In this article:
Every installed application affects your server security posture. For VPS and Dedicated Hosting customers, this includes pre-installed Softaculous installations. On Shared hosting accounts that responsibility is transferred to us as we accommodate different types of customers.
VPS and Dedicated Hosting users with root access have access to harden their security by disabling content management system (CMS) and other software scripts. You can also remove pre-installed data for those scripts that aren’t likely to be used or haven’t been updated in months or years.
As one the more important security-related features of Softaculous administration via WebHost Manager (WHM), we recommend you make time to clean up unneeded scripts to prevent a cPanel user from installing potentially insecure software as possible.
Below we cover how to disable and remove Softaculous scripts.
Disable Softaculous Scripts
- Log in to WHM as Root.
- Click Softaculous – Instant Installs.
- Under Software, click General Scripts.
- Click the checkbox above Outdated (third and last on the right) to disable all outdated scripts.
- To remove pre-installed data for a script, deselect the second checkbox to the right of the script.
- Click Update Settings at the top or bottom of the page.
Disable Custom Scripts
Any scripts uploaded by your hosting provider instead of Softaculous directly will be listed here. For example, we installed BoldGrid with the description “BoldGrid is the easy way to WordPress.”
- Under Software, click Custom Scripts.
- Click the red X to the right of the custom script.
- Click OK in the pop-up box to remove the custom script.
After you remove unneeded scripts, think about whether it would be helpful to enable Softaculous backups for cPanel accounts. Scheduled cPanel backups via WHM are great for root users. But users don’t always use cPanel Backup regularly and before making major website changes. Softaculous backups are another way to enable end-users to manage their own disasters.