cPHulk is the built-in security mechanism in cPanel/WHM that protects your server against brute-force attacks. It detects and blocks IP addresses that repeatedly fail login attempts.
We strongly recommend keeping cPHulk enabled on production servers.
1. Enabling cPHulk (via WHM)
To activate protection via the graphical interface:
- Log in to WHM using your root account.
- Navigate to Security Center > cPHulk Brute Force Protection.
- Click the toggle switch to On/Enabled.
- (Optional) Adjust the "Configuration Settings" tab to make the rules stricter or more lenient.
- Click Save.
2. Disabling cPHulk (Emergency / CLI)
If you are locked out of WHM or need to perform maintenance, you can disable cPHulk via the command line. This is useful if the web interface is unreachable.
- Connect via SSH or use the Video Display console.
- Run the following command to cleanly disable the service and its monitoring:
whmapi1 configureservice service=cphulkd enabled=0 monitored=0To re-enable it later via command line:
whmapi1 configureservice service=cphulkd enabled=1 monitored=13. Whitelisting Trusted IPs
To prevent yourself (or your office) from ever being blocked, you should add your static IP to the whitelist.
- In WHM, go to cPHulk Brute Force Protection.
- Click on the tab Whitelist Management.
- Enter your IP address in the "New Whitelist Records" field.
- Click Add.
Tip:
Only whitelist static IP addresses (like your office VPN or server monitoring IPs). Whitelisting dynamic home connections can be a security risk if that IP is later assigned to an attacker.
Only whitelist static IP addresses (like your office VPN or server monitoring IPs). Whitelisting dynamic home connections can be a security risk if that IP is later assigned to an attacker.