How to Secure cPanel Service Daemons (cpsrvd) in WHM

How to Secure cPanel Service Daemons (cpsrvd) in WHM Hero Image

WebHost Manager (WHM) grants access to powerful server functions that can affect all cPanel users. A root user may go between configuring ConfigServer Security & Firewall (CSF) rules, resetting a cPanel user password, backing up data, and ImunifyAV file scans in one session.

This power, combined with the fact that cPanel is one of the most popular Linux server management applications, makes an enticing target for malicious users to learn how to hack cPanel websites and servers.

For websites, you can add security HTTP headers in your .htaccess file to protect viewers from malware and spyware if your server is infected. You can do the same in WHM to protect important cPanel service deamons (cpsrvd) for applications such as cPHulk, PHP-FPM, and ClamAV. [A daemon is a program that runs as a background process.]

Below we will cover how to secure cPanel Service Daemons in WHM via:

How to Secure cPanel with Content-Security-Policy (CSP)

Content Security Policy (CSP) can prevent cross-site scripting (XSS) attacks with cpsrvd by only allowing whitelisted sources to load and disallowing JavaScript from external sites.

  1. Log into WHM
  2. Select Tweak Settings
  3. Search for “header” and select On beside Enable Content-Security-Policy on some interfaces
  4. At the bottom, select Save
How to secure cPanel with security HTTP headers

Secure VPS HostingEnjoy high-performance, lightning-fast servers with increased security and maximum up-time with our Secure VPS Hosting!

check markLinux VPS check markcPanel or Control Web Panel check markScalable check markWebsite Migration Assistance

Linux VPS Hosting

How to Secure cPanel with X-Frame-Options and X-Content-Type-Options

X-Frame-Options, with the SAMEORIGIN directive, forces the browser to only allow elements from your cPanel instance to be embedded within itself using the <frame>, <iframe>, or <object> tags to prevent clickjacking attacks.

X-Content-Type-Options, with the NOSNIFF directive, forces the browser to only use the indicated MIME type for files on the server to prevent MIME sniffing.

  1. Log into WHM
  2. Select Tweak Settings
  3. Search for “header” and select On beside Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd
  4. At the bottom, select Save

Now you’ve learned how to secure cPanel Service Daemons in WHM, but Is cPanel secure? Audit your VPS with our article on how to harden Managed VPS Hosting. Learn even more from our Managed VPS Hosting Product Guide.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

Was this article helpful? Join the conversation!

Questions about our MailChannels Deployment? We have answers and are here to help!Learn More
+