Skip to main content

Documentation Index

Fetch the complete documentation index at: https://speedypage.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

SpeedyPage servers run firewalls, malware scanning, and intrusion detection, but account-level security is partly in your hands. These steps reduce your risk of a compromised account.

Use strong, unique passwords

Your cPanel password should be at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols. Avoid dictionary words, names, dates, or anything tied to your identity. Use a password manager (1Password, Bitwarden, etc.) rather than storing credentials in emails, text files, or browser autofill. You can change your cPanel password in cPanel > Preferences > Password & Security, or use the built-in password generator there.

Enable two-factor authentication

Two-factor authentication (2FA) adds a second step to your cPanel login: a time-based code from an authenticator app on your phone. Even if someone has your password, they can’t log in without the code. Set it up in cPanel > Security > Two-Factor Authentication.

Change email account passwords

Don’t forget the email accounts on your domain. Change their passwords in cPanel > Email Accounts > Manage next to the account. Compromised email accounts are often used to send spam, which can get your server’s IP blacklisted.

Use FTPS or SFTP instead of plain FTP

Plain FTP sends your username and password in cleartext. Use FTPS (FTP over TLS) or SFTP instead — both encrypt your credentials during transfer.

Access cPanel over HTTPS

Always access cPanel at https://yourdomain.com:2083 rather than over plain HTTP. This encrypts your login session.

Keep your CMS and plugins updated

Outdated WordPress installations, themes, and plugins are the most common entry point for attackers. Update them as soon as new versions are available. Remove any themes or plugins you’re not using — even deactivated ones can be exploited if they have vulnerabilities.
Only install themes and plugins from trusted sources (wordpress.org, the developer’s own site, or a marketplace you trust). Nulled or pirated plugins almost always contain malware.

Scan for malware

Use the built-in Virus Scanner in cPanel (Security > Virus Scanner) to check your hosting files. You can scan your entire home directory, public_html, email, or the whole account. For ongoing monitoring, consider a third-party scanner like Sucuri or Wordfence (for WordPress sites).

Keep backups

Create regular backups so you can recover if something goes wrong. You can generate a full cPanel backup in cPanel > Files > Backup.
Store your backups somewhere other than your hosting account — download them to your computer or a cloud storage service. A backup that only exists on the compromised server isn’t much help.

Review file permissions

Incorrect permissions can let attackers modify your files. Standard permissions for most hosting setups:
TypePermission
Directories755
Files644
wp-config.php (WordPress)600 or 640
You can check and change permissions in File Manager by right-clicking a file or directory and selecting Change Permissions.