What Ports Does WP Squared Use?
Overview
WP Squared installs and manages many different services on your system, most of which require an external connection in order to function properly. Because of this, your firewall must allow WP Squared to open the ports on which these services run.
This document lists the ports that WP Squared uses, and which services use each of these ports, to allow you to better configure your firewall.
Important:
- We strongly recommend that you only open ports for services that you use.
- When you work with firewall rules, always make certain to include a way to log back in to your server, and always maintain console access to your server.
- When you install a new third-party firewall on a system using
nftables, the system will ignore rules you add with the Host Access Control interface (WHM » Home » Security Center » Host Access Control).
Ports
Important:
We strongly recommend that you use the SSL version of each service whenever possible:
- The use of non-SSL services can allow attackers to intercept sensitive information, such as login credentials.
- Always ensure that valid SSL certificates exist for your services in WHM’s Manage Service SSL Certificates interface (WHM » Home » Service Configuration » Manage Service SSL Certificates).
| Port | Service | TCP | UDP | Inbound | Outbound | Localhost | Notes |
|---|---|---|---|---|---|---|---|
1 | CPAN | ✓ | ✓ | WP Squared’s Perl Modules interface uses this port to load the Show Available Modules setting faster. | |||
7 | Razor | ✓ | ✓ | SpamAssassin uses the collaborative Razor spam-tracking database. | |||
20 | FTP | ✓ | ✓ | ✓ | Instead of FTP, we recommend that you use the more-secure SFTP service via SSH. | ||
21 | FTP | ✓ | ✓ | ✓ | Instead of FTP, we recommend that you use the more-secure SFTP service via SSH. | ||
22 | SSH | ✓ | ✓ | You must open this port before you use WHM’s Transfer Tool interface (WHM » Home » Transfers » Transfer Tool) when you authenticate root users with SSH keys. | |||
25 | SMTP | ✓ | ✓ | ✓ | |||
26 | SMTP | ✓ | ✓ | ✓ | WP Squared only uses this port if you specify it in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager). | ||
37 | rdate | ✓ | ✓ | ||||
43 | whois | ✓ | ✓ | ||||
53 | DNS | ✓ | ✓ | ✓ | ✓ | WP Squared uses this port for the following functions: public DNS services, communication with root nameservers for AutoSSL, and other functions that require name resolution. | |
80 | httpd | ✓ | ✓ | ✓ | This port serves the HTTP needs of services on the server. We strongly recommend that your users configure their websites on port 443, which uses the more secure SSL/TLS security protocol. | ||
113 | ident | ✓ | ✓ | ||||
443 | httpd | ✓ | ✓ | ✓ | ✓ | This port serves the HTTPS needs of services on the server. WHM’s Manage AutoSSL interface (WHM » Home » SSL/TLS » Manage AutoSSL) requires outbound access to the store.cpanel.net server on this port. | |
465 | SMTP, SSL/TLS | ✓ | ✓ | ✓ | We strongly recommend that you enable TLS protocol version 1.2 on your server. | ||
579 | cPHulk | ✓ | This port should only accept connections on the 127.0.0.x IPv4 address. Your system does not require that this port accept external traffic. | ||||
587 | Exim | ✓ | ✓ | ✓ | |||
783 | Apache SpamAssassin™ | ✓ | ✓ | ✓ | |||
873 | rsync | ✓ | ✓ | ✓ | |||
953 | PowerDNS | ✓ | This port should only accept connections on the 127.0.0.1 IPv4 address. Your system does not require that this port accept external traffic. You must use this port when you run PowerDNS nameservers. | ||||
2082 | WP Squared and WP Squared Licensing | ✓ | ✓ | To disable insecure logins via this port and only allow SSL logins, enable the SSL redirect setting in WHM’s Tweak Settings interface. | |||
2083 | WP Squared SSL and WP Squared Licensing | ✓ | ✓ | ||||
2086 | WHM and WHM Licensing | ✓ | ✓ | To disable insecure logins via this port and only allow SSL logins, enable the SSL redirect setting in WHM’s Tweak Settings interface. | |||
2087 | WHM SSL and WHM Licensing | ✓ | ✓ | ||||
2089 | Licensing | ✓ | ✓ | You must configure your system to permit outbound TCP connections from source ports 4 and 1020 to destination port 2089. This will allow the server to contact WebPros license servers. | |||
3306 | MySQL® | ✓ | ✓ | MySQL uses this port for remote database connections. | |||
6277 | DCC | ✓ | ✓ | ✓ | For more information, read the Apache® DCC and NetTestFirewallIssues documentation. | ||
11371 | apt | ✓ | ✓ | Servers running the Ubuntu® operating system use this port to download apt repository GPG keys. | |||
24441 | Pyzor | ✓ | ✓ | ✓ | For more information, read Apache’s Pyzor and NetTestFirewallIssues documentation. |