Skip to main content

Securing cPanel on shared hosting

Comments

9 comments

  • Infopro
    Two-Factor Authentication should be useful. You can find it under the Security section of your cPanel.
    0
  • Jared23
    Under 'Security' in my cPanel (11.58.0.19) I only see: SSH Access IP Blocker SSL/TLS Hotlink Protection Leech Protection Would it be somewhere else or if not is there anything else you'd recommend? Thanks!
    0
  • Infopro
    It looks like you'll need to enable it on the Features list for the Package your cPanel account is on: WebHost Manager "Packages "Feature Manager " Edit Feature List, Two-Factor Authentication Once you do that, you should see it in your cPanel.
    0
  • Jared23
    Hmm.. if I go to example.tld/whm/ I see the WHM Login page but my cPanel account doesn't work for it, so I figured since I'm on shared (versus VPS or dedicated) hosting I won't be able to access the WebHost Manager. I notice GoDaddy's WebHost Manager page falls under their 'VPS & Dedicated Servers' section and isn't mentioned on their Economy Linux cPanel area... does this sound correct, or do you think I should be able to access WHM and follow-up with them on this? Thanks again!
    0
  • Infopro
    You'll need to ask them if you've got root, or Reseller access to WebHost Manager, that's correct. GL!
    0
  • Jared23
    It appears I'm back to square one, as they confirmed only their VPS and dedicated servers offer WebHost Manager not their shared economy cPanel Linux plans. That said, without WHM access is it safe to say there is no other way to restrict or protect my cPanel login page?
    0
  • Infopro
    Yes sure. Go back to GoDaddy and ask them to enable Two-Factor Authentication for your account. I can't imagine why they wouldn't so am anxious to hear what they tell you. :)
    0
  • Jared23
    I'm not sure how knowledgeable the person I chatted with was, but this is what I was told: "Only Reseller, VPS or Dedicated hosting packages include WHM, and only VPS or Dedicated have the option for two-factor authentication." When I asked if they could just enable 2FA for my shared account I got this response: "That is not possible for shared hosting packages. Shared hosting includes user level access to a single cPanel account, and there are several php limitations. There is no WHM, and no root user access for these accounts." That leaves me wondering why there isn't a way on shared hosting that doesn't have WHM/2FA to protect or restrict the cPanel login page... it's hard to believe some thrifty but clever person hasn't sorted a way around it. I've tried creating /cpanel/, /whm/ and so on directories hoping they'd take precedence over cPanel's hardcoded shortcuts but with no success unfortunately. If you have any other ideas I'd definitely be interested in giving them a try and thanks!
    0
  • cPanelMichael
    Hello, The decision to enable security features such as two-factor authentication is generally left to the hosting provider. This allows them to take factors specific to their company into consideration and determine if a feature is suitable for their shared hosting plans. I recommend consulting with your hosting provider again to see what additional steps they take for the security of the server, as most solutions require root access to the system to implement. Thank you.
    0

Please sign in to leave a comment.