Tags
Tagged with cpanel
- 15 min readoperationsinfrastructure
86 CPU spikes in 24 hours: a multi-cause cascade postmortem
A cPanel server fired 86 ChkServd CPU alerts in one day. Four root causes were amplifying each other. The triage, the order of fixes, and the lessons.
- 8 min readwordpresssecurityoperations
Hardening every WordPress site on cPanel in one loop
A field-tested bash loop that walks every cPanel user, finds every WordPress install, and applies an idempotent hardening checklist with weekly drift detection.
- 6 min readoperationsinfrastructurewordpress
When you have to suspend a WooCommerce client: anatomy
A WooCommerce client burned 40-60% CPU on a shared cPanel box for 48 hours, unreachable. The decision tree, the suspension, and the conversation after.
- 14 min readoperationswordpressinfrastructure
Patchman activation breaks PHP sites: memory_limit gotcha
Patchman daily scans on cPanel push large WordPress sites past the PHP memory_limit and trigger 500s. Diagnostic flow, two-part fix, pre-activation audit.
- 8 min readwordpressoperationsinfrastructure
The corrupted WordPress db.php dropin nobody warned you of
WordPress says the DB connection is down but MySQL is fine, and only one site is affected. The cause is almost always a broken db.php dropin in wp-content.
- 14 min readoperationssecurityinfrastructure
Locked out of cPanel SSH: VNC, iptables, and the way back in
How to recover from a cPanel SSH lockout using your provider's VNC console, iptables flush, and CSF restore, plus the audit that prevents the next one.
- 6 min readinfrastructureoperations
When the client changes DNS without telling you first
Mail dies, AutoSSL stops renewing, the homepage shows a registrar parking page. A short field guide to diagnosing and fixing a silent DNS handover.
- 13 min readmailinfrastructure
AutoSSL fails on Microsoft 365 autodiscover subdomains: the fix
Why cPanel AutoSSL emails nightly that autodiscover.client failed HTTP-01 when the client uses Microsoft 365, and the two-step WHM exclusion fix.
- 12 min readinfrastructureoperations
cPanel disk full at 96 percent: the backup retention trap
A postmortem on a cPanel /home at 96 percent, why 7 backup sets ate 331GB, the safe-deletion order, and the WHM retention that stops the cascade.
- 14 min readwordpresssecurityinfrastructure
xmlrpc.php abuse and the 27-site one-shot fix on cPanel
A postmortem on 5,400 xmlrpc.php requests an hour from one /24, why per-site plugin fixes fail, and the shell loop that hardened 27 WordPress sites at once.
Three real WordPress compromises and how we found them
Three anonymised WordPress compromise postmortems on cPanel: a nulled Elementor Pro backdoor, a wp_options casino injection, and a six-week data exfiltration.
- 13 min readsecurityinfrastructure
SSH brute force on cPanel: the 8,127-attempt night and the fix
A postmortem on 8,127 failed SSH logins to a cPanel server in six hours from rotating /24s, why lfd alone could not see the pattern, and the layered fix.
- 12 min readdatabaseoperations
MySQL OOM on cPanel: diagnosing innodb_buffer_pool_size
A 2026 postmortem on MySQL OOM on cPanel: ChkServd alerts, the InnoDB buffer pool error, the math behind safe sizing, and the fix flow we ship.
- 15 min readwordpressinfrastructuresecurity
WooCommerce filter URLs are a crawler trap: the fix
A 2026 postmortem on WooCommerce filter URLs as a crawler trap: 41,000 unique URLs/hour from Facebook and MJ12bot, the diagnostic, and a three-layer fix.
- 2 min readdatabaseoperations
Sample incident: MariaDB OOM kill on a shared cPanel node
A walkthrough of one Saturday-morning MySQL crash on a cPanel server: what alerted, what we ran, and the InnoDB buffer-pool change that closed the ticket.
- 17 min readwordpressinfrastructure
WordPress WP-Cron stacking on cPanel: a complete fix
A 2026 postmortem on WordPress WP-Cron stacking on cPanel: 41 concurrent PHP-FPM children, the HTTP loopback that doubles load, and the three-layer fix.
- 14 min readsecurityinfrastructure
CSF, lfd, and Imunify360: why your firewall is killing itself
A 2026 postmortem on cPanel servers running CSF and Imunify360 in parallel: lfd OOM kills, csf.deny bloat, iptables races, and the fix we ship.
- 2 min readsecurityinfrastructure
Imunify360 custom SSH port: stop blocking your admins
Tell Imunify360 about your non-22 SSH port so its brute-force protection stops blocking legitimate admin connections, with a verification command.
- 2 min readwordpressoperations
Disable WP-Cron across every WordPress site on cPanel
An idempotent bash script that disables WP-Cron across every WordPress install on a cPanel server and replaces it with staggered system cron entries.
- 2 min readdatabaseoperations
MariaDB slow log permissions on cPanel: the quick reference
Fix MariaDB slow_log Permission denied on cPanel after a MariaDB updater run, plus a weekly cron that re-asserts ownership before the next reset.
- 3 min readoperationsinfrastructure
ChkServd alert field guide: reading cPanel service alerts
Decode the chkservd alert subject lines and bodies cPanel sends when a service flaps, with notes on common false positives and how to tune sensitivity.