Anyone here familiar with 'Cpanel'? Client found a link to it but never set it up…

I ran a few tools to check hidden paths on a site, and a login for ‘Cpanel’ popped up. My client says they’ve never used Cpanel before.

Could this be a security risk?

Cpanel is a pretty common admin tool for managing hosted accounts. If the site’s hosted, it’s not unusual for the Cpanel login page to be accessible.

Peyton said:
Cpanel is a pretty common admin tool for managing hosted accounts. If the site’s hosted, it’s not unusual for the Cpanel login page to be accessible.

But is it normal to have it if nobody ever set it up?

@Jaden
Yeah, it’s usually part of the server setup. Many servers have default paths or DNS entries for Cpanel. Lots of LAMP setups have it even if the client doesn’t know about it. It depends on the hosting provider to know for sure.

@Presley
Could someone have tried to sneak a backdoor into the site?

Jaden said:
@Presley
Could someone have tried to sneak a backdoor into the site?

Almost every site I’ve worked on has Cpanel or WHM access unless it’s on something like GoDaddy or a cloud service like DigitalOcean. Best way to know is to contact the host. I’d just be guessing here.

@Presley
I think they’re using Divi. I checked to see if Cpanel is standard… seems like it isn’t unless it’s set up on purpose.

Jaden said:
@Presley
Could someone have tried to sneak a backdoor into the site?

Probably not.

@Jaden
The host probably installed it.

Haven said:
@Jaden
The host probably installed it.

Client isn’t sure who set it up, but they’ve never used it.

Jaden said:

Haven said:
@Jaden
The host probably installed it.

Client isn’t sure who set it up, but they’ve never used it.

It’s usually there automatically when the website is hosted on certain servers. Who’s hosting it?

@Haven
It’s a WordPress site.

Jaden said:
@Haven
It’s a WordPress site.

But who’s the hosting provider? GoDaddy, Bluehost?

Haven said:

Jaden said:
@Haven
It’s a WordPress site.

But who’s the hosting provider? GoDaddy, Bluehost?

I think it’s QuickCloud.