The cPFence command-line interface (CLI) provides a comprehensive set of commands for managing and securing your server. This guide organizes all available commands into categories for easier navigation and efficient usage. Use these commands to configure, monitor, and maintain your server's security settings with precision.

General Options

• Check Status:
  

  cpfence --status

  Displays information about current running modules and license status.

• Show Statistics:
  

  cpfence --show-stats

  View protection statistics and server details.

• Set Notification Email:
  

  cpfence --set-email [email protected]

  Set or update the email address in cPFence configuration.

• Enable or Disable SMTP Notifications:
  

  cpfence --enable-cpfence-smtp

  cpfence --disable-cpfence-smtp

  Manages SMTP settings for cPFence notifications only.

• Enable or Disable Global SMTP:
  

  cpfence --enable-global-smtp

  cpfence --disable-global-smtp

  Manages server-wide SMTP relay when Enhance Smart Host isn’t working for you.

• Restart Services:
  

  cpfence --restart

  Restarts all services and modules to apply settings.

Protection Control

• Enable All Protections:
  

  cpfence --enable-all

  Activate all default protections.

• Disable All Protections:
  

  cpfence --disable-all

  Deactivate all protections.

IPDB / DDoS Protection Module

• Enable or Disable IPDB:
  

  cpfence --enable-ipdb

  cpfence --disable-ipdb

  Manage the cPFence IPDB module for enhanced security.

• Restart IPDB:
  

  cpfence --restart-ipdb

  Restart the IPDB service.

• Enable or Disable DDoS Protection:
  

  cpfence --enable-DDos

  cpfence --disable-DDos

  Manage cPFence DDoS protection.

WordPress Security and Maintenance Tools

• Enable or Disable WordPress Integrity Check:
  

  cpfence --enable-integrity-check

  cpfence --disable-integrity-check

  Manage WordPress Integrity Check for enhanced security.

• Enable or Disable Automatic Quarantine for Wordpress sites :
  

  cpfence --enable-auto-file-action

  cpfence --disable-auto-file-action

  Control automatic handling of unexpected files.

• Set Integrity Check Frequency:
  

  cpfence --set-check-frequency [daily|hourly]

  Choose how often to run the integrity check.

• Generate WordPress Sites List:
  

  cpfence --generate-wp-sites-list

  Lists all WordPress sites on the server along with account owners.

• Perform Vulnerability Scan:
  

  cpfence --vuln-scan

  Scan WordPress sites for vulnerabilities.

• Export Vulnerability Scan Results:
  

  cpfence --vuln-export

  Export the scan results in CSV format.

WAF Management

• Enable WAF:
  

  cpfence --enable-ols-waf

  Enable the OLS/LS latest cPFence WAF.

• Disable WAF:
  

  cpfence --disable-ols-waf

  Disable the OLS/LS cPFence WAF.

• Disable a Specific WAF Rule by ID:
  

  cpfence --disable-waf-rule RULE-ID

  Disable a specific WAF rule server-wide by its ID.

• Enable a Specific WAF Rule by ID:
  

  cpfence --enable-waf-rule RULE-ID

  Re-enable a currently disabled WAF rule server-wide by its ID.

• Disable WAF for a Specific Domain:
  

  cpfence --disable-waf-domain DOMAIN

  Disable WAF entirely for a specific domain.

• Enable WAF for a Specific Domain:
  

  cpfence --enable-waf-domain DOMAIN

  Re-enable WAF for a previously disabled domain.

• Disable WAF Rules for a Specific Domain by ID:
  

  cpfence --disable-waf-domain-byid DOMAIN ID-LIST

  Disable one or more specific WAF rules for a domain by providing the rule IDs.

• Enable WAF Rules for a Specific Domain by ID:
  

  cpfence --enable-waf-domain-byid DOMAIN

  Re-enable specific WAF rules for a domain that were previously disabled.

Malware Protection Settings

• Enable Real-Time Protection:
  

  cpfence --enable-MRTP

  Enable Malware Real-Time Protection for continuous scanning.

• Disable Real-Time Protection:
  

  cpfence --disable-MRTP

  Disable Malware Real-Time Protection.

• Enable Proactive Scanning:
  

  cpfence --enable-proactive

  Enable Proactive Scanning for fast detection. (recommended)

• Disable Proactive Scanning:
  

  cpfence --disable-proactive

  Disable Proactive Scanning for reduced RAM usage.

• Enable Auto Quarantine:
  

  cpfence --enable-quarantine

  Automatically move infected files to the quarantine directory.

• Disable Auto Quarantine:
  

  cpfence --disable-quarantine

  Turn off automatic quarantine. Review scan results manually.

• Enable Email Quarantine:
  

  cpfence --enable-email-quarantine

  Quarantine suspicious emails with infected attachments or phishing links.

• Disable Email Quarantine:
  

  cpfence --disable-email-quarantine

  Disable automatic quarantine for suspicious emails.

• Enable Spam Protection:
  

  cpfence --enable-spam-protection

  Enable advanced filtering to detect and quarantine spam emails.

• Disable Spam Protection:
  

  cpfence --disable-spam-protection

  Disable spam filtering for email content.

Scanning Options

• Run a Full Scan:
  

  cpfence --full-scan

  Perform a full scan on all files. This process may take 30 minutes up to several hours.

• Run a Smart Scan:
  

  cpfence --smart-scan

  Scan critical areas and commonly infected files for faster results.

• Run a Custom Scan:
  

  cpfence --custom-scan PATH

  Perform a custom scan on a specific path or directory.

• Stop Active Scanning Jobs:
  

  cpfence --stop-scan

  Stop all currently running scans, including Full, Smart, and Custom scans.

• Exclude a Path from Scans:
  

  cpfence --exclude-path PATH

  Add a path or directory to the exclusion list for all scanning jobs.

• Remove a Path from Exclusions:
  

  cpfence --del-exclude-path PATH

  Remove a previously excluded path from the exclusion list.

• Run a Custom Scan without Quarantine:
  

  cpf_scan /var/www

  Run a custom scan without quarantine or exclusions. Example: cpf_scan /var/www.

• Run a Custom Scan and Move to Quarantine:
  

  cpf_scan --move=/opt/cpfence/quarantined/ /var/www

  Perform a custom scan and move infected files to the quarantine directory.

cPFence Owl™ Monitoring Module

• Enable Owl Monitoring System:
  

  cpfence --enable-owl

  Enable the cPFence Owl Monitoring system to track and analyze server activity. (recommended)

• Disable Owl Monitoring System:
  

  cpfence --disable-owl

  Disable the cPFence Owl Monitoring system.

• Restart Owl Monitoring System:
  

  cpfence --restart-owl

  Restart the cPFence Owl Monitoring system to refresh its operations.

Rootkit Scanner

• Enable Rootkit Scanner:
  

  cpfence --rootkit-on

  Turn on the Rootkit daily scanner to detect and protect against hidden threats. (recommended)

• Disable Rootkit Scanner:
  

  cpfence --rootkit-off

  Turn off the Rootkit daily scanner.

IP Management Commands

• Check the Current State of an IP:
  

  cpfence --check-ip IP

  Check if an IP is whitelisted, blacklisted, or blocked and view related statistics. Example: cpfence --check-ip 192.168.1.1.

• Add an IP to the Whitelist:
  

  cpfence --add-whitelist-ip IP

  Whitelist an IP to allow it through server defenses. Example: cpfence --add-whitelist-ip 192.168.1.1/23.

• Remove an IP from the Whitelist:
  

  cpfence --del-whitelist-ip IP

  Remove an IP from the whitelist. Example: cpfence --del-whitelist-ip 192.168.1.1.

• Add an IP to the Blacklist:
  

  cpfence --add-blacklist-ip IP

  Blacklist an IP to block it from accessing your server. Example: cpfence --add-blacklist-ip 192.168.1.1/24.

• Remove an IP from the Blacklist:
  

  cpfence --del-blacklist-ip IP

  Remove an IP from the blacklist. Example: cpfence --del-blacklist-ip 192.168.1.1.

• Bulk Add IPs to the Whitelist:
  

  cpfence --bulk-whitelist-ip URL_OR_FILE

  Add multiple IPs to the whitelist from a file or URL. Example: cpfence --bulk-whitelist-ip https://a.com/file.txt.

• Bulk Add IPs to the Blacklist:
  

  cpfence --bulk-blacklist-ip URL_OR_FILE

  Add multiple IPs to the blacklist from a file or URL. Example: cpfence --bulk-blacklist-ip /path/to/file.

• Bulk Remove IPs from the Whitelist:
  

  cpfence --bulk-del-wl-ip URL_OR_FILE

  Remove multiple IPs from the whitelist using a file or URL. Example: cpfence --bulk-del-wl-ip https://a.com/file.txt.

• Bulk Remove IPs from the Blacklist:
  

  cpfence --bulk-del-bl-ip URL_OR_FILE

  Remove multiple IPs from the blacklist using a file or URL. Example: cpfence --bulk-del-bl-ip /path/to/file.

Country Blacklisting / Whitelisting Module

• Add a Country to the Whitelist:
  

  cpfence --whitelist-country ISOCODE

  Allow traffic from a specific country. Example: cpfence --whitelist-country us.

• Add a Country to the Blacklist:
  

  cpfence --blacklist-country ISOCODE

  Block traffic from a specific country. Example: cpfence --blacklist-country cn.

• Remove a Country from the Whitelist:
  

  cpfence --del-whitelist-country ISOCODE

  Remove a country from the whitelist. Example: cpfence --del-whitelist-country us.

• Remove a Country from the Blacklist:
  

  cpfence --del-blacklist-country ISOCODE

  Remove a country from the blacklist. Example: cpfence --del-blacklist-country cn.

Maintenance Options

• Update cPFence:
  

  cpfence --update

  Update cPFence software and virus signatures to the latest version.

• Uninstall cPFence:
  

  cpfence --uninstall

  Uninstall the cPFence software completely from your server.

• Display Installed Version:
  

  cpfence --version

  Check the currently installed version of cPFence.

• Display Help Message:
  

  cpfence --help

  Show the full list of available cPFence commands and their descriptions.

Need Further Assistance?

Visit our Knowledgebase or contact our support team for help.