If you host a WordPress site on cPanel, there are a few default settings that quietly hurt your performance and security. Here are the five we change for every client.
1. Switch to PHP 8.2 or 8.3
Older PHP versions are slower and lose security patches. Go to cPanel, find Select PHP Version, and switch to the latest 8.x release. WordPress 6+ is fully compatible.
2. Enable LiteSpeed Cache plugin
Install the official LiteSpeed Cache plugin from WordPress admin. It pairs with our LiteSpeed Web Server to deliver pages from memory instead of generating them each request. Typical TTFB drop, 60 to 80 percent.
3. Turn on Force HTTPS Redirect
In cPanel under Domains, toggle Force HTTPS. Even after installing SSL, browsers can still fall back to HTTP without this setting. Search engines also penalise mixed-protocol sites.
4. Enable Two-Factor Authentication
In cPanel under Security, enable 2FA on your cPanel login. Then install a 2FA plugin on WordPress admin too. Most hacks succeed because of guessed or leaked passwords.
5. Schedule a real backup, off-server
cPanel does backups, but they live on the same server. Use the JetBackup option for off-server backups, or schedule UpdraftPlus to copy to your Google Drive once a week.