) to open the Expanded Website View.By default, WP Squared protects every website on your account with a Let’s Encrypt™ AutoSSL certificate. AutoSSL certificates renew on their own and do not require manual configuration.
If you need to use a certificate from a specific Certificate Authority (CA), you can install a custom SSL certificate and replace AutoSSL.
To install a custom SSL certificate, perform the following steps:
) to open the Expanded Website View.You can only install one custom SSL certificate per domain at a time.
Review your CA’s CSR requirements before submitting the request.
Enter the following information to generate your CSR. Your CA will use this data to verify your identity and issue your certificate.
| Information | Description |
|---|---|
| Key | The encryption key type and size for your certificate. Use your CA’s recommended setting. |
| Country | The registration country of your company. Use a two-letter ISO-3166 country code for this value. |
| State or Province | The full name of your state or province. Do not abbreviate this value. |
| City | The registration city of your company. |
| Company | The legally registered name of your company. If the name contains symbols other than a period (.) or comma (,), check with your CA to confirm that they are valid. |
| Company Division | The division or department of your company. |
| A valid email address. The system will use this address to verify domain ownership. | |
| Passphrase | An optional passphrase for your CSR’s private key. The system stores this value unencrypted. Do not use a sensitive or reused password. |
Click Create Request to submit the information and save your CSR. You can exit this page and return later without losing your progress.
The system will display the status of your CSR in the SSL Certificate section of the Advanced tab.
Click the download icon (
) to download your CSR and send it to your CA. To delete the current CSR and start over, click the trash can icon (
).
After your CA has issued your certificate, return to the SSL Certificate section in the Advanced tab and click Complete. Enter the following information to install your certificate:
| Information | Description |
|---|---|
| Certificate | The entire contents of the .crt file from your CA. |
| Certificate Authority Bundle | A series of intermediate certificates from your CA. Check your CA’s installation instructions to confirm whether your CA requires this. |
Click Install to complete the installation. Your custom SSL certificate will override AutoSSL immediately. You can check the status of your certificate in the SSL Certificate section.
To remove your custom SSL certificate and return to automatic SSL management, click Run AutoSSL.
WP Squared installs and manages many different services on your system, most of which require an external connection in order to function properly. Because of this, your firewall must allow WP Squared to open the ports on which these services run.
This document lists the ports that WP Squared uses, and which services use each of these ports, to allow you to better configure your firewall.
nftables, the system will ignore rules you add with the Host Access Control interface (WHM » Home » Security Center » Host Access Control).We strongly recommend that you use the SSL version of each service whenever possible:
| Port | Service | TCP | UDP | Inbound | Outbound | Localhost | Notes |
|---|---|---|---|---|---|---|---|
1 |
CPAN | ✓ | ✓ | WP Squared’s Perl Modules interface uses this port to load the Show Available Modules setting faster. | |||
7 |
Razor | ✓ | ✓ | SpamAssassin uses the collaborative Razor spam-tracking database. | |||
20 |
FTP | ✓ | ✓ | ✓ | Instead of FTP, we recommend that you use the more-secure SFTP service via SSH. | ||
21 |
FTP | ✓ | ✓ | ✓ | Instead of FTP, we recommend that you use the more-secure SFTP service via SSH. | ||
22 |
SSH | ✓ | ✓ | You must open this port before you use WHM’s Transfer Tool interface (WHM » Home » Transfers » Transfer Tool) when you authenticate root users with SSH keys. |
|||
25 |
SMTP | ✓ | ✓ | ✓ | |||
26 |
SMTP | ✓ | ✓ | ✓ | WP Squared only uses this port if you specify it in WHM’s Service Manager interface (WHM » Home » Service Configuration » Service Manager). | ||
37 |
rdate |
✓ | ✓ | ||||
43 |
whois |
✓ | ✓ | ||||
53 |
DNS | ✓ | ✓ | ✓ | ✓ | WP Squared uses this port for the following functions: public DNS services, communication with root nameservers for AutoSSL, and other functions that require name resolution. |
|
80 |
httpd |
✓ | ✓ | ✓ | This port serves the HTTP needs of services on the server. We strongly recommend that your users configure their websites on port 443, which uses the more secure SSL/TLS security protocol. |
||
113 |
ident |
✓ | ✓ | ||||
443 |
httpd |
✓ | ✓ | ✓ | ✓ | This port serves the HTTPS needs of services on the server. WHM’s Manage AutoSSL interface (WHM » Home » SSL/TLS » Manage AutoSSL) requires outbound access to the store.cpanel.net server on this port. |
|
465 |
SMTP, SSL/TLS | ✓ | ✓ | ✓ | We strongly recommend that you enable TLS protocol version 1.2 on your server. | ||
579 |
cPHulk | ✓ | This port should only accept connections on the 127.0.0.x IPv4 address. Your system does not require that this port accept external traffic. |
||||
587 |
Exim | ✓ | ✓ | ✓ | |||
783 |
Apache SpamAssassin™ | ✓ | ✓ | ✓ | |||
873 |
rsync | ✓ | ✓ | ✓ | |||
953 |
PowerDNS | ✓ | This port should only accept connections on the 127.0.0.1 IPv4 address. Your system does not require that this port accept external traffic. You must use this port when you run PowerDNS nameservers. |
||||
2082 |
WP Squared and WP Squared Licensing | ✓ | ✓ | To disable insecure logins via this port and only allow SSL logins, enable the SSL redirect setting in WHM’s Tweak Settings interface. | |||
2083 |
WP Squared SSL and WP Squared Licensing | ✓ | ✓ | ||||
2086 |
WHM and WHM Licensing | ✓ | ✓ | To disable insecure logins via this port and only allow SSL logins, enable the SSL redirect setting in WHM’s Tweak Settings interface. | |||
2087 |
WHM SSL and WHM Licensing | ✓ | ✓ | ||||
2089 |
Licensing | ✓ | ✓ | You must configure your system to permit outbound TCP connections from source ports 4 and 1020 to destination port 2089. This will allow the server to contact WebPros license servers. |
|||
3306 |
MySQL® | ✓ | ✓ | MySQL uses this port for remote database connections. | |||
6277 |
DCC | ✓ | ✓ | ✓ | For more information, read the Apache® DCC and NetTestFirewallIssues documentation. | ||
11371 |
apt | ✓ | ✓ | Servers running the Ubuntu® operating system use this port to download apt repository GPG keys. |
|||
24441 |
Pyzor | ✓ | ✓ | ✓ | For more information, read Apache’s Pyzor and NetTestFirewallIssues documentation. |
You can quickly deploy WP Squared on Virtual Private Servers (VPS) or Virtual Machines (VM) using images created from a template system. Follow these simple steps to build and prepare an image, using the snapshot_prep script, so that every instance will be ready for use without manual setup.
Never use on an active server with real customer data.
Prepare for templating by ensuring the following system requirements:
Before you run the snapshot_prep script, configure the following files:
| File | Description |
|---|---|
/etc/cpupdate.conf |
Sets update preferences and release tier configurations. |
/etc/cpsources.conf |
Configures update sources, particularly useful for WP Squared Partners using custom FastUpdate servers. |
This pre-configuration eliminates the need to manually log into each VM to configure basic settings before customer access.
Before installing WP Squared, perform the following tasks:
After you finish preconfiguring your installation, you can install WP Squared. For more information, read our installation documentation.
The snapshot_prep script prepares WP Squared and the services that it manages directly, such as MYSQL. You must prepare basic operating system and third-party services after you run the snapshot_prep script, for example, by regenerating unique server keys for SSH and license keys.
You can use the snapshot_prep script to prepare WP Squared servers for creating deployment images used in virtualized environments such as VPS or VM templates. The script cleans up server configurations and removes elements that could cause issues when cloning or deploying the image to new servers.
Not all server configurations support the snapshot_prep script. The script automatically detects and exits early when it encounters unsupported server configurations:
/etc/wwwacct.conf or /etc/wwwacct.conf.shadowThis list does not represent all possible unsupported scenarios. The script may detect additional incompatible configurations.
You can run the snapshot_prep script from the command line with various options to control its behavior.
The basic command syntax:
/usr/local/cpanel/scripts/snapshot_prep
The snapshot_prep script provides the following options to customize its behavior:
| Option | Description | Example |
|---|---|---|
--no-post-service |
Do not install the on-first-boot service, requiring manual execution of post_snapshot after deployment. |
--no-post-service |
--list-tasks |
Display all tasks the script will perform without executing them. | --list-tasks |
--skip |
Skip specific tasks during execution. Use a comma-delimited list of tasks to skip.
Note:
|
--skip=mysql,license
Note:
In this example,
mysql and license represent the tasks you want to skip.
|
--only |
Execute only specified tasks. Use a comma-delimited list of tasks to run.
Note:
|
--only=license
Note:
In this example,
license represents the tasks you wish to execute.
|
--instance-packages |
Specify packages to install during first boot for per-instance setup. Use a comma-delimited list of packages. | --instance-packages=package1,package2
Note:
In this example,
package1 and package2 represent the packages you wish to install.
|
--delete-saved-copies |
Remove backup copies of configuration files created by the script. | --delete-saved-copies |
--help |
Display help documentation and available options. | --help |
WP Squared does not create third-party plugins for the snapshot_prep script.
If you maintain third-party software for WP Squared servers, you can provide a plugin for your users to run with the snapshot_prep script. By using your plugin, users can run additional tasks when preparing their servers to create deployment images. For example, imagine your software includes a unique access token. You want each instance created from an image to have its own unique token. In this case, we recommend creating a third-party plugin that adds a task to perform the following:
Clean the token when a user runs the snapshot_prep script so that the token is not included in the image.
Generate a new token upon the first boot of instances created from the image.
For a description of these tasks, as well as all other tasks in this script, use the --list-tasks option.
The snapshot_prep script uses .json files to point to a third-party plugin script. Before a plugin can run, your software must install a .json file in the /var/cpanel/snapshot_prep.d directory on your user’s server.
The .json file must use the following format:
1{
2 "name": "exampleplugin",
3 "type": "non-repair only",
4 "pre": ["/var/cpanel/exampleplugin.py", "--before"],
5 "post": ["/var/cpanel/exampleplugin.py", "--after"],
6 "description": "Perform a task.\n"
7}The .json file includes the following keys:
| Item | Description |
|---|---|
name |
The name of the file, excluding the .json suffix. For example, if the file is named example.json, write example in the name field.
Note:
The file name can only include letters, numbers, and underscores. |
type |
The type must be non-repair only. |
pre |
An executable file and any additional arguments. |
post |
An executable file and any additional arguments. |
description |
A description of what the plugin does. |
deps |
A list of one or more tasks. For more information, read about dependencies for third-party plugins. |
This system allows third-party plugins to customize or replace the default dependencies as needed.
Third-party plugins in this system can define their own dependencies using the deps key in the plugin’s .json file.
By default, if no dependencies are specified, the following tasks are used as the default dependencies for all third-party plugins:
ipaddr_and_hostnamemysqlcpwhm_miscHowever, these defaults can be overridden by specifying a deps key in the plugin’s .json file. The deps key should contain a list of one or more tasks that must run before this plugin. For example:
1{
2 "name": "exampleplugin",
3 "type": "non-repair only",
4 "pre": ["/var/cpanel/exampleplugin.py", "--before"],
5 "post": ["/var/cpanel/exampleplugin.py", "--after"],
6 "description": "Perform a task.\n",
7 "deps": ["wp_toolkit"],
8 "before": ["wp2"]
9}deps must exist; otherwise, the snapshot_prep script will fail.before key allows you to specify tasks that this plugin should run before (i.e., “this plugin must run before wp2”). If any tasks in before do not exist, the snapshot_prep script will emit a warning, but it is not fatal.deps and before key tasks, as circular dependencies will cause the snapshot_prep script to fail.Once completed, the script destroys some configuration and user data. Make sure there are no failed tasks. A success message will appear: System is ready for snapshotting.
If you need to remove the saved config file copies before imaging, run the following command:
/usr/local/cpanel/scripts/snapshot_prep --delete-saved-copies
If successful, the system will display the following success message: Deleted saved copies of configuration files.
Your templates must meet or exceed our system requirements. Most providers offer a few different templates.
Always double-check that your deployment image doesn’t contain unique or sensitive data from the template build process.
When deploying a new VPS/VM from your image, the system runs the post_snapshot script automatically to finish configuring the instance. If you used the --no-post-service option, run /usr/local/cpanel/scripts/post_snapshot script manually after the first boot. Consider using tools like libguestfs or virt-sysprep (--firstboot option) or your hypervisor’s similar features to run any further setup scripts. However, be cautious not to accidentally remove user accounts or cron jobs.
This document provides a detailed comparison of the features available in WP Squared and cPanel & WHM.
The table below highlights the features and indicates their availability in each platform.
| Feature | WP Squared | cPanel & WHM |
|---|---|---|
| AI Website Creation (Powered by Extendify) | ✓ | ✘ |
| AccelerateWP | ✓ | ✘ |
| CDN Configuration Support (Cloudflare®) | ✓ | ✘ |
| CloudLinuxOS Shared Pro | ✓ | ✘ |
| Imunify360 Security Suite | ✓ | ✘ |
| Redis Object Cache | ✓ | ✘ |
| Vulnerability Protection (Powered by Patchstack) | ✓ | ✘ |
| Account Administration | ✓ | ✓ |
| AutoSSL | ✓ | ✓ |
| Brand Customizations | ✓ | ✓ |
| Configuration Cluster | ✓ | ✓ |
| Configure Cron Jobs | ✓ | ✓ |
| Configure Remote Service IPs | ✓ | ✓ |
| Contact Manager | ✓ | ✓ |
| cPHulk Brute Force Protection | ✓ | ✓ |
| DNS Cluster | ✓ | ✓ |
| DNS Zone Management | ✓ | ✓ |
| Email All Users | ✓ | ✓ |
| Feature Manager | ✓ | ✓ |
| Global Configuration | ✓ | ✓ |
| Hosting Packages | ✓ | ✓ |
| Local Site and Server Backups | ✓ | ✓ |
| Mail Delivery Reports | ✓ | ✓ |
| Mail Queue Manager (Outbound Only) | ✓ | ✓ |
| Mail Server (Exim)(Outbound only) | ✓ | ✓ |
| Mail Troubleshooter (Outbound Only) | ✓ | ✓ |
| Manage Database Profiles | ✓ | ✓ |
| Manage Hooks | ✓ | ✓ |
| Modify News | ✓ | ✓ |
| ModSecurity Tools | ✓ | ✓ |
| MultiPHP INI Editor | ✓ | ✓ |
| MultiPHP Manager | ✓ | ✓ |
| Nameserver Management | ✓ | ✓ |
| NGINX Manager | ✓ | ✓ |
| Password Strength Configuration | ✓ | ✓ |
| phpMyAdmin | ✓ | ✓ |
| Process Manager | ✓ | ✓ |
| Repair Databases | ✓ | ✓ |
| Server Configuration | ✓ | ✓ |
| Server Database Management | ✓ | ✓ |
| Server Reboots | ✓ | ✓ |
| Service Manager | ✓ | ✓ |
| Transfer Tool | ✓ | ✓ |
| Tweak Settings | ✓ | ✓ |
| Two-Factor Authentication | ✓ | ✓ |
| Web Server Configuration | ✓ | ✓ |
| Convert Addon Domain to Account | ✘ | ✓ |
| Demo Mode | ✘ | ✓ |
| Email Services | ✘ | ✓ |
| Market Provider Manager | ✘ | ✓ |
| PostgreSQL | ✘ | ✓ |
| Resellers | ✘ | ✓ |
| Theme Manager | ✘ | ✓ |
| Upgrade Database | ✘ | ✓ |