A cPanel server benefits from layered security: a host-level firewall, brute-force protection, hardened SSH access, and malware detection. These steps help reduce risk and tighten control over your LumaDock VPS.
Install and configure CSF
CSF (ConfigServer Security & Firewall) integrates directly with WHM and provides strong host-level firewall management.
cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Open WHM → Plugins → ConfigServer Security & Firewall and disable testing mode by setting TESTING = 0.
Restart CSF afterward so rules take effect.
Enable cPHulk brute-force protection
cPHulk protects authentication services from repeated login attempts.
In WHM → Security Center → cPHulk, enable protection for SSH, WHM, cPanel, and mail services.
Recommended settings:
Block IPs after around 10 failed login attempts.
Use a short detection window such as 15 minutes.
Whitelist your own IP to avoid accidental lockouts.
Harden SSH access
Restrict SSH entry points so only trusted users and networks can connect.
Security improvements include:
Change the default SSH port.
Disable direct root login and use sudo-enabled accounts instead.
Use SSH keys rather than passwords.
Limit SSH access to specific IP addresses using CSF or your OS firewall.
These changes help prevent automated scans from reaching your server.
Add malware and intrusion detection
A lightweight scanning layer helps detect compromised files early.
Useful options include:
clamscan or maldet for on-demand scanning.
ModSecurity with the OWASP ruleset, enabled in WHM → Security Center.
ImunifyAV or Imunify360 if you need continuous background scanning and real-time protection.
Following these practices gives your cPanel environment a solid security baseline with strong firewall controls and safer authentication.