Follow @XavierMedia at Twitter.com

Xavier Media® Tools and tips for webmasters and bloggers

  Subscribe via email

  Subscribe via RSS
  What is RSS?

  Follow @XavierMedia

  Join our community

XavierMedia.com

Webmaster Tools

Keywords

Recent Posts

Blogs

RSS iPhone and iPad stuff – Most Useful Things
«
»

Secure your cPanel account

March 10th, 2010 by Andreas from Xavier Media®

cPanel is one of the best control panels I know and my company Xavier Media is using it for most of our own hosting accounts. But as always a control panel (or for that fact any software) is not more secure then the users using them. Therefore you must make sure that anyone with access to your cPanel account is not the weak link causing your site to get hacked.

Get a secure password

In cPanel there's a fantastic function that will help you to select hard-to-guess passwords for your accounts. You can even use it to generate passwords you're going to use on other accounts too.

Login at cPanel and click on "Change Password".

Then click on the "Generate Password" button to generate a random password. The nice thing with this generator is that you can select how long password you want, if you would like to use uppercase, lowercase and numbers. Just hit the regenerate button until you get a password that fit your needs. Please remember that a password should be minimum 6 characters (more then 8 is even better), should contain at least one uppercase letter (not the first or last letter) and if possible at least one number in the middle somewhere. If you add symbols like +, -, ? and % then you got a pretty strong (good) password already at 6 characters.

This generator can also be used if you need to choose a PIN code. In that case just deselect everything except numbers and set the length to 4 numbers.

What you should remember is to select as long passwords as possible and never use dictionary words (words found in any dictionary). Not even if you make one or more of the characters uppercase, since those passwords are the most easily to hack :( .

Backup your data offsite

Next step in securing your cPanel account is to make sure you got backups of all your files, databases and email accounts somewhere offsite. By that I mean somewhere not located on the same server as your hosting account. The offsite part is important because if a hacker gets access to the root passwords for a server they get access to the entire server which means that your backup and files are both in the same amount of danger. By having your backups located on another server you add a small amount of security for your backup files.

It's also good to have backup files on another server just in case same thing happens to your server that happened to 1000's of servers at The Planet earlier this year causing 100,000's of web sites to go offline. If you had backups offsite and this happened to you you could get a new hosting account somewhere else and setup your site there until The Planet solved their problems. Everyone else with their backups on the same server had to just wait for The Planet to restore all servers again before they could get their web sites back (some never got their sites back :( ).

In cPanel you got two options to do backups. One is the full backup where all your files, settings, databases and email accounts are backuped and the other option is partial backups where you have to download the files, databases etc as separate backups. I prefer to use the full backups even if you need to ask the server admin for help if you need to restore your account.

To do a full backup of your account I suggest you get a cheap FTP account with someone else other then your hosting provider. Then click on the "Backups" icon in cPanel and finally "Download or Generate a Full Backup". Select "Remote FTP server" and fill in your FTP details (for your second FTP account with the other hosting company). I would like to strongly point out to never use "Home Directory" as backup destination since that's way to dangerous in case something happens to your server.

In case you filled in a valid email address in the Email field, then you will get an email confirmation when the backup file is ready and has been transferred to your FTP account. The beauty with this is that you never have to download any backup files to your own computer (all you have to do is fill in a form :D ).

The first time you do this type of backup you need to login at the destination FTP account after you got the confirmation email to actually make sure that your backup is there. You should also test your backups at least once per year (i.e. make sure you can restore your account from a backup). This is because I've seen way to many examples where backups where missing or didn't work when they where needed the most.

You may also be interested in...
Secure your cPanel account
How to backup your site in cPanel – Part 2
Backup your site even if you don't use cPanel

Subscribe to new posts from this blog

This entry was posted on Wednesday, March 10th, 2010 at 6:47 pm and is filed under Antivirus & Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

RSS 24/7 Webmaster

RSS Adv.erti.se

RSS Public Information

RSS XavierMedia.org
© Copyright 1996-2010 Xavier Media®. All rights reservered.
Contact us | Support/help | Privacy Policy | Company Info
The World According to Xavier | Domain Names