secure login to cpanel and webmail

abd rahman

New Member
hi all
i just had a chat session with sale team and they confirmed the following to me
they said login to cpanel would be done via a link like this : http://ip : port not via a link with https
which mean no SSL or TLS is not used
which mean anyone can have your password no matter what you do
which mean also even if you login to cpanel without anyone saw your password
they still can have cookies used to login
all you do is sent as plan text over network

no security at all

now what i want to know is there anyone having this vps here
and how do you manage you security

one other point : in my talk with sale team i said
can your technical team install SSL for cpanel so i can type something like : https:// cpanel ..
the answer was no , the only thing you have is http:// without S

You can login with https://ip:2087 which will give you https. But you may receive an error from your browser due to the certificate being self signed.

If you wish to have an SSL on there and not receive an error message you will have to purchase an SSL for your WHM/cPanel services. If you would like assistance with this please contact our support team by logging into or by emailing off your registered email address and we will be happy to help.
thank you for help
a self signed ssl is good i can add exception for it in the local browser
i will purchase an SSL for the main web application
i just don't know how many SSL certificates do i need

3 certificates ? one for my web application , one for cpanel , one for webmail ?

few more questions please :

1 can i use https:// webmail ... for webmail too ?

2 can i use .htaccess files to deny access to webmail once at all , because i will be using mail only for sending things like notifications , and this will be done from the web application i host not from roundcube

3 do you have your own way to manage the vps ? because i want to do something : i want to put .htaccess to deny access to cpanel , and when i need cpanel i ssh into the server as root and remove the .htaccess

i spent the whole day talking to the support , they may be tired from me now
so i come to the forum
Last edited:

You can use https://ip:2096 to access your webmail.

I have seen customers setup authentication pages prior to logging into WHM/cPanel. Something you could look into is Host Access Control which there is some information on here: I do not recommend using this if you have a dynamic ip.

Let us know if you have any questions and don't hesitate to open a support ticket by logging into or by emailing off your registered email address and we will be happy to help.
@abd rahman You'll only need 1 wildcard certificate which will cover all of your WHM/cPanel/Webmail/POP/IMAP/SMTP/etc. access If you're already planning on securing your application, and are using the same domain for accessing the server, then you're in luck and only need to have a single wild card cert (*
Odd that the sale team just said no, but they are sales, not tech support. Hopefully they know now.