{"id":1105,"date":"2025-08-14T12:25:31","date_gmt":"2025-08-14T12:25:31","guid":{"rendered":"https:\/\/blog.vavencloud.com\/?p=1105"},"modified":"2025-08-14T12:25:31","modified_gmt":"2025-08-14T12:25:31","slug":"how-to-secure-whm-with-csf-firewall-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/blog.vavencloud.com\/?p=1105","title":{"rendered":"How to Secure WHM with CSF Firewall & Two-Factor Authentication"},"content":{"rendered":"

When you manage multiple cPanel accounts and websites through WHM, security should be your top priority. Since WHM has root-level access to your server, any compromise could affect all your clients, sites, and data.<\/p>\n

Two of the most effective ways to secure WHM are:<\/p>\n

    \n
  1. \n

    CSF (ConfigServer Security & Firewall)<\/strong> \u2014 A robust server firewall and security tool.<\/p>\n<\/li>\n

  2. \n

    Two-Factor Authentication (2FA)<\/strong> \u2014 An extra login layer that requires both your password and a time-based security code.<\/p>\n<\/li>\n<\/ol>\n

    In this guide, we\u2019ll walk you through setting up CSF and enabling 2FA for WHM.<\/p>\n

    \n

    Why Security is Critical for WHM<\/strong><\/h2>\n

    WHM isn\u2019t just another web app \u2014 it\u2019s the control center for your entire hosting environment. With it, you can:<\/p>\n

      \n
    • \n

      Create and delete cPanel accounts<\/p>\n<\/li>\n

    • \n

      Manage DNS and email<\/p>\n<\/li>\n

    • \n

      Change system configurations<\/p>\n<\/li>\n

    • \n

      Restart services like Apache or MySQL<\/p>\n<\/li>\n<\/ul>\n

      If attackers gain access to WHM, they gain access to everything<\/strong>. That\u2019s why hardening WHM with multiple security layers is essential.<\/p>\n

      \n

      1. Install and Configure CSF Firewall<\/strong><\/h2>\n

      What is CSF?<\/strong>
      ConfigServer Security & Firewall (CSF) is a free and powerful Linux firewall with a WHM plugin. It provides:<\/p>\n

        \n
      • \n

        IP-based allow\/deny lists<\/p>\n<\/li>\n

      • \n

        Brute-force protection<\/p>\n<\/li>\n

      • \n

        Login failure detection<\/p>\n<\/li>\n

      • \n

        Port scanning alerts<\/p>\n<\/li>\n<\/ul>\n

        Step 1: Install CSF<\/strong><\/h3>\n

        Login to your server via SSH as root<\/strong>:<\/p>\n

        \n
        \n
        \n
        <\/div>\n<\/div>\n<\/div>\n
          \n
        • cd<\/span> \/usr\/src<\/code><\/code><\/code><\/code><\/li>\n
        • rm<\/span> -fv csf.tgz<\/code><\/code><\/li>\n
        • wget https:\/\/download.configserver.com\/csf.tgz<\/code><\/code><\/li>\n
        • tar -xzf csf.tgz<\/code><\/code><\/code><\/li>\n
        • cd<\/span> csf<\/code><\/code><\/li>\n
        • sh install.sh
          \n<\/code><\/li>\n<\/ul>\n<\/div>\n
          \n

          Step 2: Enable CSF in WHM<\/strong><\/h3>\n
            \n
          1. \n

            Log in to WHM at https:\/\/your-server-ip:2087<\/code><\/p>\n<\/li>\n

          2. \n

            In the search bar, type ConfigServer Security & Firewall<\/strong><\/p>\n<\/li>\n

          3. \n

            Open the interface and click Enable Firewall<\/strong><\/p>\n<\/li>\n

          4. \n

            Click Restart csf+lfd<\/strong> to apply settings<\/p>\n<\/li>\n<\/ol>\n

            \n

            Step 3: Configure Basic Firewall Rules<\/strong><\/h3>\n

            Inside CSF in WHM:<\/p>\n

              \n
            • \n

              Allow your IP under “Quick Allow”<\/strong> to prevent accidental lockouts<\/p>\n<\/li>\n

            • \n

              Close unused ports (keep only necessary ones like 2087, 2083, 22, 80, 443)<\/p>\n<\/li>\n

            • \n

              Enable Login Failure Detection (lfd)<\/strong> to block repeated failed login attempts<\/p>\n<\/li>\n<\/ul>\n

              \n

              2. Enable Two-Factor Authentication in WHM<\/strong><\/h2>\n

              What is 2FA?<\/strong>
              Two-Factor Authentication adds an extra login step. Even if someone guesses your password, they cannot log in without the code generated by your phone.<\/p>\n

              \n

              Step 1: Access 2FA Settings<\/strong><\/h3>\n
                \n
              1. \n

                Log in to WHM<\/p>\n<\/li>\n

              2. \n

                In the search bar, type Two-Factor Authentication<\/strong><\/p>\n<\/li>\n

              3. \n

                Click Manage My Account<\/strong> (for your user)<\/p>\n<\/li>\n<\/ol>\n

                \n

                Step 2: Set Up Your Authenticator App<\/strong><\/h3>\n
                  \n
                1. \n

                  Click Set Up Two-Factor Authentication<\/strong><\/p>\n<\/li>\n

                2. \n

                  WHM will display a QR code<\/p>\n<\/li>\n

                3. \n

                  Open your Google Authenticator<\/strong> or Authy<\/strong> app<\/p>\n<\/li>\n

                4. \n

                  Scan the QR code and enter the generated code into WHM<\/p>\n<\/li>\n<\/ol>\n

                  \n

                  Step 3: Enforce 2FA for All Users<\/strong><\/h3>\n
                    \n
                  1. \n

                    In WHM\u2019s Two-Factor Authentication<\/strong> menu, select Manage Users<\/strong><\/p>\n<\/li>\n

                  2. \n

                    Enable \u201cRequire 2FA\u201d for all root\/reseller accounts<\/p>\n<\/li>\n<\/ol>\n

                    \n

                    3. Extra Tips for WHM Security<\/strong><\/h2>\n
                      \n
                    • \n

                      Change WHM\u2019s default port from 2087<\/strong> to a custom port in CSF<\/p>\n<\/li>\n

                    • \n

                      Use strong, unique passwords for WHM and SSH<\/p>\n<\/li>\n

                    • \n

                      Restrict WHM access to specific IPs in CSF<\/p>\n<\/li>\n

                    • \n

                      Enable automatic system updates to patch vulnerabilities<\/p>\n<\/li>\n<\/ul>\n

                      \n

                      Conclusion<\/strong><\/h2>\n

                      By combining CSF Firewall<\/strong> and Two-Factor Authentication<\/strong>, you add two strong layers of security to WHM. CSF blocks unwanted traffic and brute-force attempts, while 2FA ensures that even if your password leaks, hackers can\u2019t get in.<\/p>\n

                      A secure WHM means secure cPanel accounts \u2014 and happy clients.<\/p>\n","protected":false},"excerpt":{"rendered":"

                      When you manage multiple cPanel accounts and websites through WHM, security should be your top priority. Since WHM has root-level access to your server, any compromise could affect all your clients, sites, and data. Two of the most effective ways to secure WHM are: CSF (ConfigServer Security & Firewall) \u2014 A robust server firewall and […]<\/p>\n","protected":false},"author":1,"featured_media":1106,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-1105","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-management"],"_links":{"self":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1105"}],"version-history":[{"count":0,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1105\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}