View Categories

Security Features in cPanel

ProRedLine
Updated on March 30, 2026

12 min read

AI Doc Summarizer Doc Summary

Introduction #

In this doc you will learn more about some security features within cPanel. Depending on your hosting subscription, you may have access to these security features’ settings. This can help with keeping your cPanel account safe, block attackers, and to keep unwanted guests outside.
Note: ProRedLine manages more security within our servers behind the screens, but this doc covers the features you may notice yourself in cPanel.

ModSecurity #

ModSecurity is a web application firewall that helps protect websites against common web-based attacks. It works at server level by inspecting incoming requests before they are processed by your website. This allows suspicious or malicious traffic to be filtered before it can reach scripts, forms, or other parts of the site.

At ProRedLine, ModSecurity is available as an important built-in security layer. It helps reduce exposure to common attack patterns and runs as part of the hosting environment rather than as a plugin inside your website.

What ModSecurity Helps Protect Against #

ModSecurity is designed to detect and respond to patterns commonly associated with malicious activity. This can include:

  • SQL injection attempts
  • cross-site scripting (XSS)
  • malicious bots
  • known exploit patterns
  • automated scanning attempts

By filtering these kinds of requests early, ModSecurity helps reduce the chance of harmful traffic reaching your website.

How ModSecurity Works #

ModSecurity analyzes incoming traffic in real time and checks requests against security rules. Based on those rules, suspicious behaviour may be blocked or logged before it reaches the website itself.

For most customers, this happens entirely in the background. In normal use, you may never notice it. When it does become visible, it is usually because a request, script, login attempt, or form submission has been blocked for looking suspicious.

Managing ModSecurity in cPanel #

ModSecurity can be managed in cPanel under Security > ModSecurity. At ProRedLine, customers can disable ModSecurity on a per-domain basis if needed.

This is mainly intended for troubleshooting or temporary testing in cases where a legitimate website action appears to be blocked. For example, this may be useful when checking whether a plugin, theme, form, or custom script is triggering a ModSecurity rule.

Important Recommendation #

Although ModSecurity can be disabled per domain, this is not recommended unless there is a clear reason to do so. ModSecurity is a core security feature and disabling it reduces part of the protection that helps defend your website against common attacks.

If you temporarily disable ModSecurity for troubleshooting, it is best to re-enable it as soon as testing is complete. In most cases, it should remain enabled as part of the normal security setup of your hosting environment.

What To Keep In Mind #

ModSecurity is not usually something you need to actively manage every day. It is primarily there to protect your website automatically. However, if a legitimate action is being blocked, ModSecurity may be part of the cause, and temporarily disabling it for the affected domain can help confirm that during troubleshooting.

IP Blocker #

The IP Blocker in cPanel allows you to block specific IP addresses or IP ranges from accessing your website. This can be useful when dealing with unwanted traffic, repeated abuse, suspicious behaviour, or other cases where access from a particular source should be stopped.

Blocking is applied at server level and takes effect immediately. Once an IP address or range is blocked, requests from that source will no longer be able to access the websites under your hosting account.

What the IP Blocker Is Used For #

The IP Blocker is commonly used in situations such as:

  • repeated abuse from a specific IP address
  • unwanted bot traffic
  • known malicious sources
  • temporary restrictions during troubleshooting

In most cases, this is a practical control tool rather than something used every day. It should be handled carefully, since blocking the wrong address can also affect legitimate traffic.

Where to Find IP Blocker in cPanel #

The IP Blocker can be managed in cPanel under Security > IP Blocker.

From there, you can:

  • add a blocked IP address or IP range
  • view the IPs or ranges currently blocked through your cPanel account
  • remove blocks that are no longer needed

ProRedLine supports both IPv4 and IPv6 entries in this feature.

What Can Be Blocked #

The IP Blocker can be used to block:

  • single IP addresses
  • IP ranges

Examples include:

  • 203.0.113.25
  • 203.0.113.0/24

Only addresses or ranges that you are confident about should be blocked.

How Blocking Affects Access #

Once an IP address is blocked, access is denied immediately. The blocked visitor will no longer be able to load the websites under your hosting account from that IP. This applies across the account rather than to just one individual site.

Because the block is enforced directly at server level, the result is immediate and there is typically no normal warning page shown to the visitor.

Important Risks and Considerations #

The IP Blocker should be used with care. Blocking the wrong IP address can cause unintended problems, such as:

  • blocking legitimate visitors
  • blocking search engine crawlers
  • blocking your own access

For that reason, it is important to verify the IP address before applying a block.

ProRedLine Server-Level Blocks #

In some situations, ProRedLine may also block IP addresses or ranges at server level if malicious activity is detected. These global blocks are separate from the IP Blocker in your own cPanel account.

If an IP is blocked at server level, it will not appear in the IP Blocker list inside your cPanel interface, because it is not an account-level block. If you believe access has been blocked accidentally at server level, you should contact support so the situation can be reviewed.

When To Use IP Blocker #

For most customers, the IP Blocker is mainly useful when a specific IP address is clearly causing problems and a direct block is needed. It can also help during troubleshooting or temporary response situations, but it should not be used without understanding the impact.

Hotlink Protection #

Hotlink Protection helps prevent other websites from directly embedding certain files from your hosting account, such as images or media files. When another site links directly to those files instead of hosting them itself, your server still has to deliver the content. This uses your bandwidth and can also lead to unwanted reuse of your content.

For most websites, Hotlink Protection is optional. It is mainly useful when external sites are reusing your files directly or when you want more control over how specific file types are served.

How It Works #

Hotlink Protection checks where a request is coming from and compares that source against the list of allowed domains. If the request comes from a domain that is not allowed, access to the protected file type can be denied.

This is commonly used to:

  • prevent other websites from embedding your files
  • reduce unnecessary bandwidth usage
  • limit unauthorized reuse of images or media

Visitors can still access the files normally through your own website, provided the allowed domains are configured correctly.

Managing Hotlink Protection in cPanel #

Hotlink Protection is disabled by default, but it can be enabled and configured in cPanel under Security > Hotlink Protection.

Within this interface, you can configure:

  • which URLs are allowed to access the files directly
  • which file extensions should be protected
  • whether direct requests should still be allowed when someone enters the file URL manually in a browser
  • an optional redirect URL for blocked requests

The allowed URL list is usually prefilled with domains connected to your account, but in some cases you may need to add additional domains or subdomains manually.

Important Considerations #

Hotlink Protection should be configured carefully. If it is set too broadly or incorrectly, legitimate file access may be affected. For example, certain images, media files, or linked assets may stop loading as expected if the correct domains are not included in the allowed list.

Virus Scanner #

The Virus Scanner in cPanel is a manual scanning tool that checks parts of your hosting account for known malware and other security threats. It is intended to help detect potentially infected or suspicious files, but it should be seen as a detection tool rather than a full cleanup or prevention system. cPanel’s Virus Scanner uses ClamAV to scan account data for threats.

In practice, this means the Virus Scanner can help identify files that may require review, restoration, or removal, but it does not automatically secure a website on its own. It does not replace updates, hardening, backups, or other security measures.

What the Virus Scanner Does #

The Virus Scanner can be used to scan different parts of your cPanel account for threats. In general, it is used to:

  • scan files for known malware signatures
  • detect suspicious or infected files
  • report potential security issues for review

If malicious files are found, they are listed in the scan results so they can be reviewed. The Virus Scanner scans your account for security threats and will prompt for action if the Virus Scanner (ClamAV) identifies a threat.

What It Does Not Do #

The Virus Scanner does not automatically fix hacked websites, prevent future infections, or guarantee that a website is fully clean. It is only one part of a broader security approach.

A scan can help identify problems, but a flagged result still needs to be reviewed carefully. In some cases, a file may be suspicious, infected, or incorrectly flagged, and removing the wrong file can break part of a website or application.

Where to Find the Virus Scanner #

In cPanel, the Virus Scanner is usually available under Advanced > Virus Scanner. Once opened, you can start a new scan by choosing which area of the account should be scanned. The Virus Scanner supports the following scan targets: Scan Entire Home Directory, Scan Mail, Scan Public FTP Space, and Scan Public Web Space.

After the scan starts, cPanel shows progress information such as:

  • the number of files scanned
  • the amount of data scanned
  • the scan progress
  • any infected files that were detected

The scan can take several minutes to complete depending on the amount of data involved.

How Customers May Use It #

For most customers, the Virus Scanner is mainly useful when checking for possible malware after suspicious behaviour, website issues, unexpected file changes, or a suspected compromise. It can also be useful after restoring files or before reviewing whether certain content should be replaced from backup.

If infected or suspicious files are found, the safest next step is usually to review the results carefully and, where appropriate, restore a clean version from backup. Files should only be deleted when you are confident they are not required by the website or application.

ProRedLine Malware Scanning #

The Virus Scanner in cPanel is a manual tool, meaning customers start the scan themselves from within cPanel. In addition to that, ProRedLine performs daily and weekly server-wide malware scans. If malware is detected through those server-side scans, appropriate action may be taken and customers may be notified.

Important Notes #

Larger scans can take longer to complete, especially when scanning bigger directories or accounts with many files. Scans through the Virus Scanner will stop if it took longer than 1 day.

SSL/TLS and AutoSSL #

SSL and TLS are security technologies that encrypt the connection between a visitor’s browser and your website. This helps protect transmitted data from being read or modified by third parties during transit. While the term SSL is still commonly used, TLS is the modern and more secure version of the same type of protection.

When SSL/TLS is active, your website uses https:// instead of http://, and a certificate is used to help verify the identity of the website. This is now considered a standard part of running a secure website. Without a valid certificate, modern browsers may display warnings to visitors.

Why SSL/TLS Matters #

SSL/TLS is important because it helps protect sensitive data such as login information, contact form submissions, and other information sent between the website and the visitor. It also improves trust, since visitors expect websites to load securely and browsers increasingly warn against insecure connections.

What AutoSSL Does #

AutoSSL is the automatic certificate system provided through cPanel. It is designed to issue, install, and renew SSL certificates automatically for supported domains, which removes the need for manual certificate management in most normal hosting situations.

In practice, this means AutoSSL runs in the background and helps keep supported domains secured without requiring regular manual action from the customer.

What AutoSSL Can Cover #

AutoSSL can typically be used to secure:

  • primary domains
  • additional domains
  • subdomains
  • alias domains

For AutoSSL to work correctly, the domain must be configured properly and must point to the hosting server in a way that allows certificate validation to succeed.

When AutoSSL May Not Work #

If AutoSSL cannot issue or renew a certificate, the problem is usually related to domain or DNS configuration rather than the certificate system itself. This can happen when:

  • DNS is not pointing to ProRedLine
  • the domain does not resolve publicly
  • conflicting DNS records exist
  • the domain was added recently and DNS changes have not fully propagated yet

If this happens, the certificate process may fail until the configuration issue is resolved.

Managing SSL/TLS in cPanel #

In cPanel, SSL-related tools are typically available under Security > SSL/TLS and Security > SSL/TLS Status.

The SSL/TLS area shows certificate-related settings. In most cases, the default configuration is the recommended one, so changes are usually not necessary.

The SSL/TLS Status area shows the domains and subdomains linked to your account and whether they are currently secured. It can also show certificate-related errors if something is preventing AutoSSL from working correctly. In that same area, you can exclude specific domains or subdomains from AutoSSL if needed.

Manual Certificates and HTTPS Redirection #

Manual SSL certificate installation is generally not required, as AutoSSL is the default and supported method. Custom certificates are not provided unless this has been explicitly agreed through support.

It is also important to understand that having a certificate does not automatically force all traffic to use https://. In some cases, HTTPS redirection or website-specific configuration may still be needed to ensure visitors are always sent to the secure version of the site. This depends on how the website itself is configured.

If SSL/TLS Status shows errors or if a domain is not being secured as expected, contacting ProRedLine support is recommended.

Still need help after reading this article?

Create a Ticket