A fresh new cPanel hosting account will include quite a few files and directories by default. Let's take a look at what shows up when you first log in using cPanel's Built-in File Manager. To follow this guide, please log in to your cPanel account with Hostwinds and navigate to File Manager in the Files section.
What Files Come With A Brand New cPanel
In File Manager, we can see the following default files on a brand new cPanel web hosting account:
The top shows / which is where all your files and folders for your account are located. The cPanel username is generated randomly for security reasons and shouldn't be shared (and cannot be changed).
- etc. – Right below that is the etc. directory which can hold configuration files (and maybe updated by cPanel as you change settings) and is subdivided by domains in the account.
- Logs – The logs directory contains Apache access and error logs for the account, with older ones zipped up in .gz format per month.
- Below is where all your mail is stored for the account, with subdirectories for each domain, add-on domain, and each email account with further subdirectories for sent/drafts/etc.
- public_ftp – While you have to enable it specifically under FTP accounts, public_ftp would be where anonymously uploaded files are uploaded.
- public_html – The most widely used directory, public_html, is the storage for the website files themselves. This will be the root for the main (or only) domain on the hosting account. Addon domains are usually subdirectories of this folder, and anything placed in this directory is publicly accessible from any web browser by default.
- CGI-bin – While not as popular as PHP or HTML that can be placed anywhere inside your public_html directory, Perl or other CGI scripts can be placed in the CGI-bin directory for website programming. You will need to set the scripts as executable ( 0755 permissions in cPanel) for them to work.
- SSL – The SSL directory appears by default even without any certificates generated for the domain(s) in the account.
- certs – The certs directory stores certificates
- CSRS – CSRs are Certificate Signing Requests generated by the server for a certificate provider to use in making certificates
- keys – Keys store the public and private cryptographic keys associated with the certificates and encrypt communication with people connecting to the website.
- tmp – Sometimes, you or your application need a place to store a file for a minute. Session files or other temporary files can go into the tmp directory — don't count on anything staying in this directory for long. It may be emptied periodically by the system.
www and access-logs – On the right side, you'll note www and access-logs, which are not directories but symlinks to public_html and logs, respectively.
Include Hidden Files
If you click the 'options' in the top right side of your File Manager and tick the box to show hidden files, you'll see quite a bit more than the above.
(They're also known as 'dotfiles' because a file with a . at the beginning is not usually shown by default in Linux/UNIX file browsers)
For the most part, these files are hidden because they need them not to be edited by human hands.
- .cagefs is for the virtualized file system that keeps this cPanel account and the others on the server private.
- .cl.selector stores a few options for the cPanel account, like the PHP implementation and a list of .htaccess file locations.
- .cpanel stores configurations and caches for cPanel.
- .cphorde stores configurations for the Horde webmail client.
- .htpasswds will store hashed passwords for directories protected by the Directory Privacy feature.
- .softaculous stores information for the Softaculous add-on to cPanel included in Shared, Business, and Reseller hosting.
- .spamassassin stores the preferences for spam filtering of incoming mail to domains on the cPanel account.
- .subaccounts stores an SQLite database of email, FTP, and other accounts within the cPanel account.
- .trash stores files deleted through the cPanel file manager
There are a couple of .bash and one .zsh file in the root of the account directory: even though we don't allow SSH or other console access to Shared or Business servers, they are still Linux user accounts, and the OS adds these on user creation.
Other Notable Hidden 'dotfiles.'
Inside public_html or a subdirectory may be .htaccess, which can be important for managing or debugging a website. This file will be generated and edited by cPanel changes such as adding a redirect, WordPress installations, or other software and may be edited if needed for various reasons.
Also, inside public_html or a subdirectory may be .well-known — a directory that stores temporary files for domain validation during AutoSSL certificate generation. This directory should not be touched.