cPanel includes several built-in tools that help protect your website from abuse and unauthorized access. This article introduces the main security tools and explains when to use each one.
Note: The tools below are standard cPanel features, please confirm with Exact Hosting Support if your server does not have these available.
Why use cPanel's security tools
Beyond keeping your software updated and using strong passwords, cPanel gives you tools to block bad actors, protect specific folders, and stop others from stealing your content or bandwidth. You do not need all of them — use the ones that fit your situation.
For recovering a site that is already compromised, see My Website Was Hacked: Cleanup & Recovery. For WordPress-specific protection, see Hardening Your WordPress Site.
Before you begin
- cPanel access.
- A clear goal. Decide what you are protecting against — unwanted visitors, hotlinking, brute-force logins — so you pick the right tool.
The main security tools
The table below summarizes the tools in cPanel's Security section.
Tool | What it's for |
|---|---|
SSL/TLS Status | Confirm your free SSL certificates are active. See Your Free SSL Certificate (AutoSSL). |
IP Blocker | Block specific IP addresses or ranges from reaching your site. |
Hotlink Protection | Stop other websites from embedding your images and using your bandwidth. |
Leech Protection | Detect and limit accounts that share a single login with many people. |
Directory Privacy | Password-protect a specific folder so only authorized people can open it. |
Step 1: Block an abusive IP address
If a specific address is attacking or spamming your site:
- In the Security section, open IP Blocker.
- Enter the IP address or range.
- Select Add.
Tip: Blocking individual IPs helps against a single bad actor, but determined attackers change addresses. Pair it with strong passwords and updated software.
Step 2: Stop image hotlinking
To prevent other sites from displaying your images:
- Open Hotlink Protection.
- Enable it and confirm your own domains are listed as allowed.
Step 3: Password-protect a folder
To restrict a directory (for example, a staging area):
- Open Directory Privacy.
- Select the folder.
- Enable protection and create an authorized user and password.
Warning: Do not password-protect your main public_html folder unless you intend the entire site to require a login — doing so will prompt every visitor for a password.
Next steps
- Harden WordPress specifically. See Hardening Your WordPress Site.
- Recover a compromised site. See My Website Was Hacked: Cleanup & Recovery.
- Confirm your SSL. See Your Free SSL Certificate (AutoSSL).
Questions? Contact Exact Hosting Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.