This guide explains how to use the security tools available in cPanel to protect your website, email accounts, and hosting environment. You will learn how to manage SSL certificates, enable two-factor authentication, block unwanted IPs, configure hotlink protection, and secure sensitive files.
- Accessing the Security Tools
- Log in to your cPanel dashboard.
- Scroll to the Security section.
You will see several tools, including SSL/TLS, IP Blocker, Hotlink Protection, SSH Access, and more.
- Managing SSL Certificates
SSL certificates encrypt data between your website and visitors.
Checking SSL Status
- Open SSL/TLS Status.
- You will see a list of domains and subdomains with their certificate status.
Enabling AutoSSL
Most hosting plans automatically issue free SSL certificates.
If not:
- Click Run AutoSSL.
- Wait for the process to complete.
Forcing HTTPS
- Go to Domains.
- Click Manage next to your domain.
- Enable Force HTTPS Redirect.
This ensures all visitors use the secure version of your site.
- Using the IP Blocker
The IP Blocker allows you to block specific IP addresses or ranges from accessing your site.
- Open IP Blocker.
- Enter the IP address or range you want to block.
- Click Add.
This is useful for stopping repeated login attempts or unwanted traffic.
- Enabling Hotlink Protection
Hotlink protection prevents other websites from using your images or files directly, which can waste your bandwidth.
- Open Hotlink Protection.
- Enable the feature.
- Add any allowed domains (your own domains should be listed automatically).
- Specify which file types to protect, such as .jpg, .png, .gif.
- Save your settings.
- Managing SSH Access
SSH provides secure command-line access to your hosting account.
Not all hosting plans allow SSH, but if yours does:
- Open SSH Access.
- Download or generate SSH keys.
- Authorise your public key.
- Connect using an SSH client like PuTTY or Terminal.
SSH should only be enabled if you need it and understand how to use it safely.
- Protecting Sensitive Files and Folders
Password Protect Directories
- Open Directory Privacy.
- Select the folder you want to protect.
- Enable password protection.
- Create a username and password.
This is useful for admin areas or private content.
Editing .htaccess
You can add security rules to .htaccess using File Manager, such as:
- Blocking access to specific files
- Disabling directory browsing
- Restricting access to admin panels
Always back up .htaccess before making changes.
- Enabling Two-Factor Authentication (2FA)
2FA adds an extra layer of security to your cPanel login.
- Open Two-Factor Authentication.
- Click Set Up Two-Factor Authentication.
- Scan the QR code with an authenticator app (Google Authenticator, Authy, etc.).
- Enter the generated code to confirm.
Once enabled, you will need both your password and a one-time code to log in.
- Managing Email Authentication (SPF, DKIM, DMARC)
These settings help prevent email spoofing and improve deliverability.
- Open Email Deliverability.
- Review the status of SPF and DKIM.
- Click Repair if any issues are detected.
- Add DMARC records manually if required by your email provider.
These records help mail servers verify that your emails are legitimate.
- Using Leech Protection
Leech Protection prevents users from publicly sharing passwords to restricted areas of your site.
- Open Leech Protection.
- Select the folder you want to protect.
- Set the number of allowed logins per hour.
- Configure a redirect URL for violations.
This is useful for membership sites or private directories.
- Troubleshooting Common Security Issues
SSL Not Working
- AutoSSL may not have completed.
- DNS may not be pointing to your hosting server.
- The domain may be too new for certificate issuance.
Blocked IP Cannot Access Site
- Check the IP Blocker list.
- Remove the IP if it was added by mistake.
Email Going to Spam
- Ensure SPF, DKIM, and DMARC are correctly configured.
- Check for blacklisted IPs.
Unauthorized Login Attempts
- Enable 2FA.
- Use strong passwords.
- Block suspicious IPs.
