h0feer

Member
Nov 24, 2016
15
1
3
serbia
cPanel Access Level
Root Administrator
Hello to everyone,



I was looking how to restrict default cpanel login path , everyone knows that cpanel has it's path like this : mydomain.com/cpanel and it will redirect to login area, so i want this to restrict and can someone explain me how its possible?

Can i change the path to login? for example mydomain.com/123asdas123asd/test/12/cpanel ?
can i change the port of cpanel login?

or can i restrict login to cpanel only for a specified IP white list? and how can i do this?



Thanks
Best regards.
 

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
You will have to enable Host Access Control on your server if you want allow or deny cPanel access with the IP addresses. Login your WHM >> Security Center >> Host Access Control

Host Access Control - Documentation - cPanel Documentation

To change cPanel port you need to edit /var/cpanel/cpanel.config

Code:
port=2082
Then restart the cPanel service:
Code:
/usr/local/cpanel/startup
The port= directive in /var/cpanel/cpanel.config sets the non-SSL port. The SSL port will be one higher than that (2083 instead of 2082, by default).
 

danielpmc

Well-Known Member
Nov 3, 2016
78
33
18
usa
cPanel Access Level
Reseller Owner
Hello h0feer,

Reading your post, i am led to believe that you want to make sure nobody can attempt to login to the cPanel. I have a couple suggestions for you.

I suggest NOT attempting to redirect the URL or change the Port for cPanel. Instead go to WHM/Security Center/Configure Security Policies/Security Policy Items/Password Strength Configuration and change the password strength to 75 or higher. This prevents anybody from creating a weak login password. Personally, i set all my password strengths at 80.

If you redirect the cPanel URL or change its Port this obviously will let the hacker know you changed the URL or Port. So if they really want in they will run a scanner against your server looking for the new url or port. This will use a huge amount of your bandwidth. Or it might anger them enough to the point of running a DDOS or DOS against your server/site.

Hope this helps you out,
danielpmc