cPanel & WP Hacks - Seeing at Several Hosts - New Vulnerability?

Shazan

cPanel has always been like this. DirectAdmin would be a safer option.

webminfo

@yokowasis said:

@webminfo said:

@MTUser2012 said:
No. I have multiple cPanel accounts each with a single WP installation. Recently, I noticed that several accounts were hacked, the WP installation AND the cPanel installation. In the past, I've dealt with hackers before, the hack was only of the WP installation. Hence my question about the level of isolation between the cPanel account and the WP account. As answered here, my assumption was incorrect.

@yokowasis said:
Let me get this straight. You have multiple accounts on multiplex provider on WordPress on cpanel and all of the cpanel account get hacked?

Why don't use VPS? Much better than a shared cPanel account. If they do not use CloudLinux the shared account can easily get hacked via localattack.

From what he said, he use VPS / Dedicated and install the cpanel himself.

No, I used WordOps script to install and manage WordPress sites. It's easy and secure.

bikegremlin

@MTUser2012 said:
I apologize for the delay in answering. I had to remind myself of what I perceive as WF's deficiencies by using it on a new WP site. Once I set it up, and saw how it worked, I remember what drove me to Cerber.

I think both products do a good job of blocking malicious attacks. What was driving me crazy when I used WF was all the spam, comments and contact form spam. I was paying for a separate spam solution that worked better than Akismet for comments, but it was necessary.

I found Cerber when a contractor built a website for me, and used that versus WF. Cerber is great for both comment and contact form spam, completely eradicates it. This was such a time sink for me, and it allowed me to get rid of my paid spam killing subscription, paid plugin. So I started using Cerber exclusively, and put some time into optimizing it for my setup.

Now, I started this thread due to cPanel hacks, which I didn't understand when I started the thread. I've since learned about the AnonymousFox hack of cPanel hosting accounts, due to a symlink vulnerability on the server. Cerber won't help with this kind of hack, andI don't think anything will, but it seems to work well for bruteforce, and spammers.

You may have different concerns than mine, so perhaps WF is better in your environment.

@bikegremlin said:

@MTUser2012 said:
What do you want to know? I have paid subscriptions to both to get full functionality, and use the free versions too.

@mezoology said:

@MTUser2012 said: agree that Cerber is the best security plugin available today. It is far superior to WordFence

is it really? let's say comparing free to free?

Same question - what do you find lacking with WordFence that Cerber "fixes"?

Looking for the info in order to see about switching to Cerber. How is Cerber superior to WordFence?

Thanks for the explanation.

It's been my experience too that WF doesn't help with spam well enough. For that, I use a separate plugin (my way of stopping WP spam).

In terms of security, WF has worked fine so far. And I'm not really eager to risk with another plugin for that, before testing it thoroughly. It is tempting to have the security plugin replace the anti-spam plugin (one plugin fewer on a website is always good). Just need to thoroughly test and confirm that it works well as a security plugin.