Skip to main content

cPanel will provide its own fork of CSF starting Feb 25th, 2026

Devon Courtney
  • Updated

Update: The configuration update to move to cPanel CSF began rolling out on February 25, 2026.


Way to the Web Ltd. (the company behind ConfigServer) closed permanently on August 31, 2025, and has released CSF under the GNU General Public License v3.

Starting February 25, 2026, cPanel will begin publishing and maintaining a public fork of CSF focused on critical security and stability fixes.​ As part of this, we will automatically update the CSF configuration on eligible cPanel & WHM servers to point to our update mirrors instead of the decommissioned ConfigServer/W2W (Way to the Web) source. 

Eligibility

cPanel will apply this configuration update only if all of the following conditions are true:

  • Your server is running CSF version between 14.00 and 15.00. (inclusive)
  • The CSF AUTO_UPDATES setting is enabled.

cPanel will not apply this update if any of the following conditions are true:

  • Your server is already using an alternate CSF fork or source.
  • Your server is running CSF version 13.x or older, or higher than 15.00.
  • The CSF AUTO_UPDATES setting is disabled.

Note: If you’re currently using CSF, it will continue to run with the same rules and configuration you already have in place. This effort aims to ensure that critical security and stability fixes from our fork can be applied to the server.

Manage Updates Yourself

You can disable automatic updates if you prefer to manage the transition to the cPanel-maintained fork on your own schedule.

To disable automatic updates:

  1. In WHM, navigate to Home / Plugins / ConfigServer Security & Firewall.
  2. Click csf – ConfigServer Firewall.
  3. Click Firewall Configuration.
  4. In the Initial Settings section, set AUTO_UPDATES to Off.
  5. Click Save.

If AUTO_UPDATES is disabled before February 25, 2026, cPanel will not apply the configuration change to your server.

To manually update to the cPanel-maintained fork at a later date, run the appropriate command for your server's operating system:

If your server runs AlmaLinux or CloudLinux:

# yum install cpanel-csf

or if your server runs Ubuntu:

# apt install cpanel-csf

How do I know if my server is using the original CSF plugin?

If you installed CSF directly from ConfigServer (configserver.com) without using any third-party forks or modified versions, you're likely using the original CSF plugin.

To verify, check the version of your locally installed CSF. It should be at or below 15.00:

# cat /etc/csf/version.txt 
14.24

If you're unsure whether you installed a fork or an alternate version, review your installation documentation or contact your system administrator. If you haven't knowingly installed a fork or custom version, you're most likely using the original CSF plugin.

Will cPanel be providing support for CSF going forward?

We're happy to be maintaining this fork so you can continue receiving critical security and stability updates. However, this is a maintenance effort only, and we're not developing new features or functionality. CSF remains a third-party plugin and falls outside the scope of our technical support team, so we're not able to assist with CSF configuration or troubleshooting. For guidance on using CSF, publicly available community resources are still your best bet. And of course, we're always here to help with any cPanel & WHM questions. 

As part of our commitment to quality, we encourage reporting any issue or bug you believe may be related to our updates. All reports will be triaged and addressed appropriately to ensure the fork's continued reliability.
 

Additional Documentation:

How to install cPanel CSF on a new cPanel Server?
cPanel CSF Change Log
cPanel CSF Release Notes

Related articles

Comments

0 comments

Article is closed for comments.