~2 min read • Updated Feb 18, 2026
1. Introduction
cPanel & WHM relies on many services that require external connectivity, including WHM, cPanel, Webmail, FTP, SMTP, IMAP, DNS, and licensing. If your firewall (CSF, firewalld, iptables, or your hosting provider’s firewall) blocks these ports, access to the panel, email, websites, and even the cPanel license system will fail.
Golden Rules:
- Only open the ports you actually use.
- Always keep emergency access (KVM/Console) available.
- If you install a third‑party firewall (CSF/APF), WHM’s Host Access Control rules are ignored.
2. Required Ports for cPanel & WHM
The table below lists the essential ports, protocols, direction, and important notes.
| Port | Service | TCP | UDP | Direction | Local Only? | Description |
|---|---|---|---|---|---|---|
| 1 | CPAN | ✓ | — | Outbound | No | Used for Perl module updates |
| 7 | Razor | ✓ | — | Outbound | No | SpamAssassin spam checks |
| 20 | FTP Data | ✓ | — | Inbound | No | Use SFTP instead; FTP is insecure |
| 21 | FTP Control | ✓ | — | Inbound | No | SFTP recommended |
| 22 | SSH | ✓ | — | Inbound | No | Required for secure server access |
| 25 | SMTP | ✓ | — | In/Out | No | Email sending/receiving |
| 53 | DNS | ✓ | ✓ | In/Out | No | Required for DNS, AutoSSL |
| 80 | HTTP | ✓ | — | Inbound | No | Redirect users to HTTPS |
| 443 | HTTPS | ✓ | — | Inbound | No | Main SSL port |
| 465 | SMTP SSL | ✓ | — | Inbound | No | Secure email sending |
| 587 | Submission | ✓ | — | Inbound | No | Client email submission |
| 993 | IMAP SSL | ✓ | — | Inbound | No | Secure email retrieval |
| 995 | POP3 SSL | ✓ | — | Inbound | No | Secure POP3 |
| 2083 | cPanel SSL | ✓ | — | Inbound | No | Main cPanel port |
| 2087 | WHM SSL | ✓ | — | Inbound | No | Main WHM port |
| 2096 | Webmail SSL | ✓ | — | Inbound | No | Main Webmail port |
| 2089 | License Check | ✓ | — | Outbound | No | Required for cPanel license validation |
3. License Callback Mechanism
To update license status instantly, cPanel attempts outbound connections on these ports (in order):
- 2082 – cPanel
- 2083 – cPanel SSL
- 2086 – WHM
- 2087 – WHM SSL
- 2096 – Webmail SSL
At least one of these must be open outbound.
4. Required IPs for WebPros Features
4.1 SEO Scanner IPs
78.138.117.141
78.138.117.142
78.138.117.168
78.138.117.169
78.138.117.179
78.138.117.180
78.138.117.214
78.138.117.215
4.2 Site Quality Monitoring
Uses AWS IP ranges. Retrieve the full list:
curl https://ip-ranges.amazonaws.com/ip-ranges.json5. Firewall Configuration Examples
5.1 CSF (Recommended for cPanel)
tcp|in|d=2087|s=0.0.0.0/0
tcp|in|d=2083|s=0.0.0.0/0
tcp|in|d=2096|s=0.0.0.0/0
tcp|in|d=993|s=0.0.0.0/0
tcp|in|d=465|s=0.0.0.0/0
tcp|in|d=22|s=0.0.0.0/0
5.2 nftables (AlmaLinux / Rocky / CloudLinux)
nft add rule inet filter input tcp dport 2087 accept
nft add rule inet filter input tcp dport 2083 accept
nft add rule inet filter input tcp dport 2096 accept
5.3 iptables (Ubuntu or older systems)
iptables -A INPUT -p tcp --dport 2087 -j ACCEPT
iptables -A INPUT -p tcp --dport 2083 -j ACCEPT
6. Conclusion
Proper firewall configuration ensures stable operation of cPanel & WHM services, prevents unexpected outages, and maintains secure access. This guide provides all essential ports, required IPs, and practical examples for the most common firewall systems.
Written & researched by Dr. Shahin Siami