Checklist
- Use unique passwords for WHMCS, cPanel, FTP, email, WordPress, and databases.
- Enable two-factor authentication where available.
- Remove unused FTP accounts, databases, email accounts, and app users.
- Keep CMS core, themes, and plugins updated.
- Avoid writable permissions such as 777 unless a vendor explicitly requires them temporarily.
- Use SSL for web, email, and control panel logins.
- Review unfamiliar files, cron jobs, forwarders, and admin users.
After a compromise
Reset passwords, scan files, update software, remove unknown admin users, check email forwarders, review cron jobs, and restore clean files if needed.
Security baseline
- Use strong unique passwords.
- Enable two-factor authentication.
- Keep software updated.
- Remove unused users, scripts, themes, and plugins.
- Review logs after suspicious activity.
- Use backups before cleanup or repair.
Quick support handoff
If this article does not solve the issue, open a support ticket with the domain, service name, exact error, time the problem started, and what changed recently.
