Hey everyone,

With the recent absolute nightmare surrounding the CVE-2026-41940 critical exploit in cPanel/WHM (the 9.8 CVSS auth-bypass that basically handed root access to anyone with an internet connection), I finally hit my breaking point with standard WHM infrastructure.

Between cPanel’s aggressive price hikes over the last few years and now zero-day exploits actively being used in the wild to hijack entire servers, relying on a monoculture panel feels like sitting on a ticking time bomb.

I’ve been testing out cloud hosting providers that use Hepsia instead of cPanel, and I wanted to share a quick, unbiased breakdown of how it actually holds up for anyone looking to migrate away from WHM.

The Good: Why custom/isolated panels are winning right now

• Security by Obscurity & Isolation: Because Hepsia isn’t running on millions of generic automated servers like cPanel, it isn’t a mass target for automated botnets. More importantly, its file architecture isolates domains into distinct root directories rather than stacking them as subdirectories under a single primary account. If one site gets hit, the rest don't immediately fall.
• All-in-One Dashboard: Unlike cPanel where you have to log into a separate WHMCS billing system, a domain registrar panel, and then the cPanel itself, Hepsia handles the site files, domain registration, and billing from one single login.
• Insane Panel Speed: Because it’s built natively for specific server cluster environments rather than being a bloated "one-size-fits-all" software, the file manager (which supports direct drag-and-drop) loads incredibly fast compared to a heavy WHM setup.

The Trade-offs (What to expect)

• The Learning Curve: If you’ve spent 10 years looking at the classic cPanel grid layout, Hepsia takes a few days to get used to. It's clean, but the settings are in different places.
• Lack of WHM Root Tweaks: If you're a hardcore sysadmin who likes breaking into the command line to tweak niche Apache modules every Tuesday, a managed Hepsia environment gives you less "raw" server control because it's optimized out of the box.

Who is actually using it?

It's surprisingly hard to find hosts using it because everyone defaults to cPanel out of laziness. If you want to check out how it looks/feels, a few independent providers run it. I’ve been testing my dev sites on a American/Moroccan host ( souini Hosting ) lately because their entry tiers are cheap, but there are a handful of others out there utilizing the platform.

Are any of you guys actively ditching cPanel after the April/May exploits? What panels (Hepsia, RunCloud, CyberPanel) are you migrating your clients to?