How to perform a manual cPanel migration

This how to will provide you instructions for performing a manual cpanel migration for if or when the WHM Transfer Tool produces errors due to possibly account sizes or database sizes to work effectively or if you simply prefer commandline scripting.

Connect to the source server via SSH terminal

Use an SSH terminal application like Putty or another OpenSSH client to connect to your server with the root credentials provided in your servers welcome letter.

You will need:

  • Server IP address
  • Server SSH port (22 is default — if you see Connection refused error, you are using the wrong SSH port)
  • User: root or sudoer user
  • Password

If you are unsure what your source server credentials are, please contact the hosting providers support for assistance.

1. Package the account on source server

Perform the following while connected to your server via SSH terminal application.
Replace cpaneluser with the cpanel account username you are trying to package
/scripts/pkgacct cpaneluser This should effectively create a cpmove-cpaneluser.tar.gz archive file of your entire cpanel account

2. Transfer the cpmove archives to your destination server

You can use any SSH FTP SFTP client such as FileZilla to move the archive files to your destination server.

To transfer via commandline, you can use rsync from the source server to push the files to the new servers /home directory
Replace PORT#DESTSERVER with the port number such as 22 or XXXX if custom
Replace CPANELUSER within /home/cpmove- entries to migrate individual archives or you can use /home/cpmove-* in the second example below
Replace DESTINATIONIP with your destination server IP address e.g. 155.188.99.111
rsync -vrplogDtH -e “ssh -p PORT#DESTSERVER” /home/cpmove-CPANELUSER.tar.gz root@DESTINATIONIP:/home/cpmove-CPANELUSER.tar.gz Example 2 – transferring all cpmove files rsync -vrplogDtH -e “ssh -p PORT#DESTSERVER” /home/cpmove-*.tar.gz root@DESTINATIONIP:/home/

3. Restore the packages on the destination server

After all of the archives have been transferred, you then need to connect to your destination server via SSH terminal and perform for each account: /scripts/restorepkg cpaneluser After performing the above for each account, you should now have restored packaged to the destination server.

Global Bruteforce Attack on WordPress Installations

Currently, WordPress is experiencing a global brute force attack. This is not limited to us, but is affecting web hosts worldwide.

This attack is widespread and very vigorous. At this time, we suggest you log in to your WordPress account and change your password to a VERY strong password.

The attack is specific to WordPress installations at this time.

If you have been having any trouble with your WordPress today, you are likely vulnerable to more issues. If you have a Virtual Private Server or a Dedicated Server, your risk may be higher.

We are taking many proactive measures to mitigate this situation but the best defense starts with you. Please check your websites, your system and update your software. Change your WordPress password immediately. At this time, secure your WordPress installation and, as suggested update your passwords for all of your logins on a regular basis.

To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins
  2. Install the security plugin listed here
  3. Ensure that your admin password is secure and preferably randomly generated
  4. Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs
  • A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions

Thank you for assisting us in keeping your information safe and secure.