ConfigServer Security & Firewall (CSF) is widely used to protect cPanel & WHM servers. The original developer, Way to the Web (W2W/ConfigServer), closed on August 31, 2025, ending all updates and support. Their update servers are now offline, which means CSF can no longer receive security fixes from the original source.
To keep CSF secure, cPanel is now maintaining a public, open-source fork focused on essential security and stability updates.
What’s Changing?
Many servers are still configured to check W2W’s old update server — which no longer exists. This can cause update errors and prevent future security patches.
On February 18, 2026, cPanel will automatically update eligible servers so CSF can receive updates from cPanel’s new mirrors.
Your server will be updated if:
- You use cPanel’s original CSF plugin
- CSF still points to W2W’s outdated update server
- You’re running CSF 14.0+
- AUTO_UPDATES is enabled
Your server will not be changed if:
- You use a different CSF source
- You’re running CSF 13.x or older
- AUTO_UPDATES is disabled
This does not modify your firewall rules — it only restores the update path.
Want to Opt Out?
If you prefer to manage updates manually, turn off AUTO_UPDATES before February 18:
- Open ConfigServer Security & Firewall
- Go to csf – ConfigServer Firewall
- Open Firewall Configuration
- Set AUTO_UPDATES = off
- Save
If you later want updates from cPanel’s fork, run:
/scripts/autorepair cpanel_csf_installLearn More
Full details:
https://support.cpanel.net/hc/en-us/articles/37654028162071-Will-cPanel-provide-its-own-fork-of-CSF
You must be logged in to post a comment.