Trusted by hosting companies for 21 years
Senior administrators respond to every alert from our monitoring and every ticket you open, watching your cPanel and WHM servers continuously and keeping them hardened and patched against the attacks hosting servers attract. When an account is hacked or a service crashes, we perform disaster recovery and get you back online quickly. Server Surgeon has maintained cPanel and WHM servers at hosting scale since 2005.
Save 20% when purchasing for five or more servers · and up to 15% more with prepay discounts · full pricing →
What’s included
call +1-877-378-7436 US / +1-213-291-9191 International
Most cPanel server management happens in WHM and at the SSH command line, not in cPanel: reseller accounts and packages, AutoSSL across every domain, EasyApache and per-account PHP, and the one account that pins the CPU at the worst moment. Server Surgeon has managed cPanel and WHM on production hosting servers since 2005, and we keep the underlying server fast and secure. Urgent tickets reach a senior administrator in 5 to 10 minutes, support is unlimited, and management is a flat $65 per server per month. Moving from another server or panel? We migrate you with little or no downtime, usually just a few minutes at cutover.
Our 24/7 monitoring watches your cPanel server and automatically opens a ticket when something needs attention. You and your team can also open tickets any time for support, maintenance, troubleshooting, or server changes. We work the queue around the clock.
We monitor your cPanel server constantly: CPU, memory, disk, inodes, the RAID array, and the response of every service WHM runs — cPanel/WHM, Exim, Dovecot, Apache, NginX, LiteSpeed, MySQL, MariaDB, PHP-FPM, BIND, FTP, and SSH. We also watch the Exim mail queue for outbound-spam spikes. Custom website sanity checks, application probes, and port monitors are added on request, and alerts land in our cPanel server management queue rather than on your phone.
Disaster recovery is the highest-priority work in your cPanel Server Management. Whether it is a server compromise, a failed drive, a reseller who deleted the wrong account, or a database dropped in production, we work without stopping until your data is back. We restore at whatever level the incident needs: a full-server rebuild, a single cPanel account from a cpmove archive, one database, or one mailbox. We pull from any backup you have, including JetBackup, R1Soft, the provider’s snapshot, cPanel’s own backups, or our optional Linux server backup, and where severity allows we can often recover a hacked or crashed server without one.
We tune an advanced CSF firewall to your cPanel server’s traffic, with cPHulk and Login Failure Daemon blocking brute-force attempts on WHM, cPanel, FTP, SSH, and Exim. We work WHM’s own Security Advisor end to end, run ModSecurity with OWASP, Comodo, or Imunify360 vendor rulesets, and add Imunify360 or ImunifyAV for malware. Every domain gets SSL through AutoSSL, Let’s Encrypt, or your own certificate. We harden SSH and DNS, patch the kernel, secure /tmp, /var/tmp, and /dev/shm, and run CloudLinux with CageFS where you have it. We assist with PCI compliance on e-commerce servers. Hardening is optional. We recommend it to every customer, and if you have any concerns, we can discuss it first and apply all of it, some of it, or none.
We complete cPanel server migrations with the lowest possible downtime. A final fast-sync runs just before the cutover, then DNS flips, and end users land on new cPanel server hardware without a status-page incident. We migrate cPanel-to-cPanel, other-control-panel-to-cPanel, and bare-metal-to-cloud, whether that means AWS EC2 to DigitalOcean or any source to any target. We also move cPanel servers off end-of-life CentOS 7 to AlmaLinux without losing customer data, by building a fresh server and migrating the accounts onto it, and the hostname, DNS, mail, and SSL certificates cut over cleanly.
We tune EasyApache 4 to your workload: the right MPM, mod_lsapi or PHP-FPM in place of suEXEC/DSO, and PHP-FPM pool sizing across the MultiPHP versions cPanel runs per account, so a single site cannot starve the rest. We put NginX caching in front of Apache where it earns its keep. We tune MySQL and MariaDB, covering buffers, thread cache, and slow-query hunting, and use the MySQL governor and CloudLinux LVE limits to cap the account that spikes load. We also enable HTTP/2, Brotli and gzip, an in-memory tmp, and Redis or Memcached object caching, and move MySQL data to NVMe where it is available.
We provide unlimited 24/7/365 ticket support for anything on your cPanel server: blocked outbound email and SMTP bounces, IMAP and Dovecot connection issues, AutoSSL and TLS certificate renewals, slow WordPress sites and wp-admin lockouts, DNS, SPF, DKIM, and CNAME changes, firewall and ModSecurity rule updates, cron failures, .htaccess and file permissions, malware scans, reboots, outages, and any system administration task you can describe in a ticket. Standard tickets respond in ten to thirty minutes, urgent in five to ten. There is no ticket limit and no hourly charge.
We keep your cPanel server’s patch level current. We set the WHM update tier deliberately, whether LTS, RELEASE, or CURRENT, run upcp and OS package updates, and notify you of reboots. Security patches for major Linux outbreaks are applied promptly. We run EasyApache 4 and major PHP upgrades with a profile rollback ready, and we handle MySQL and MariaDB version upgrades, including major-version moves on InnoDB and MariaDB Galera clusters.
We build a new cPanel server in full whenever you need one. That covers the Linux OS install, the cPanel/WHM install, our hardening baseline, and configuration of the services you will host. We deploy AutoSSL with Let’s Encrypt for valid SSL on every domain, and we configure the hostname plus forward and reverse DNS. DNS templates are ready for every domain you add, with DKIM, SPF, and DMARC enabled on every mail domain. We migrate your existing websites, databases, and applications from the old server before the cutover.
We handle installs at the OS level and across the cPanel ecosystem. We build EasyApache 4 profiles for the Apache, NginX, and PHP combination you need, with the MultiPHP extensions each account depends on, and we set up CloudLinux with CageFS, LVE, and the PHP Selector for tenant isolation. For protection we install Imunify360 or ImunifyAV and ModSecurity vendor rulesets. We also install Softaculous and cPAddons for one-click apps, ClamAV for scanning, MySQL, MariaDB, and PostgreSQL for databases, and Redis, Memcached, Varnish, or Solr for caching and search. Git, Node.js, Python, Ruby via Passenger, Java and Tomcat, and most third-party Linux software with an install path round out what we deploy.
We configure Exim through WHM’s Exim Configuration Manager, setting mail authentication (SPF, DKIM, DMARC) and outbound limits so one hijacked account cannot torch your IP reputation. We also handle Dovecot IMAP and POP3, Roundcube and Horde webmail lockouts, SMTP relay and smart-host setup, SpamAssassin and the cPanel Mail Queue Manager, BoxTrapper and forwarders, mailbox quota and Maildir issues, bounce-loop diagnosis. This is the everyday mail work hosting companies forget to ask for until it breaks.
We also take on WHM root work, cPanel account and reseller plan changes, DNS zone work, CageFS configuration, SSH access management, cron jobs, certificate installation and renewal, firewall rule changes, .htaccess and file permissions, log file analysis, and WordPress and wp-admin recovery. We handle the ten-minute tasks and the four-hour ones alike.
Most of your cPanel server management happens in WHM, not cPanel. Your customers work in cPanel; we work in WHM as root and on the SSH command line, which is where the real cPanel server administration takes place. We administer the server the way you run it, so the panel-configuration work — Tweak Settings and the Feature Manager, the Packages and Feature Lists your plans provision from, reseller ACLs scoped to exactly the privileges you intend, and account creation, suspension, quota, and bandwidth — happens when you ask or when a ticket calls for it, not as unsolicited changes to a setup that is working.
On the web stack we run EasyApache 4 with a profile matched to your workload, and we use MultiPHP Manager so each account can sit on its own PHP version with its own PHP-FPM pool and INI settings. That is the per-account PHP flexibility cPanel is built around, tuned so one busy site cannot starve the rest. AutoSSL keeps every domain on a valid certificate, and we resolve the Domain Control Validation and Certification Authority Authorization edge cases for the handful it cannot.
If you run CloudLinux, we treat CageFS, LVE limits, and the PHP Selector as first-class tools for isolating tenants and capping the account that spikes load before it takes the server down. Imunify360, ModSecurity vendor rulesets, and WHM’s Security Advisor and cPHulk round out the hardening we keep current. We also know the cPanel licensing model, from the per-account tiers to the issues that arise when a server’s IP changes, and we resell cPanel licenses, so management and licensing can land on one bill instead of two.
Here is a sample of the cPanel and WHM tickets that reach our queue every week, along with what it takes to resolve each one.
AutoSSL stopped renewing — “could not validate” on a domain
We trace the failed Domain Control Validation to its cause, whether a stray Certification Authority Authorization record, a hijacked .well-known path, internal DNS that does not match the public record, or a proxy in front of the host, fix it, then force a clean AutoSSL run so every domain is valid again.
WHM reports the license as expired or invalid
Usually the server’s main IP changed or licensing cannot reach the cPanel store. We re-point the license to the current IP, clear the block, and run cpkeyclt so WHM is licensed again in minutes rather than after a long support exchange.
Outbound spam from one account, the IP heading for a blocklist
We find the compromised account or script through the Exim queue and logs, stop the sending process, rotate the password, clean the malware, and set outbound limits, stopping the activity before the IP is blocklisted and deliverability suffers.
A reseller can’t create accounts or keeps hitting a limit
We fix it in WHM by adjusting the reseller ACLs, the account, disk, and bandwidth limits in their privileges, and the Package or Feature List the plan points at, so provisioning works without handing out more access than you intend.
A site throws a 500 right after an EasyApache or PHP change
We rebuild the EasyApache 4 profile with the right modules and re-add whatever a MultiPHP switch dropped, often a missing extension or a hard-coded handler, with a rollback staged and ready rather than gambled on production.
An account shows disk full but the numbers don’t add up
We recalculate quotas and locate the inode and hidden-space causes, such as a runaway Exim queue, a giant error_log, orphaned /tmp, or stale cPanel backups, and get the account back under quota without deleting anything real.
One account is pinning CPU and slowing the whole server
We identify it with CloudLinux LVE stats or the process list, cap it with LVE limits, fix the slow MySQL query or runaway plugin behind it, and move it to mod_lsapi or PHP-FPM so it cannot starve its neighbors.
ModSecurity is blocking a legitimate app or checkout
We read the audit log, identify the triggered rule, and whitelist it narrowly for that one domain in WHM, keeping the vendor ruleset enforcing everywhere else instead of switching protection off.
cPHulk has locked you or a customer out of WHM or SSH
We clear the cPHulk block from the command line, whitelist your office, VPN, and monitoring addresses so the right people are never blocked again, and tune the brute-force thresholds and one-day temporary bans so real attacks are still stopped without locking out staff.
WHM still shows an account suspended after you unsuspended it
We clear the stale suspension state the panel is caching, look for a leftover lock file, a suspendlist entry, or a root-level Apache include still redirecting the domain, and confirm the account is fully live again across web, mail, and FTP.
A cpmove restore finished but the account is missing mail or databases
We re-run the restore correctly, fix the database-user grants and ownership a partial cpmove leaves behind, pull any missing mail or files from the archive, and verify the site, mailboxes, and cron jobs all work before we call it done.
Mail to Gmail or Microsoft is bouncing or landing in spam
We set the reverse DNS and a matching HELO, align SPF, DKIM, and DMARC so the large providers stop rejecting the domain, and look for any compromised account or misconfiguration behind the reputation hit.
“Thank you for keeping me updated and for your fabulous support today. I can see that my client's websites are running just fine and email services are back to normal. You (Alexander) and Edward have provided exceptional service, thank you again!”
Paul Server Surgeon Customer
“Everyone was very helpful during this migration. You have a very friendly and knowledgeable staff who made this a cake walk for us. It's not often you work with multiple support reps who know exactly what's going on with a single account. You guys are awesome, and I tell everyone I know about you.”
Jim Server Surgeon Customer
“I have been using your services now for over 5 years and am extremely pleased with the relationship that we have established. Just set it and forget it — you provide a much-needed coverage in our gap between what we know, what we don't, and what we just don't know that we don't know…”
Scott Server Surgeon Customer
$65 per cPanel server with volume and prepay discounts that stack. Unlimited tickets. Month-to-month, no fixed-term contract, with a 30-day money-back guarantee. Order online and your cPanel server is in management within an hour or two of us receiving access details.
With 5 or more Linux servers, take another 20% off: the volume discount stacks on top of prepay.
Migrating to a new server? It’s included — order management as you normally would, then describe the move in your onboarding ticket. We manage the old and new server at the cost of one and cut over with a final fast-sync, so there’s no separate migration charge and no interruption for your users — the cutover is scheduled to land with little or no downtime, usually just a few minutes.
Questions? See the Quick FAQ below, browse our full FAQ library, or post a question on our Contact Us page.
These are the questions we hear most often. Search our extensive FAQ here.
More questions
We have answered many more. Browse our 150+ question FAQ or contact our sales team.
If we are not the right fit, the 30-day money-back guarantee is the easiest check we ever sign. Month-to-month, no fixed-term contract on your cPanel server. Most hosting companies stay because they do not get burned again.
Or call +1-877-378-7436 US Toll Free / +1-213-291-9191 International
We manage more than just cPanel servers. Same $65 per server. Same senior admins. Same 24/7 queue. Same approach.
Plesk on every common Linux distro — subscriptions, reseller plans, extensions, the lot.
DirectAdmin via CustomBuild — admin, reseller, and user account changes, BFM rules, CSF tuning.
Virtualmin GPL and Pro on Webmin — virtual server templates, ProcMail, the everyday Webmin work.
Vanilla Linux on any distro — no control panel, a custom panel, or one we don't list. Managed over SSH by senior admins.
Linux servers on AWS — EC2 and Lightsail, EBS snapshots, security groups, and Route 53, managed around the clock.
Linux on any cloud or VPS — DigitalOcean, Linode, Vultr, Hetzner, GCP, Azure — snapshots, scaling, and migrations.
We manage nine Linux distributions across the Red Hat and Debian lineages, every hyperscaler, and hundreds of bare-metal and cloud VPS providers. One queue, one price, one team.
LINUX DISTROS
HOSTING PROVIDERS
The same team every day, on every server. Three things we promise —
We have handled every common Linux distribution, every panel, and every kind of outage before, and we know how to resolve them.
Every ticket is handled by a senior admin with 8+ years of managing production web hosting servers. No outsourcing, no junior staff logged into your server.
Month-to-month, no fixed-term contract. If we are not the right fit, we refund you without argument. Read the reviews →
Server Surgeon has specialized in cPanel server management since 2005. Many of our customers have trusted us with their cPanel servers for more than a decade because they know they can count on our experienced cPanel administrators when problems occur.
More about Server Surgeon →
