Are cPanel and WHM a Security Risk?
Anyone who runs a website learns to be vigilant very soon after opening their first hosting account.
There are many security holes, and it’s easy to make mistakes. If you’re not careful, you could take serious risks, or make dangerous assumptions about the software you’re using.
The vast majority of hosts offer plans that feature cPanel alone, or cPanel with WHM. Few of their customers ever question the software’s security credentials.
Do cPanel and WHM Boost Security?
WHM and cPanel come with a range of features that can actually help make a server more secure.
- cPanel can automatically update itself and other applications. Patches are applied almost as soon as they are released.
- cPanel’s various one-click install scripts often update themselves, which is a bonus.
- cPanel makes it easy to password protect directories, stop hotlinking and block unwanted visitors.
- cPanel/WHM has security plugins, such as ConfigServer Security & Firewall, that run automated checks and help lock down a server.
- A user working in a root account can make mistakes. cPanel makes it much more difficult to use bad settings and policies.
cPanel and WHM: a Security Risk?
It’s not all good news, though. cPanel and WHM come with a certain level of risk.
- A cPanel hack provides complete access to a website and most of its settings.
- Using cPanel means relying on cPanel Inc to keep the software stable and updated.
- cPanel makes basic lock down easier, but those needing a higher level of security are often frustrated. cPanel requires fairly broad permissions to function.
Should I Use cPanel and WHM?
Most webmasters find cPanel and WHM to offer a good balance of usability and security. On shared hosting, reseller and VPS accounts, they’re both ideal.
If you don’t have the expertise to fine-tune your server’s settings, cPanel will protect your site adequately without too much technical know-how being required. Assuming you trust your host to keep cPanel up and running, you should be fine.
cPanel and WHM are restrictive for some users, but anyone that has more advanced needs will generally opt for an unmanaged server with no control panel pre-installed. If that’s your priority, you already know that cPanel and WHM aren’t right for you.
Whatever you do, don’t be complacent. Managing a website means following sensible security procedures, guarding your passwords and not taking risks. While you may wish to experiment, security is a serious issue, and exposing your site to exploits or hacks could have severe consequences.
By far the best security tool is the common sense to know your own limitations.
Claire is a freelance writer. She works with us through Red Robot Media, which she runs along with her associate Mathew Dixon. In addition, Claire is an accomplished musician who has toured the world with her band Printed Circuit. She lives in the United Kingdom.
Discussion
What Do You Think?