WHM Initial Setup for VPS | HostGator Support
  1. Knowledge Base
  2. >
  3. Results
  4. >
  5. WHM Initial Setup for VPS

WHM Initial Setup for VPS


After purchasing your VPS or Dedicated hosting package with cPanel, you must access and set up your WHM. If you're unsure of how to access your WHM, please see our article:

Once logged in, follow along with this article to simplify the WHM setup process and become more familiar with WHM and its features.

User License Agreement

Once you log in to WHM for the first time, you'll be prompted with the license agreement.

  1. Review the agreement.
  2. Click I Agree once you have read and understood the agreement.

    User License Agreement

  3. You will be redirected to the setup section to configure your root WHM for quick and efficient use.

Feature Showcase

Feature Showcase

Email settings auto-discovery

  • Enable: This will allow email clients to automatically locate and configure themselves based on the server's configurations.

  • No, thank you: This will prevent the auto setup features on email clients from automatically locating and configuring themselves.

Email archiving

  • Enable: This will allow users to configure the retention period for incoming, outgoing, and mailing list emails. You can enable the archiving feature through the cPanel interface on a per-domain basis. Messages can be retrieved through the following methods:

    • IMAP connection
    • Downloading the messages directly
    • WebMail
    • Mail Delivery Reports feature in WHM
  • No, thank you: This will prevent the server from retaining messages being sent. Additionally, these options to control the archive type and retention period per domain will be removed from cPanel.

Query Apache for "Nobody" senders

  • Enable: This will allow you to query the Apache server's status to determine the email's true sender. By looking at the process table to determine who really sent the message, cPanel can accurately report the message's sender. While this requires more process time, it is more reliable and cannot be forged.

  • No, thank you: This will prevent the mail delivery process from querying the Apache server to determine the true sender when the user who sent the message is 'nobody.'

Security tokens

  • Enable: This will allow cPanel and WHM to secure their URLs from being affected by Cross-Site Request Forgery (XSRF) attacks by adding unique tokens to the URL upon login.

  • No, thank you: This will prevent the use of unique security tokens that would otherwise be displayed in the URL upon login. This is not recommended and will leave you vulnerable to XSRF attacks.

SMTP restrictions

  • Enable: This will prevent users from sending mail openly without any restrictions. This feature configures your server so that the mail transport agent (MTA), Mailman mailing list software, and root user are the only accounts able to connect to remote SMTP servers.

  • No, thank you: This will allow users to send mail openly without any restrictions. This is not recommended if you want to keep your users' mailing restricted.

Trust X-PHP-Script for 'Nobody' senders

  • Enable: This will allow the server to trust the X-PHP-Script headers to determine the sender of email sent from processes running as "nobody." The server will trust messages which contain X-PHP-Script headers (this requires the Easy Apache option MailHeaders to be compiled in Apache) and use them to determine the true sender.

A sophisticated, malicious user can forge email headers. Although it may be more CPU intensive, the Apache query method is recommended if you do not trust your users.
  • No, thank you: This will prevent the server from checking the mail headers for X-PHP-Script headers to determine whether the email can be trusted and identified as a true user.