risk and should be disabled unless necessary in
              \n WHM > Tweak Settings > Reset Password for cPanel accounts.\n <\/li>\n
            7. Check Reset Password for Subaccounts<\/b>
              \n This poses a potential security risk and should be disabled unless necessary in WHM > Tweak Settings > Reset Password for Subaccounts.\n <\/li>\n
            8. Check compilers<\/b>
              \n Compilers are a known security risk since the early days of cPanel; You should disable compilers WHM > Security Center > Compilers Access\n <\/li>\n
            9. Check to allow remote domains<\/b>
              \n Users can park domains that resolve to other servers on this server. Only domains that resolve to your server should be parked.
              \n This can be disabled in WHM > Tweak Settings > Allow Remote Domain\n <\/li>\n
            10. Check block common domains<\/b>
              \n Users can park common domain names on this server. This can easily aid in phishing attacks.
              \n Disable it in WHM > Tweak Settings > Prevent cPanel users from creating specific domains\n <\/li>\n
            11. Check allow park domains<\/b>
              \n Users can park\/addon domains that belong to other users on this server. Again there is no practical use of this functionality for server admins who manage shared servers.
              \n Disable this option in
              \n WHM > Tweak Settings > “Allow cPanel users to create subdomains across accounts”\n <\/li>\n
            12. Check proxy subdomains<\/b>
              \n This option can mask a user’s real IP address and hinder security. You should disable
              \n WHM > Tweak Settings > Service subdomains\n <\/li>\n
            13. Check cPAddons update email to resellers<\/b>
              \n You should have cPAddons email users if cPAddon installations require updating WHM > Tweak Settings > “Notify reseller of cPAddons Site Software installations”\n <\/li>\n
            14. Check cPAddons update email to root<\/b>
              \n You should have cPAddons email root if cPAddon installations require updating WHM > Tweak Settings > Notify root of cPAddons Site Software installations\n <\/li>\n
            15. Check cPanel tree<\/b>
              \n Running EDGE\/BETA on a production server could lead to server instability. Only run stable cPanel releases\n <\/li>\n
            16. Check accounts that can access a cPanel user<\/b>
              \n You should consider setting this option to “user” after use. WHM > Tweak Settings > Accounts that can access a cPanel user account.\n <\/li>\n
            17. Check cPanel passwords in email<\/b>
              \n You should not send passwords out in plain text emails. You should disable WHM > Tweak Settings > Send passwords when creating a new account\n <\/li>\n
            18. Check core dumps<\/b>
              \n You should disable WHM > Tweak Settings > Allow WHM\/Webmail\/cPanel services to create core dumps for debugging purposes\n <\/li>\n
            19. Check Cookie IP Validation<\/b>
              \n You should enable strict Cookie IP validation in WHM > Tweak Settings > Cookie IP validation\n <\/li>\n
            20. Check MD5 passwords with Apache<\/b>
              \n You should enable WHM > Tweak Settings > Use MD5 passwords with Apache\n <\/li>\n
            21. Check Referrer Blank Security<\/b>
              \n Blank referrer security check must be enabled to enable it go to
              \n WHM > Tweak Settings > Blank referrer safety check\n <\/li>\n
            22. Check Referrer Security<\/b>
              \n Again like blank referrer security, it is a must-have.
              \n Enable it in WHM > Tweak Settings > Referrer safety check\n <\/li>\n
            23. Check HTTP Authentication<\/b>
              \n You should disable skiphttpauth in \/var\/cpanel\/cpanel.config\n <\/li>\n
            24. Check Parent Security<\/b>
              \n There is no need to allow other applications to run cPanel binaries unless you are doing some custom cPanel stuff for auto-deployment within your own applications.
              \n You should disable
              \n WHM > Tweak Settings > Allow other applications to run the cPanel and admin binaries\n <\/li>\n
            25. Check Domain Lookup Security<\/b>
              \n You should disable WHM > Tweak Settings > cpsrvd username domain lookup\n <\/li>\n
            26. Check Password ENV variable<\/b>
              \n You should enable WHM > Tweak Settings > Hide login password from cgi scripts\n <\/li>\n
            27. Check SMTP Restrictions<\/b>
              \n You should enable WHM > Security Center > SMTP Restrictions. If you are using CSF firewall, then it can be disabled safely as it is replaced with csf configuration option SMTP_BLOCK instead\n <\/li>\n
            28. Check AppConfig Required<\/b>
              \n You should disable WHM > Tweak Settings > “Allow apps that have not registered with AppConfig to be run when logged in as a reseller in WHM”\n <\/li>\n
            29. Check AppConfig as root<\/b>
              \n You should disable WHM > Tweak Settings > “Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the “all” ACL in WHM”\n <\/li>\n
            30. Check AppConfig ACLs<\/b>
              \n You should disable WHM > Tweak Settings > “Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the “all” ACL in WHM”\n <\/li>\n
            31. Check AppConfig Feature List<\/b>
              \n You should disable WHM > Tweak Settings > “Allow cPanel and Webmail apps registered with AppConfig to be executed even if a Required Features list has not been defined”\n <\/li>\n
            32. Check Security Tokens<\/b>
              \n Security Tokens should not be disabled as, without them, the security of WHM\/cPanel is compromised. The setting disable-security-tokens=0 should be set in \/var\/cpanel\/cpanel.config\n <\/li>\n<\/ol>\n<\/div>\n
              <\/div>\n","protected":false},"excerpt":{"rendered":"

              I have written this checklist to secure your newly installed cPanel server. We will keep improving it over time, by adding in details for each point. To harden your cPanel server can be split into six areas. Server security overall (not very much related to cPanel) Server Check (13 steps) SSH\/Telnet Check (7 Steps) Mail […]<\/p>\n

              Continue Reading…<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8926","post","type-post","status-publish","format-standard","hentry","category-cpanel"],"yoast_head":"\nEasy 68 step checklist to secure & harden your WHM\/cPanel server - cPanel Plesk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Easy 68 step checklist to secure & harden your WHM\/cPanel server - cPanel Plesk\" \/>\n<meta name=\"twitter:description\" content=\"I have written this checklist to secure your newly installed cPanel server. We will keep improving it over time, by adding in details for each point. To harden your cPanel server can be split into six areas. Server security overall (not very much related to cPanel) Server Check (13 steps) SSH\/Telnet Check (7 Steps) Mail [...]Continue Reading...\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Farooq Omer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/\"},\"author\":{\"name\":\"Farooq Omer\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\"},\"headline\":\"Easy 68 step checklist to secure & harden your WHM\/cPanel server\",\"datePublished\":\"2022-01-26T12:31:17+00:00\",\"dateModified\":\"2022-02-01T13:38:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/\"},\"wordCount\":2536,\"publisher\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\"},\"articleSection\":[\"Cpanel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/\",\"url\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/\",\"name\":\"Easy 68 step checklist to secure & harden your WHM\/cPanel server - cPanel Plesk\",\"isPartOf\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#website\"},\"datePublished\":\"2022-01-26T12:31:17+00:00\",\"dateModified\":\"2022-02-01T13:38:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cpanelplesk.com\/wp62\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Easy 68 step checklist to secure & harden your WHM\/cPanel server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#website\",\"url\":\"https:\/\/cpanelplesk.com\/wp62\/\",\"name\":\"cPanel Plesk\",\"description\":\"Blog on famous hosting control panels\",\"publisher\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cpanelplesk.com\/wp62\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13\",\"name\":\"Farooq Omer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png\",\"contentUrl\":\"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png\",\"width\":300,\"height\":44,\"caption\":\"Farooq Omer\"},\"logo\":{\"@id\":\"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/\"},\"url\":\"https:\/\/cpanelplesk.com\/wp62\/author\/fokado\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Easy 68 step checklist to secure & harden your WHM\/cPanel server - cPanel Plesk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/","twitter_card":"summary_large_image","twitter_title":"Easy 68 step checklist to secure & harden your WHM\/cPanel server - cPanel Plesk","twitter_description":"I have written this checklist to secure your newly installed cPanel server. We will keep improving it over time, by adding in details for each point. To harden your cPanel server can be split into six areas. Server security overall (not very much related to cPanel) Server Check (13 steps) SSH\/Telnet Check (7 Steps) Mail [...]Continue Reading...","twitter_misc":{"Written by":"Farooq Omer","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/#article","isPartOf":{"@id":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/"},"author":{"name":"Farooq Omer","@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13"},"headline":"Easy 68 step checklist to secure & harden your WHM\/cPanel server","datePublished":"2022-01-26T12:31:17+00:00","dateModified":"2022-02-01T13:38:23+00:00","mainEntityOfPage":{"@id":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/"},"wordCount":2536,"publisher":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13"},"articleSection":["Cpanel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/","url":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/","name":"Easy 68 step checklist to secure & harden your WHM\/cPanel server - cPanel Plesk","isPartOf":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#website"},"datePublished":"2022-01-26T12:31:17+00:00","dateModified":"2022-02-01T13:38:23+00:00","breadcrumb":{"@id":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cpanelplesk.com\/wp62\/easy-68-steps-secure-harden-whm-cpanel-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cpanelplesk.com\/wp62\/"},{"@type":"ListItem","position":2,"name":"Easy 68 step checklist to secure & harden your WHM\/cPanel server"}]},{"@type":"WebSite","@id":"https:\/\/cpanelplesk.com\/wp62\/#website","url":"https:\/\/cpanelplesk.com\/wp62\/","name":"cPanel Plesk","description":"Blog on famous hosting control panels","publisher":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cpanelplesk.com\/wp62\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/c78ae1cf9451a09592fb9697d69c0c13","name":"Farooq Omer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/","url":"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png","contentUrl":"https:\/\/cpanelplesk.com\/wp62\/wp-content\/uploads\/2020\/11\/cpanelplesk.png","width":300,"height":44,"caption":"Farooq Omer"},"logo":{"@id":"https:\/\/cpanelplesk.com\/wp62\/#\/schema\/person\/image\/"},"url":"https:\/\/cpanelplesk.com\/wp62\/author\/fokado\/"}]}},"_links":{"self":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts\/8926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/comments?post=8926"}],"version-history":[{"count":0,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/posts\/8926\/revisions"}],"wp:attachment":[{"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/media?parent=8926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/categories?post=8926"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cpanelplesk.com\/wp62\/wp-json\/wp\/v2\/tags?post=8926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}