How to Configure Security Policies in WHM

WebHost Manager (WHM) includes many tools to help you secure your cPanel server. Steps such as limiting logins by IP address, enabling two-factor authentication (TFA), and setting password strength and age limits can greatly increase the security of your server. In this guide, we will show you how to configure the security policies of your VPS or dedicated server.

Get better performance and security with our VPS Hosting.

Configure Security Policies

  1. Log into WHM as the ‘root‘ user.
     
  2. Type ‘policies’ in the search field.
     
  3. Click the Configure Security Policies link under the Security Center section.
     
  4. You can then enable “Security Policy Items”. Choose from the following options:
     
    Limit logins to verified IP addresses
    Two-Factor Authentication: Google Authenticator
    Password Strength (selecting this will direct you to the Password Strength Configuration page)
    Password Age (selecting this will allow you to enter a Maximum Password Age)
  5. There is also a section where you can set Security Policy Extensions, but cPanel warns “do not enable these extensions unless you have an in-depth understanding of your remote API usage and DNS cluster configuration.” If you still want to adjust the settings you can enable security policies for the following:
    API requests
    DNS Cluster Requests
     
  6. After choosing your security policy settings click the Save button. You are finished when you see a message stating “Security Policies Configured.”
cPanel Security Advisor can offer advice to compliment your new security policies

Congratulations, now you know how to configure security policies in WHM! Test your security posture with the Security Advisor for more ways to secure your server.

Learn more about cPanel security with our Managed VPS Hosting Product Guide.

We recommend our video on How to Enable Two-factor Authentication in WHM.
JB
John-Paul Briones Content Writer II

John-Paul is an Electronics Engineer that spent most of his career in IT. He has been a Technical Writer for InMotion since 2013.

More Articles by John-Paul

Comments

It looks like this article doesn't have any comments yet - you can be the first. If you have any comments or questions, start the conversation!

Was this article helpful? Let us know!