Many different functions and options affect the security of your Dedicated server through WHM. Hackers and other criminals will always seek sensitive data or attempt to infect malware or ransomware on servers for their criminal purposes.
Basic server security helps to prevent this through firewall security, and limiting access to services and server features like DNS, FTP, web server, database server, email server, and ports. Terminal access using should also be limited so that only required personnel are permitted certain access levels.
It is also important that servers are kept up to date so with the latest patches or updates. Updates should be periodically checked and scheduled and backups should also be regular and properly saved offsite.
Other recommended security measures include periodic changes in passwords, required password strengths, 2-factor verification, removal of unused applications, and the review of personnel lists with access to the server.
If a server must be exposed to public access, then the event should be well planned with access kept to a minimum. Security measures used on the server should not be made public.
The following list is a set of the basic security options provided within WHM.
Password strength is a security option that allows you to set the default required password strength for passwords that are used to access different parts of your dedicated server. For information on how to use this option, please see How to Set the Password Strength in WHM. If you are curious about the effectiveness of using a secure password, please see Password Strength and Security.
Two Factor Authentication
Two-factor authentication allows you to set up a secure login to your dedicated server using a smartphone and authentication application. Two-factor authentication works by providing a password from the user and then a code generated by an authentication app on the smartphone. For example, once you enable two-factor authentication, you would then configure it to connect to the app on your phone.
WHM will provide a QR code that must be scanned by the application on the phone, which then generates a code that you must put into WHM. Once the code has been correctly added, the phone will be “synchronized” to the server.
The application generates a random code every thirty seconds. Login would require that you use your password and code provided by the authentication app on the smartphone. If you fail to add the code on the screen of your phone within thirty seconds, you would receive a new code and have to use the newly generated code. The code is 6 digits and easy to type in within that period of time.
For more information about using two-factor authentication, please see cPanel Two-Factor Authentication.
Two-factor authentication applications include:
These applications are time-based one-time password applications. To remove two-factor authentication, go to the Two-Factor Authentication option under the WHM Security Center, then click on Manage My Account tab, then click on Remove Two-Factor Authentication.
The Security Advisor is an excellent feature of cPanel in that it provides clear advice on actions you can take to make your server more secure. Each suggestion also provides links to give you a thorough explanation of each topic and suggestion. The screenshot at the right shows an example of the security advisor in action. Use the suggestions provided to guide your steps to make your server.
This section allows you to control the version you’re using for cPanel or WHM, Operating System, and Apache SpamAssassin. You can set the version, frequency, and location for updates to be loaded. Keeping your Dedicated Server updated is important because updates often include security updates or bug fixes that can affect the security of your website.
In the next guide, we’ll show you How to tell who is logged into your VPS or Dedicated server.
DDoS Protection 99.99% Uptime Software RAID New Customer Discounts