WordPress® Hardening: One-Click Security with cPanel

WordPress® Hardening: One-Click Security with cPanel

by cPanel: WordPress is far and away the most widely-used content management system on the web, but that popularity comes at a price. It’s also the most attacked CMS. Not because it’s un-secure, but because attackers know that a WordPress vulnerability is a gateway to tens of millions of websites.

As soon as a WordPress website goes online, automated bots begin to probe it for weaknesses. That’s why it’s critically important to security harden WordPress sites, ensuring that they have the smallest possible surface area for attackers to target.

Security hardening was once a long and complicated manual process, but WordPress Toolkit for cPanel  makes it a one-click affair. This article will explore some of the ways WordPress vulnerabilities are exploited and how WordPress Toolkit protects sites against many common attacks.

Common WordPress Vulnerabilities

Every vulnerability is unique, but most attacks against WordPress sites fall into one of four categories:

  • Brute force and dictionary attacks: Attackers attempt to guess security credentials such as usernames and passwords. Attacks of this type are carried out by bots that can quickly flood WordPress authentication systems with a deluge of login attempts.
  • Denial of Service (DOS) and Distributed Denial of Service (DDoS) attacks: Bad actors bombard sites and networks with requests and data, consuming resources, degrading performance, and potentially taking them offline. WordPress includes a system called XML-RPC, which is often used in denial of service attacks.
  • Core, plugin, and theme vulnerabilities: Bugs in code can be exploited to circumvent authentication systems, upload malicious code, or gain extra privileges.  Bad actors often look in a site’s files for clues about the sort of attack it is vulnerable to.
  • Code injection attacks: Running malicious code is a goal of many bad actors. They scour WordPress sites searching for vulnerabilities that will let them inject PHP, JavaScript, or SQL code.

WordPress Toolkit for cPanel implements features and security measures that protect sites against each of these attack types.

Security Hardening with WordPress Toolkit for cPanel

cPanel’s WordPress Toolkit is a complete WordPress management solution with an intuitive interface. You can think of it as a single dashboard for controlling all of your WordPress sites. It automates WordPress hosting tasks, including installation, updates, and backups. It also surfaces configuration tweaks that you’d otherwise have to dig around in the admin interface or edit configuration files to change.

WordPress security hardening is one of the places where WordPress Toolkit really shines. First, it applies fixes for critical vulnerabilities during installation, so sites are secure before they go online. Second, it scans existing sites for suboptimal security settings and can fix them at the click of a button.

We’ll have a look at some of the security fixes it applies in a moment, but first, we’ll show you just how easy it is to security harden a WordPress site with cPanel.

To use one-click hardening, you will need:

  • A cPanel instance with WordPress Toolkit installed
  • A WordPress Toolkit Deluxe license.

You can find the WordPress Toolkit in Applications on cPanel’s main page. Sites are listed on the overview page with status information and configuration switches.

Introducing Jupiter – A New Look For cPanel

Introducing Jupiter – A New Look For cPanel

Introducing Jupiter – A New Look For cPanel by cPanel
Creating a new theme for cPanel is no small task. We knew we had to not only keep what our current users love, but also provide an easy-to-use format for newer users. We want you to be able to find the tools you need (and any help you may need) without delay. This is what led us to develop two main pages for Jupiter – the Tools page and the Solutions page. The Main Menu allows you to easily switch between these two pages.

The Tools Page

Jupiter – Tools Page
The Tools page will be familiar to experienced users. This is the default home page. We’ve listed cPanel’s applications and grouped them into categories. Like in Paper Lantern, you can click on and drag these groups to arrange them in any order. On the right sidebar, the General Information and Statistics panels display website and server information at a glance.

The Solutions Page
Created with first-time users in mind, the Solutions page will teach you how to use cPanel effectively and efficiently. Experienced users may also find this page to be a valuable source of information.

We’ve listed the top twenty questions our users ask cPanel Technical Support. Clicking on any of these questions will take you to our public documentation to help you find a solution to your issue. If you don’t see the problem you are experiencing, we have also included links to our documentation, video tutorials, forums, and cPanel University.

The header at the top of both the Tools page and the Solutions page features a search bar, allowing users to find what they are looking for within the cPanel interface. A drop-down menu next to the cPanel Account name allows access to Account Preferences, Password & Security, Change Language, Contact Information, Reset Page Settings, Log Out, and other links that may have been added by your hosting provider.

What’s Next For Jupiter

Jupiter – Solutions Page


This is just the beginning of development. We have lots in store to make cPanel better than ever.

Guided Solutions
For a product as feature-rich and robust as cPanel, it’s easy to get lost in the complexity. The cPanel Interface can overwhelm first-time users with so many options. Even experienced users may stick to what is familiar and never try out some of the other tools we have available. Our Guided Solutions will introduce key features within cPanel, allowing us to step new users through common tasks as well as walk experienced users through some of our more advanced tools. We’re excited to launch this functionality in the near future!

Customization
We plan to set up a new style architecture that will give hosting providers an easier way to customize color palettes and theme your cPanel experience, without relying on complicated style overrides and custom CSS. We are even working to empower resellers and hosting providers to create their own custom Guided Solutions. Some

additional options will be the ability for resellers and hosting providers to:

upload custom logos
change the color palette
add common questions to the help section
add resource links
link their own documentation and videos
These efforts will make cPanel easier to use so our customers can focus on what matters, like site building, content creation, and marketing.

Send Us Feedback
We’d love to hear what you have to say about Jupiter and what you’d like to see in the future. We are actively developing the guided solutions. Want a specific task as a Guided Solution? Let us know! Our customers are our most valuable resource. Click here to share your thoughts with us

Second Log4j vulnerability discovered, patch already released

Second Log4j vulnerability discovered, patch already released

After the disastrous Log4j vulnerability disrupted the online world, another vulnerability surfaced online.

The Log4j vulnerability has become one of the largest security issues we’ve seen in recent times. With the level of attention now being focused on this problem both by attackers and defenders, it’s likely that we’ll see further information and possible vulnerabilities.

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was “incomplete in certain non-default configurations.”

“This could allow attackers… to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack,” the CVE description says.

In the aftermath of the immediate response, companies should carefully consider how they can manage this type of risk strategically. Improving detection of software versions and using software supply chain security tools are good examples of defense-in-depth security measures that can provide short-term mitigations. Using these tools gives IT departments the time needed to coordinate comprehensive patching and testing of their software systems in a safe and controlled fashion.

It turns out that the first patch was ‘incomplete’, and therefore, another Apache Log4j version has been released. Second Apache Log4j Bug Found Reportedly, Apache has released another major update for its Log4j code library addressing a serious bug. Identified as CVE-2021-45046, this vulnerability appeared following an incomplete patch of the (now infamous) Log4Shell flaw (CVE-2021-44228). As stated in the vulnerability description, It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.

Log4j

Log4j

Log4j is a Java library that adds a drop-in functionality to many online software products. For an end user it’s not something they would generally download and use. It’s a Java library that would be included as part of the software. Because of that, end users aren’t generally aware if the software they use contain the vulnerability. The log4j vulnerability is rated at 10 on a scale of 1 to 10, with 10 representing the most dangerous level of vulnerability.

The popular cPanel web hosting server control panel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The vulnerability itself is named, Log4Shell.

Internal Update
Our team is currently investigating CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software, including Apache, Apple iCloud, Steam, Minecraft and others. Our security team is actively monitoring the effects of this vulnerability.

At this point, we have not identified an impact to the HDWEBPROVIDER Platform, but our teams are monitoring activities to ensure all instances of our back-end are safe and will be taking appropriate action as needed.

The only cPanel service affected by the log4j vulnerability was the Dovecot Solr cPanel plugin which we are NOT using our servers. We already did not recommend that plugin because of its higher resource usage for no real benefits to IMAP searches. 

Status:
cPanel has already put out a patch for this as of Friday and our servers and cloud network is fully secured against this vulnerability. 

How To Manually Remove Malware From Websites

How To Manually Remove Malware From Websites

Your website has been compromised, and you suspect the attackers have injected malware into its code. What can you do about it? There are many ways to approach a malware infection, and we’ll look at some in a moment, but your final recourse may be to roll up your sleeves, hunt through the site’s files, and remove the malware manually.

This article will show you how to find malware code in your site’s files and remove it, using a WordPress site as an example. You don’t have to be a developer to follow along, but you’ll be better able to identify malware if you have some familiarity with coding and the language the site is written in; PHP in WordPress’s case.

How To Avoid Manually Removing Malware from Websites

In an ideal world, you wouldn’t have to remove malware manually. It can be a tedious process, especially if you can’t distinguish between malware and innocent code your site relies on. It’s also easy to miss malware code—online criminals are sneaky, and they go to great lengths to hide it. Unfortunately, you might spend hours hunting down and deleting malware traces, only for a hidden backdoor to reinfect the site immediately.

The best option is to avoid malware infection in the first place. Make sure your site is updated, and turn on automatic updates if possible.  Be careful when installing plugins and themes, and avoid nulled or pirate software at all costs; it is invariably loaded with malicious code.

Automatic malware detection and removal is also less demanding than manual malware removal. cPanel & WHM supports the excellent free ImmunifyAV scanner, which you can install via WHM’s Security Center. It alerts you when it finds a suspected malware infection and tells you where it is. If you upgrade to ImunifyAV+, you’ll be able to remove malware with the click of a button too.

Finally, if you suspect an infection, you should attempt to restore a recent clean backup. Restoring from an uninfected backup overwrites malicious files with clean originals. cPanel’s WordPress Toolkit makes it easy to back up WordPress sites in seconds, or you could use one of the many WordPress plugins that offer backup functionality.

If you don’t have a recent backup, then you’ll have to dig in and replace infected files manually.

Manually Removing Malware from a WordPress Site

We’re using WordPress in our walkthrough because it’s the most popular CMS, but a similar process works just as well on other content management systems and ecommerce stores.

It should be mentioned that we’re making a big assumption in this article. We’re hoping the malicious code is limited to your website and that the attacker hasn’t gained access to your web hosting server. However, if the server is compromised, the attacker may have replaced system binaries with rootkits and other malware. If that’s happened, you can’t trust any software on the server, including the software we’re about to use to clean malicious code from the site.

Before tackling malware removal on WordPress, you should:

  • Take the site offline. If possible, use WordPress Toolkit’s maintenance mode to avoid exposing users to further risk.
  • Make a backup. Back up your site whenever you make changes to its code or database.
  • Turn on debug settings. Debug settings allow WordPress to print error messages to the screen. They’ll help you to figure out what went wrong if you make changes that break the site. You can read more about debug settings and maintenance mode in WordPress® Debugging with cPanel and WordPress Toolkit.

First, we’ll check to see if any files have been modified in the last few days. Most WordPress files are not frequently modified except for static assets like images, so recent changes are a helpful clue.

Log in to your server via SSH or open the cPanel Terminal and navigate to the infected site’s directory. You’ll find the Terminal under Advanced in the cPanel main page menu. Your WordPress site is most likely in public_html or a directory inside public_html.

Run the following command:

find . -name '*.ph*' -mtime -7

This displays a list of all PHP files modified in the last seven days. WordPress has hundreds of files that might hide malware, but let’s assume that wp-config.php is at the top of your list. Next, we need to look inside to see if there is any sign of malicious code.

Open the file in your text editor. If you prefer not to work with command-line text editors, locate the file in cPanel’s File Manager, and click Edit in the menu bar. You’re looking for anything that seems out of place.

Keep an eye out for these red flags:

  • Mismatched coding styles — the lines of code may be longer, improperly indented, or excessively complex.
  • Obfuscated code — code that has been deliberately disguised. It looks like long strings of meaningless letters and numbers. Not all code that looks like this is malicious; you may come across legitimate hashes that match this description, especially in configuration files.
  • Strange URLs — most URLs in your site’s files are related to the site itself. If you see an unusually formatted or excessively long web address, it may link to a server under the attacker’s control.

For example, if you see something like this mixed in with the familiar PHP code, it’s almost certainly malware.

Most malicious code isn’t that obvious.  However, you can compare files with the original to see if anything looks out of place. Download a fresh copy of the same version of WordPress from WordPress.org. If a plugin or theme file is under suspicion, download a new version from the developer’s site or the WordPress repository.

Open your newly downloaded version and compare it to your site’s file. They may not be identical, but you should view any significant differences with suspicion.

In many cases, you can simply replace an infected file. Manually clearing malware is a careful process of exchanging infected files for uninfected originals. However, you must be careful not to simply replace files that contain essential configuration data. For example, if you swap wp-config.php for a freshly downloaded file, your site will stop working because that file contains site and database configurations.

If you aren’t sure what a file does, check the WordPress documentation to ensure that it is safe to exchange. You may have to copy information from the infected file to its replacement, making sure no malicious code makes its way across.

To replace files, use cPanel’s File Manager to delete the infected original and upload the replacement. Then, verify the site still works every time you make a change. If you don’t regularly check and only notice the problem later, you may have no idea which edit did the damage.

As we mentioned at the beginning of this article, manual malware removal is a long and tedious process. And there is no guarantee that you’ll find all the malicious code. However, it’s a valuable technique to have under your belt when automatic malware removal and back-ups let you down. As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can.

CloudLinux OS 7 hybrid kernel and kernel module have been scheduled for gradual rollout

CloudLinux OS 7 hybrid kernel and kernel module have been scheduled for gradual rollout

Reaching a high level of stability can be difficult, sometimes unachievable, for many shared hosting companies. Sudden resource usage spikes, increases in traffic, and hacker attacks are some of the problems system administrators cope with everyday. For years, this has been accepted as a cost of doing business. It costs money, it costs time and, more importantly, it costs customer trust. Therefore, it is time to consider changing the underlying OS to eliminate those costs.

CloudLinux was released to the market in 2010. Today, it is a must-have for any web host who cares about stability, security, and churn. It is used by more than 2,000 hosting companies on 20,000+ servers. CloudLinux is interchangeable with CentOS so any SysAdmin will feel right at home. Yet, it was specifically optimized for shared hosting. Web hosts that use CloudLinux report higher uptime, significant improvements in density (as much as 5x), 4x decrease in number of reboots, and 10x decrease in number of account suspension they have to perform. It has also produced a significant decrease in churn for a number of customers.

The software specifically made for web hosts running cPanel control panel with multiple accounts. If you are a shared host, or a design company that has to host sites on behalf of the client – CloudLinux is your friend.

CloudLinux + cPanel =

  • Improved stability by limiting the resources any single user can consume
    In shared hosting, the most common reason for downtime is a single account slowing down other accounts on the server. Using cPanel & WHM software with CloudLinux utilizes innovative Lightweight Virtual Environment (LVE) technology, improving the density and stability of your shared hosting environment for all tenants.
  • Advanced server security
    With unique CageFS technology, CloudLinux encapsulates each customer, preventing users from seeing each other and viewing sensitive information. It also prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
  • Increased server efficiency
    By monitoring and containing resource spikes, CloudLinux eliminates the need to leave server resources idle, providing you with the ability to host twice as many accounts on your cPanel & WHM server.
  • Multiple PHP versions
    Using CloudLinux together with cPanel & WHM software gives your customers with the flexibility to choose the PHP version that they need. This includes versions 4.4, 5.2, 5.3, 5.4, and 5.5 as well as more than 50 PHP extensions and the ability to adjust php.ini settings.
  • Hardened kernel
    The shared hosting environment is unlike any other and the CloudLinux kernel takes that into account. It can protect against symlink attacks and trace exploits, while restricting the visibility of ProcFS to only what is necessary — making your cPanel & WHM servers more secure.
  • Admin interface within cPanel & WHM software to easily manage account usage
    Within cPanel & WHM, CloudLinux gives you and your clients the visibility and accessibility to see and control the exact resource usage of each website.

What value does offering CloudLinux bring to my cPanel clients?

As a cPanel Partner NOC, you can quickly activate CloudLinux via Manage2. You will be able to sell and license CloudLinux as well as receive a consolidated bill for both cPanel & WHM and CloudLinux. License configuration is available through our On-Demand license system via API or the Web.

Integrated Support

Because we highly value your immediate needs, we’re providing direct Enterprise, Priority, and Complimentary support for CloudLinux in the exact same fashion that we do for our core products. We’ve also integrated the CloudLinux support team into our ticket system to provide you with the best possible experience. Single-source support means that you will always receive our best for your web hosting services. You will also be entitled to submit tickets to CloudLinux support directly.

Integration with CloudLinux gives you a great opportunity to purchase its solutions at a discounted price and resell it to your customers. It also means using all the privileges of its Partner Program:

  • Additional revenue opportunities with excellent margins
  • Automated ordering through our API
  • Easy-to-use, IP-based licensing
  • Marketing support and content
  • Participation in joint press releases
  • Access to the Partner Portal
  • Unlimited 24/7 dedicated support, including elevation to developers, if required
  • Full set of materials, marketing assistance, and sales aids for successful promotion. CloudLinux is a devoted partner, committed to helping you grow your own business with all necessary marketing and sales tools.
  • Less downtime, more stability, and happier customers for shared hosts. This means faster growth and increased server use. As your customers’ servers become more stable, you can expect them to contact your support less frequently.
  • 24/7 dedicated technical support for your customers, removing some of the burden associated with dealing with OS-related issues. You don’t have to worry about anything — the highest level of our support service will satisfy even the most demanding client.
WordPress manager a better wordpress experience with cPanel

WordPress manager a better wordpress experience with cPanel

By: benny Vasquez: Over the past year, we have been working to better develop both the infrastructure and the experience of using cPanel with WordPress. This time our goal has been to provide our customers with an easy, dependable, self-service method for managing WordPress sites through the cPanel interface. We are pleased to be releasing the first phase of this work to our customers in the form of WordPress Manager.

Read More »

Administrator user password resets

Administrator user password resets

You requested and we’ve delivered!  Password resets are among the most common support requests for web hosting administrators with clients using WordPress. WordPress Manager alleviates the burden of manually resetting a client’s password credentials and introduces a simple, one-step process that allows any cPanel user to reset the password for any WordPress admin on their account.
Read More »