cPanel / WHM Security Audit
Security audit for cPanel and WHM environments including configuration, user isolation, PHP handlers, security policies and exposed interfaces.
cPanel and WHM are the backbone of many hosting operations, but default configurations are not secure configurations. A cPanel/WHM security audit reviews every relevant setting, policy and exposed interface to identify misconfigurations that could compromise your server or your customers’ accounts.
What We Check
Our audit covers the full cPanel/WHM environment:
- Apache/Nginx configuration — MPM settings, virtual host isolation, TLS protocols, cipher suites, HTTP security headers
- PHP handlers — handler type per account (php-fpm, lsphp, suphp), PHP version management, disabled functions, open_basedir enforcement
- ModSecurity — ruleset status, vendor configuration, custom rules, false positive management, audit logging
- Account isolation — CloudLinux/CageFS status, filesystem boundaries, symlink protection, process isolation, resource limits
- Security Advisor — current status and unresolved recommendations
- SSL/TLS management — AutoSSL configuration, certificate coverage, mixed content, HSTS status
- Email routing — local vs remote routing, relay configuration, authentication requirements, per-account sending limits
- Backup configuration — backup destination, schedule, retention, inclusion/exclusion rules, backup transport
- Exposed interfaces — cPanel, WHM, webmail and phpMyAdmin access restrictions, port exposure, IP-based restrictions
- WHM access controls — root access, reseller privileges, ACL configuration, two-factor authentication
- EasyApache and software — installed modules, unnecessary components, update status
- Tweak Settings and security policies — password strength enforcement, login security, brute-force protection (cPHulk), compiler access
Why It Matters
cPanel environments are high-value targets. A single misconfiguration — an unrestricted PHP handler, a missing isolation layer, an exposed phpMyAdmin instance — can give an attacker access to every account on the server.
Common issues we find:
- PHP handlers that allow cross-account file reads
- ModSecurity disabled or running outdated rulesets
- Backup data stored on the same server with no offsite copy
- WHM accessible from any IP without two-factor authentication
- Symlink protection not properly configured
- Default cPHulk settings that are too permissive
What You Receive
- Detailed audit report — every finding documented with evidence, severity and specific remediation steps
- WHM configuration checklist — a reviewed, annotated list of recommended settings for your environment
- Priority remediation plan — issues ordered by risk so you fix the most dangerous items first
- Follow-up support — clarification on findings and guidance during remediation
Related Services
- WHMCS Security Audit — billing system security review, often paired with cPanel audits
- Email, DNS, SPF, DKIM and DMARC Audit — email authentication and DNS configuration
- Hosting Infrastructure Audit — broader platform and server-level review
- Infrastructure Security Audit — full-scope audit across all components
Get a clear picture of your cPanel/WHM security. Contact us to start your audit, or check our pricing.