As a security measure for your cPanel account, resetting your password especially to make it stronger is a regular thing you will do.. If you lost your password, you can request a new random password through your Todhost Billing Account using the directions below. If you already know your password, you can change your password in cPanel to a password of your choosing instead.
You will also want to read:
How to Create a MySQL Database, a User and Delete Database in Cpanel
How to Create a SubDomain in Cpanel
How to Create a Website/Domain Redirect in cPanel
How to force your website url with www or non-www using htaccess
How to optimize your website to use less server resources
Need a New Password?
You can request a new cPanel Password quickly and easily through your Todhost Billing Account.
Log in to the billing tool using your primary email address, and your billing password
Select Services > My Services > View Details > Change Password
Type a new password in the space provided.
Retype the password for confirmation.
Save your new password.
Also read:
How to Backup My Website in cPanel
How to Set Up and Delete a Cron Job
How to Setup Google Apps MX, CNAME and SPF records
How to upload files to a website
Overview of Quickinstall
Essential Tips for Setting Passwords
Every user by default will get a username and password to login into the cPanel domain owner interface. The same login credential is applied to the default mysql database user, FTP account, email address and also system user login, which you can use to access the server remotely by using SSH (if the server administrator enables this feature).
Changing the cPanel login password is a critical decesion. If someone is able to retrieve or guess your password, they will get all full access and privileges to the server, which is dangerous.
There are some cases where a valid user’s registered email account has been hacked into and taken over by a hacker. Inside the email Inbox was the login credential for his cPanel account. When the owner wanted to reset the password (which had been changed by the hacker), he had to contact the web hosting provider. The problem is he needed to use the registered email address for verification as the account owner; nothing can be done.
A good password practice should be applied to prevent this kind of problems. Here are some tips:
Change your password frequently
Avoid dictionary words
Avoid familiar items like birth date, vehicle registration number or phone number
Use a combination of letters, numbers and symbols
Use more than 8 characters
Do not ‘remember’ your password in the browser.
Having Trouble Generating Strong Password?
Use the cPanel password generator: Fom the cPanel section of your website, under the Preferences section, simply clic on Password and Security. You will navigate to a page with the password generator. Click on Password Generator to select your prefered password. Using the password generator guarantees a secured password.
Also read:
PHP Configuration in cPanel
Step by Step Approach to Password Protect a Directory in cPanel
The htaccess file and its uses
CPanel Password Recovery Using the Todhost Client Area
By cPanel login password, we are referring to the login password used to login to yourdomainname/cpanel Normally, when you want to login to your cPanel control panel, you require a username and password. Sometimes, you can loose these information and will want to recover them.
Option 1: Recover Your Password from the Todhost Client Area
Follow these steps to recover your cPanel password through the Todhost client area.
1. Go to Todhost
2. Click the client area link from the top menu bar
3. Enter your email address and password (the password should be the one you used when you were signing up for Todhost services and it is different from you cpanel account password) You can describe the password you use here as your client area password. You can recover it by using the password recovery link.
4. Once you have successfully logged in, you need to click on services from the menu bar. This will display a list of your web hosting services. Under the status column, you will have a green bar for all active services.
5. Click on the green status bar for the service or account whose cPanel password you intend to recover. You will be presented with more detailed information including your web hosting package, status of your disk space and bandwidth usage,
6. From the left column, under actions, you will find links for you to change password, direct cPanel login (which does not require password authentication), webmail access and web hosting cancellation request.
7. Click on the "Change Password" link and you will be prompted with a window where you will be requested to enter your new cPanel password. You will have to re-enter the password to verify the correctness and change the changes you have made.
Option 2: Request support to send your "New Account Information"
The New Account Information contains all the login details and login information for your web hosting account.
You have two options to request for the new account information:
1. Send an email to support requesting that your new account information be sent to you. Note that the requested information will only be sent to the email on file.
2. Submit a ticket from the Todhost client area and request the New Account Information be sent to your mail.
Note: When you copy passwords from your email, it is good to first paste your password on "notepad" before use to eliminate any spaces which could be before or after your password and create errors of use.
How Can I Change My Control Panel Username?
Shared Hosting
Unfortunately, you may not change the user name associated with your control panel. Once it is set, there are vital components using that name. Some of those settings are used by your web site, and are not controlled by Todhost.
Reseller, VPS and Dedicated Servers
You may change the user names for any accounts you create by going to WHM and clicking the Modify Account link. As a reseller, VPS or dedicated server administrator, you can change change username of websites you are hosting on your server. However, you cannot change the user name you picked during sign up.
Insist on Changing Your Account Username?
The only solution we can offer is to terminate the hosting account, and then recreate it with the desired user name.
WARNING: Accepting this solution will erase all web site content, emails, databases, and everything you have done on the server so far.
For details on how to do that, please read the "Reset Everything" section of the article on how to restore an account from the beginning with the original setup. Once the new account is created with the new username, you would need to re-upload all your content and re-setup the account.
Note: Unfortunately it is not possible to directly transfer the contents of the old account to the new account, because too many things (like database names, and certain script configuration files) would all still refer to the old username, breaking most scripts. If you decide to request our transfer services in this case, we may have to quote extra fees for reconfiguration and coding changes.
How Can I Change My Control Panel Username?
Shared Hosting
Unfortunately, you may not change the user name associated with your control panel. Once it is set, there are vital components using that name. Some of those settings are used by your web site, and are not controlled by Todhost.
Reseller, VPS and Dedicated Servers
You may change the user names for any accounts you create by going to WHM and clicking the Modify Account link. As a reseller, VPS or dedicated server administrator, you can change change username of websites you are hosting on your server. However, you cannot change the user name you picked during sign up.
Insist on Changing Your Account Username?
The only solution we can offer is to terminate the hosting account, and then recreate it with the desired user name.
WARNING: Accepting this solution will erase all web site content, emails, databases, and everything you have done on the server so far.
For details on how to do that, please read the "Reset Everything" section of the article on how to restore an account from the beginning with the original setup. Once the new account is created with the new username, you would need to re-upload all your content and re-setup the account.
Note: Unfortunately it is not possible to directly transfer the contents of the old account to the new account, because too many things (like database names, and certain script configuration files) would all still refer to the old username, breaking most scripts. If you decide to request our transfer services in this case, we may have to quote extra fees for reconfiguration and coding changes.
Everyday, we read and hear about email accounts that has been hacked, websites that has been compromised and similar cases. You can also have your Facebook password not working, forum account password compromised. These kind of compromises may be because your password has been hacked.
Understanding the operations of hackers, their software and methods is one way to eep your self protected. Knowing how hackers get into your account, you will be better able to manage the situation to prevent the loss of your account information and passwords.
How do Hackers get Passwords?
Hackers commonly use phishing pages, keyloggers, RAT, and trojan horses to steal login details and gain access into people's accounts.
Phishing
Phishing attack is where a hacker will send a login page of a website, e-mail or Facebook and it will look exactly the same as real web page. Most of the time they use Social engineering skills like, they will send message saying “Your email is epiring and requires validating, and they will request a click and once you click on the link, you will be taken to login page, as soon as you enter your password, it will be sent to the hacker, and your page will reload to take you to the real page. Most of the time, victim does not even realize his password is gone.
Hackers run this kind of script sometimes just to demonstrate their skills and some of them hack for profits. Some of them will use your email account to send spam links to your contact list or to send spam application link. The danger is when you make the mistake of letting out your sensitive data.
1. Keyloggers
This is one of the basic tool used for getting your passwords. Keylogger resides in your system memory and runs at every startup. These keyloggers log all the keystrokes you type. A log is created and then it is sent to the Hacker. Most famous keylogger is the Ardamax Keylogger. It can be customized so that it cannot be shown in “Processes” (Windows Task Manager).
I suggest you to start using Online virtual Keyboard when typing password for sensitive sites like your bank account and Paypal account.
2. RAT
RAT stands for Remote Administration Tool. With RAT, a hacker connects to your PC, without your knowledge. He can see what is going on the screen, what you are currently doing, which sites you surf. It also has the built-in functionality of keylogger.
Hacker can copy files from your Hard disk to his computer, and all this without your knowledge. A good example of RAT is Poison Ivy. This software can be customized to connect to your PC on a particular port number specified while creating the RAT.
3. Trojan Horses
Trojans are mainly spread through free softwares. You will have to be very careful when you download through warez sites, all the keygens and patches and even the original trial programs are infected with Trojans. So, although you get the free software, you also infect your computer with a trojan horse.
There are several other ways a hacker usually uses, for example if you are connected to internet on a LAN, which uses the same router, a hacker can use any packet sniffer and base decoder to read your sensitive data.
That is why using the secured option is recommended when browsing. Todhost for instance runs on https protocol. So also do many websites like Google and Facebook
Other Ways cPANEL pASSWORD cAN BE cOMPROMISED
The other more common ways that a password would be cracked would be these types of attacks:
Brute Force Attacks are accomplished by sheer brute force, with the attacker using a script to continually try to login to your account, trying all sorts of characters in different combinations till they break in.
Dictionary Attacks are similiar in nature to brute force attacks, the main difference is that the attacker uses a dictionary of words rather than a set of characters to try to break into your account again and again.
So, now you know how to secure your login and othet sensitive data.
