I strongly suggest you something ..... 1) do NOT provide a cpanel DEMO on your site , do NOT . 2) do NOT provide SSH or any other type of shell . (no chroot here !) 3) I have red that on Ensim/plesk there should be a feature to set php safe mode on/off . Here it's not possible , you have to play with apache conf file . 4) turn off .. AwStat , Interchange , and all Java chats . This suggestions not for security but to make running your server better . My suggestions , then you decide .