cPanel FAQ

This article is part of HostGator’s Web Pros Series. In this series, we feature articles from our team of experts here at HostGator. Our Product Managers, Linux Administrators, Marketers, and Tech Support engineers share their best tips for getting the most out of your website.

Unless you build and host websites for a living, you may not realize how many elements go into even a simple website—and they almost all need to be updated at some point.

For brand-new site owners, seeing everything on your site’s control panel can feel a bit intimidating, especially if you have a non-technical background. 

In particular, you may have questions about which software updates your managed (or semi-managed) hosting plan takes care of for you, and which are your responsibility. In this post, we’ll explain who handles what, so you can focus on what you need to do and let us take care of the rest.

Who Keeps My Website’s Server Software Up to Date?

That depends on the type of hosting package you have with us. We have different types of hosting packages, but by and large they break down into managed and what we call semi-managed. Most of our customers are on managed hosting plans, including our 

For these managed hosting environments, HostGator will ensure that all the software running on the server is kept up to date. To keep things updated, we work with our vendors. The two primary ones are cPanel and our operating system, CentOS. 

For our semi-managed VPS and dedicated server customers, we schedule routine updates for cPanel, the operating system and the underlying software. So those updates go through automatically. In the case of a major security vulnerability, we may go in and push patches when they’re necessary, or we’ll reach out to the customer with the information they need. 

We strongly encourage our semi-managed server customers to make sure that they have update settings that meet their needs. For example, if your site generates high revenue and uptime is critical to that, we generally recommend choosing a long-term support tier that offers regular but less frequent updates.

On the other hand, if you’re a semi-managed customer who’s interested in having new features as soon as they come out, there are shorter release tiers that you can choose. 

What Happens When There’s a Vulnerability That Needs to Be Fixed?

Sometimes, a software vulnerability is discovered and has to be repaired before bad actors take advantage of it.

For example, maybe someone finds a security gap in the version of the PHP scripting language we’re running. We’re going to fix that vulnerability to keep our customers’ sites safe, but we want to do it in a way that doesn’t risk breaking their websites. To do that, we work with our vendors to backport the update that fixes the vulnerability. 

What is backporting? A super-simple answer 

Here’s an example of how backporting works. Let’s say we’re running version 7.1 of PHP, the scripting language I mentioned. News comes out that someone’s discovered a vulnerability in 7.1, but it’s fixed in version 7.2.

We wait to upgrade customers to the new version until we’re very sure that everything will be stable, but we want them to be secure right away. So in the meantime, we take the small section of code that fixes the vulnerability in version 7.2 and apply it to version 7.1. That way, we know our customers’ server software is secure without the risk of breakage from a full update.

When Does HostGator Install New Versions of Server software?

When new versions of software come out, we normally install them on the server and make them available. But we don’t change the server configuration to make the websites use the new versions by default unless and until we’re confident the update won’t break things.

How Will I Know When There’s been an Update to my Site’s Server Software?

When there are major updates, we email our customers to let them know, especially if we think there’s a lot of value for them in updating to the new software. For example, maybe the update is much faster than the current version. In cases like that, we’ll let our users know there’s a new version available, why they might want to switch, and how to move over to it through cPanel

For small updates that aren’t going to make a major difference, we leave our customers alone. And the reason for that is that notifying customers about every small update would mean an overwhelming number of messages. 

You can think of the servers that run your website as a big office complex. There are always little changes being made to the wiring or to the plumbing to fix small problems or add new features, but the people who work there don’t want to hear about every little update and repair. 

On our servers, there may be frequent small updates to MySQL, which is our database software. Or maybe there’s a change to our operating system that affects the efficiency of how RAM is managed. There are a lot of those types of updates coming in from our vendors all the time. 

Behind the scenes, while our customers are focusing on their businesses, we work a lot with cPanel and our in-house technical operations team to review all those updates. We test every single update before we push them out to the servers. Our goal is to keep the server software up to date and make sure that patches are compatible so that things run smoothly and are secure for our customers. 

What Updates Do I Need to Handle?

While we manage and update the server-level software, each customer gets to decide when they update their website software. That includes updating WordPress, themes, and plugins for their sites. 

The reason is because every website is different, and we don’t want to break anything on our customers’ sites by pushing automatic software updates. The only time we’ll push that kind of update is:

1. When we learn about high-risk vulnerabilities in WordPress or some other website software. 

and

2. When we can make the update safely, without breaking sites. 

For all other updates, it’s the customer’s choice when to do them. However, just like our server software is constantly getting small updates that improve security and function, website software is always getting updates, too. 

Because there can be a steady stream of site software updates to make, we strongly encourage allowing automatic updates. We enable that by default for WordPress, and you can set up most plugins to auto-update as well. 

How Can I Make Sure I’m Choosing the Best WordPress Plugins?

When you’re choosing plugins for your site, check the last time they were updated. A recent update is a good indication that the plugin is being maintained, which means if any security vulnerabilities are discovered, you’ll probably get an update that fixes the problem. 

Last updated three months ago? You can expect future updates.
Last updated four years ago? You can’t count on new updates.

On the other hand, if the plugin hasn’t been updated in two years, it’s probably not going to get updated again. In that case, you might want to look for an alternative plugin to keep your site secure. 

Want to learn more about keeping your website in great shape? Check out Sean’s Web Pros Series post on best practices for site maintenance and security