If you have a cPanel to manage things, in that case, your cPanel is like the control room of your website. If the hackers get access to it, they can mess with your files, emails, databases, basically, everything.
That’s why securing your cPanel is crucial!
Securing cPanel isn’t rocket science. You can take simple, smart steps to secure your system and keep hackers out.
In this guide, we will walk you through 11 simple yet powerful steps to secure your cPanel account, step by step, with clear explanations and beginner-friendly language.
Also Read: How to Access the cPanel Database Remotely?
Tips to Secure cPanel From Hacking
- Use a Strong, Unique Password in cPanel
- Enable Two-Factor Authentication (2FA)
- Set Correct File and Directory Permissions
- Remove Unused Applications and Files
- Keep Your CMS Up to Date
- Monitor Access Logs
- Scan for Malware
- Disable Directory Indexing
- Restrict FTP and SSH Access
- Take a Backup Regularly or Occasionally
- Always Use SSL (HTTPS)
1. Use a Strong, Unique Password in cPanel
Let’s be honest, ‘Admin@123’ or ‘yourname123’ isn’t fooling anyone, especially not hackers.
To secure your cPanel, you need a super strong password! It is the key to your entire website, and you don’t want that key to be lying around in plain sight. Hackers use tools that can guess weak passwords in seconds. So if your password is anything close to easy, you’re handing them the keys.
You need to choose a strong password that includes:
- Uppercase + lowercase letters (A–Z, a–z)
- Numbers (0–9)
- Special characters (!, @, $, etc).
| ★ Pro Tip: Use a password manager like LastPass or Bitwarden to generate and store a solid password you don’t have to memorize. |
Also Read: How to Change Your Password in cPanel?
2. Enable Two-Factor Authentication (2FA
We hope that you took the first step by keeping your Password strong to keep your cPanel secure, as mentioned above. Now, your strong password is the main lock on your door. But what if someone manages to get a copy of the key? That’s where the second lock comes in: Two-Factor Authentication (2FA).
In simple words: ‘Even if you know my password, you still need a special code from my phone to get in!’
Here’s how to set it up (Super easy steps!):
➔ Log in to your cPanel.
➔ You have to scroll down to the ‘Security’ section and click ‘Two-Factor Authentiction.’
➔ There, you need to click on ‘Set Up Two-Factor Authentication.
➔ Scan the QR code using your phone’s Google Authenticator or Authy app.
➔ Enter the 6-digit code the app gives you, and done!
Now, every time you log in, you will require:
➔ Your password
➔ A unique code from your phone
Now, even if someone guesses your password, they can’t log in without your phone!
Also Read: How to Change MySQL Database User Password From cPanel?
3. Set Correct File and Directory Permissions
Your website files and folders are like rooms in your house. In a house, you would not leave all your doors and windows wide open, right?
This same goes for your files as well! If the permissions are too loose, anyone (including hackers) can walk right in and mess things up.
By setting up correct permissions, you can secure your cPanel from hacking
➢ What Are the Safe Permission Numbers?
➔ Files → Set to 644 – Only you can edit, others can only view.
➔ Folders → Set to 755 – You can open and manage them; others can only view the contents.
How to Set up Directory Permissions in cPanel:
➔Log in to your cPanel and open ‘File Manager’ under the ‘Files’ section.
➔ You have to right-click on any file or folder & click ‘Change Permissions.’
➔ You need to use the checkboxes or set the number manually (644 for files, 755 for folders).
➔ Once it sets, click ‘Change Permissions.’
Also Read: How to Increase the PHP Memory Limit in cPanel?
4. Remove Unused Applications and Files
Sometimes you install a theme to try it out, or a backup from last year that you thought you might need.
If that is not required now, those need to go to secure your cPanel!
This is because hackers often target outdated systems. They usually have security holes that are easy to exploit.
Here’s how you can remove unused applications & files:
➔ Log in to cPanel and open the ‘File Manager.’
➔ Browse through your folders, especially ‘public_html’ and ‘tmp.’
➔ Delete anything you don’t need, such as old themes, plugins, test files, or backups.
To delete any Apps, you need to:
➔ Go to ‘Softaculous Apps Installer’ in cPanel.
➔ You have to check if any apps are installed but not in use, and remove them.
5. Keep Your CMS Up to Date
You need to remember that an updated website is a happy (and secure) website!
If you are using WordPress, Joomla, or any other CMS, you need to think of it like your smartphone. Just like you receive regular updates to fix bugs and improve security, your CMS also needs updates to keep your cPanel secure.
Why does it matter?
Hackers love outdated websites because old versions often have known vulnerabilities or security loopholes!
What should you do?
- Log in to your WordPress dashboard (or whichever CMS you use).
- In the Dashboard, go to Updates.
- Hit ‘Update Now’ for WordPress, themes, and plugins.
If you don’t need any themes or plugins, you have to delete them!
| ★ Bonus Tip: Turn on auto-updates so you don’t miss any future security patches. |
Also Read: How to Reset A WordPress From cPanel?
6. Monitor Access Logs
Another important step to securing your cPanel is to access the logs. It helps you track all activity on your website. They show who accessed your site, the time of access, the pages visited, and any errors that occurred.
It is essential to regularly monitor these logs to identify unusual or unauthorized access attempts and detect any suspicious activity.
How you can monitor access logs in cPanel:
➔ Scroll to the ‘Metrics’ section in cPanel.
➔ In that, you need to click on ‘Raw Access.’
➔ From there, you can download the log file to your device.
By opening the file, you can review details like IP addresses, timestamps, and accessed URLs.
You have to regularly review these logs to identify potential threats early and take necessary actions, such as updating passwords or blocking suspicious IP addresses.
Also Read: How to View the Error Log in cPanel
7. Scan for Malware
We all know how Malware can be harmful to your website. It secretly enters your website and causes problems such as disrupting the site’s operation, stealing data, or even getting your site blacklisted.
That’s why it’s required to scan your cPanel account regularly to check if there is anything suspicious.
How to Scan?
You can utilize the ImunifyAV for scanning your files over cPanel. It will review all the files & report if it finds anything suspicious.
Also Read: How to Enable or Disable PHP Error Logging in cPanel?
8. Disable Directory Indexing
Do you know that directory indexing lets people view a list of files in your website folders if there’s no index file present?
This can expose your sensitive files and make your site fully vulnerable!
How can you Disable Directory Indexing in cPanel?
➔ Open ‘File Manager’ in cPanel.
➔ You have to click ‘Settings’ (top-right).
➔ There, you have to enable ‘Show Hidden Files.’
➔ You need to open the .htaccess file in your website’s root folder.
Add this line at the end:
| Options -Indexes |
➔ After adding, just click ‘Save.’
Once done, visitors will no longer see a file list when accessing a folder directly. They will see a ‘403 Forbidden’ error. It’s a simple but important step to keep your files hidden and secure!
Also Read: How to Find the Missing htaccess File?
9. Restrict FTP and SSH Access
FTP (File Transfer Protocol) and SSH (Secure Shell) are powerful tools that allow direct access to your website’s files and server. It is essential to keep it restricted, as leaving it unrestricted can create an easy entry point for hackers.
Other Reasons for Restricting FTP and SSH Access?
- These services provide access to core files and configurations.
- Unrestricted access increases the risk of brute-force attacks or unauthorized intrusions.
- Not all users need full or any access. Limiting it reduces potential attack surfaces.
Here’s what you can do to secure your cPanel website:
➢ Create separate FTP accounts for your team instead of sharing a single account.
➔ Once done, visitors will no longer see a file list when accessing a folder directly. They will see a ‘403 Forbidden’ error. It’s a simple but important step to keep your files hidden and secure!
➢ Disable SSH access unless you really need it.
➔ SSH gives full control over your server, so if you don’t know what it does, you probably don’t need it. You can usually disable it from your hosting panel or ask your hosting provider to do it for you.
| ★ Pro Tip: Always use SFTP instead of regular FTP—it’s the secure version and encrypts your data during file transfers. |
Also Read: What is FTP & How to Create an FTP Account In cPanel?
10. Take a Backup Regularly or Occasionally
Backups are your insurance! No matter how secure your site is, things can go wrong; maybe due to a mistake, update error, or unexpected issue.
Having a backup means you can restore everything to its original state, without stress or panic. So, make it a habit to take backups regularly and stay worry-free!
How to Take a Backup in cPanel:
➔ In cPanel, go to ‘Files’ & click on ‘Backup.’
➔ There, you have to click ‘Download a Full Account Backup’ or ‘Partial Backup.’
For backup, you can also use tools like JetBackup (if available) for scheduled backups.
Also Read: Backup & Restore MySQL Database with PhpMyAdmin via cPanel
11. Always Use SSL (HTTPS)
You have to think of SSL as a safety shield for your website. It locks the connection between your website and your visitors, so no one can snoop around or steal information.
You can enable SSL easily from your cPanel using AutoSSL or get it from your hosting provider. Once it’s active, make sure your site always loads with HTTPS instead of just HTTP.
Completely simple and secure!
Conclusion
Securing your cPanel is not a one-time task, but a continuous process. You must start with the basics, such as maintaining strong passwords and two-factor authentication (2FA), and gradually progress to more advanced practices, including log monitoring and permission control.
By following these 11 practical steps, you will be far ahead in protecting your website from potential threats!
Frequently Asked Questions
1. Can a cPanel be hacked?
Yes, cPanel can be hacked if it’s not secured properly. However, you can reduce the risk by using a strong password, enabling two-factor authentication, and keeping all software and operating systems up to date.
2. Is it safe to use cPanel?
Yes, cPanel is a reliable and secure platform used by millions worldwide. It includes built-in security features like firewall protection, SSL support, and two-factor authentication. To ensure safety, always keep it up to date and use strong login credentials.
3. Is cPanel user-friendly?
Yes, cPanel is very user-friendly. It features a simple dashboard with icons and menus that make it easy to manage your website, emails, and files, even for beginners.