Why Disable Default cPanel Login for FTP?
By default, cPanel login credentials can be used to access FTP, which poses a security risk. Hackers can exploit this vulnerability to upload malicious scripts. To enhance security, you can disable FTP access for cPanel users by following the steps below.
Steps to Disable FTP Access for cPanel Users
- Open the ftpupdate File
Access your server as the root user and edit theftpupdatescript:
vi /usr/local/cpanel/bin/ftpupdate
2. Locate the Relevant Code
If you’re using an older cPanel version, navigate to line 189.
If you have an updated cPanel version, the code is usually found at line 211.
3. Comment Out the FTP Credentials Line
Locate the following line:
print FTPASS join( ‘:’, $system_user, $entry->[1], $entry->[2], $entry->[3], $entry->[6], $entry->[7], $entry->[8] ) . “\n”;
Modify it by commenting it out:
print FTPASS join( ‘:’, $system_user, $entry->[1], $entry->[2], $entry->[3], $entry->[6], $entry->[7], $entry->[8] ) . “\n”;
4. Run the FTP Update Command
Apply the changes by executing:
/usr/local/cpanel/bin/ftpupdate
Outcome:
After completing these steps, the default cPanel login credentials will no longer work for FTP access, reducing the risk of unauthorized file uploads.
Additional Security Recommendations:
- Use SFTP (Secure FTP) instead of FTP for enhanced security.
- Create separate FTP accounts with limited access.
- Implement strong passwords and IP restrictions for FTP users.