How to prevent your hosting account from being hacked

The menace of hacking is a very serious issue for the today’s World Wide Web. It is really important to pay a lot of attention to the security of your cPanel account. It should be well-protected against manual attacks as well as against automatized means of getting access to your hosting account.

The security of our clients is of the highest priority for us. We have an effective firewall system along with a set of other security measures on our servers. However, some aspects of cPanel account protection depend not on Namecheap but on the owner of the account. In this article, you will find several useful tips you can use to significantly improve your cPanel account security.

1. Use a safe username and password
2. Change your password regularly
3. Keep your username and password in a safe place
4. Enable the 2FA for cPanel
5. Pay attention to the security of your computer
6. Use a secured connection when it is possible
7. Scan your web space
8. Always have a backup
9. CMS security tips

1. Use a safe username and password

This is quite an obvious thing, but having a secure password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere. It is strongly recommended that you should avoid using passwords that consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you, especially if you have an account in any of social networks.

In Internet security, there is even a special term 'social engineering' which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of email, forum, chat or in a social network. So in case your password is your mother’s birthday, do not be surprised if your account gets hacked.

Also, hackers have special tools for cryptanalytic attacks (also known as brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary.

It is strongly recommended that you use passwords that consist of randomly mixed low and capital letters, special symbols, and digits. The password length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel >> Password & Security.

Another important aspect is a cPanel username.

By default, in a hosting welcome guide, you receive a generated username which consists of a part of your main domain name combined with several random letters. The cPanel username can be changed only by our representatives per your request in a chat or a ticket. There are some restrictions triggered by the cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however, they are not permitted as the first symbol in the username). Also, the cPanel username cannot exceed sixteenth symbols. It is not recommended that you change it to your actual name or nickname as this information can be obtained easily by any other person.

It is strongly recommended that you change your password from time to time. Also, we advise changing the password right after receiving the hosting welcome guide email.

Additionally, it makes sense to change passwords for your email accounts. This can be done in cPanel >> Email Accounts menu >> Manage >> enter a new password in the SECURITY section.

3. Keep your username and password in a safe place

For example, avoid keeping Your Hosting Welcome Guide in your email account inbox in case you are not the only person who has access to it. Also, please avoid storing your cPanel login details in a text file on your desktop, especially if you are not the only user of this computer. You can use Roboform, LastPass or any other similar password-saving software in that case.

Needless to say that it is not recommended that you share your username and password with anyone.

4. Use 2FA for cPanel

Two Factor-Authentication adds an extra layer of security to your cPanel account in addition to your username and password by requiring access to the phone number associated with your account. Without your smartphone, you cannot log in.
When Two-Factor Authentication is enabled, your account cannot be accessed by anyone unauthorized by you, even if they have stolen your password.

The steps on how to set up 2FA for your cPanel account are described in the corresponding article.

It is strongly recommended that you have an effective firewall and antivirus software with up-to-date databases on your personal computer. Please perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also, there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program, so do not forget to check your PC regularly.

For example, with Namecheap, you can connect by FTP in two ways. You can use conventional port 21, or you can connect using non-standard secured port 21098. If there are no network restrictions, it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link that looks like uses port 80. If you wish to use port 2083, use the link which looks like

To avoid the hazard of the files located in your hosting account, it is recommended that you use different means of scanning for malicious software. First of all, you can use the built-in cPanel Virus Scanner:

Also, you can use some free online scanners such as this one:

Additionally, we have SiteLock - a website security and monitoring tool that eliminates cyber threats and keeps websites safe and secure.

It is better to combine several ways of checking your account for viruses. In order to prevent viruses and malware on your account, it is recommended that you use themes and plugins only from trusted providers. In case you have any doubts regarding your account security, please feel free to contact our Support Team at any moment.

Even though backups are scheduled on our shared servers on a weekly basis, it is recommended that you keep a backup of your account somewhere in a safe place on your PC or a third-party server. Please do not forget to update it from time to time in order to avoid losing important information. You can create a full cPanel backup in cPanel >> Backup.

PLEASE NOTE: If your account gets bigger than 25GB or contains more than 200 000 inodes, it will be automatically excluded from weekly backups.

9. CMS security tips

If your site is built on WordPress, we recommend reading our WordPress security guides:

How to improve WordPress website security
How to set up internal protection for .htaccess

and use the security tips listed there to prevent hack attempts in the future.

Following these simple recommendations, you can improve your account’s security greatly. From our side, we do our best to keep your account safe, but if you undertake these measures, a level of security increases drastically. We recommend that you do not ignore the safety of your data and always feel free to contact our Support Team in case you have any questions or complications.

71500 times

Need help? We're always here for you.