TakeHost
← All tutorials

Server Management

How to Install cPanel/WHM on a Fresh Server

Intermediate12 mincPanelWHMLinuxSecurity

cPanel/WHM is a popular web hosting control panel. It must be installed on a clean server (no prior Apache, MySQL, PHP, or other panel), and cPanel only supports AlmaLinux, Rocky Linux, CloudLinux, and Ubuntu LTS. This guide installs it from the official installer over HTTPS and hardens it afterwards.

/01

Start From a Fresh, Updated Server

Use a brand new server with no web stack installed. Update everything first so the installer pulls current packages.

# Run as root on a CLEAN AlmaLinux/Rocky/Ubuntu LTS server
sudo dnf -y update   # on AlmaLinux/Rocky; use: sudo apt update && sudo apt -y upgrade on Ubuntu
sudo reboot          # reboot if the kernel was updated
/02

Set a Valid Fully Qualified Hostname

cPanel requires a real FQDN that is not the same as any domain you will host. Set it before installing.

# Hostname must be a subdomain you control, e.g. server1.yourdomain.com
sudo hostnamectl set-hostname server1.yourdomain.com
hostname -f   # verify it returns the full FQDN
/03

Download and Run the Official Installer Over HTTPS

Fetch the installer from cPanel's HTTPS endpoint only. The installation takes roughly one to two hours; run it inside screen so a dropped SSH session does not abort it.

sudo dnf -y install screen   # so the install survives a disconnect (apt install screen on Ubuntu)
screen -S cpanel             # start a detachable session
cd /home
# -L follows redirects; HTTPS ensures the installer is fetched over an encrypted, authenticated channel
curl -o latest -L https://securedownloads.cpanel.net/latest
sudo sh latest               # detach anytime with Ctrl-A then D, reattach with: screen -r cpanel
/04

Open Only the Required Ports in the Firewall

WHM ships with its own firewall recommendations. Allow only the management and web ports you actually need, and keep SSH restricted.

# WHM/cPanel default ports: 2087 (WHM SSL), 2083 (cPanel SSL), 2096 (webmail SSL)
sudo firewall-cmd --permanent --add-port=2087/tcp --add-port=2083/tcp --add-port=2096/tcp
sudo firewall-cmd --permanent --add-service=http --add-service=https --add-service=ssh
sudo firewall-cmd --reload
/05

Complete Setup and Verify Over HTTPS

Log in to WHM and finish the initial wizard. Always use the https URL so credentials are never sent in cleartext.

# In your browser, go to:
# https://server1.yourdomain.com:2087
# Log in as root and complete the Initial Setup Wizard (set contact email, nameservers, etc.)
/06

Harden WHM: Enable cPHulk and Keep It Updated

Turn on cPHulk Brute Force Protection in WHM and ensure automatic updates are on. cPHulk locks out repeated failed logins; updates close known vulnerabilities.

# In WHM: Home > Security Center > cPHulk Brute Force Protection > Enable
# In WHM: Home > Server Configuration > Update Preferences > set to Automatic (Release tier)
# Then verify the current version and tier from the shell:
/usr/local/cpanel/cpanel -V

cPanel/WHM is installed on a clean server, reachable only over HTTPS, firewalled to the ports you need, and protected by cPHulk. Keep automatic updates enabled so security patches apply on their own.

Ready when you are

Deploy it on TakeHost.

View plans