The End of an Era: CSF Is Officially Retired. What’s Next for cPGuard Users?

For nearly two decades, ConfigServer Security & Firewall (CSF) has been an indispensable tool for Linux administrators—a trusted first line of defence against malicious IPs. Its deep integration with cPanel/WHM, combined with a wide range of features, made it the default choice for sysadmins, especially in web hosting environments.

But times are changing. With the original developers announcing the end of CSF’s active development and releasing the code under GPLv3, its future now depends entirely on community contributions—an uncertain development path ahead. While this means CSF will continue in some form, for many administrators this marks the end of the CSF era—and raises an important question: what comes next?

cPGuard’s Journey Beyond CSF and the Next Step

At cPGuard, we have always recognised the importance of CSF. For years, we recommended CSF/LFD as the go-to Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) to complement our own security solutions.

In recent years—to reduce complexity, improve performance, and eliminate dependence—we have quietly and diligently been evolving our own platform. For some time now, cPGuard has not depended on CSF.

Core modules such as IPDB (abuse IP database), Bruteforce & Bot Blocking, Fail2Ban integration, and other features that require IP blocking have long been fully managed within cPGuard itself using iptables/ipset.

The retirement of CSF simply confirms what we had already anticipated: it’s time to take the next step.

A Fully Managed cPGuard Firewall

We are revamping the entire firewall module from scratch, moving away from the legacy iptables/ipset approach and adopting the modern NFT (Netfilter) framework. This transition is not just a technical change—it enables us to deliver a firewall that is more powerful, efficient, and future-ready for our users.

The new cPGuard Firewall introduces:

• Improved Efficiency – streamlined packet filtering with micro-loading, reducing overhead and improving performance under heavy traffic.
• Structured Management – cleaner, more organised rules and sets, making administration and troubleshooting far simpler.
• Enhanced Whitelisting & Blacklisting – redesigned for speed and accuracy, ensuring legitimate traffic is preserved while malicious IPs are blocked instantly.
• IPv6 Ready – the new system is fully IPv6 capable, with port filtering already supporting IPv6. Full IPDB IPv6 support will arrive very soon, ensuring your servers are protected in the dual-stack future.
• Simplified Administration – consistent CLI and UI commands (cpgcli fw …), giving you a reliable, straightforward way to manage your firewall.

What’s Coming in the First Release?

The initial rollout will deliver the core features you expect in a firewall:

• Whitelist & Blacklist (IP & Country) – define trusted and blocked networks with precision.
• Extended Whitelist & Blacklist Sources – import from file paths or remote URLs for efficient global management.
• Temporary Blocks (with expiry) – automatically remove bans after a set duration.
• Port Filtering – control inbound and outbound TCP/UDP traffic to close unwanted services.
• DoS / SYN-Flood Protection – safeguard servers against denial-of-service attacks.
• IPDB Integration – leverage a real-time global abuse IP database for proactive blocking.
• AI Bot Protection – block aggressive AI scraping bots.
• Fail2Ban Integration – service-level brute-force defence, serving as a modern replacement for CSF’s LFD.

When Can You Get It?

The new firewall is already in staging and scheduled for public release in early September 2025. We are currently testing across a wide range of server environments and configurations, and refining safeguards to ensure smooth continuity.

Delivery will happen automatically through the cPGuard auto-update system, and the transition should be seamless and uneventful. In the rare event of conflict with third-party firewalls, package dependencies or issues, our support team will be ready to assist immediately.

Comprehensive documentation will be provided alongside the release.

The Road Ahead

This is not just about replacing CSF—it’s about future-proofing your servers with a firewall that integrates seamlessly with the cPGuard ecosystem. We are committed to making this a community-driven development, and we’ll be listening closely to what you need.

Stay tuned for the official release announcement. The next chapter of server security starts now—with you. 🚀

We released cPGuard version 4.83 on September 5th with some improvements in the core to increase the software efficiency and to reduce resource usage along with other bug fixes. Key modifications in this latest release of cPGuard include:

Virus database amendments

Our scanner engine core has been operational since 2018 and has undergone many reviews and improvements. The scanner rules and definitions are updated even more frequently. Recently, we observed a slowdown in the scanner engine’s performance, attributed to the existing and ever-growing virus rules set. On recognizing the need for improvement after our comprehensive review, We removed many archaic and obsolete detection rules and fine-tuned the remaining ones. The outcome is a faster scanning process that consumes fewer resources.

IPDB Rules load changes

In recent months, we’ve received feedback indicating that the regular reload of IPDB rules was consuming an unusually high amount of CPU resources, especially when multiple country whitelists were involved. To address this issue, we have made significant adjustments to the overall logic. These changes are designed to eliminate the performance penalty during the rules-building process, leading to a substantial reduction in CPU overhead. Based on our tests, this modification allows the entire process to be completed much more quickly and efficiently.

Woocommerce plugin core files restore

As part of our commitment to improving the WordPress file cleanup engine, we are adding Woocommerce plugin core files restore. This feature will replace infected files of the WooCommerce plugin with fresh files of the specific version. We’re dedicated to enhancing this functionality further by incorporating additional plugins in upcoming versions.

App Portal updates

Angular Framework updated to LTS version along with CLI and core that

1. Improved accessibility ( cross-platform performance to touch on mobile etc.. )
2. Better adherence to the Material Design spec ( it’s a design standard for designing web and mobile components )
3. Faster adoption of future versions of the Material Design spec, due to being based on common infrastructure

General bug fixes

Along with the above updates, the new version also contains bug fixes to the recently reported issues. If any of the reported issues still exist, feel free to contact our team.

We are so happy to announce that cPGuard integration with Enhance control panel is enabled from version 4.65. We have been working hard over the past weeks to complete the supporting scripts in the standalone version and now almost all functions will work fine on Enhance servers.

More about Enhance Control Panel

Enhance is a comprehensive multi-server, website, and customer automation platform designed for web hosting companies and web agencies. Unlike the conventional panels, they use dockerized containers to run services and thus claim more security and isolation for websites. You may find more about them on their official website 

Is there a limitation in the integration?

Right now there is no major limitation except WAF support in Apache because ModSecurity is not enabled in their Apache docker container. Once Enhance can support ModSecurity with Apache, we will add support for that. Right now WAF can work fine with Litespeed and OpenLiteSpeed

All other major modules will work fine and we are still releasing updates/patches for all new issues reported.

How to install cPGuard on your Enhance server?

The cPGuard installation is pretty straight forwards as always…it only needs a few additional pieces of information compared to the regular Standalone installation. You may find the details installation instructions in our KB  …the installation is quick and rather easy.

We would like to thank MediaServe LLC  for providing us with the development platform and integration assistance for Enhance. Their valuable feedback in each stage helped us to make the integration fast and accurate.