Skip to content
ProtocolPorts

Port reference

Port 2082 (TCP) – cPanel

Default non-TLS web port for cPanel, the hosting control panel used to manage websites, email, and files.

tcpRegisteredCommonly attacked

Default state

Open on shared-hosting and VPS servers running cPanel; serves plain HTTP, with the TLS variant on 2083.

Common attacks

  • Credential brute force and password spraying against the login
  • Cleartext interception of credentials (2082 is non-TLS)
  • Exploitation of repeated cPanel/WHM vulnerabilities (XSS, auth, RCE)
  • Mass automated scanning of hosting servers for exposed panels

Hardening

  • Prefer the TLS port 2083 and redirect/disable plain 2082
  • Restrict access to allowlisted IPs / VPN rather than the open internet
  • Enforce strong unique passwords, MFA, and cPHulk brute-force protection
  • Keep cPanel & WHM on a current, patched release
  • Monitor logins and disable unused features and demo accounts

nmap snippet

nmap -p2082 --script http-title,http-headers,http-auth <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 2082?

Port 2082 is the default non-TLS web port for cPanel, the control panel that hosting customers use to manage a single account — websites, databases, email, DNS, files, and backups. It is ubiquitous on shared-hosting and VPS servers. The encrypted equivalent runs on 2083; the related WHM (reseller/admin) panel uses 2086/2087.

Why it matters for security

cPanel guards everything in a hosting account, and because 2082 serves plain HTTP, credentials and session cookies can be intercepted. The panel is exposed on a huge number of servers, making it a mass-targeted asset, and cPanel & WHM have a long history of security advisories — XSS, authentication flaws, and occasional RCE — that bots weaponise quickly.

How it's attacked

Attackers run credential brute force and password spraying against the login and sniff cleartext sessions on 2082. They scan hosting servers en masse for exposed panels and chain known cPanel/WHM vulnerabilities for account takeover or code execution. A single compromised account often enables lateral movement on shared servers.

Hardening checklist

Prefer the TLS port 2083 and redirect or disable plain 2082. Restrict access to allowlisted IPs or a VPN instead of the open internet, enforce strong unique passwords, MFA, and cPHulk brute-force protection, and keep cPanel & WHM patched. Monitor logins, disable unused features and demo accounts. The nmap snippet checks title, headers, and auth on systems you are authorized to test.

Related ports

Port 2083Port 2086Port 2087Port 2095

Frequently asked questions

What is port 2082 used for?
It is the default non-TLS web port for cPanel, the control panel users log into to manage their hosting account — websites, databases, email, and files. The encrypted equivalent is port 2083.
Is it safe to use cPanel on port 2082?
Not as plain HTTP. Port 2082 transmits credentials in cleartext and the login is heavily brute-forced. Use the TLS port 2083 instead, restrict access by IP/VPN, enable MFA and cPHulk, and keep cPanel patched.