In addition to changing the PHP version from cPanel, you can change various PHP settings using MultiPHP. You can enable and disable PHP extensions, as well as configuration directives such as allow_url_fopen, error_log, max_upload and more.
Change your PHP settings
Login to your cPanel <exampledomain.com/cpanel>
In the SOFTWARE section of the cPanel home screen, click MultiPHP INI Editor
Under Configure PHP INI basic settings, in the Select a location list box, select the home directory or a domain document root:
Under PHP Directive, locate the PHP directive you want to change.
Under Setting, select the new setting that you want for the directive.
Hit Apply. The new settings take effect immediately.
Multiphp Manager is one of the major improvements introduced by Cpanel team with Easy Apache 4. In order to use MultiPHP Manager you will need to upgrade the Easy Apache version to 4. The MultiPHP manager allows users and administrators to select the server default and per-domain default PHP versions. So though you have running PHP 5.6 as server’s default PHP version and if your website reuqires PHP 7, you can now easily change the PHP version to PHP 7 for that particular website through MultiPHP Manager.
The MultiPHP manager is available with Latest Cpanel release with EasyApache 4.
How to change your PHP version
Login to your cPanel <exampledomain.com/cpanel>
Go to Software section, select MultiPHP Manager.
Under System PHP Version, cPanel displays the default PHP version for your server. Any domain that does not have a PHP version explicitly set uses this version.
To change the PHP version for a domain, under Set PHP Version per Domain, select the check box next to the domain for which you want to change the PHP version:
In the PHP Version list box, select the PHP version you want to use for the domain, and then click Apply:
The new PHP version should take effect immediately.
Overview
ModSecurity is an open-source web-based firewall application (WAF) supported by different web servers like Apache, Nginx and IIS.
Usage
The module is configured to protect web applications from various attacks. ModSecurity supports flexible rule engine to perform both simple and complex operations. It comes with OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set). The OWASP ModSecurity™ CRS is a set of rules that Apache’s ModSecurity™ module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.
It comes with a Core Rule Set (CRS) which has various rules for:
cross website scripting
bad user agents
SQL injection
trojans
session hijacking
other exploits
Why should I use the OWASP ModSecurity rule set?
Protection from insecure web application design — ModSecurity rule sets can provide a layer of protection for web applications such as WordPress, phpBB, or other types of web applications. It can potentially protect against vulnerabilities in out-of-date web applications that protect against vulnerabilities in unpatched, out-of-date applications. If the developer of an application makes a security mistake, ModSecurity may block a security attack before it can access the vulnerable application.
Protection against operating system level attack — ModSecurity rule sets can protect against attacks that exploit the operating system of your server. For example, in 2014, there was a security flaw in the Bash shell program that Linux servers use. Security experts created ModSecurity rules to disallow the use of the exploit thought Apache. Server administrators used these ModSecurity rules and added additional security to their system until the release of a security patch for Bash shell.
Protect against generalized malicious traffic — Some of the security threats that server administrators face may not directly attack a program or application on your server. DoS (Denial of Service) attacks, for example, are common attacks. You can reduce the impact of such malicious traffic through the use of ModSecurity rules.
What are the risks?
As with any mechanism that blocks web traffic, OWASP rules could block legitimate traffic (false positives). While both OWASP and cPanel, L.L.C. aim to curate the OWASP rule set to reduce the potential for false positives, the rule set may block legitimate traffic.
Overview
Two-factor authentication (2FA) is a security measure that requires two forms of identification. After you enter your password, you must enter a security code. An application on your smartphone supplies this code. Without your smartphone, you cannot log in.
Note:
2FA requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:
2FA supports only one concurrent session for any user. If you open several browser windows to cPanel and log out in one of them, the server will log out the other windows.
To configure 2FA, perform the following steps:
The Two-Factor Authentication menu can be found in the cPanel >> Security >> Two-Factor Authentication:
Go to the Two-Factor Authentication menu and click on the Set Up Two-Factor Authentication button:
Connect your cPanel to your Authenticator app.
There are 2 ways to connect the app:
Automatically create the link by scanning the displayed QR code with your app
Manually create the link by entering the provided Account and Key information in your app
After the app is installed and connected to the cPanel, continue by entering the six-digit security code into the cPanel >> Security >> Two-Factor Authentication >> Step 2 >> Security code:
You should receive the following success message:
During the next cPanel login, after you enter your username and password, you will be redirected to the next page to enter the security code:
