Hosting a website used to be hard work, but the invention of application based control panels changed all that. Today the most popular website hosting control panel is cPanel and, looking at its attributes, it’s not hard to see why. cPanel is:
• Easy to customise – cPanel has various themes that can be installed, or you can create your own themes and custom branding to give your cPanel a unique look.
• Effective – anything you need to do can be done with cPanel.
• Compatible – works with all web enabled GUI-based operating systems, and works on desktops, laptops, netbooks, tablets, and smartphones.
• Feature-packed – cPanel comes with a rich variety of pre-configured extras that will make it easier than ever to create your dream website.
It is the last of these attributes that we’ll focus on in this article. So many of the features in cPanel are immediately useful whether you are a seasoned website host or a complete novice.
1. Set up and manage email accounts
Even if you haven’t got a website yet, you can start making the most of your domain name right away by ensuring all your staff have professional email addresses. That’s the most basic step and probably the first thing every new website owner will take care of first.
You have access to all the email functions through the email section on cPanel. You’ll find all the various features are grouped into these collapsible sections, which makes it easy to control what you see on the screen. Some cPanel themes even allow you to drag and drop the sections to the order you want them to appear in.
Obviously before you can do anything else, you’ll need at least one email account to work with. You access this through the Email Accounts link. The default option allows you to add a new email account, as shown below:
It’s all very self-explanatory. Once you have at least one email account on your domain, it’s then possible to use the other email functions. The primary things you can do with email include:
• Routing – you’ll need this feature if you’re going with a non-standard configuration, such as if you are receiving or sending emails through a third party system.
• Filtering – you can create rules for how the server should respond to incoming messages based on the sender, subject, or other criteria. Filtering at the server level can be preferable in most cases, because it prevents unwanted messages being downloaded to your devices, saving you bandwidth.
• Authentication – DKIM is an authentication technology that attempts to automatically verify the sender of an incoming email message to help protect you from spam. SPF is used to authenticate your outgoing messages to help avoid spam messages being sent out through your domain. It’s recommended to leave these settings on, but they may block messages that don’t fit the rules.
• Encryption – You can create and use PGP keys to use with your emails.
• Forwarders – you can automatically forward incoming messages to another domain.
• Autoresponders – these are used for automatically replying to an incoming email. These should be used with some caution because there are times when automated responses are appropriate and times when they are not.
2. File Management
Most of the time it’s more efficient to use FTP for managing files on your server, but when you just need to do a quick fix, the built in file manager of cPanel is there for you. You will find this in the Files section. Everything works very similarly to a desktop file manager like Windows Explorer, Thunar, etc. There is a very small learning curve, but once you understand how it all works, it will be an additional string to your server management bow.
3. Image Management
If you’ve uploaded a batch of image files to the server, you can save some time on common image processing tasks by allowing cPanel to automate those tasks. You’ll find the image managing tools in the Files section under Images.
The tools available include:
• Thumbnailer – automatically generate thumbnail versions of all the images in a directory.
• Scaler – if you forgot to scale your images to be server friendly before uploading, this tool will allow you to do that.
• Converter – if you uploaded your images in the wrong format, use the converter to change them to the correct format.
There are other ways to perform these tasks, but being able to do it directly on the server can save you some time and effort.
4. Domain Management
This is one of the more advanced features, and you’re more likely to need to use it when you have multiple domains to manage through one account. As an example, you may have created a domain for your local business, widgets.co.ie for example, and another domain to cater for international audiences (this allows you to tailor your content specifically for Irish visitors on one domain, using local expressions that may not be well understood outside of Ireland).
You can make one of your domains a subdomain or add-on domain for the other. For example, widgets.co.ie might be an add-on domain of widgets.com, and while they each are independent, they can be managed from a single access point and can easily share resources.
It’s important to understand the difference between subdomains and add-on domains. A subdomain is really just a directory within a domain that can be used to help visitors go to the right location easily.
For example, mcdu.equicom.net is a subdomain of equicom.net, and can be accessed just as easily by typing equicom.net/mcdu – the important part is that it’s not a separate domain even though the content can be completely distinct from the main website content.
An add-on domain is very different. This does require purchasing an additional domain name, and allows you to host the content for more than one domain in the same server space.
Another type of domain hosting is a parked domain or alias, which is where you use more than one domain name to point to the same location. This also involves purchasing an additional domain, but unlike add-on domains and subdomains, you don’t create a separate directory for the content.
5. Database Management
Not every site needs a database, but if yours does you will find all the tools you need in cPanel. Creating a new database can be done with the MySQL Wizard, and then you can do all the database operations by accessing phpMyAdmin.
6. Security Management
Keeping your websites secure should always be a top priority, and cPanel certainly provides plenty of tools to help you do that. Using the cPanel security tools you can install an SSL certificate, block access from certain IP address ranges known to be malicious or undesirable, protect assets on your site from hotlinking and leeching, and set up SSH access.
7. Site Backup Management
In addition to the ordinary security procedures, which help keep your site safe from attack, it’s still the most sensible precaution to make regular backups just in case a problem does cause something on your site to break.
cPanel provides many tools to make it simple to back up and restore your site using either manual or automated processes. The learning curve here is a bit steeper than for most of the other tasks you might do in cPanel.
The first option is the simplest. From here you can download the most recent incremental backups made on your server, which is a simple archive file in tarball format (.tar.gz)which most modern archiving programs can unpack.
File Backups is away to restore individual files that have somehow changed in an undesired way. This saves some time because only the one file that needs restoring will be restored.
Using Cron Job Backups is not something most people will want to bother with. Cron is a Linux and Unix task scheduler.
DNS Zone Backups are just the same as Full Backups but on a multi-domain site you can specify that you only want one of your domains restored.
Using the Database Backups feature, you can backup and restore databases, but only if you have set your system to already backup databases separately to the rest of the site (which is not really necessary).
The effectiveness of Email Backups depends on how often you download your email messages and remove them from the server. Obviously messages that are not on the server when the backup occurs will not get backed up on the server.
SSL Certificate Backups are simply a backup of the SSL certificate for a domain, if one exists. This feature is a security tool to be used in case somebody gains access to your site and replaces the proper SSL certificate with a fake one.
8. Softaculous Software Installer
We saved the best for last. With Softaculous, you get access to many of the hottest titles in web application software. While it’s certainly possible to install each application individually without using Softaculous, you won’t normally want to do it that way because it would involve a lot of extra work and configuration.
When you use Softaculous, everything is configured automatically, tailored for your own website. Many site owners don’t realise it, but Softaculous contains such a wide range of software, there is pretty much everything you could ever need for any business purpose.
In fact, with Softaculous, you be able to eliminate a lot of your present software licensing costs, because you can replace the offline software you use in your office with online software you run from your web server.
Just to give you a small taste of what you can expect from Softaculous:
• All the big name CMS packages are present, including WordPress, Joomla, Drupal and many more. Using a CMS is not strictly necessary, but if you do want to use one, it’s good to know that it is so easy to install directly onto your site this easily.
• There are powerful mainstream e-Commerce packages too, including PrestaShop, Magento, Zen Cart, BoxBilling, and more.
• You also have access to some less mainstream commerce packages that are perfect for specific niches. For example, boost a real estate website with the Open Real Estate package, keep track of hotel bookings with Booked, or run a tech support business with Vision Helpdesk.
• For bigger businesses there are enterprise level tools including ERP and Project Management solutions. Many of these have a clear focus on IT businesses, while others are more general in nature. Feng Office is probably the most general of the available options in project management. There are ERP tools for CRM (YetiForce, SugarCRM, Vtiger, etc), accounting (FrontAccounting, Akaunting, WebERP), HRM (OrangeHRM, Jorani), and collaboration (EGroupware, GroupOffice, Tine, etc).
• Educational organisations will also find software aimed mainly at their industry, including classics like Moodle, Chamilo, ATutor, TCExam, eLabFTW, and many others.
• There are also tools for hosting video collections, music, social media platforms, multiplayer games, and even personal cloud storage solutions (eg. OwnCloud, NextCloud, etc).
In total there are 25 categories with over 400 individual applications to choose from, and also the SitePad website builder for those who don’t have a preference for developing sites in HTML.
With all these built in features, and quite a few additional ones that aren’t covered above, you may expect cPanel to be hard to use, but in truth it is exceptionally easy. It’s built more for functionality than beauty, but everything just works.
While using cPanel is very easy, there is plenty of documentation to help, and for those who want to truly master the technology there is even a cPanel University where you can learn every detail and get the credentials to prove it.
Because cPanel is the most popular web hosting control panel by a very large margin, learning to use it is one of those skills that will always be a genuine asset.
Most importantly, cPanel empowers anyone (regardless of technical ability) to effectively manage a website easily.
Secure Sockets Layer (SSL) has two important functions associated with site security and integrity:
• When your SSL certificate is digitally signed by a trusted third party certificate authority, it helps to verify that your site is identifying itself correctly
• SSL encrypts all communications between the user and your site, making it difficult for somebody to extract anything useful even if they are able to intercept the communication
Every site that is owned by a business, non-profit organization, or government agency should have an SSL certificate. The only exception is where your site does not collect or disseminate any sensitive information.
When you have an SSL certificate, users can connect to your site via the HTTPS protocol. The “S” in HTTPS stands for “secure”. Although we use the term “SSL”, which is the one most people are familiar with, the standard has actually been superseded by something called TLS (Transport Layer Security). But you don’t need to worry about this because TLS is going to be enabled by default on any modern web server.
Even though the technology is enabled by default, sites that have an SSL certificate still need to set the HTTPS version of their site as the default protocol for inbound connections. A 2014 survey by Moz showed that less than 18% of respondents were already using HTTPS, and as recently as 2015, it was found that less than 2% of the top 1,000,000 sites had HTTPS set as the default protocol.
As a user, you can ensure that HTTPS is used whenever possible regardless of a site’s default settings by installing the HTTPS Everywhere plug-in.
Using SSL may give your site a boost in Google rankings. In August 2014, Google announced that it would take SSL into account as a ranking factor.
It also must be considered that HTTPS does slightly lower the speed of a site, so if your site is already slow (which it shouldn’t be – fix it!), you could see your rank actually slip as a result of adding HTTPS. It will really come down to the differential between the benefit from HTTPS and the benefit from having a fast site.
Google wants sites to use HTTPS because it makes it easier to verify the integrity of a site, but that doesn’t automatically mean you need to do it. Most sites will benefit from having HTTPS, but because SSL certificates aren’t free, you might choose not to have one if the cost can’t be justified.
Risk vs. reward: the privacy and security advantages of SSL
You have to think about the financial cost of purchasing and renewing your SSL certificate. If there’s nothing on your site that needs to be confidential, you may not need to go to the trouble.
But if your site collects personal information from the user, has password authenticated log-ins, or engages in any sort of e-Commerce, you absolutely must have SSL if you want to avoid problems and retain the full confidence and trust of your users.
How to get an SSL certificate
Buying an SSL certificate is not like a regular purchase, because there are a few tests and checks that have to be done before a certificate can be issued. This is for the protection of everyone, including you. Usually the easiest way is to get your Hosting company or SEO manager to obtain the certificate for you, because this will simplify the process greatly.
If you’d prefer to do it entirely on your own, your first step is to generate a Certificate Signing Request (CSR) on your server. This is a block of encrypted text that looks similar to a PGP signature. What you need to type to generate the request depends on what server software your web host is running.
Most websites are hosted on Apache servers, and Apache uses a service called OpenSSL to generate a CSR. Here’s an example of how to generate a CSR for a company called Widgets-R-Us Inc, with domain widgets.com, based in Los Angeles:
openssl req -new -newkey rsa:2048 -nodes -out widgets_com.csr -keyout widgets_com.key -subj “C/=US/ST=California/L=Los Angeles/O=Widgets R Us Inc./CN=widgets.com”
The section that’s relevant about the company is the -subj section. This contains a string value with specific values, as follows:
• C is a 2 digit country code, for example: US, UK, IE, FR, DE, BE, and so on.
• ST is the state or province
• L is the city
• O is the organization name
• CN is the “common name”, which is a fully qualified domain name (FQDN).
There’s an optional value called OU that can appear between O and CN, but it is rarely used, and can cause problems. Currently (at the time of writing) the SSL certificate of Australia’s Department of Foreign Affairs and Trade is affected, for example. OU stands for “organizational unit” and means a department within the organisation.
After generating the CSR, it would look something like:
—–BEGIN CERTIFICATE REQUEST—– MIIHVjCCBj6gAwIBAgIQVXENtd02KRwAAAAAUNuvdTANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x NzAzMDIyMjA5MzNaFw0xODAzMDIyMjM5MzFaMIGNMQswCQYDVQQGEwJBVTElMCMG
—–END CERTIFICATE REQUEST—–
In this case it is contained in the generated file “widgets_com.csr”. You need to open that file in a text editor, then cut and paste all the text (including the begin and end instructions) into the online form of the SSL certificate authority you are ordering from. Do not confuse the csr file with the key file.
Once the certificate authority has validated your domain and company, it will email you a copy of your SSL certificate, which you then need to install on your server.
Due to the complexity involved, most people prefer to have professional assistance rather than opting to do it themselves.
Cloud services are all the rage at the moment, but it’s not necessarily true that every cloud has a silver lining. When choosing which services are right for your business, you need to consider all the pros and cons of the different options available. And while some services are being heavily hyped and marketed as the way forward, it must be remembered that all marketing has an agenda, and that agenda does not necessarily fit hand in hand with your own.
What is necessary is to strip away all the bias and hype, and look carefully at each factor which would affect your decision. Only in this way can an objective view be created. That’s the purpose of this article, and hopefully by the end of it we’ll have an answer to the title question.
1. Access and Storage
These two items need to be considered together at the same time because they’re linked too closely for it to be worth separating them. When your email communications are hosted traditionally, messages take up space on your web server until they’re downloaded or deleted.
Once messages are downloaded, they are only available from the place they are downloaded to, and any devices that are able to access that location. With a cloud-based solution, the messages are stored on a 3rd party server, and there’s no need for you to worry about how much space they are taking up unless you’re close to the limit offered by the provider.
• Messages won’t affect the performance, storage quota, or bandwidth quota of your website
• Messages won’t normally take up space on your own devices, except temporarily
• Cloud-based solutions often have great management and curation features
• May make it easier to share emails among work teams
• May (sometimes) protect against malicious payloads
• Can be accessed from anywhere that you can connect to the Internet
• Messages can only be viewed if you have a working Internet connection
• Many cloud-based services do not allow messages to be downloaded
• You can’t be certain whether deleted messages are really deleted
• Most free (and some paid) services discourage or disallow encryption
• Can be very difficult to obtain and preserve true anonymity with cloud-based services
• You may need to frequently delete messages if you have a storage limit
• International travel can be a problem, as some services may deny you access when you log in from another country.
Depending on the nature of your business, this could be a major concern for you. It can be especially important for people dealing with matters related to national security, law enforcement, crime, health services, and financial services. Some of the key points were already mentioned in the previous section.
• No known privacy or security advantages. You are trusting a 3rd party with your confidential information, with absolutely no control over how that 3rd party might access or use that information. Even if you trust an organization to do the right thing, you may not know if you can trust each individual employee, because even the organization does not know if they can be trusted.
• No control over the storage, copying, and archiving of your messages
• Encryption may not be supported, and in some cases may be against the terms and conditions
• Messages are stored online, not locally, so if the provider is hacked, you could be compromised
• When messages are stored online, vulnerability from staff being socially engineered is increased
• Many services provide unwanted protections that may cause more problems than they solve
• Almost every cloud-based service states they will release your information to government officials if asked (not ordered by a court, just asked). There are a few exceptions to this. Most of them also say they will not inform you if they do hand over your information to government officials.
In general, cloud-based services offer better preservation of your communications compared with traditional hosting where messages are downloaded to a local device.
• Messages are often stored indefinitely and may be automatically backed up to multiple locations.
• You are protected from data loss due to local device hardware malfunction
• No certainty that deleted messages will be deleted
• Losing your password may deny you access to your own account
• Service provider may decide to deny access to you at any time and for any reason
With traditional hosting, you are free to define whatever email management policies you like. When you use cloud-based services, the provider may impose their own policies over the top of yours, or at least in addition to yours.
• May help reduce the amount of spam you receive
• May provide more advanced management options than your regular email software provides
• Messages may be incorrectly flagged as spam, often for ridiculous reasons
• Messages may be denied from certain senders just because of the IP address their host uses
• When messages are denied, you may not even be aware that it has happened
In general, most cloud-based services do provide good support (though some provide almost no support). Ordinary hosting doesn’t usually provide great email support unless you have a problem of a technical nature. The quality of the support you receive depends entirely on what the service provider is prepared to offer, and the combined skills and experience of the support staff in dealing with technical problems.
• Some cloud-based email services have excellent support available
• Support is usually available 24/7
• Many services outsource their support (normally negative)
• Support staff may not have proper technical training and solutions may be prepared from scripts
While there are many positive aspects to cloud-based email services, there seems to be more negatives. The biggest problem is in the matter of security, because messages are stored online indefinitely, and normally in plain text (unencrypted), so if the provider is compromised, then so are you. There is also the possibility of employees of the provider to read the communications, either due to boredom or with criminal intent.
For these reasons, the majority of businesses would actually be better off not using cloud-based email services and sticking with traditional hosting for email services, downloading their communications to local devices, and following a sensible backup and security plan. The convenience of being able to access your communications from anywhere on any device is also a vulnerability.
Plus of course, any important internal communications should be properly encrypted (there is no good reason not to do this), and that’s not always possible with cloud-based services.
Last year Google rebranded their business apps to G Suite. This quick video may help you decide if this Google product is worth exploring further!