How to strengthen security on my Apache server against hackers?


Dec 14, 2018
cPanel Access Level
Website Owner

So i have installed firewall on my server.,and he is running.

Now is there some extra security to protect my server,which is connected with security of my websites?

Last edited by a moderator:


Jurassic Moderator
Staff member
Oct 19, 2014
cPanel Access Level
Root Administrator
Hey there! That's a fairly general question, but there's some basic things you can do to help.

ModSecurity - ModSecurity® Tools | cPanel & WHM Documentation
cPHulk - a tool that blocks failed logins and brute force detection. Not directly related to Apache, but still a good thing to have enabled - cPHulk Brute Force Protection | cPanel & WHM Documentation
ModEvasive - this helps prevent smaller DoS attacks - Apache Module: Evasive | cPanel & WHM Documentation

We also have a general security page at Tips to Make Your Server More Secure | cPanel & WHM Documentation that gives more details that you may want to review.
  • Like
Reactions: friv


Feb 15, 2023
cPanel Access Level
Root Administrator
You question is too wide as previously noticed. The best way in general is not to look for 10 tips for improving security, but to dig into linux administration. General rules are:
- minimum priviledges to do the job (take advantage of basic permissions
- is you connect to external APIs you are exposed (so what?), if you provide API than you are exposed (so what?)
- do not try to make general protection - know your important data, keep important data secured and encrypted. rest of them - do the backup
- do not be lazy and install the solutions for security (do not take antivirus seroiusly)
- play around with firewall (iptables, firewalld ...) try to access from outside and try to reach another server knpwing exactly what you're doing (much harder than you'll expect)
- get any book for linux administration (Red Hat books are preety good and comprehensive
- do not be affraid - just keep learning and trying. cPanel is great tool (sometimes annoying with default settings). If you are not running unmannaged dedicated server - ask support - they always answer precise questions. (unmannaged do not answer even in paid support)