cPanel and WHM logins will transmit the sensitive username and password through the internet and it needs to be secure. If anyone intercepts the traffic, they will be able to decode the username and password if they are submitted through an insecure page. Hence it is quite vital to use secure pages for WHM, cPanel and Webmail logins using SSL logins.
Install SSL Certificate
cPanel by default will install a self-signed certificate for the cPanel and in most of the cases, it is enough. If you are a shared hosting provider, it won’t be nice to see a warning message when your clients try to enter their cPanel securely. So the primary need is to install a valid SSL for cPanel. You need to purchase the SSL for your hostname and install it from WHM Main >> Service Configuration >> Manage Service SSL Certificates.
There, along with cPanel, you can install the certificates for FTP, IMAP, SMTP etc also.
Steps to install certificates
Here’s how to do this:
- Navigate to the Tweak Settings area of your WHM to force the normal cPanel and WHM logins to use the SSL installed.
- Navigate to the ” Redirection ” tab.
- Set Always redirect to SSL to On.
- Set SSL redirect destination to the SSL hostname.
- Navigate to the Security Tab.
- Set Require SSL to On.
- Click save in the bottom. This will enable for redirection of cPanel, WHM and webmail logins to the secure area of the cPanel.
PS:- You can also disable HTTP Authentication, enable Blank referrer safety check, and Cookie IP validation and enable Security tokens to enhance the security of the password being sniffed or session being hijacked by anyone.