Leech Protection Print

  • 0


Leech Protect is a Standard Security feature offered within cPanel. Suppose a user is publically posting usernames or passwords in restricted areas of your website and if it is causing a threat to your website’s security, you can restrict that user from doing the same. This also prevents a user who is trying to access another’s account using the correct username and trying to login using multiple combinations of passwords by guessing them. This prevents users from logging in multiple times within a short time span.


In Leech protect, the default time set is 2 hours. So you can define the maximum number of login’s for users in 2 hours. This is a kind of security feature which can be used for your domains.

Here you can set the number of login attempts which can be made in 2 hours, so the user cannot login more than the limit allowed by you. You can even redirect the users to a different url if they are about to exceed the maximum number of login attempts. You just need to enter a url in that box. You can even send a email alert or a notification to that users email address. You can even suspend the users who are about to exceed the maximum number of login attempts. To reactivate their accounts, you just need to reset their passwords. After filling all the necessary details, you can secure a particular domain name.

For cPanel & WHM version 68

(cPanel >> Home >> Security >> Leech Protection)


The Leech Protection interface allows you to detect unusual levels of activity in password-restricted directories. After you set the maximum number of logins within a two-hour period, the system redirects or suspends users who exceed it. This is useful if, for example, someone posts a user's login credentials on a public site.

Enable leech protection

To enable Leech Protection for a directory, perform the following steps:

  1. The Leech Protection window will appear. Select which of the four main directories you wish to view in the file window:

    • Home Directory (/home/user)
    • Web Root (/public_html/www)
    • Public FTP Root (/public_ftp)
    • Document Root (/public_html)
  2. Select the directory that you wish to protect.

    • Click the appropriate folder icon () to navigate to a different folder.

    • Click the desired folder's name to select it.

  3. Enter the maximum number of logins that you wish to allow each user within a two-hour period.
  4. To redirect users who exceed the maximum number of logins within a two-hour period, enter a URL to which you wish to redirect them.
  5. To configure the system to send an email alert when Leech Protect activates, select the Send Email Alert To checkbox. Then, enter the email address to alert.
  6. To disable an account that exceeds the maximum number of logins, select the Disable Compromised Accounts checkbox.
  7. Click Enable.

Was this answer helpful?

« Back