Updated on Jun 15, 2021
It is fairly common practice to hire a developer/designer to build and edit a website or have your own webmaster/external SEO expert to maintain your existing one. This process ultimately requires access to your web hosting account. Permissions can be assigned at several different levels in cPanel. When you're considering sharing access to your cPanel hosting account with other collaborators, the type of sharing you'll want to use depends on what level of control you want to offer. In this article, you'll learn how you can give your developer or designer account access safely, get to know the different permission levels, and how to grant and remove hosting account access.
Table of Contents:
Companies that manage user permissions use the practice known as “least privilege,” which basically means that users get access only to what is absolutely necessary. Limiting the privileges for users and the number of privileged users is one of the five best practices recommended by the National Cybersecurity and Communications Integration Center (NCCIC) at the US Computer Emergency Readiness Team (US-CERT).
Of course, you probably need to allow account access for certain users, family members, or developers, but here are the main reasons why you should limit that access, and in some cases, restrict it:
By limiting user access, you narrow down the amount of data employees have access to — and incidentally can compromise — without having to go through any other defenses. This is a recommended practice when you aim to increase the overall security of your online business.
When you initially create your hosting account with FastComet, you are given two separate areas to manage your hosting products and services – the Client Area and the cPanel/WHM Control panel. The Client area provides direct access to Technical Support, Billing information, and other features not directly related to managing the hosting service itself. It allows you to keep your billing information separate from the access information you need to share with your developer.
Your FastComet Client Area allows you to create additional sub-accounts. Additional Contacts/Sub-Accounts provide you with the option to give a third-party access to your Client Area. As this area contains sensitive information and grants access to your hosting products, we give you more control over the Contacts/Sub-Accounts permissions. By default, these permissions will be set as:
You can set the access level to control what a person can do to your account once they're logged in.
Each hosting service has its own separate cPanel interface via which you can manage all features of the specific hosting product.
These two separate areas to manage your hosting account are accessed by separate login details. You can allow full access to your cPanel Control panel, but there is no legitimate need for your web designer to be provided access to your Client Area/Billing account.
Your FastComet Client Area has confidential information that your web developer does not need to operate. Giving your web developer access to the Billing account would potentially allow them to change contact information for your account, impersonate you and make unauthorized edits to your account.
The Master Password is your Client Area password, which you set up during the sign-up process. This password is encrypted and can not be retrieved or viewed in plain text anywhere in the system. Only the person who signed up for the service who knows the password can change it or log in to the Client Area.
The cPanel password for managing your hosting product is randomly generated during the account creation. You can find this in your hosting account welcome email. There you should be able to locate your cPanel URL, cPanel username, and password. The only way to retrieve or change your product cPanel password is by using your Master Password.
A web developer/designer will often ask for access to your hosting account so that they may set up your website. Here comes the logical question you may ask yourself: Should I give him my username and password? While this is a legitimate request, you still want to be careful who you give access to and how much access you give to them. As the hosting account owner, you decide who has access to your account.
Before you decide to give your web developer access to your hosting account, you may want to consider the following:
In answering those questions, you will determine how much access you are comfortable giving to your web designer.
You may also want to keep these security principles in mind when deciding how much access to grant your web developer:
Taking everything above into consideration, you have several options here:
To grant your developer full cPanel access, you should provide them your cPanel username and password.
It is highly recommended to change your cPanel password after the team of your website developer & designers are ready with the changes on your website. This is done for security measures.
Typically, SSH is used more frequently by IT Ops than developers. For IT engineers who need to administer systems remotely, SSH would be the preferred method as it is a fast and easy way to connect.
If you wish to give a partial level of access to your developer, we recommend NOT giving them access to the cPanel.
Make sure to install PHPMyAdmin on an Addon domain, a Subdomain, or a subfolder of your website via Softaculous. After that, create a MySQL database and user. There is a detailed explanation of how to do that in our MySQL Database and Uses tutorial. Ensure and provide the proper MySQL database, user, Ensure, and the user's credentials to your developer.
You should also set up an FTP user account in cPanel that has limited access to specific directories.
Since FTP accounts can upload, download, delete and change permissions on most files in the directories they have access to, it is advisable to limit the directories an FTP account can access.
For the purpose of managing your account access, you may create as many FTP accounts as you need and allow access to certain directories for each one of the accounts. You can perform this by accessing your cPanel and choosing the FTP Accounts icon:
Here is what you will see on the page:
• Host Name - your.domain.com;
• Username - The one set in the FTP Client section;
• Password - The one set in the FTP Client section;
• Port - 21.
One of the most common circumstances to restrict FTP users is to prevent them from applying changes to certain parts of your website. Limiting access can also be useful if you want to make it possible for users to upload media files, but you don’t want to give them access to other areas.
Probably, the most important concern to allow access to certain directories for an FTP user is security. An FTP user with full or root access can execute destructive commands.
You can request your web developer or SEO expert provide you with a list of instructions for the required changes, and you can make them on their behalf and upload the website files yourself.
To remove complete access to your hosting account, it is recommended to reset your cPanel password after your designer/developer is ready with the changes on your website. This is required for security measures.
If you have created FTP accounts for your developer, review your FTP accounts area in cPanel and either change the password for any FTP accounts or delete the accounts.
If you experience any difficulties, you can always count on our technical support team and ask for assistance by opening a new support ticket.
We hope you find this article useful. Discover more about FastCloud - the top-rated Hosting Solutions for personal and small business websites in four consecutive years by the HostAdvice Community!