cPanel Security Best Practices
How to Keep Your Website Safe on SmikeHost
Keeping your hosting account secure is essential to protect your website, files, emails, and customer data. While SmikeHost provides secure hosting infrastructure, account security also depends on how you manage your cPanel account.
Follow these important cPanel security best practices to keep your website safe.
1. Use a Strong Password
Your cPanel password is the first line of defense against unauthorized access.
A strong password should:
-
Be at least 12 characters long
-
Include uppercase and lowercase letters
-
Include numbers and symbols
-
Avoid using common words or personal information
Example of a strong password:G7$kL!9pQ@4x
???? Tip: Always use the Password Generator in cPanel when creating passwords.
2. Enable Two-Factor Authentication (2FA)
Two-Factor Authentication adds an extra security layer to your cPanel login.
When enabled, you must enter:
-
Your password
-
A verification code from your mobile device
This prevents hackers from accessing your account even if they know your password.
To enable 2FA in cPanel:
-
Log in to cPanel
-
Click Two-Factor Authentication
-
Click Set Up Two-Factor Authentication
-
Scan the QR code with an authenticator app (Google Authenticator or Authy)
3. Keep Your Website Software Updated
Outdated software is the most common reason websites get hacked.
Always update:
-
WordPress
-
Joomla
-
Drupal
-
Themes
-
Plugins
If your site uses WordPress, enable automatic updates whenever possible.
4. Use Secure File Permissions
Incorrect file permissions can expose your website to attackers.
Recommended permissions:
| File Type | Permission |
|---|---|
| Files | 644 |
| Folders | 755 |
| Configuration files | 600 |
Never set files or folders to 777, as this allows anyone to modify them.
5. Remove Unused Scripts and Plugins
Unused plugins, themes, and scripts can create security vulnerabilities.
Regularly:
-
Delete unused WordPress plugins
-
Remove unused themes
-
Delete old website installations
The fewer scripts installed, the lower your security risk.
6. Secure Your Email Accounts
If attackers gain access to your email account, they may reset passwords for other services.
For better security:
-
Use strong email passwords
-
Enable spam filters
-
Avoid clicking suspicious links in emails
7. Use SSL Encryption
SSL certificates encrypt data between your website and visitors.
Benefits include:
-
Secure data transmission
-
Improved SEO ranking
-
Increased visitor trust
SmikeHost provides free SSL certificates that you can activate from cPanel.
8. Regularly Backup Your Website
Backups ensure you can restore your website if something goes wrong.
We recommend:
-
Keeping weekly backups
-
Downloading copies to your local computer
-
Using cPanel Backup Wizard
9. Monitor Your Account Activity
Check your cPanel account regularly for unusual activity such as:
-
Unknown files
-
Suspicious scripts
-
Unexpected email accounts
-
Unknown cron jobs
If you notice anything suspicious, contact SmikeHost Support immediately.
10. Log Out After Using cPanel
Always log out of cPanel after managing your website, especially if using a public or shared computer.
Need Help?
If you believe your hosting account has been compromised or you need help securing your website, our support team is available to assist you.
Open a support ticket through the SmikeHost Client Area, and we’ll help you resolve the issue quickly.
✅ SmikeHost — Secure, Reliable Hosting for Your Business
