Our partner o2switch has updated cPanel and offers us a new feature for the protection of our sites: TigerProtect
You log in to your cPanel and go to Tools.
One click on TigerProtect and you are on the configuration page:
You have all the explanations to go to the configuration section by section, the screenshots are those of my configuration.
A maximum configuration to forbid the access to all the intruders, indelicate robots, undesirables...
For the Generic tab :
You do not change the default security of o2switch, you can set the browser control on the current administration pages and block access to development files.
You leave the direct access to the .php files to Off, so as not to block the access to the GuppY files.
For the mode "I am attacked" you switch to On only if you notice attacks on your sites.
For the Robots tab :
I skip the WordPress tab, GuppY is not concerned.
You can control all the requests, in particular the malicious robots of all kinds, of bad reputation or which do not respect the rules of robots.txt.
For my part, I selected On to control all.
For the IP Address tab :
I set On to block traffic from IP addresses on the Tor network.
Some may use the Tor network for their malicious attempts.
I have also blocked traffic from IP addresses with a bad reputation. Beware that an IP address may be listed on a blacklist wrongly and in this case it will be blocked.
For the ModSecurity tab:
By default, ModSecurity is active, you keep it active.
I cannot advise you enough to customise the security and in any case not to remove it.
On the other hand, after customisation, you can remove the blocking of IP addresses in the .htaccess which has an influence on the display speed of your sites.
Do not forget to confirm the settings to complete the configuration.
In the left-hand corner, clicking on the Bulk Mode tab allows you to list the domains and sub-domains in the online space and apply the same configuration to all your sites.
Tutorial by Papinou for the GuppY Team - December 2022 - CeCILL Free License