cPanel Best Practices

This article is part of HostGator’s Web Pros Series. In this series, we feature articles from our team of experts here at HostGator. Our Product Managers, Linux Administrators, Marketers, and Tech Support engineers share their best tips for getting the most of your website.

When you were brand new to web hosting, your cPanel was probably something you tried to spend as little time as possible in. 

With domain names, FTP accounts, and server settings, it was all a bit daunting. You went in when you had to—to update user settings, set up email accounts, manage your domains and backups. You got in, you got out, and then you returned to the friendlier, front-end side of your site.

As you become more experienced with building websites, familiarizing yourself with the patterns and behaviors of cPanel is one of the best things you can do. 

You’ll become a smarter website owner. Armed with the knowledge of cPanel best practices, you can make better decisions for the long-term success of your website—the kind of decisions that make for a more stable, more secure, and more performant site.

Many people learn this the hard way, after making bad (albeit innocent) decisions in cPanel. You don’t have to be one of those people.

5 cPanel Mistakes to Avoid with Your Website (and Best Practices to Use Instead)

Today, I’m going to do my best to save you that unfortunate fate. In my years of working with HostGator customers, I’ve discovered some of the most common mistakes people make in cPanel. I’m sharing these with you, so you can avoid these when you go about setting up your own website.

Mistake #1: Going Overboard with Subdomains

At HostGator, nearly all of our hosting plans support unlimited domains (the one exception being our Hatchling plan). Many customers take advantage of that, snagging up domains to create websites for various businesses and side projects. It’s great.

cPanel will support 3 domains: 

  1. Your primary domain – This is the default domain name associated with your hosting package.
  2. Add-on domains – These are other, separate domains which you’ve purchased and now manage under the same hosting plan.
  3. Subdomains – These are like subdivisions of your primary domain, e.g. and would be two subdomains of the primary root

If I could give you one tip, it’d be this: Don’t use subdomains. While there are valid use cases for creating a subdomain, they generally make things harder rather than easier for most people. Subdomains degrade your long-term flexibility, and they can do wonky things for your SEO. If you really want a subdomain, set it up as an add-on domain and treat it as a completely different website. It will be much easier to manage that way. 

modify addon domain in cpanel

Mistake #2: Only Pointing Your A Record Over (and Not Your NS)

It’s common for people to switch hosting providers at some point over the life of their website. Perhaps your current host isn’t equipped to adequately support the traffic volumes you’re getting, or you had a bad customer service experience.

Whatever the case, when you migrate your website, you’ll need to point your domain over to the new host. (This is also something you’ll have to do if you purchased your domain from a registrar other than your hosting company.) 

When you set up your domain on cPanel, it includes this DNS service. 

hostgator cpanel dns editor

Here, you can point your A record and your NS record over. Some people simply point over the A record, and call it a day. I strongly recommend pointing the NS (name server) record over. 

If you only point over the A record, you seriously handicap the ability of your new hosting provider to support your site—that includes optimizing the performance of your site and protecting it from attacks. 

Let’s say you have a shared hosting plan, as most people do. On shared hosting, many websites will share the same server space. If one of the sites on the server gets hacked, or hit by a sudden traffic spike, that could put you (and all the other sites on that server) at risk. At HostGator, we have a protocol to protect our customers’ sites from these scenarios, so we can mitigate these kinds of attacks and abuse. One of those is moving your IP address—but we can’t do that if we only have your A record.

Using the same hypothetical, let’s imagine that a few years go by, and you decide you want to upgrade to a dedicated server or VPS from your shared hosting plan. You’re getting a ton of traffic, making a ton of sales, and you want to keep performance high. A dedicated server can help you with that. If we, as your hosting provider, have control over your NS record, we can move you to another server with no downtime. 

Mistake #3: Setting Everything Up Under a Single Database or FTP Account

When you go to setup your website in cPanel, you’ll also have the option to set up databases and FTP accounts

add ftp account in cpanel hostgator

Whenever you do either one of these things, you want to set up something small, and specific. You don’t want to use the same database for all your sites. Instead, if you have multiple domains managed under the same hosting account, it’s better to set up separate databases for each website.

When you have more databases to work with, it’s easier to keep things separated, which makes it easier to adjust things as necessary. 

More important than ease of management is the mitigation of risk. If you hire an outside developer to work with your website, it’s much safer to give them FTP access to a single, defined directory (or website), instead of your entire cPanel account (which includes all your sites, emails, and more). Then, if the relationship goes south, you’ve significantly lowered the risk of them doing something that has wide-reaching effects. 

Mistake #4: Not Looking Twice Before Pressing Delete

Now that we’ve talked about opening FTP accounts, let’s talk about deleting them. 

When you go to delete an FTP account in cPanel, you’ll also see a checkbox for “Delete the User’s Home Directory.” Many people read this and think it’s deleting just the associated files for that user’s account. Not so. Checking this box actually deletes your entire site’s Home Directory. Terrifying, I know. 

delete ftp account in cpanel

So, when you go to remove a person’s FTP access, make sure that you are only deleting their account. You do not want to delete the directory they have access to, as that’s the same Home Directory you, other users, and your site relies on to function. 

uncheck delete users home directory when deleting ftp account

Double, triple, and quadruple check that this box is not checked! Otherwise, you’re going to be in for an agonizing evening, days, or worse—weeks—where you’ll be spending a lot of time on the phone with your host’s customer support team.

Honestly, whenever it comes to making a change in cPanel, it’s worth using this same amount of caution. Changes in cPanel can make a big impact on your website.

Mistake #5: Forwarding Your Emails

Many people use their website for their business. When starting a new company, these folks might try to save on costs by using Gmail or another email provider, rather than setting up branded email addresses tied to their domain. For example, they might have “[email protected]” or “[email protected],” as opposed to “[email protected]” or “[email protected].” 

Generally, this is not a best practice from a branding perspective. When you use a Gmail account (or some other personal email) for your business, it makes your whole operation look a lot less legitimate to customers. So, for branding purposes alone, it’s best to use an email account that ends in your domain name.

But, it can also be a bad practice for your website. We’ve seen many customers create such addresses in Gmail, and then set up forwarding through their cPanel. 

Here’s the problem: modern spammers don’t just go after your website or credit card information. Over the years, they’ve gotten increasingly savvier at using insecure mail forwarders to take over and steal identities. In order to protect their customers, many email providers (including Gmail) send forwarded mail straight to the spam folder. That means you may never even receive that sales inquiry! Worse, when you respond, it might end up in your customer’s spam folder.

So, forwarding emails is bad for your brand perception, and your business. Fortunately, there’s a solution—sending and receiving email directly from your own branded email address. And the good news gets better: at HostGator, we include unlimited branded email addresses with nearly all of our hosting plans, and setting them up in cPanel is easy. 

add email account in cpanel

Now, you probably don’t want to login to cPanel every day to check your email. Fortunately, you don’t have to. Instead, you can set up Secure SMTP in cPanel (trust me; it sounds scarier than it is). With this option, Google essentially logs in and pulls the emails directly over for you. Then, you can send and receive emails within your existing Gmail inbox, all from your branded email name. 

You can also invest in G Suite for your company and unlock all the benefits Google has to offer, like a shared company drive, video and voice calls, and an integrated calendar. 

gmail g suite features

Following cPanel Best Practices: Your Path to Success

The more you get to know cPanel, the more power you realize it has. Set these things up in cPanel the right way, and you’ll set your site up for smooth sailing. Bon voyage!

sean dundon

Sean has been working with HostGator customers for over 8 years, leading a variety of teams from systems administration and monitoring to support and customer experience. An unabashed Linux geek at heart, Sean’s #1 priority as product manager is to ensure that everyone can make their voice heard around the world, regardless of their technical level.