SpeedyPage servers run firewalls, malware scanning, and intrusion detection, but account-level security is partly in your hands. These steps reduce your risk of a compromised account.
Use strong, unique passwords
Your cPanel password should be at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols. Avoid dictionary words, names, dates, or anything tied to your identity.
Use a password manager (1Password, Bitwarden, etc.) rather than storing credentials in emails, text files, or browser autofill.
You can change your cPanel password in cPanel > Preferences > Password & Security, or use the built-in password generator there.
Enable two-factor authentication
Two-factor authentication (2FA) adds a second step to your cPanel login: a time-based code from an authenticator app on your phone. Even if someone has your password, they can’t log in without the code.
Set it up in cPanel > Security > Two-Factor Authentication.
Change email account passwords
Don’t forget the email accounts on your domain. Change their passwords in cPanel > Email Accounts > Manage next to the account. Compromised email accounts are often used to send spam, which can get your server’s IP blacklisted.
Use FTPS or SFTP instead of plain FTP
Plain FTP sends your username and password in cleartext. Use FTPS (FTP over TLS) or SFTP instead — both encrypt your credentials during transfer.
Access cPanel over HTTPS
Always access cPanel at https://yourdomain.com:2083 rather than over plain HTTP. This encrypts your login session.
Keep your CMS and plugins updated
Outdated WordPress installations, themes, and plugins are the most common entry point for attackers. Update them as soon as new versions are available. Remove any themes or plugins you’re not using — even deactivated ones can be exploited if they have vulnerabilities.
Only install themes and plugins from trusted sources (wordpress.org, the developer’s own site, or a marketplace you trust). Nulled or pirated plugins almost always contain malware.
Scan for malware
Use the built-in Virus Scanner in cPanel (Security > Virus Scanner) to check your hosting files. You can scan your entire home directory, public_html, email, or the whole account.
For ongoing monitoring, consider a third-party scanner like Sucuri or Wordfence (for WordPress sites).
Keep backups
Create regular backups so you can recover if something goes wrong. You can generate a full cPanel backup in cPanel > Files > Backup.
Store your backups somewhere other than your hosting account — download them to your computer or a cloud storage service. A backup that only exists on the compromised server isn’t much help.
Review file permissions
Incorrect permissions can let attackers modify your files. Standard permissions for most hosting setups:
| Type | Permission |
|---|
| Directories | 755 |
| Files | 644 |
wp-config.php (WordPress) | 600 or 640 |
