Your hosting provider sends you a cPanel login URL (e.g. https://yourserver:2083 or https://cpanel.yourdomain.com), a username and a password. Open the URL in a modern browser (Chrome, Firefox, Edge). Enter the username and password and click Sign In. If you use two-factor authentication (2FA), you will be prompted for your verification code after the password. Keep your password secure and do not share it. For best security, use a strong password and enable 2FA under Security → Two-Factor Authentication.

The cPanel home screen is divided into sections (e.g. Files, Databases, Email, Metrics, Security, Software). Each section contains icons for tools and features. Click any icon to open that tool. You can use the search box at the top to find a feature by name. The left sidebar often shows your account info, and the right side shows the main content. Bookmark your cPanel URL for quick access. If your host uses a custom theme, the layout may differ slightly but the same features are available.

Go to Preferences → Password & Security (or Change Password). Enter your current password, then your new password twice. Use a strong password (mixed case, numbers, symbols) and avoid reusing old passwords. Click Change Password. If you have email accounts or scripts that use your cPanel password, update them with the new password. Some hosts also use this password for FTP and webmail, so change it in those places if applicable.

Click Files → File Manager. The File Manager opens in a new tab or window. You will see your home directory (often public_html for the main website). Use the folder tree on the left to navigate; click a folder to expand or collapse it. The main area shows files and folders in the current directory. Double-click a folder to open it. Use the toolbar to create new files or folders, upload files, extract archives, change permissions, or delete items. Right-click (or use the menu) for more options. Always keep a backup before deleting or overwriting important files.

To upload: navigate to the target folder (e.g. public_html), click Upload in the toolbar, then drag files into the upload area or click Select File to choose files. Wait for the upload to complete. To download: select one or more files or folders (checkbox), click Download from the toolbar. A compressed archive is created and downloaded. For large uploads, use FTP or SSH if File Manager times out. Maximum upload size may be limited by PHP or server settings; check with your host if you need to increase it.

To edit: select a file (e.g. .htaccess, .php), click Edit in the toolbar. The editor opens in a new tab. Make your changes and click Save Changes. For sensitive files, the editor may warn you to create a backup. Permissions: select a file or folder, click Permissions in the toolbar. Set numeric permissions (e.g. 644 for files, 755 for folders) or use checkboxes for read/write/execute for owner, group, and world. Incorrect permissions can break your site or cause security issues; 644 for files and 755 for directories is usually correct for web files.

To extract: select a .zip, .tar, .tar.gz or .gzip file, click Extract in the toolbar, choose the destination folder (default is the current directory), then click Extract. To compress: select one or more files or folders, click Compress, choose format (e.g. Zip, Tar.gz), enter an archive name, then Compress. Use compression to save space or to create backups before making changes. Large archives may take time; do not close the tab until the operation completes.

Go to Files → Disk Usage. You will see a summary of how much space your account uses and a breakdown by directory (e.g. mail, public_html, tmp). Click a directory to drill down and see which subdirectories use the most space. This helps you find large files or old backups to remove. Your total usage must stay within your plan limits; exceeding limits can cause errors or suspension. Check disk usage regularly and clean up unnecessary files, old emails, and redundant backups.

Common space hogs: email (especially Trash and Spam), old backups, cache folders, log files, and unused installs (e.g. old WordPress copies). Delete or archive old emails and empty Trash. Remove backups you no longer need (after downloading them if required). Clear application caches from the app (e.g. WordPress cache plugin). Do not delete system folders or core application files unless you know what they are. When in doubt, download a copy before deleting. If you need more space, consider upgrading your plan or moving large media to external storage.

Go to Email → Email Accounts. Click Create. Enter the local part (e.g. info, sales) and choose the domain from the dropdown. Set a strong password (or use the password generator). Optionally set a mailbox quota (e.g. 250 MB or Unlimited). Click Create. The full address will be localpart@yourdomain.com. You can now use this in any mail client (IMAP/POP3) or Webmail. Write down the password or store it securely; you can change it later from the same interface.

Webmail: from Email Accounts, click Check Email next to the account, or go to Email → Webmail and log in with the full email and password. You can choose Roundcube, Horde, or SquirrelMail. For desktop or phone: use IMAP (recommended) or POP3. Incoming: server is usually mail.yourdomain.com, port 993 (IMAP SSL) or 995 (POP3 SSL). Outgoing: same server, port 465 (SSL) or 587 (TLS). Use full email as username and the account password. Enable SSL/TLS where possible. Your host’s support or Email → Connect Devices shows exact settings.

In Email → Email Accounts, find the account and click Manage (or the gear icon). Use Change Password to set a new password; update your mail client if needed. Use Set Mailbox Quota to limit or increase storage; set to Unlimited to remove the limit (subject to your hosting plan). You can also set up forwarding or autoresponders from the same Manage screen. Deleting an account removes all mail in that mailbox permanently; download or forward important messages first.

The default address receives mail sent to any undefined address at your domain (e.g. random@yourdomain.com). In Email → Default Address, choose whether to forward to an existing account, discard with an error, or send to a specific address. Use this to catch typos or generic addresses. Catch-all can increase spam; consider forwarding only to a specific address or disabling it and creating only the accounts you need. You can also set a default for each domain if you have multiple domains.

Go to Email → Forwarders. Click Add Forwarder. Enter the address to forward from (e.g. info@yourdomain.com) and the destination address (any valid email). Choose to forward and keep a copy in the mailbox, or forward only (no copy). Click Add Forwarder. Incoming mail to the first address will be sent to the destination. You can create multiple forwarders for different addresses. Forwarders do not require a mailbox; they work even if no email account exists for that address. Useful for aliases like support@ or sales@ pointing to a single inbox.

In Email → Forwarders you will see a list of all forwarders. Click Delete next to one to remove it. After deletion, mail sent to that address will no longer be forwarded (and if there is no mailbox, may bounce). To change the destination, delete the old forwarder and create a new one with the same from-address and new destination. You can also use the same destination for multiple from-addresses (e.g. several domains forwarding to one Gmail account).

Go to Email → Autoresponders. Click Add Autoresponder. Select the email address (or create one for a specific purpose like vacation). Set start and end dates (optional; leave blank for always on). Enter a subject and message. Optionally enable “Send response only once per sender” to avoid replying to every message from the same person. Click Create. Anyone who emails that address will receive the automatic reply. Use this for vacation messages, “we received your request” confirmations, or out-of-office notices. Remember to disable or set an end date when no longer needed.

In Email → Autoresponders, each active autoresponder is listed. Click Edit to change the message, dates, or once-per-sender setting. Click Delete to remove it; after that, no automatic reply will be sent. If you use date ranges, the autoresponder will stop sending when the end date is reached. For shared addresses (e.g. info@), ensure only one person manages the autoresponder to avoid duplicate or conflicting messages.

Go to Email → SpamAssassin (or Spam Filters). Click Enable if it is not already on. Set the spam score threshold (e.g. 5.0); messages with a score at or above this are marked as spam. Choose whether to add a header, move to a Spam folder, or delete. We recommend moving to Spam so you can review false positives. Save. SpamAssassin will then score incoming mail and act according to your settings. You can tune the score after a few days based on how much spam gets through or how many legitimate messages are marked as spam.

In SpamAssassin, use the Whitelist to add email addresses or domains that should never be treated as spam (e.g. important senders). Use the Blacklist to always treat certain addresses or domains as spam. Add one entry per line. This overrides the score for those senders. After adding entries, save. Whitelist is especially useful if legitimate newsletters or notifications are being filtered. Blacklist is useful for persistent spammers that get through the score filter.

Email → Global Email Filters apply to all incoming mail for your account before it is delivered. You can create rules (e.g. if subject contains X, then discard or forward). Email → Email Filters (per-account) let you set rules for a single mailbox. Use these for automatic filing, forwarding, or deleting based on subject, sender, or body. Order of execution is usually: SpamAssassin → Global filters → per-account filters → delivery. Test rules with a non-critical address first to avoid losing mail.

Go to Databases → MySQL Databases. Under Create New Database, enter a name (e.g. myapp_db) and click Create Database. The full name will be prefixed with your cPanel username (e.g. user_myapp_db). Under Add New User, enter a username and strong password, then Create User. Under Add User To Database, select the user and database and click Add. On the privileges page, check ALL PRIVILEGES (or only what the app needs) and Make Changes. Your application will use: database name = user_myapp_db, user = user_dbuser, password = what you set, host = localhost. Save these in your app config (e.g. wp-config.php).

In MySQL Databases, under Current Users, click the user name or use the link to manage privileges. You can change the password there; update your application config with the new password. To change privileges, go to Current Databases → the user next to the database → adjust checkboxes (SELECT, INSERT, UPDATE, DELETE, etc.) and Save. For security, grant only the privileges the app needs. To remove a user from a database, use the Remove User from Database option. Deleting a user or database is permanent; back up first if you might need the data.

By default MySQL accepts connections only from localhost. To allow an external host (e.g. your PC or a third-party app): go to Databases → Remote MySQL. Add the IP address or hostname of the client under Add Access Host (use % to allow any host; not recommended for security). Click Add Host. Your app will connect using the same database name, user, and password but with the server hostname (e.g. server.budgetdomain.com.au) instead of localhost. Restrict to specific IPs when possible. If your host uses a firewall, port 3306 may need to be open for that IP.

Backup: use phpMyAdmin (Databases → phpMyAdmin), select the database, then Export. Choose format (usually SQL), optionally zip, and Go to download the file. Or use Backup in cPanel to download a full account backup that includes databases. Restore: in phpMyAdmin, select the database (or create one), click Import, choose the .sql file, and Go. For large databases, increase PHP limits or use command-line mysql. Always backup before restoring over an existing database; restore creates or overwrites tables.

Click Databases → phpMyAdmin. You are logged in as your cPanel user. The left sidebar lists your databases; click one to see its tables. The main area shows structure, SQL, search, and operations for the selected database or table. Use the tabs to run queries, browse data, export, or import. Do not alter system databases (e.g. information_schema) unless you know what you are doing. For normal use, work only with databases you created. Bookmark the phpMyAdmin URL for quick access.

To run SQL: select the database, click the SQL tab, type or paste your query (e.g. SELECT * FROM wp_options WHERE option_name = 'siteurl';), then Go. Use Browse to view table contents and Sort by column. Export: select database or table → Export → choose format (SQL for backup or CSV for spreadsheets), options as needed, then Go to download. For large tables, use partial export or command-line mysqldump if available. Always backup before running UPDATE or DELETE queries; test on a copy if possible.

Import: select the target database, click Import, Choose File to select your .sql (or .sql.gz) file, then Go. The script may have a size limit; for large files use BigDump or command-line mysql. After import, check that tables and row counts look correct. Repair: if a table is marked as crashed or has errors, select it, then use the Operations or Repair tab (or run REPAIR TABLE tablename in SQL). If repair fails, restore from a backup. Optimize tables occasionally (Operations → Optimize table) to reclaim space and improve performance.

Your primary (main) domain is set when the account is created; its files are usually in public_html. To see or change the document root: go to Domains → Domains (or Domain Setup). The primary domain is listed with its document root (e.g. public_html). Click Manage to change the root to a subfolder if needed (e.g. public_html/wordpress). Changing the root affects where the website is served from; update any paths in your application. Subdomains and addon domains have their own roots; the primary domain is the main website for the account.

Use Addon Domains to host another full domain (e.g. othersite.com) in the same cPanel account. Each addon has its own folder under public_html or a dedicated directory. Use Subdomains for names like blog.yourdomain.com. Use Parked Domains (aliases) to point another domain to the same content as your primary (e.g. yourdomain.net showing yourdomain.com). Create the addon or parked domain in cPanel after the domain’s nameservers (or A record) point to your server. Then set up the document root and upload files for that domain.

For your site to load, the domain must point to your server. Either set the domain’s nameservers to your host’s (e.g. ns1.budgetdomain.com.au) or, if you use external DNS, add an A record for the domain (and www) to your server IP. In cPanel you can manage DNS for domains on your account via Domains → Zone Editor. Changes can take from minutes to 48 hours to propagate. Use Domains → Domains to see which domains are attached to your account and their document roots.

Go to Domains → Subdomains. Enter the subdomain name (e.g. blog, shop, app) and select the domain. The document root is suggested (e.g. public_html/blog). You can change it to a different folder. Click Create. A DNS record for the subdomain is created automatically. Upload your files to the document root folder (e.g. public_html/blog). The subdomain will be accessible at https://blog.yourdomain.com once DNS propagates and SSL is active. You can create many subdomains; each has its own folder and can run a separate application (e.g. WordPress in blog, API in api).

The document root is the folder that serves files for the subdomain. To change it: Subdomains → Manage next to the subdomain → edit Document Root. Point it to an existing folder (e.g. public_html/wordpress) if you want the subdomain to use that directory. For SSL: if your host uses AutoSSL or Let’s Encrypt, the subdomain is usually included automatically. Otherwise use SSL/TLS Status or Install to issue a certificate for the subdomain. Ensure the subdomain’s names (e.g. blog.yourdomain.com) are in the certificate.

To remove: Subdomains → Delete next to the subdomain. This removes the subdomain and its DNS record; the folder and files remain until you delete them in File Manager. To redirect: use Redirects (Domains → Redirects) and create a permanent (301) or temporary (302) redirect from the subdomain URL to another URL. Useful when you merge content (e.g. blog.yourdomain.com → yourdomain.com/blog) or retire a subdomain. After redirecting, you can optionally remove the subdomain and clean up the folder.

Go to Domains → Addon Domains. Enter the new domain name (e.g. seconddomain.com). A subdomain is auto-created (e.g. seconddomain.yourprimary.com) and a folder is suggested (e.g. public_html/seconddomain.com). You can change the folder. Click Add Domain. Ensure the addon domain’s nameservers (or A record) point to this server. Then upload your site files to the addon’s document root. The addon domain will work like a separate site with its own content, email (if you create accounts for it), and SSL. You can have multiple addon domains within your plan limits.

Parked domains point another domain to the same content as your primary (or specified) domain. Go to Domains → Parked Domains (or Aliases). Enter the domain to park and click Add Domain. No separate folder is used; visitors to the parked domain see the same site as the primary. Use this for multiple TLDs (e.g. yourdomain.net, yourdomain.org) or common misspellings. DNS for the parked domain must point to your server. Remove a parked domain with Delete; this does not delete the primary site or its files.

In Domains → Addon Domains or Parked Domains you can list, modify, or remove each domain. For addons: you can change the document root (Manage) so the addon uses a different folder. For both: ensure SSL is installed for the addon/parked domain (SSL/TLS Status or Install) so HTTPS works. If you remove an addon domain, the folder and files remain; delete them in File Manager if no longer needed. Parked domains do not have their own folders.

Go to Domains → Redirects. Choose type: Permanent (301) for permanent moves (good for SEO) or Temporary (302). Select the domain (or all domains). Enter the path to redirect (e.g. /old-page or leave blank for the whole domain) and the destination URL (e.g. https://yourdomain.com/new-page or another domain). Check wildcard redirect if you want all paths under the source to redirect to the same path on the destination. Click Add. Test the URL in a browser to confirm. Use 301 when you have permanently moved content; use 302 for temporary maintenance or A/B testing.

To force www to non-www: create a redirect from https://www.yourdomain.com to https://yourdomain.com (type Permanent). To force non-www to www: redirect from https://yourdomain.com to https://www.yourdomain.com. Choose the correct domain in the dropdown. This ensures one canonical URL and avoids duplicate content. Ensure both hostnames have valid SSL and that DNS resolves for both. You can also handle this in .htaccess with RewriteRule if you prefer.

Domains → Zone Editor shows DNS records for domains on your account. Each domain has a zone with A, AAAA, CNAME, MX, TXT, and other records. A records point hostnames to IPs; CNAME points to another hostname; MX records define mail servers; TXT is for verification and SPF/DKIM. Only edit if you know what you are doing; wrong records can break the site or email. Your host may manage DNS elsewhere (e.g. Cloudflare); in that case, edit there. Zone Editor is for domains whose DNS is served by this server.

To add: select the domain, click + A Record (or + CNAME, etc.). For A: name (e.g. www or subdomain), and the IP address. For CNAME: name and target hostname (e.g. ghs.google.com for Google). For MX: priority (lower = higher priority) and destination (e.g. mail.yourdomain.com). Click Add Record. To edit: click Edit next to the record, change values, Save. To delete: Remove. Default TTL is often 14400 (4 hours). Lower TTL before making big changes so you can revert quickly. After changes, allow time for propagation; use online DNS lookup tools to verify.

TXT records are used for SPF (sender policy for email), DKIM (signing), and domain verification (e.g. Google Search Console). In Zone Editor, add a TXT record: name (e.g. @ or _dmarc), and the value (often a long string). For SPF there is usually a single TXT at @ with a value like "v=spf1 include:..." Do not add multiple SPF records; combine mechanisms in one. DKIM is set by Email → Authentication or similar; copy the provided TXT into the zone. Save and verify using your provider’s verification tool.

Metrics → Visitors shows a list of recent visitors and pages. Metrics → Bandwidth shows bandwidth usage over time. Metrics → Raw Access lets you download the raw access log (and error log) for a domain; useful for analysis in third-party tools. Raw logs can be large; choose the date range and domain. Use these to understand traffic, find broken links (errors), and troubleshoot. Awstats and other analytics (if available) give a friendlier summary. Log retention depends on your host.

Metrics → Errors shows PHP and web server errors for your account. Click a domain to see recent errors (404, 500, PHP notices, etc.). Use this to find missing files, permission issues, or script errors. Fix 404s by creating the missing page or adding a redirect. Fix 500s by checking .htaccess and PHP settings; enable display_errors temporarily in a test environment only. Clear the log after fixing to avoid clutter. For detailed debugging, enable logging in your application (e.g. WordPress debug log).

If your host provides Awstats: Metrics → Awstats (or similar). Select the domain to view hits, visits, pages, referrers, and countries. Data is generated periodically (e.g. daily). Use it for a quick overview of traffic without adding JavaScript tracking. For more accurate visitor analytics, use Google Analytics or similar; Awstats is server-side and may count bots. Some hosts offer other metrics (e.g. CPU, entry page); check your Metrics section for all options.

Metrics may show CPU usage, number of processes, or concurrent connections. These are often limited on shared hosting. If you hit limits, your site may slow down or show errors (e.g. 508 Resource Limit). Optimize: use caching (plugin or server), reduce plugin count, optimize images and queries, and consider upgrading or moving to a higher plan. Contact support to confirm your limits and get advice. Resellers may see aggregate usage for their accounts in the reseller panel.

Security → SSL/TLS Status shows which domains have valid certificates and which are pending or invalid. Many hosts use AutoSSL (e.g. cPanel’s or Let’s Encrypt) to issue and renew certificates automatically. Ensure your domain points to the server (A record) and that the hostname is in the certificate list. AutoSSL runs periodically; new domains may take up to a few hours. If a certificate fails, check DNS and that the domain is in the account; contact support if it still fails. Green check means the site is covered for HTTPS.

If you have your own certificate (e.g. from a commercial CA): Security → SSL/TLS → Install an SSL Certificate. Select the domain, paste the certificate (and intermediate/chain), and the private key. Install. Then ensure the site is forced to HTTPS (redirect or application setting). For Let’s Encrypt manual: some panels have Install Let’s Encrypt or Issue; follow the form to get a free cert for the domain. Wildcard certificates require DNS validation; enter the suggested TXT record in Zone Editor. After installation, test with https://yourdomain.com and an SSL checker tool.

To force HTTPS: use Domains → Redirects and add a permanent redirect from http://yourdomain.com to https://yourdomain.com (and same for www if you use it). Or in .htaccess in public_html add: RewriteEngine On, RewriteCond %{HTTPS} off, RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]. This ensures all traffic uses HTTPS. Also set your application’s URL to https (e.g. WordPress Address and Site Address in General settings) so links and assets use HTTPS and avoid mixed-content warnings.

Security → SSL/TLS often has options to generate a CSR (Certificate Signing Request) and private key. Generate a key and CSR for the domain, submit the CSR to your CA to get the certificate, then install the certificate and key (Install an SSL Certificate). Keep the private key secure and never share it. If you lose the key, you must generate a new one and reissue the certificate. For AutoSSL, keys and certs are managed automatically; you usually do not need to generate CSR unless you use an external CA.

Security → Two-Factor Authentication. Click Enable and follow the steps: scan the QR code with an authenticator app (e.g. Google Authenticator, Authy) or enter the secret key manually. Enter the code from the app to verify and complete setup. From then on, after entering your password you will be asked for the current code. Keep a backup code or backup method in case you lose your phone. This greatly reduces the risk of account takeover. Disable 2FA only from the same interface after confirming your identity.

Security → IP Blocker. Enter an IP address (or CIDR range) and click Add. That IP will be blocked from accessing your account (cPanel, web, FTP, email). Use this to stop brute-force attempts or abusive IPs. To unblock: find the IP in the list and click Delete. Be careful not to block your own IP; if you do, contact support or use another network (e.g. mobile) to log in and remove it. For broader protection, use ModSecurity (if available) or ask your host about firewall rules.

If your host allows SSH: Security → SSH Access shows your SSH port and lets you manage authorized keys. Generate a key pair on your PC (e.g. ssh-keygen), then in cPanel add the public key under Manage SSH Keys → Import Key (or paste into Authorized Keys). Connect with ssh username@server -p port. Using keys instead of passwords is more secure. Disable password authentication in SSH if your host permits. Use SSH for command-line backups, Git, or running scripts; do not share your key or account.

Hotlink Protection (Security) stops other sites from embedding your images (saves bandwidth). Enable and optionally allow your own domains and empty referrers. ModSecurity (if available) is a web application firewall that can block common attacks. It may have a learning mode; enable with care as strict rules can block legitimate requests. Contact support to enable or tune ModSecurity. Leech Protection (Security) limits how many times a user can log in to a protected directory; useful for member areas.

Software → MultiPHP Manager (or Select PHP Version). You can set a default PHP version for the account and override per domain or subdomain. Select the domain and choose the PHP version (e.g. 8.1, 8.2). Older apps may require 7.4; use the lowest version that supports your app. Apply. Your app will use that version. Some hosts use MultiPHP INI Editor to set php.ini options (memory_limit, max_execution_time, etc.) per domain. Increase limits only as needed; very high values can affect server stability.

Software → MultiPHP INI Editor. Select the domain and edit options such as memory_limit, max_execution_time, upload_max_filesize, post_max_size. Change only what you need (e.g. for WordPress or import scripts). Save. Changes apply to that domain’s PHP. If you do not see an option, your host may restrict it; contact support. Restore to default if the site breaks after a change.

MultiPHP or PHP Extensions (Software section) lists extensions (e.g. curl, gd, mysqli, zip). Enable or disable per PHP version or domain. Enable what your application requires (e.g. WordPress needs mysqli, gd, etc.). Disable unused extensions for a minimal setup. After enabling, reload the app; some extensions require a restart that the host manages.

Software → Softaculous Apps Installer (or WordPress Manager). Find WordPress (or the app) and click Install. Choose protocol (https), domain, and directory (e.g. leave blank for root or enter blog). Set admin username, password, and email. Use a strong password. Click Install. Softaculous will create the database and install the files. After installation, log in to the app’s admin and complete setup (e.g. WordPress wizard). Keep WordPress and plugins updated for security. Back up before major updates.

In Softaculous, My Installations (or Installed Apps) lists your installs. From here you can: upgrade the application, backup, remove, or edit settings (e.g. path, admin user). Use Upgrade to update to the latest version; backup first. Use Backup to create a full backup (files + database) and store it off-server. Remove uninstalls the app and optionally removes files and database; backup first if you might need the data. Clone (if available) copies the install to another directory or domain.

In My Installations, click Backup for the install. Choose where to save (home directory or email) and backup. Download the backup from File Manager or email. To restore: use Restore, select the backup file, and choose the target (overwrite existing or new location). Restore replaces files and database; use only with backups you trust. For critical sites, also keep cPanel or external backups.

Files → Backup (or Backup Wizard). Choose Full Backup. The backup includes home directory, databases, email config, and filters. Select destination: Home Directory (then download via File Manager or FTP) or Remote (FTP/SFTP). Start the backup; for home directory, wait until complete then go to File Manager and download the .tar.gz file. Store it securely off the server. Full backups can be large; ensure you have space and time. Schedule backups if your host offers scheduled backup to remote or home directory.

Backup Wizard or Backup often allows partial backups: Home Directory only (files), MySQL only (databases), or Email (forwarders, filters, etc.). Use partial backups for quick file-only or database-only backups. Download from the backup destination. Restore: use Restore (or Restore a MySQL Database) to upload a backup and restore. Restoring overwrites existing data; backup current state first if needed. For MySQL, use the same interface to select the .sql or .gz file and the target database.

Backups in your home directory appear in File Manager (often in a backup or backup_* folder). Download the .tar.gz via File Manager Download or FTP. To restore a full backup you usually need to contact your host or use the Restore interface if available; full restore often requires root or support. For self-service: restore MySQL from Backup → Restore a MySQL Database; restore files by extracting the backup and uploading via File Manager or FTP to the correct locations. Test the site after restore.

Some hosts offer Backup Configuration (or Scheduled Backups): set frequency (daily/weekly), what to include, and remote destination (FTP/SFTP). Configure and save; backups run automatically. Keep credentials for the remote destination secure. Verify periodically that backups are arriving and are restorable. Do not rely only on server-side backups; keep at least one copy off the server (e.g. your PC or cloud storage).

Cron jobs run commands or scripts on a schedule (e.g. every minute, daily at 2 a.m.). Use them for: cleanup scripts, backup scripts, newsletter sends, cache warming, or triggering application tasks (e.g. WordPress cron). Advanced → Cron Jobs. You can add a new cron job by setting the schedule (common settings or custom minute/hour/day/month/weekday) and the command (e.g. /usr/bin/php /home/user/public_html/cron.php or wget -q -O - https://yoursite.com/cron.php). Save. The server runs the command at the specified times. Check logs or script output to confirm it runs.

Advanced → Cron Jobs → Add New Cron Job. Choose frequency: Every 5 minutes, Once per day, etc., or set Custom and enter the five fields (minute, hour, day of month, month, day of week). In Command, enter the full command (e.g. /usr/bin/php /home/username/public_html/script.php). Use absolute paths. For web-based scripts you can use curl or wget to hit a URL. Click Add New Cron Job. To edit: use the Edit link next to the job. To remove: Delete. Avoid running heavy jobs too frequently; respect your host’s limits.

When you add a cron job you can set an email address to receive output. If the command prints anything (or errors), that is emailed. Use a valid address you check; for noisy scripts, leave email blank or redirect output to /dev/null (e.g. command > /dev/null 2>&1). To log to a file: command >> /home/user/logs/cron.log 2>&1. Rotate or clear logs periodically to avoid filling disk. Test the command manually via SSH or a one-off run before relying on cron.

Files → FTP Accounts. Enter a username (e.g. webuser); the full login will be username@yourdomain.com. Set password and assign a directory (e.g. public_html or public_html/subfolder to restrict access). Set quota if desired. Click Create FTP Account. Use an FTP client (FileZilla, WinSCP) with host (your domain or server), username (full FTP user), password, and port 21 (FTP) or 22 (SFTP if available). Prefer SFTP for security. The account can only access the assigned directory and below.

In FTP Accounts, find the account and click Manage (or Change Password). Set a new password and update your FTP client. To change the directory: some panels allow editing the path; otherwise delete and recreate the account (backup files first). Set or change quota in the same Manage screen. Unlimited means the account can use up to your hosting quota. Delete the FTP account when no longer needed; this does not delete the files in the directory.

Host: your domain (e.g. ftp.yourdomain.com) or server hostname. Username: full FTP user (e.g. webuser@yourdomain.com). Password: the one you set. Port: 21 for FTP, 22 for SFTP. Use Explicit FTP over TLS if FTP is required but SSL is available. In FileZilla, set transfer type to Auto. For large uploads, increase timeouts. If connection fails, check firewall, credentials, and that the FTP account exists and is not restricted by IP. Your host’s docs may list exact host/port (e.g. server.budgetdomain.com.au).

.htaccess is a configuration file in a directory that the Apache server reads for that directory and subdirectories. Uses: redirects (Redirect 301 /old /new), rewrite rules (clean URLs), password protection (AuthType Basic, AuthUserFile), custom error pages (ErrorDocument), blocking by IP, and PHP settings (if AllowOverride allows). Edit .htaccess in File Manager (show hidden files) or via FTP. One typo can break the site (500 error); backup before editing. Test in a browser after changes. Remove or fix invalid directives if the site breaks.

Create a page (e.g. 404.html or 404.php) and upload it. In .htaccess add: ErrorDocument 404 /404.html and ErrorDocument 500 /500.html (paths relative to document root). When a 404 or 500 occurs, the server will show your page. Use 404 to offer navigation or search; use 500 to show a friendly message and contact info. Ensure the error page itself does not trigger an error (e.g. keep 404.html simple). Some apps (e.g. WordPress) have their own error page settings that may override .htaccess.

To protect a folder with a password: use File Manager or FTP to create .htaccess and .htpasswd in that folder (or use cPanel’s Directory Privacy if available). In .htaccess: AuthType Basic, AuthName "Restricted", AuthUserFile /full/path/to/.htpasswd, Require valid-user. Generate .htpasswd with htpasswd (command line) or an online generator; put the encrypted password in .htpasswd. Restrict the path to the folder only. Visitors will be prompted for username and password. Use strong passwords and HTTPS so credentials are not sent in clear text.

As a reseller you have a WHM (Web Host Manager) account that lets you create and manage multiple cPanel hosting accounts (your customers). You get a quota of disk space, bandwidth, and accounts from your provider. You create packages (plans) that define limits for each account, then create accounts from those packages. You can suspend, unsuspend, modify, and terminate accounts; manage nameservers and DNS; and view usage and statistics. Your customers log in to their own cPanel; they do not have access to WHM. You bill your customers separately; the reseller panel is for technical management only.

Log in to WHM at https://yourserver:2087 or https://whm.yourdomain.com using your reseller username and password. The home screen shows server info, account counts, and quick links. Use the left menu or search to find features: Create Account, List Accounts, Packages, Nameservers, Backup, etc. Keep your WHM credentials secure and enable two-factor authentication. Do not share WHM access with customers; they use cPanel only. Familiarize yourself with Account Information, Modify Account, and Suspend/Unsuspend for daily management.

In WHM go to Account Functions → Create a New Account. Domain: enter the customer’s domain (e.g. clientdomain.com). Username: cPanel username (lowercase, no spaces; often derived from domain). Password: set a strong password and send it to the customer securely, or use the password generator and email it. Package: select the package (e.g. Starter, Business) that defines disk, bandwidth, and feature limits. Contact and other fields: optional. Click Create. The account is created and the customer can log in to cPanel. Ensure the domain’s nameservers (or A record) point to your server so the site and email work. Send the customer their cPanel URL, username, and password.

Packages define resource limits (disk, bandwidth, inodes, number of addon domains, etc.). Create packages in WHM → Packages → Add a Package: name (e.g. Basic 5GB), set limits, and save. When creating an account, select the package that matches the plan the customer purchased. You can change an account’s package later (List Accounts → Modify). Assigning a package with higher limits upgrades the account; lower limits may require the customer to reduce usage first. Package limits are enforced automatically; the customer cannot exceed them without an upgrade.

After creating the account, the customer must point the domain to your server. Give them your nameservers (e.g. ns1.yourdomain.com, ns2.yourdomain.com) or the server IP. If they use your nameservers, DNS is managed on your server (you or they can add records in cPanel Zone Editor). If they use external DNS, they should add an A record for the domain and www to your server IP. Until DNS propagates, the site may not load and SSL may not issue. You can create the account before DNS is set; just inform the customer to update nameservers or A records and allow up to 48 hours for propagation.

WHM → List Accounts shows all cPanel accounts under your reseller account. You see username, domain, package, disk/bandwidth usage, and status. Use search or filters to find an account by domain or username. Click an account to view details or use the actions (Modify, Suspend, etc.). Use this list to monitor usage, upgrade or downgrade packages, and manage many customers from one place. Export or use the table to keep records of domains and packages.

List Accounts → Modify (or Account Information) for the account. You can change the package (upgrade/downgrade), disk and bandwidth limits (if allowed), contact email, and other settings. Changing the package applies the new package’s limits. If downgrading, ensure current usage is below the new limits; otherwise the account may be over limit until the customer or you reduce usage. Save changes. The customer does not need to do anything on their side; new limits apply immediately. Update contact email so support and billing notices go to the right place.

To suspend: List Accounts → Suspend for the account, or use Suspend Account. Enter a reason (shown on the customer’s suspended page) and confirm. The account’s site and email will stop working; the customer will see a suspension message when visiting the site or logging in to cPanel. Use suspension for non-payment, abuse, or policy violations. To unsuspend: List Accounts → Unsuspend (or Unsuspend Account). The account is restored. Document the reason for suspension for your records and follow your own policies (e.g. notice before suspension).

Terminating permanently removes the cPanel account and all its data (files, databases, email). WHM → Terminate an Account (or List Accounts → Terminate). Select the account and confirm. This cannot be undone; ensure you have backups if needed and that the customer has been notified per your terms. Use termination only when the account is cancelled and data retention is no longer required. For temporary removal, use Suspend instead.

WHM → Packages → Add a Package. Name: internal name (e.g. Starter). Set Disk space (MB or unlimited), Bandwidth (MB or unlimited), Max addon domains, Max subdomains, Max parked domains, Max FTP accounts, Max email accounts, Max databases, and other quotas. Set feature list (what cPanel features are allowed). Save. To edit: Packages → Edit a Package, select the package, change limits, Save. Existing accounts keep their current limits until you change their package (Modify Account). Create packages that match your product tiers (e.g. 5GB, 10GB, unlimited) and assign them when creating or modifying accounts.

Feature lists control which cPanel features a package can use (e.g. PHP version, SSH, Git). WHM → Feature Lists → Edit. Enable or disable features per list, then assign the list to a package. Use this to offer premium features only on higher plans or to restrict risky features (e.g. SSH) on basic plans. Resource limits (CPU, entry processes, I/O) may be set in packages or in the server’s limits; contact your provider to understand how limits are applied and how to avoid overage or abuse.

To duplicate: Packages → Copy a Package. Select source package, enter a new name, adjust limits if needed, and save. Useful for creating a new tier from an existing one. To delete: Packages → Delete a Package. You can only delete a package that has no accounts assigned. Move accounts to another package first (Modify Account), then delete the empty package. Do not delete a package that is in use or all accounts on it may behave unexpectedly; reassign them first.

Your provider assigns default nameservers (e.g. ns1.provider.com) for the server. You can create custom nameservers (e.g. ns1.yourbrand.com, ns2.yourbrand.com) for a more professional look. In WHM → Basic cPanel/WHM Setup → Nameservers (or Edit Nameservers). Register the hostnames (ns1.yourbrand.com, ns2.yourbrand.com) at your domain registrar and set their A records to the server IPs (or use the IPs provided by your host). Add the nameservers in WHM and assign them to the server. Then give customers these nameservers to use when pointing domains to you. Both nameservers must resolve and be registered; otherwise domain delegation may fail.

Provide customers with the exact nameserver hostnames (e.g. ns1.yourdomain.com and ns2.yourdomain.com) and simple instructions: log in to the registrar where the domain is registered, find DNS or Nameserver settings, replace existing nameservers with yours, and save. Propagation can take up to 48 hours. You can host a simple page or PDF with these instructions and send the link in the welcome email. Optionally provide your server IP for customers who prefer A record setup instead of nameservers.

WHM → Reseller Center (or Account Usage, Bandwidth, etc.) shows your total and per-account usage. You see disk space and bandwidth per account and totals for your reseller slice. Use this to identify heavy users, plan upgrades, or enforce fair use. Your provider may limit your aggregate usage; stay within your reseller quota. List Accounts also shows per-account disk and bandwidth; sort or filter to find accounts near their limits.

When an account exceeds its package limits (disk or bandwidth), the site may be suspended or show errors. Contact the customer and either upgrade their package (Modify Account → change package) or ask them to reduce usage (e.g. delete old backups, optimize images). Set clear policies in your terms (e.g. overage fees or automatic upgrade). Monitor usage regularly so you can notify customers before they hit limits. Your own reseller limits are set by your provider; request an increase if you need more capacity.

CPU and entry process limits are often set at the server or package level. They prevent one account from consuming too many resources. If a customer reports slow site or 508 errors, check if they are hitting CPU or process limits. In WHM you may see options to adjust limits per account or package (e.g. in Modify Account or in a resource limit editor). Increase cautiously; your provider may cap what resellers can set. Optimize the customer’s site (caching, fewer plugins) before raising limits.

When a customer uses your nameservers, the DNS for their domain is served from your server. Each cPanel account has a zone for its primary (and addon) domains. Customers can edit DNS in cPanel → Zone Editor. As reseller you can use WHM to view or edit zones if needed (e.g. WHM → Edit a Zone or List Zones). Typically you let customers manage their own DNS; only intervene for support (e.g. add MX or TXT). Ensure your nameservers are reliable and that zone files are included in backups.

New zones are created automatically when you create an account with a domain. If a customer adds an addon domain in cPanel, a zone for that domain is created. To troubleshoot: use WHM → List Zones to find the domain, then view or edit the zone. Check A, MX, and nameserver records. Use online DNS lookup tools to see what the world resolves; compare with what you expect. Propagation delays can cause temporary mismatches. If the domain uses external DNS (not your nameservers), the customer must add records at their DNS provider; you cannot change that from WHM.

Some resellers run multiple servers or use a DNS cluster. WHM can be configured to sync zones to other servers or to a separate DNS cluster. This is advanced; typically your provider handles DNS on the same server. If you have multiple servers, consult your provider or cPanel docs on DNS clustering so that all nameservers serve the same records. For most resellers, single-server DNS with two nameservers on the same machine (or provided by the host) is sufficient.

WHM → Backup Configuration (or Backup). Enable backups and choose what to back up (full, compressed, incremental options). Set the schedule (daily, weekly) and retention. Choose destination: local (server), remote FTP/SFTP, or other. For resellers, backing up all accounts under your slice ensures you can restore if needed. Store backups off-server (remote FTP or download) so a server failure does not lose them. Test restore of one account periodically. Coordinate with your provider; they may also run server-level backups.

WHM → Restore a Backup (or similar). Select the backup date and the account to restore. Choose full restore or only files or only databases. Restore to the same account or to a new account (e.g. after migration). Restoring overwrites current data; use with care. For single-file or single-database restore, the customer can use cPanel Backup/Restore if you provide them the backup file. Document your restore procedure so you or support can perform it quickly in an emergency.

WHM → Transfer an Account (or Migrate). You need root or reseller access on both source and destination. Enter source server details (hostname, username, password or key) and select the account to transfer. Initiate the transfer; WHM copies files, databases, email config, and DNS. After transfer, update the domain’s nameservers or A record to point to the new server. Test the site and email. Downtime is minimized if you transfer then switch DNS in a short window. Some providers offer migration as a service; use that if you are moving between providers.

On the destination server (WHM): use Receive a Transfer or the transfer tool to accept the incoming account. Ensure you have space and that the account does not conflict with an existing username/domain. After receipt, verify files and databases; run any fix scripts (e.g. fix permissions) if available. Update DNS so the domain points to this server. Inform the customer of the new cPanel URL and any password or IP changes. Keep the old account on the source server until you confirm the new one works, then remove it.