Help tighten security for your WordPress blog by always logging into your hosting cPanel securely.
Why? Because logging in to your cPanel through https:// provides an encrypted communication and secure identification of your hosting provider.
When you first sign up for a hosting account, you receive a “Welcome eMail” from your hosting provider. If your hosting provider offers a cPanel, there will be a link to log-in.
Here's part of a sample “Welcome eMail” from HostGator:
Welcome to the hostgator family!
Your Domain: something.com
Your Username: somtin
Your Password: Pa33word
Your sites IP address:
74.52.128.210Your name servers:
ns325.hostgator.com
ns326.hostgator.com
———————-
Until your DNS has changed over to our nameservers, you can access your cPanel at: http://74.52.128.210/cpanel~ Source: HostGator Support
Unfortunately, this link will redirect you to http://ipaddress:2082, which is a non-secured port.
I think the reason hosting providers give this link is because some people may have the secured port blocked by their firewall and might cause some confusion. Nonetheless, I wish they would give the secured link anyway!
After your domain name propagates to your hosting account, you can also log-in using http://yourdomainname.com/cpanel, which again will redirect you to the non-secured link of http://yourdomainname.com:2082.
Log-in to your cPanel Securely on Port 2083
Rather than using the link provided in your email, I suggest changing the link to https://yourdomainname.com:2083, which is a secured port.
You will know this is a secured port, because you will see in your browser's address bar https:// instead of http://.
The first time you open the secured url, you should see a warning message appear on the web page. Here's a screenshot from Firefox:
Internet Explorer: Click on “Continue to this website (not recommended)” text.
Google Chrome: Click on the “Proceed anyway” button.
This warning is normal and wants to make sure you trust the source. Click the text “I understand the Risks” and a drop down message will appear. Here's a screenshot from Firefox:
Click the “Add Exception” button. A pop-up window will then appear to add the security exception. Screenshot from Firefox:
Click the “Confirm Security Exception” button and you will be taken to the cPanel log-in panel.
You can now log-in securely with your username and password to access your web hosting cPanel.
Leave Your Feedback
Submit your comment below and let me know if this article helped you or if you have any questions or concerns.
Thanks Bob. I totally agree!
Thanks Regina for this bit of added security.This is the 1st time I ever heard of accessing my Cpanel this way. It could also be that the Hosting Company s choose not to do this is because of the additional steps required to facilitate this process, of course they could include this in an advanced step process with the provision that if the person doesn’t feel up to it they will do it for you (that is the hosting co.)
Hi Robert,
Thanks for stopping by the blog and leaving a comment. You’re welcome. I’m glad I could help.
You’re not alone, many people have no idea about how to log-in to their cPanel securely. I think it should be in every “Welcome eMail” that hosting providers send out. And should be at the top of the cPanel that says “You are not logged in securely, click here to log-in to our secure cPanel.”
Thanks so much for this tip, Regina! I’ve been blown away by everything I’ve learned from you.
Looking forward to seeing you at NAMS7 in a few weeks.
Teresa
Thanks Teresa! Can’t wait to see you at NAMS 7!
Hi Regina, a Google alert (for WordPress) led me to your site. Nice to meet you. I’ve been blogging for three years and have never heard of cPanel. Is this something newsworthy? Or overkill?
Hi Jeff,
Very nice to meet you as well. I checked out your blog. Very cool!
Your host doesn’t use cPanel for shared hosting, but their own Hosting Control Center, so that’s probably why you’ve never heard of it. A very large number of hosting companies install cPanel for their customers to manage their websites.
What’s important is that we should always be on a secured connection when managing our website hosting via https://.
Regina, thanks for your message. Whew….feeling better about why I’ve never heard of cPanel. 🙂
Have an awesome Sunday!
It’s a picture-perfect Orlando day here.
Hello,
I really wonder why webhost allow people to even log in via http. On every server that I ever looked at or work on have http login turned off and force their users to log in via https.
I totally agree. Always wondered that myself.
If you’d like to determine whether port 2082 or 2083 is blocked, try firebind.com
http://www.firebind.com
Choose the java applet then enter the 2 ports for a TCP test. It will confirm whether or not they are being blocked by some intervening firewall such as a sw firewall on your machine, the firewall in your home router, or by your ISP.
Cool site. Thanks for the tip.
Thanks again for this tip – I first read it on Facebook when you initially posted this. Thought I’d stop by here and mention what I did after reading this…. I use Roboform (per your recommendation) and went in and change the url in my roboform files. The same will work if you just bookmark your cpanel links in your browser.
Hi Susanne,
Sorry for the very long delay in my reply. The comments on this page got lost in the mountain that I have to shuffle through.
Excellent tip about changing the secured cPanel url in Roboform and in your bookmarks! I can’t tell you how many times I’ve had cpanel’s shared with me (LastPass) to work on and their links are unsecured.
Hey Regina!
Great tip that you shared here! This is especially important when accessing one’s cpanel while using a free hot-spot at the local coffee cafe or on a hotel’s free wi-fi network.
If I may ask a follow-up question, how can I log into my WP installation’s dashboard securely? I get an error when I attempt to hit up https://mydomain.com/wp-admin? Do I need to request something at my hosting company? Or maybe a better question would be, do I need to be concerned about this?
Thanks for all your help! Looking forward to seeing you in a couple days down in Atlanta at NAMS!
Be Well.
Paul.
Paul,
Thanks for your comment and your question. Sorry that I missed your comment until now. Actually, you can do https:// for your login page. And yes, it is a good idea to use it. You can also apply https:// to a membership site and keep the outside off https://. It’s techy and I’ll be doing a class on this soon.
The warning from Firefox led me to believe that the secure way was the insecure way, paradoxically! Now I know. Thanks for the info, Regina.
Hi Regina,
Fortunately I found your website. I’m having my problem with my website. It is being hacked. And I don’t know how to start to fix it. Any idea to share? Thanks!
Sincerely,
Kevin Magan
Hi Kevin,
Sorry to hear your site was attacked. We can fix your website for you, sign up at https://wpsecuritylock.com/services/wordpress-malware-removal-and-restoration/
Hi Regina,
I tried accessing my domain using your format https://yourdomainname.com:2083, but Chrome shows the https with a red slash across it and the favicon is a red lock with a red cross on it. So I assume the connection is not encrypted?
Hi Gurdip,
Up in the address bar, click on the Lock with the red x in it to view more information about the security certificate.
You may see something like:
The identity of this website has not been verified.
• Server’s certificate is not trusted.
— most likely your host has you on a shared SSL certificate and that is why it is not recognized. This is common.
Your connection to yourdomain.com is encrypted with 256-bit encryption.
The connection uses TLS 1.0.
The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism.
The connection does not use SSL compression.
—- this means your data is encrypted.
Hope that helps