WebHost Manager (WHM) includes many tools to help you secure your cPanel server. Steps such as limiting logins by IP address, enabling two-factor authentication (TFA), and setting password strength and age limits can greatly increase the security of your server. In this guide, we will show you how to configure the security policies of your VPS or dedicated server.
Configure Security Policies
- Log into WHM as the ‘root‘ user.
- Type ‘policies’ in the search field.
- Click the Configure Security Policies link under the Security Center section.
- You can then enable “Security Policy Items”. Choose from the following options:
Limit logins to verified IP addresses Two-Factor Authentication: Google Authenticator Password Strength (selecting this will direct you to the Password Strength Configuration page) Password Age (selecting this will allow you to enter a Maximum Password Age)
- There is also a section where you can set Security Policy Extensions, but cPanel warns “do not enable these extensions unless you have an in-depth understanding of your remote API usage and DNS cluster configuration.” If you still want to adjust the settings you can enable security policies for the following:
API requests DNS Cluster Requests
- After choosing your security policy settings click the Save button. You are finished when you see a message stating “Security Policies Configured.”
Congratulations, now you know how to configure security policies in WHM! Test your security posture with the Security Advisor for more ways to secure your server.
Learn more about cPanel security with our Managed VPS Hosting Product Guide.