Defense in depth. Out of the box.
Every customer gets their own Linux user, dedicated PHP-FPM pool and isolated directories. Plus nftables firewall, fail2ban, ModSecurity WAF and clean secret management.
Start free →Security at OS level, not just in the panel.
enconf isolates customers on multiple layers. A compromised PHP process cannot read another customer — that is architecture, not a feature.
- Linux user per customer
- PHP-FPM pool per customer
- open_basedir + disable_functions
- nftables + fail2ban
- ModSecurity + OWASP CRS
- ProFTPD chroot
Security on all layers
From Unix DAC to WAF — multi-layer defense without manual configuration.
Customer isolation (Linux user)
Every customer gets their own UID/GID, own directories with 0710 user:www-data.
PHP-FPM pool per customer
PHP runs with customer identity, open_basedir + disable_functions.
nftables firewall
Default-deny, SMTP egress block for customer PHP, port profiles per role.
fail2ban
Brute-force protection for SSH, FTP, mail, panel login.
ModSecurity WAF
OWASP Core Rule Set in front of every nginx request — SQLi, XSS, RCE filters.
Secret hygiene
Panel secrets root-only (0600). Customer PHP cannot read JWT_SECRET.
Security advisor in the panel
Continuous audit of all security layers with score, issues and one-click fix.
In detail
- Linux user + UID/GID per customer
- PHP-FPM pool per customer
- open_basedir + disable_functions
- Per-customer /tmp (0700)
- Webroot 0710 user:www-data
- nftables with SMTP egress block
- fail2ban for SSH/FTP/mail/panel
- ModSecurity + OWASP CRS
- Nginx upload-path PHP block
- ProFTPD chroot ~
Security that works by architecture.
14-day free trial · No credit card · Made in Germany
Start free →