How to make your server more secure via WHM

What is WHM? #

WHM or Web Host Manager is a powerful program that permits administrative access to cPanel backend. WHM enables the user with more flexibility and control while managing some very popular resource intensive websites, or large no: of websites. WHM not only enables the user to with the ability to sell web hosting services but also gives the option to create and manage multiple cPanel accounts. WHM saves your money and time by automating and streamlining the tedious task of server management. WHM allows you to manage all things under one roof.

WHM enables you to do the following things #

  • It enables you to create, suspend and delete your cPanel accounts.
  • It permits you to check the status and information of the server.
  • Reset password, monitor and manage your websites.
  • You get the access to check and change all your domain names’ DNS zones.
  • You get the ability to configure the support request of your customer through cPanel.
  • When you create a new account WHM enables you to create your own default page.
  • Using WHM you can change your client usernames and domain names.
  • Ability for white labeling i.e. you can customize your control panel and web hosting with extensive branding.
  • Add-ons in the form of applications and plugins that enables you to offer a tailored solution to your customers.
  • Gives you the ability to manage your own backups, you do not have to worry about information loss.
  • Provides you with server monitoring tools, you can view the utilization of resources, diagnose issue of log files and secure the server from 3rd party attacks.
  • The features and auxiliary tools that are packed into WHM provides for a unique customer experience.

Steps to check Server Security in WHM #

Login into the WHM and use the following steps to check the server security:

Step 1: Check WHM>>> Server Configuration >>> Tweak Settings & deactivate the following options:

  • Avoid users from parking or adding on common internet domains (i.e.,
  • Permit cPanel users to reset their password by means of email.
  • Default catch-all/default address behavior for the new accounts – fail

Step 2: Now go to WHM >> >Security >>> Manage Wheel Group Users

  • In the “Manage Wheel Group Users” section takes out all the users that are present, leaving your user account from the wheel group and the root.

Step 3: Then select WHM >>> Service Configuration >>> FTP Configuration

  • Anonymous FTP must be disabled.

Step 4: Now select WHM >>> Account Functions >>> Manage Shell Access

  • If there is no need to enable the Shell Access then disable it for all the users.

Step 5: Then select WHM >>> SQL Services >>> MySQL Root Password

  • The root password for MySQL must be changed.


Now perform a quick security scan to detect Trojan Horses from your WHM >>> Security in a week.

[alert] Note: one important security measure for your server, while creating any new security account, Choose WHM >>> Resellers >>> Reseller Center [/alert]

Enable “Prevent Accounts from being created with Shell ” & deactivate the “Allow Creation of Packages with Shell Access” this will prevent any 3rd party from accessing your server if they do not have your approval.

WHM >>> Security Center >>> Host Access Control

Host Access Control permits you to set up precise rules to permit or deny access to your server and services over it on the basis of IP address that is trying to connect. The most secure way of using Host Access Control it regulates the connection as per your wish i.e. to provide access only to the connections which you want.

WHM >>> Security Center >>> PHP open_basedir Tweak

PHP’s open_basedir protection averts users from opening files that are outside of their home directory with PHP.

In addition, you can install mod security to avoid web-based infection, cross scripting attacks and web-based intrusions to the server.

Powered by BetterDocs