In this walk-through tutorial, we are going to explore the best method that you (a business owner) can use to grant a web developer access to cPanel.
You are a website/business owner.
You need to give a web developer access to your cPanel hosting account in order to either upload the website files.
Or to help troubleshoot issues with a website.
Or you want to delegate specific tasks to be performed by trusted individuals but without full access to the cPanel interface.
This tutorial is how you can get this done securely.
Before proceeding, there are things worth keeping in mind:
cPanel (visite webhostingmagic.com/cpanel.html to learn about cPanel) (in its current iteration) can only have one (1) primary user.
This user has full access to all parts of cPanel.
This account also has such capabilities as:
- being able to use SSH File Transfer Protocol (SFTP).
- being able to create sub-accounts with limited access to cPanel.
Before you proceed, you should ideally have these in place:
- the developer’s name and email address
- the level of access you want to grant the developer
- the main cPanel account/credentials with SSH access capabilities (for testing cPanel SFTP)
- an FTP client installed on your local machine
The default setting cPanel’s newly-created FTP account is to give the developer or designer his or her home to place the files.
The reasoning is as follows.
The developer has done the dev work on his or her host machine.
You (the owner) approve the work.
He or she can then upload the files to the directory you have created for him or her.
Once uploaded, you (the account owner & cPanel primary account) can then move the files to the location you need them to be.
There is a couple of issues with the above workflow.
It assumes that the account owner knows what to do after the developer has uploaded the files.
It also assumes that the delivered work will yield the desired result.
None of these two assumptions is 100% correct.
For one, an SMB owner may not have the technical skills or time to manage a web hosting account.
Secondly, most development tasks require several iterations to get right.
Thirdly, what may work on a local machine may run into issues when pushed to a production environment.
With these in mind, we recommend creating a dedicated sub-domain for all development work, then giving the developer access to it.
Adopting this approach ensures that those 2 later points listed above are taken care of.
The steps below assume that you know how to move the files that your developer or web designer will add to the location you want them to be.
If are not sure (or do not have the time to move these files yourself), then you might want to grant access to your “public_html” or the location you want the website to be located.
Start by logging into cPanel.
Scroll down to Domains.
Type in the name of the sub-domain. For example, “dev”.
Go back to Tools >>> Domains >>> Zone Editor.
Select the Manage Zone option.
Scroll until you see the records for “dev”.
Leave the page open (or highlight to select the records, right-click to copy them into your clipboard, and paste them into a text file).
Log in to your domain’s DNS dashboard.
That is, the external location (often your domain’s registrar or CDN provider) where you are managing your domain DNS.
Replicate the “dev” records at the location.
Remember that when an IP address, or any other information about a hostname, is added or changed in a DNS record, the change needs to be propagated to all systems around the world participating in the DNS process.
So ensure that they are reachable online before proceeding further.
You can use the “dig” and/or “nslookup” commands or visual tools such as:
Once you have verified that the DNS for the sub-domain has properly propagated and that our systems have installed a valid TLS/SSL certificate on the sub-domain, it is time to add your developer to cPanel.
Creating a sub-account for the developer
Now the DNS part is out of the way, log back into cPanel.
Scroll down to Preferences.
Select User Manager.
Click on the Add User.
Please note that you cannot use this feature to create new cPanel accounts.
In the Full Name text box, enter the developer’s name (e.g John Developer)
In the Username text box, enter the username (e.g john)
Select the appropriate domain (in this case, dev.webcomm.dev) from the Domain menu.
Type in the contact email address for the developer.
Select Set the user’s password.
Click Password Generator to generate a strong password.
Enter and re-enter the password to confirm the new password in the appropriate text boxes.
Save the username and password in a text editor as you will be using it for the connection later.
At this point, you have a crucial decision to make.
And that is the level of access you want to give the developer or person.
If you want to give him, her, or them full access to dev.webcomm.dev, then in the Home Directory field, use your delete key to remove the “johndoe” and leave ONLY “public_html/dev”.
If you want to give him or her (them) access to their own folder, then leave auto-populated “public_html/dev/johndoe”
Enable FTP and Web Disk options.
If you want to grant him, or her, or them Email access too, then enable that too.
The created sub-accounts will now be able to use the same login and password information for email, FTP, and Web Disk services.
Keep in mind that even though you have created these sub-accounts, this account cannot log in to cPanel (port 2083) directly.
A word of warning.
If you ever decide the delete the developer’s sub-account and you have given access to “public_html/dev”, the system will remove all of the sub-accounts services including the whole “public_html/dev” and all of its contents.
This of course will break your website.
What you might want to do (whenever you want to deny or disable access to the developer) is to use the Edit option at cPanel >>> Preferences >>> User Manager to change the password.
Again, use this option with extreme caution.
FTP configuration phase
Before doing anything and if you already do not have an SFTP client, install an FTP client.
If you are on macOS, we recommend using Cyberduck if you want to use the automatic configuration script.
You can also simply use Homebrew to install it though it might need an update once the installation is completed.
brew update && brew upgrade && brew doctor
brew update (fetch the newest version of Homebrew) && brew upgrade (upgrade outdated casks and outdated) && brew doctor (check your system for potential problems).
Search for Cyberduck:
% brew search cyberduck ==> Casks cyberduck ✔
As you can see, it requires Cask which provides packages that are already compiled.
Run the install command:
brew install --cask cyberduck
If you don’t have “brew” installed or want to download the latest version of Cyberduck for macOS, visit https://cyberduck.io/download/
Unpack, run or open Cyberduck.
Visit Files >>> FTP Accounts.
Scroll down a bit, and you will see the list of all FTP accounts on your hosting account.
Your cPanel account’s primary FTP account is the one named Special FTP Accounts.
This account is capable of using the SFTP (Secure File Transfer Protocol) protocol.
And have access to all files in the cPanel account (even the ones that exist outside of your account’s public_html directory).
The created cPanel sub-accounts (your developer) can only use TLS Connections (FTPS) with a username & password.
He, she or they cannot use an FTP account to connect via SFTP.
Select “John Doe” FTP account and click on the “Configure FTP Client“
Double-check to ensure that the directory he, she, or they have access to is the one you want to grant access to.
Once the page loads, you will see the FTP log-in information.
You will also see an option to download the automatic FTP Configuration File to your local machine.
Save the FTP Configuration File on your local machine.
Revisit the username and password you saved earlier.
Right-click to copy the password.
To connect, right-click to open the downloaded file in Cyberduck.
Paste in the password when Cyberduck asks for it.
We are in and can list all files and directories we have access to.
If you want to modify the FTP account “path”, you can do that using API:
$ uapi --user=johndoe Ftp set_homedir firstname.lastname@example.org' homedir=public_html/
If you are having a problem connecting using the developer’s FTP account:
- check to make sure that your FTP client is properly installed on your local machine.
- check that you can SFTP using the main cPanel account. Ensure that you have added your public SSH key before attempting this.
- consult your FTP client’s documentation.
- enable logging for the FTP client. Cyberduck logging documentation can be found at https://docs.cyberduck.io/cyberduck/support/
- For FileZilla, click Edit, then Settings. On the left menu, click the Logging page. Put a check next to “Show timestamps in message log” Put a check next to “Log to file” On the left menu click Debug and choose “4 – Debug”. Click OK
- if you are hosting your website with us, please confirm with our technical support team to see if the TLS Encryption Support requirement is being enforced on the machine. While it is the best way to protect all traffic from eavesdroppers, old FTP clients tend to have issues with this.
If everything fails, give the developer Web Disk access instead.
Web Disk accounts utilize a secure connection (port 2078) by default and are actually better than FTP security-wise.
If you are not sure how to get this done, please contact our technical support team.