cPanel is a very nice and stable panel, although it is heavy in size as long as the settings are done properly. Now we need to make settings for this panel after the initial installation.

Security Center

Apache mod_userdir Tweak - Enable mod_userdir We mark the box next to Protection. By activating this option, you can make the directory check when a file request is made for the user. You are blocking a request from outside the Home directory.
Press the Compiler Access - Disable Compilers button to enable Enable Compilers on the button. By restricting the compiler's privilege, you can prevent the user accessing the external user from running the compiler even if the group authority is root. In this way, a security breach is closed.
Check the services by going to the Manage External Authentications - Configure tab. Turn all services (including cPanel) that can access from outside.
Password Strength Configuration - Default Required Password Set the Strength: field to be at least 70. This will increase the security level of your users' passwords as they increase your password security level and will generate secure passwords.
PHP open_basedir Tweak - Enable php open_basedir By checking the box next to Protection, you prevent the shell, exploid, etc. scripts that are thrown into an account on the server from going above the directory of the account. In other words, if one of your clients' sites is hacked, you will have a chance to save others.
Shell Fork Bomb Protection - Enable Disable Protection on the button by pressing the Enable Protection button. In this way, you are taking security measures about the shell files.
SSH Password Authorization Tweak - You can use your preference for this section. Disable Password After pressing the Auth button, you will not be able to make a connection to ssh even if you enter your password correctly when connecting with ssh. Instead, you will receive a warning "".
Traceroute Enable / Disable - After pressing the Disable button will be Permissions CHMOD 700. In this way, we have taken security measures related to write permissions in this section.

Tweak Settings

Domains
Allow Remote Domains - In this option, the addon domain insertion property is marked Passive. You can add to addon domain according to your preference or when required (On).
When creating a new hosting account, it allows you to automatically add the spf definitions defined in the zone templates section to the newly created account's dns records. Turning this setting on will ensure that the outgoing mails pass through the checks made by some mail service providers. That's why I suggest you open it.
Proxy subdomains - Provides access to the services (webmail., Cpanel, mail, etc.) that the hosting accounts provide to the subdomain. Disabling this option will disable access to these services.
Thunderbird and Outlook autodiscover and autoconfig support - By enabling this option On, you can only use IMAP for the incoming mail server, and prevent mail losses from connections with the applications.

mail
Max hourly emails per domain - You can prevent your ip address from falling into spam lists by setting the hourly limit of emails sent to each domain. You must enter "50" as a limit to this field.
Initial default / catch-all forwarder destination - Any user or shake of a mail account and domain that is not created or created when a mail account for the hosting account that you open by default is not created by this option (trial@domain.com, sadsa@domain.com) The mail that is sent to a mail address is sent to the main mailbox. However, if the domain continuously receives spam, this mailbox will swell and cause the server to slow down. For this reason, we choose "Fail" to block incoming emails from an unreported mail address and to return RED (Reject).
Mail authentication via domain owner password - You can authenticate via the domain name by turning this option on (On).
Enable Apache SpamAssassin ™ Spam Box delivery with spam (user configurable) - Set this option to on (On) so that users can make their own settings for incoming spam mails.

PHP
cPanel PHP max execution time (Minimum: 90) - You can set the maximum uptime of a PHP script to run here. If it is less than 90 seconds, it will be beneficial to bring it to maximum value instead of 9999. This setting applies to the php scripts that cPanel will use. (Ex: If you are running a php with cronjob and it is out of time, you can adjust your settings.)
cPanel PHP max POST size (Minimum: 5