As much as you are concerned about the security of your servers, your end users are likely just as concerned about what measures you have in place to protect their accounts against hacking attempts and unauthorized access. The following tips will help you increase your server’s security for end users, for both cPanel and FTP.
Enable SSL encryption for cPanel,WHM, and Webmail access
You can enable SSL encryption for cPanel access to help protect users against password sniffing when entering their login credentials. To do this, go to WHM > Tweak Settings > Redirection, and set “Always redirect to SSL” to “On”, then save.
You may want to install a signed SSL certificate for cPanel so that your users’ web browsers do not complain about the default self-signed certificate that cPanel uses by default. (WHM > Manage Service SSL Certificates)
Here is a tutorial on how to Generate and setup free hostname SSL on WHM with ZeroSSL
Enable brute-force protection
Brute-force attacks occur when an attacker uses automatic combinations of usernames and passwords to eventually guess the login credentials for a user on the system. CPanel comes stock with cpHulk, an application that allows you to block possible brute-force attempts by setting limits on login attempts. To enable this, go to WHM > cPHulk Brute Force Protection, and select “enable”.
From here you can fine-tune your brute-force protection settings for your server. Be careful not to set them too strict or you may end up locking out legitimate users!
Set up security policies
Security policies help protect user accounts by specifying password strength and expiration, and is a new feature starting in cPanel 11.28. To set these up, go to WHM > Security Center > Configure Security Policies.
Here you can define requirements for user passwords, while also limiting logins to user accounts from verified IP addresses only.