We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.
We will continue to maintain our API documentation on this server.
For cPanel & WHM version 58
(Home >> Security Center >> Configure Security Policies)
The Configure Security Policies interface allows you to configure your security policy options and security policy extensions.
Select the following checkboxes to help secure your server:
|Limit logins to verified IP addresses|
This option determines whether to require users to answer security questions when they log in to their cPanel, Webmail, and WHM accounts from unverified IP addresses.
|Two-Factor Authentication: Google Authenticator|
This option determines whether to require users additionally enter a generated security code provided by a time-based one-time password (TOTP) app on a smartphone.
To configure the two-factor authentication settings, use WHM's Two-Factor Authentication interface (Home >> Security Center >> Two-Factor Authentication)
This option enforces a minimum password strength for cPanel, Webmail, and WHM users.
To modify the minimum password strength, use WHM's Password Strength Configuration interface (Home >> Security Center >> Password Strength Configuration).
This option allows you to specify the number of days to allow cPanel, Webmail, and WHM users to use the same password.
When you select this checkbox, the Maximum password age (in days) text box appears. Enter the maximum number of days to allow users to use the same password.
The Security Policy Extensions options apply your security policy to WHM API requests and DNS cluster requests.
Enable the following options to help secure your server:
|XML-API and JSON-API requests||Select this checkbox to apply the Security Policy Items settings to WHM API requests. If you enable this option, the policies that you set apply to any user who attempts to call a WHM API function.|
|DNS Cluster requests||Select this checkbox to apply the Security Policy Items settings to DNS cluster requests. If you enable this option, the policies that you set apply to any user who attempts to make a DNS cluster request.|
To disable security questions via the command line, perform the following steps:
/var/cpanel/cpanel.configfile in your preferred text editor.
/scripts/restartsrv cpanelcommand to restart cPanel & WHM.