How to Secure cPanel Service Daemons (cpsrvd) in WHM

Web Host Manager (WHM) grants access to powerful server functions that can affect all cPanel users. A root user may go between configuring ConfigServer Security & Firewall (CSF) rules, resetting a cPanel user password, backing up data, and ImunifyAV file scans in one session. This power, combined with the fact that cPanel is one of the most popular Linux server management applications, makes an enticing target for malicious users to learn how to hack cPanel websites and servers.

For websites, you can add security HTTP headers to your .htaccess file to protect viewers from malware and spyware if your server is infected. You can do the same in WHM to protect important cPanel service deamons (cpsrvd) for applications such as cPHulk, PHP-FPM, and ClamAV.

A daemon is a program that runs as a background process.

Below we cover how to protect cPanel from hackers with security HTTP headers:

  • Content Security Policy (CSP) can prevent cross-site scripting (XSS) attacks with cpsrvd by only allowing whitelisted sources to load and disallowing JavaScript from external sites
  • X-Frame-Options, with the SAMEORIGIN directive, forces the browser to only allow elements from your cPanel instance to be embedded within itself using the <frame>, <iframe> or <object> tags to prevent clickjacking attacks
  • X-Content-Type-Options, with the NOSNIFF directive, forces the browser to only use the indicated MIME type for files on the server to prevent MIME sniffing

Get more security and root access with our Managed VPS Hosting.

How to Secure cPanel with Content-Security-Policy (CSP)

  1. Log into WHM
  2. Select Tweak Settings
  3. Search for “header” and select On beside Enable Content-Security-Policy on some interfaces
  4. At the bottom, select Save
How to secure cPanel with security HTTP headers

How to Secure cPanel with X-Frame-Options and X-Content-Type-Options

  1. Log into WHM
  2. Select Tweak Settings
  3. Search for “header” and select On beside Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd
  4. At the bottom, select Save

Is cPanel secure? Audit your VPS with our article on how to harden Managed VPS Hosting.

Was this article helpful? Let us know!