Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.46

(Home >> Security >> Leech Protect)


Leeching occurs when users publicly post their username and password to a restricted area of your site, which allows other visitors to use the login information. You can configure cPanel to redirect or suspend the leeched user. The protection function sets the maximum number of logins that can occur within a two-hour period. If the account exceeds the login limit, the system presumes that the user has allowed other visitors to use their login information.

Enable leech protection

To enable leech protection for your website, perform the following steps:

  1. Click the name of the directory that you wish to protect.
    • To navigate directories, use the folder icon located next to the name of the directory.
  2. Enter the maximum number of logins you wish to allow each user within a two-hour period.
  3. To redirect users who exceed the maximum number of logins within a two-hour period, enter a URL to which to redirect them to.
  4. If you want the system to send an email alert when leech protection activates, select the Send Email Alert to checkbox and enter the email address to alert.
  5. To disable an account that exceeds the maximum number of logins within a two-hour period, select the Disable Compromised Accounts checkbox.
  6. Click Enable.

Disable leech protection

To disable leech protection, click Disable in the Disable Protection section.

Manage users

To add, edit, and delete users, click Manage Users to go to the Password Protect Directories interface


If you wish to manage the users manually, you can edit the /home/USERNAME/.htpasswds/public_html/passwd file, where USERNAME represents the account name.