![bluehost cpanel bluehost cpanel](https://content.bluehost.com/bluehost/img/bluehost/account/legacy-cpanel-tab.png)
Next, you are asked to give your new WordPress site a name and a tagline.
Bluehost cpanel install#
When that's done and you’ve purchased your hosting plan, the next step is to install WordPress on Bluehost in just a few clicks.įirst, Sign in to your Bluehost dashboard, then go to the My Sites tab, and click on the Create Site button in the top-right corner. I recommend that you start with Bluehost's Basic plan, as it's the cheapest and easiest Bluehost plan to start with (as I've explained here). Go and check out my step-by-step Bluehost sign-up guide here. Choose Your Bluehost Planįirst things first.
Bluehost cpanel software#
Sorry cPanel.Thankfully the process for installing any of them is pretty similar, so this how-to install WordPress on Bluehost guide should be helpful no matter which software you choose.
Bluehost cpanel password#
update: A user in the comments informs me that the password retrieval tool is not part of cPanel but rather Bluehost. Is your email password easy to guess? Is it the same password that you use everywhere? Did they hack into WordPress or cPanel? Find out if someone retrieved the password. The real issue is getting hacked repeatedly and not knowing where the security vulnerability is. My advice is to look at the log files, who the last visitor was, and where they entered the site. Because even if your entire site gets hacked and deleted, the web host usually backs up the site once a week or so. The worst scenario is that you'll lose the last couple of posts (which you can retrieve via email if you're subscribed to email delivery of your posts).
![bluehost cpanel bluehost cpanel](https://makecalmlovely.com/wp-content/uploads/15-Bluehost-cPanel.png)
It's not such an alarming problem, though. The hacker was getting in through cPanel, not WordPress. So after hours of looking at WordPress for the security vulnerability, going through theme code, plugins, and everything else, it turns out the vulnerability was with Bluehost''s password retrieval and the client's email account. If the entry point is cPanel rather than your site, you might ask support if someone retrieved the password on your account. (The information about the password retrieval is something only tech support knows - it's not in the log files.) The log files tell you what part of your site the hacker visited. You can look at the origin of the IP address through who.is. As hard as log files are to read, log files allow you to trace the path of the last visitor to the site. What I've learned from the experience is to immediately look at the log files. With access to email, all you have to do is retrieve the password from the web host, and within minutes you have access to the MySQL database, where all posts and pages are stored. And do you really use different passwords for email, Facebook, Twitter, and the 75 other websites you log into? Guess one password and you probably have access to nearly all of them. You may have a 25 digit hexadecimal alphanumeric password for your web host account, but probably not for your email. I don't know if the password retrieval method is a common way to hack a site. He said changing the password may solve the problem entirely. I am reporting it now." But he also suspected that the client's email account had been compromised. He then said, "I think our issue might be from our password request tool. I pressed the support rep about the security and encryption for the password retrieval tool, and he did say that you can request the password for any domain by plugging in or and adding your domain after the = sign. Somehow the hacker retrieved the password this way - either by retrieving it from the client's email or through another method (intercepting it?). Almost every website with a login offers this. It's common to have a retrieval method in case you forget your password. After about 30 minutes with Bluehost tech support, the support person mentioned that someone had requested the password to be sent to the email address on file. I looked at the log files and noticed that an IP address from Calgary rifled through the client's cPanel and finally deleted the database. Now the hacker turned it up a level and deleted the entire database. Previous hacks had just deleted all posts, pages, and users tables in the database. I logged into cPanel and the entire database had been deleted. Then last weekend, I checked the site, and it was totally gone. I thought the problem was with WordPress. I took more extreme security measures, changing the database table prefix, adding an htaccess file to wp-admin that filtered IP addresses, adding a plugin to encrypt logins, adding a firewall, moving wp-config to another directory, and other measures. One of the WordPress sites I created for a client kept getting hacked. It's always hard to tell exactly why or how a site gets hacked.
![bluehost cpanel bluehost cpanel](https://content.bluehost.com/bluehost/img/bluehost/cpanel/cpanel-login/bluehost/bluehost-front-of-site-login.png)