A fresh new cPanel hosting account will include quite a few files and directories by default. Let’s take a look at what shows up when you first log in using cPanel’s Built in File Manager. In order to follow this guide, please login to your cPanel account with Ch-center and navigate to File Manager in the Files section.
What Files Come With A Brand New cPanel
In File Manager we can see the following default files on a brand new cPanel web hosting account:
The top shows <your cPanel username>/ which is where all your files and folders for your account are located. The cPanel username is generated randomly for security reasons and shouldn’t be shared (and cannot be changed).
- etc – Right below that is the etc directory which can hold configuration files (and may be updated by cPanel as you change settings) and is subdivided by domains in the account.
- logs – The logs directory contains Apache access and error logs for the account, with older ones zipped up in .gz format per month.
- mail – Below that is where all your mail is stored for the account, with subdirectories for each domain, add on domain and each email account with further subdirectories for sent/drafts/etc.
- public_ftp – While you have to enable it specifically under FTP accounts, public_ftp would be where anonymously uploaded files are uploaded to.
- public_html – The most widely used directory, public_html is the storage for the website files themselves. This will be the root for the main (or only) domain on the hosting account. Addon domains are usually sub directories of this folder, and anything placed in this directory is publicly accessible from any web browser by default.
- cgi-bin – While not as popular as PHP or HTML that can be placed anywhere inside of your public_html directory, Perl or other CGI scripts can be placed in the cgi-bin directory for website programming. You will need to set the scripts as executable ( 0755 permissions in cPanel) for them to work.
- ssl – The ssl directory appears by default even without any certificates generated for the domain(s) in the account.
- certs – The certs directory stores certificates
- csrs – CSRs are Certificate Signing Requests generated by the server for a certificate provider to use in making certificates
- keys – Keys store the public and private cryptographic keys associated with the certificates and used to encrypt communication with people connecting to the website.
- tmp – Sometimes you or your application just need a place to store a file for a minute. Session files or other temporary files can go into the tmp directory — don’t count on anything staying in this directory for long though, it may be emptied periodically by the system.
www and access-logs – On the right side, you’ll note www and access-logs which are not directories but symlinks to public_html and logs respectively.
Include Hidden Files
If you click the ‘options’ in the top right side of your File Manager and tick the box to show hidden files, you’ll see quite a bit more than the above.
(They’re also known as ‘dotfiles’ because a file with a . at the beginning is not usually shown by default in Linux/UNIX file browsers)
For the most part, these files are hidden because the system needs them to not be edited by human hands.
- .cagefs is for the virtualized file system that keeps this cPanel account and the others on the server private from each other.
- .cl.selector stores a few options for the cPanel account, like the PHP implementation and a list of .htaccess file locations.
- .cpanel stores configurations and caches for cPanel.
- .cphorde stores configurations for the Horde webmail client.
- .htpasswds will store hashed passwords for directories protected by the Directory Privacy feature.
- .softaculous stores information for the Softaculous addon to cPanel included in Shared, Business, and Reseller hosting.
- .spamassassin stores the preferences for spam filtering of incomming mail to domains on the cPanel account.
- .subaccounts stores a SQLite database of email, ftp, and other accounts within the cPanel account.
- .trash stores files deleted through the cPanel file manager
There are a couple .bash and one .zsh files in the root of the account directory: despite the fact that we don’t allow SSH or other console access to Shared or Business servers, they are still Linux user accounts and the OS adds these on user creation.
Other Notable Hidden ‘dotfiles’
Inside public_html or a subdirectory may be .htaccess which can be important for managing or debugging a website. This file will be generated and edited by cPanel changes such as adding a redirect, WordPress installations, or other software and may be edited if needed for various reasons.
Also inside public_html or a subdirectory may be .well-known — a directory that stores temporary files for domain validation during AutoSSL certificate generation. This directory should not be touched.