Security is important for our data safety and we recommended you to enable the Two-Factor Authentication(2FA) on your cPanel account so that hackers will be unable to access your cPanel account even if they have somehow obtained your account”s user and password details.
What are the Requirements? You will need a smartphone with a supported time-based one-time password app. Mobile Phone OS like Android, Windows, iOS and Blackberry have an app for 2FA.
How to Enable the Two-Factor Authentication on Your cPanel Account? 1. Log into your cPanel account. 2. In the “Security” section, click on the “Two-Factor Authentication” Icon.
3. Under Step 1, Scan QR code using your Google Authenticator or 2FA Authenticator APP and if your APP doesn”t have a QR Code reader, you can manually enter the Account name and Key number.
4. In Step 2, under the “Security Code” text box, enter your Two-Factor Authentication code and click the “Configure Two-Factor Authentication” button.
You will see a message, such as “Success: Two-factor authentication is now configured on your account“.
Is your IP frequently blocked when you access a wordpress admin area or any type of script with a web browser? Are you left with the feeling that your IP is blocked or that the server is down or isn”t working?
If the answer is “Yes”, then it may have happened as a result of Mod Security.
What is Mod Security? ModSecurity is a module which protects your website from various types of attacks. Mod Security protects our website from hackers, attacks, a brute force attack, a cross-site request forgery(CSRF) and many other threats. Although it sometimes creates a problem, we do not recommend you to disable it but instead fix your software vulnerability. The reason for this is that ModSecurity only blocks your website if your software security is bad.
Disabling ModSecurity can help you determine whether your IP or your client/visitor”s IP is blocked by ModSecurity. If it isn”t the case, however, it means that your IP is blocked for a different reason. However, if you are sure that ModSecurity is the reason your IP is blocked, then contact us and we will find the exact reason behind it, in order to resolve your issue so that you will not be required to disable the module.
How to Enable or Disable Mod Security in cPanel? 1. Log into your cPanel account. 2. In the “Security” section, click on the “ModSecurity” Icon.
3. If ModSecurity is enabled, it will show a “Disable” option, click it and ModSecurity will be disabled on all your domains. Next time, if you want to enable it, you will only need to click on “Enable“. This will enable it on all domains.
How to Disable ModSecurity Only on Selected Domains and not on All Domains? It is possible that you have multiple domains and you wish to disable or enable ModSecurity only on selected domains.
1. Login to cPanel and from the “Security” section click on the “ModSecurity” Icon. 2. Scroll down to the bottom of the page. 3. Under the “Status” option next to the domain, click on “On” or “Off“.
In order to secure your admin area from hackers, we recommended you to allow access only from your selected IP to your admin directory. You just need to create an .htaccess file in the directory where you want to restrict access by IP Address.
For example, if you have a WordPress blog installed on your main directory like example.com/wp-admin, you should create an .htaccess file in /wp-admin/.htaccess and you should put this code in, and not forget to replace the allowed IP address with your IP address.
order deny,allow deny from all allow from YOUR-IP-ADDRESS-HERE
(Replace “Your-IP-Address-Here” text with your IP Address)
You can test this by accessing your /wp-admin IP address from another IP address which is not allowed by your .htaccess file.
For security purposes, we recommend that you to disable directory browsing on your website so no one can see the files/folders of your website. You can disable Directory Browsing by adding this line to your .htaccess file.
External Website can use < img /> tag to display an image from your site somewhere else on the internet and The end result of this is that the other website steals your bandwidth.
1. Log into your cPanel account. 2. In the “Security” section, click on “HotLink Protection” Icon.
3. If it displays “Hotlink protection is currently disabled“, click on the “Enable” button.
How to Configure Hotlink Protection? Under “URLs to allow access:” you can allow an external website or your own website to have access. For example, if you have a subdomain like demo.example.com, you can add this website’s url to the list of allowed websites.
You can lock a directory with password by using the cPanel “Password Protected Directories” Option.
1. Log into your cPanel account. 2. In the “Files” section, click on “Directory Privacy” Icon.
3. Click the icon to open a folder.
4. Click on the name of directory you want to protect by password.
5. Under “Security Settings“, check the box next to “Password protect this directory” and enter a name for the protected directory like “Password Protected Area“. Then click the “Save” button.
6. Now click on the “Go back” button.
7. Scroll down the page and under “Create User” fill in the username and password fields or use the Password Generator option to generate a new random password and copy the user/password to a notepad. You will need this when you want to open your password-protected directory and click on the “Save” button.
Now, should you try to open your password protected directory in your browser through the url www.example.com/myfolder, which is already password protected, your browser will prompt you to enter username and password.