WP AutoShield®: One-Click WordPress Security from cPFence: Page 9 - Enhance Control Panel

WP AutoShield®: One-Click WordPress Security from cPFence

8Dweb

cPFence Do you have any issues running WHMCS on OLS?

cPFence

Works perfectly fine with no issues. The only thing you’ll notice is a warning in the WHMCS health check about securing the /vendor folder. You can fix that by adding this to your .htaccess file:

<IfModule LiteSpeed>
    RewriteEngine On
    RewriteRule ^vendor/ - [F,L]
</IfModule>

wenani

cPFence Had not thought about this. For me I changed vendor permission to 750 and the error disappeared. Everything working well still.

longbsants

ivansalloum its better?

ivansalloum

longbsants In my experience, yes. It is the best. Wordfence is bloated.

longbsants

cPFence I conducted a test here by setting up an OLS server, but I noticed that some things work better with Apache + FlyingPress, which is fine. However, I couldn't manage to implement CORS or HSTS policies through either the console or the web admin. Would cpfense be able to implement this? From what I've seen, Enhance still doesn't support saving the configurations, am I correct?

cPFence

longbsants
You can use cPFence Freeze to save your OLS configurations, ensuring they persist across reboots and updates.

cPFence

Version 3.3.27 (31st January 2025)

Added
Exciting New Bulk Tools for Smart WordPress Hosting! , read more Supercharge Your WordPress Network With cPFence’s New Tools

Bulk Install Your Preconfigured Plugin Bundle:
- Automate plugin installations across all WordPress sites, ensuring every new website is set up exactly as you like—without lifting a finger.
- cpfence --bulk-install-plugin-bundle: Bulk install the plugin bundle listed in /var/log/cpfenceav/wp-plugin-bundle.txt.
- Run cronjob: /opt/cpfence/app/setup/cpfmain --bulk-install-plugin-bundle -y.
Automatic Plugin Blacklisting & Removal:
- Prevent clients from using unwanted plugins by automatically uninstalling them daily.
- cpfence --bulk-uninstall-bl-plugins: Bulk uninstall blacklisted plugins listed in /var/log/cpfenceav/blacklisted-wp-plugins.txt.
- Set this cron job to auto-remove blacklisted plugins daily:
  /opt/cpfence/app/setup/cpfmain --bulk-uninstall-bl-plugins -y.
Custom MU Plugin Deployment for Branding & Customization:
- Install your own MU plugin with your company’s branding, custom scripts, tracking codes, or anything else you need.
  Read more here.
- cpfence --bulk-install-custom-mu-plugin: Install your custom MU plugin (place the file in /var/log/cpfenceav/mu-plugin/ before running).
- Run cronjob: /opt/cpfence/app/setup/cpfmain --bulk-install-custom-mu-plugin -y.
- cpfence --bulk-uninstall-custom-mu-plugin: Uninstall your custom MU plugin.
- Run cronjob: /opt/cpfence/app/setup/cpfmain --bulk-uninstall-custom-mu-plugin -y.
Bulk Cache Plugin Removal for Easy LiteSpeed Installation:
- Remove all major caching and Redis plugins in one step, except LiteSpeed Cache, ensuring a clean installation.
- cpfence --bulk-uninstall-cache-plugins: Bulk uninstall all widely used cache and Redis plugins from all WordPress sites, except LiteSpeed.
- Run cronjob: /opt/cpfence/app/setup/cpfmain --bulk-uninstall-cache-plugins -y.

Improved

All official BunnyCDN, CacheFly, and Fastly IP ranges are now automatically whitelisted in cPFence for seamless integration.
Read more here.

MediaServe

cPFence Awesome! Already using Bulk Cache Plugin Removal for Easy LiteSpeed Installation and Automatic Plugin Blacklisting & Removal manually and will cron them after some thought.

Quich question though: Bulk Install Your Preconfigured Plugin Bundle might be good for installing LiteSpeed Cache for cPanel migrations, but I doubt it'll configure a preset or heartbeat. We generally do:

cpfence --bulk-install-ls-plugin
cpfence --bulk-configure-ls-plugin
cpfence --bulk-enable-ls-heartbeat

(After a cPanel migration.) If we have to do these three I guess bulk install bundle is irrelevant to LSCache.

ivansalloum

I really appreciate the great work you do, but I feel like the focus has shifted slightly away from being a dedicated security solution and purely emphasizing security.

cPFence

ivansalloum I really appreciate the great work you do, but I feel like the focus has shifted slightly away from being a dedicated security solution and purely emphasizing security.

Not at all! In just one month, we introduced some of the most powerful security features yet:

WP AutoShield® Module – A revolutionary way to automatically apply security features in bulk across all WordPress sites, ensuring proactive protection.
IP Reputation Monitoring – Prevents hackers from abusing your server for attacks or spam campaigns, keeping your services secure and uninterrupted.
cPFence MonitorPro – A powerful keyword monitoring tool that helps keep an eye on all sites in your cluster. Monitoring is at the heart of security.
Built-in Brute Force Protection – Native brute force protection for SSH and SFTP, fully integrated into cPFence without requiring extra tools like CSF or Fail2Ban.
WordPress Integrity Check (Added in December) – 100% bulletproof protection against hacker modifications. It provides instant notifications and an auto-quarantine option, ensuring compromised files are detected and secured immediately. This feature alone can transform the security of your WordPress sites.

All of these features were introduced in just one month, while most security tools take years to develop similar capabilities. Our team has been working tirelessly to make all these features available within just one month!

As for the bulk tools, they were initially built for our own use, but we decided to integrate them into cPFence because, as we’ve said many times before, our goal is to be the Swiss army knife for both security and server management in one powerful tool.

ivansalloum

cPFence Oh, I missed those! I didn’t see them, sorry about that. Thanks for the updates!

cPFence

MediaServe

Yes, what you guys are doing is the best approach (and those can be croned as well).

The bulk install bundle feature is mainly useful for forcing default plugins on all new installations. Some WordPress hosting companies use this to ensure security, optimization, or other required settings are applied right from the start. Some even have their own custom-developed plugins that they want installed by default on all sites. This new feature allows you to do all this effortlessly with a simple cron job.

As for blacklisting plugins, we plan to use it to prevent users from installing file manager plugins, known vulnerable plugins with no patches, and bloated/troublesome plugins. While it’s not a bulletproof solution (since users can still rename and manually upload plugins), such cases should be rare because they will most likely lose automatic updates if they do. In any case, these edge cases can always be handled manually when needed.

MediaServe

cPFence Thanks! Would you be willing list the plugins you like to blacklist?

cPFence

MediaServe Thanks! Would you be willing list the plugins you like to blacklist?

You're welcome! Here’s an example blacklist:

wp-file-manager
file-manager-advanced
filester
filebird
file-manager
real-media-library-lite
wpide
folders
fileorganizer
media-library-organizer
nmedia-user-file-uploader
shared-files
softdiscover-db-file-manager
cm-download-manager
wp-file-manager-pro
wp-file-download
wpide-pro
hide-my-site
disable-admin-notices
call-now-icon-animate
wp-copyprotect
wordpress-social-login
simple-csv-xls-exporter

To blacklist them, just add them to the file:
/var/log/cpfenceav/blacklisted-wp-plugins.txt

As a rule of thumb, any vulnerable plugin that has no patches available should not be allowed on your server. WP-AutoShield sends weekly vulnerability reports every Monday morning for each server. Just check these reports regularly, look at the "Remediation" row, and grab all the plugins that say "No known patch available" , then manually review and add them to the blacklist.

If you are like us and prefer not to manually review them, and instead want to automatically blacklist all vulnerable plugins with no patch available on all your servers in one go, you can do the following:

1- Run cPFence Multirun Tool

cpfence --multirun

2- List vulnerable plugins with no patch available:

grep "No known patch available" /var/log/cpfenceav/vulnerabilities_*.csv | awk -F',' '$1 == "plugin" {print $2}' | sort -u

3- If the output looks good, append them to the blacklist automatically for all your servers in one go :

grep "No known patch available" /var/log/cpfenceav/vulnerabilities_*.csv | awk -F',' '$1 == "plugin" {print $2}' | sort -u >> /var/log/cpfenceav/blacklisted-wp-plugins.txt

MediaServe

cPFence Thanks again! You guys have built a comprehensive but also complex system! Hard to keep track of so many option lol. But I love what you've done for Enhance and considering requests and making them happen so quickly is perfectamundo!

cPFence

MediaServe

I understand that rolling out so many features so quickly can be overwhelming and hard to keep up with. For the average user, we always recommend sticking to the default settings and simply activating these three modules:

cpfence --wp-autoshield-on  
cpfence --owl-automysql-on  
cpfence --monitorpro-on

This setup provides solid security on autopilot without any extra effort.

For advanced users with many servers who want to take full advantage of the bulk and advanced tools, diving into our knowledge base and using the cheat sheet will be the best way to explore all the possibilities.

MediaServe

cPFence After cPanel migrations of full servers, we see lots of errors cleaning up WP sites with your bulk tools. Most of them are database connections that seem to be WP files left behind while the DB has been deleted. It would be nice to simply have a command to provide a list of WP sites producing obvious errors like this so we can more easily resolve these problems.

cPFence

MediaServe

Many clients copy full WordPress installation files for quick backups or testing purposes, so you need to be careful when dealing with WP files without databases to avoid removing private files.

MediaServe

cPFence Yeah I have to review each one, but these are long term cPanel users with old files missing the database completely as far as I've seen so far.

« Previous Page Next Page »