Password protect directories

If you want to restrict access to directories on your website, you can use your hosting account’s built-in password protection feature.

 Note: This feature does not offer a typical member login experience like a bank or retail site. Features like that require databases and are much more complex.

To password protect directories

  1. In Plesk, in the area for the domain name’s website you want to use, click Show More.
  2. Click Password-Protected Directories.
  3. Click Add Protected Directory.
  4. Enter the Directory name (starting at the root of your domain name) and the Title of the protected area, and then click OK.

After protecting the directory, you need to add users that can log in to it.

To create users

  1. In the Total Protected directories area, click the name of the directory you want to use.
  2. Click Add New Users.
  3. Complete the on-screen fields, and then click OK.

Now, when browsing to that directory, only visitors that can enter a username and password combination can view its content.

What does it mean to get hacked?

“Hacked” is a term you hear thrown around a lot — especially regarding websites — without much definition.

If your website is hacked, it means a few things:

  • Someone gained access to your account (typically via File Transfer Protocol, a.k.a. FTP). By gaining FTP access, hackers can insert their own code on your site.
  • After gaining access to your site, they put malicious code in it. What the code does depends on the hacker’s objectives.

Because hacking can be extra insidious, sometimes your site can get hacked without you ever realizing it. Other times, hackers will be incredibly ham-fisted and either bring down your site or replace it with an obscene message.

Among the other unpleasant things hackers do to sites:

  • Install viruses on visitor’s computers
  • Redirect visitors to other sites
  • Use your website to attack other websites, bringing them down

Now, unfortunately, there’s no LoJack® for a hijacked website, but there are a few things you can do to make sure you don’t fall victim to a hacker:

  • Use a secure password. This means something better than just tacking a numeral 1 to the end of your first dog’s name. We have information in Keeping Your Hosting/FTP Password Secure.
  • Have your site scanned regularly. A lot of companies offer tools that will go through your site looking for malicious/suspicious-looking code or activity.
  • Update your website’s software. If you use something like WordPress®, keeping your software up-to-date is the difference between your site running smoothly and having a site infested with malware

By being aware of the threat of hackers and taking a few precautions, you can stop your site from harming visitors and other sites around the Internet.

FileZilla Errors: “The server’s certificate is unknown” & ECONNREFUSED

You might receive the following error when trying to connect to your cPanel shared hosting account with FileZilla (image):

The server’s certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted.

Proceeding past this error will then generate this error (image):

Error: The data connection could not be established: ECONNREFUSED – Connection refused by server

Solutions

To resolve this error, you must either connect via sFTP or disable TLS in FileZilla’s Site Manager.

What is my website’s root directory?

The root directory of your website is the content that loads when visitors access your domain name in a Web browser. The most obvious consequence of this is that you need to put your “index file” in your website’s root directory for visitors to see your site at all (more info).

Website-related applications might also need to know your website’s root directory.

Your website’s root directory depends on whether the domain name is your primary domain name or another type (more info).

Your primary domain name‘s root directory is httpdocs/.

Secondary and subdomain names’ root directories were specified when they were set up. You can find them listed in Plesk.

To Find Secondary (Addon) and Subdomains’ Root Directories

  1. Log in to your IFindHost – CheapDomainRegistration.com account.
  2. Click Hosting.
  3. Next to the account you want to use, click Manage.

In the section for each domain name, the root directory displays in the Website at field. By default, the root directory is the domain name itself followed by a forward slash, e.g. subdomain.coolexample.com/

Back up my website

You should always keep backups of your website — there’s no other way to prepare for the unexpected. IFindHost – CheapDomainRegistration.com gives you two options for backups:

Method Additional fee Instructions
Automatic Yes Available through Site Backups
Manual No Use this article

Manual backups in Plesk

 Warning:Manually backing up your website in Plesk temporarily brings it down. Visitors to your site will see a 503 Service Temporarily Unavailable page.

  1. From the home page of Plesk, click Backup Manager.
  2. Click Back Up.
  3. Complete the on-screen fields. Pay close attention to the Backup content area — to back up your website, you need to select Domain configuration and content.
  4. Click OK

You should also back up databases on your account.

Next step

Reset your website application (CMS) password

If your website has been compromised, you might need to change the administrator password for your website application (or Content Management System/CMS).

The process for this depends on your application, the situation you’re in, and your familiarity with different website tools. One common method of changing your administrator password that works for every CMS, though, is changing your password through phpMyAdmin (Web & Classic / cPanel / Plesk / Managed WordPress).

WordPress® Resetting Your Password
Joomla!™ How do you recover or reset your admin password?
Drupal™ Recovering the administrator password