Knowledgebase : Web Hosting > cPanel

Our default firewall rules allow most applications/software to run without issues on our shared, cloud web hosting, semi-dedicated, and reseller hosting plans. If you're running an application/software which requires we whitelist an IP or open a non-standard port please open a ticket with our support department and provide us with:

  • The port(s) and/or IP(s) you need whitelisted.

  • An explanation of why the whitelist is necessary.

  • The name of the application/software you're attempting to use.

Any website hosted through Hawk Host which is using Hawk Host's nameservers (nsX.hawkhost.com) will have full control over their DNS zone using the Zone Editor interface found in cPanel. You can use this interface to add or edit your domains A, AAAA, CAA, CNAME, DMARC, MX, SRV, and TXT records.

Editing existing DNS Records for your domain

  1. Login to your hosting accounts cPanel and use the search to access the "Zone Editor" interface:



  2. You will be redirected to the Zone Editor and a list of all domains hosted from your account will be shown.

  3. Locate the domain you're looking to modify and to the right of the domain click the "Manage" button:



  4. After clicking Manage you will be redirected to your domain DNS zone. All your existing DNS records will be listed with an "Edit" button listed to the right of each record. Use this button to edit any of the provided values for your existing DNS records.

Adding an A Record to your domain

  1. Login to your hosting accounts cPanel and use the search to access the "Zone Editor" interface:



  2. You will be redirected to the Zone Editor and a list of all domains hosted from your account will be shown.

  3. Locate the domain you're adding an A record to and to the right of the domain click the "+A Record" button:



  4. A popup window will appear asking for your domain for the new record along with the IP address where the record should be pointed. For example if we wanted to add an A record for blog.yourdomain.com pointed to the IP address 1.2.3.4 we would enter those details as follows:



  5. Click "Add An A Record" to save your changes and add the record to your DNS zone for your domain.

Adding a CNAME Record to your domain

  1. Login to your hosting accounts cPanel and use the search to access the "Zone Editor" interface:



  2. You will be redirected to the Zone Editor and a list of all domains hosted from your account will be shown.

  3. Locate the domain you're adding an A record to and to the right of the domain click the "+CNAME Record" button:



  4. A popup window will appear asking for your domain for the new record along with the CNAME (destination) where the record should be pointed. For example if we wanted to a CNAME record for blog.yourdomain.com and redirect those requests to yourotherdomain.com we would enter those details as follows:



  5. Click "Add A CNAME Record" to save your changes and add the record to your DNS zone for your domain.

Adding an MX Record to your domain

  1. Login to your hosting accounts cPanel and use the search to access the "Zone Editor" interface:



  2. You will be redirected to the Zone Editor and a list of all domains hosted from your account will be shown.

  3. Locate the domain you're adding an MX record to and to the right of the domain click the "+MX Record" button:



  4. A popup window will appear asking for MX Priority (0 is the lowest possible) along with the Destination (your email server) where the record should be pointed. For example if we wanted to an MX record for with a priority 0 and route mail through yourdomain.com we would enter that information as follows:



  5. Click "Add An MX Record" to save your changes and add the record to your DNS zone for your domain.

Adding a DMARC Record to your domain

Please refer to our KB article How do I create DMARC entries for my domain names? for a guide on creating DMARC records for your domain.

Adding other (AAAA, CAA, SRV, TXT) DNS Records to your domain

  1. Login to your hosting accounts cPanel and use the search to access the "Zone Editor" interface:



  2. You will be redirected to the Zone Editor and a list of all domains hosted from your account will be shown.

  3. Locate the domain you're looking to modify and to the right of the domain click the "Manage" button:



  4. From the middle-right of the Zone Records page click the arrow dropdown next to "+ Add Record" to add your new record. Select your record type from the provided dropdown:



  5. Follow the provided prompts to complete the process of adding your new record to this domains zone file.

    When checking the "Email Deliverability" interface in cPanel it may show a PTR/rDNS error which reads " (Reverse DNS)":


    All of our servers already have proper PTR/rDNS records setup. This error message from cPanel is a known bug which has been reported to the cPanel development team. This bug will not cause any issues with email delivery and can be safely ignored.

    If you have any further questions regarding this please open a ticket with our support department through your helpdesk account.

    As of September 2019 cPanel has adjusted their pricing structure from a flat fee per license to a usage based structure, meaning as a cloud compute customer you are limited to the number of cPanel accounts you can create depending on the license you are using. Hawk Host currently offers the following four license options for cloud compute plans:

    cPanel License Type Number of cPanel Accounts Monthly Price
    cPanel Admin Cloud 5 $17.00
    cPanel Pro Cloud 30 $23.00
    cPanel Plus Cloud 50 $33.00
    cPanel Premier Cloud 100 $42.00

    For example, if you intended on hosting 25 cPanel accounts from your cloud compute, you would require the cPanel Pro Cloud license. If your usage grew and required 31 or more cPanel accounts, you would need to upgrade to the cPanel Plus Cloud license.

    If your needs exceed more than 100 total cPanel accounts please contact our sales team and we can provide pricing for the right license based on your growth and future needs.


    cPanel has included video tutorials for every option under the control panel. To access these tutorials and get help with the options, look for the "Video Tutorials" section in your cPanel.
    Error pages are determined by the HTTP

    You can add custom error pages by logging into cPanel and selecting the the "Error pages" under "Advanced". From you you can add custom error pages in HTML and SHTML form.

    You can also have custom error pages by simply modifying the .htaccess file in your account with the following:

    ErrorDocument 403 /403.html
    ErrorDocument 404 /404.html

    That would redirect anyone who received a 403 or 404 to /403.html or /404.html.


    Example Error Codes (Full list)

    400 - Bad Request
    401 - Authorization Required
    403 - Forbidden
    404 - Not Found
    405 - Method Not Allowed
    406 - Not Acceptable (encoding)
    407 - Proxy Authentication Required 
    408 - Request Timed Out
    409 - Conflicting Request
    410 - Gone
    411 - Content Length Required
    412 - Precondition Failed
    413 - Request Entity Too Long
    414 - Request URI Too Long
    415 - Unsupported Media Type
    500 - Internal Server Error
    501 - Not Implemented
    502 - Bad Gateway 
    503 - Service Unavailable
    504 - Gateway Timeout505 - HTTP Version Not Supported


    You can view the CPanel documentation at the official website: http://www.cpanel.net/support/docs/index.htm

    SpamExperts is an enterprise level email filtering solution that is included for free with all shared, reseller, and semi-dedicated hosting plans. If you'd like to utilize our incoming email filtering on your account, you can do so through cPanel. Activation takes less than 5 minutes, at which point all of your incoming mail will be passed through our filtering/detection systems. By default, all outgoing email is filtered through our systems. As a result no action is necessary on your behalf to utilize outgoing filtering. To enable SpamExperts incoming filtering:

    1. Login to cPanel for your account.

    2. Once you've logged in to cPanel use the search bar to look for the "Professional Spam Filter" and click on the link:



    3. Under the Professional Spam Filter interface, click the link titled "Login". This will activate and configure SpamExperts on your hosting account:



    4. You will then be redirected to your SpamExerts user interface. From here you can configure your settings, search for filtered mail/spam, create whitelists and blacklists, and much more. We suggest spending 10-15 minutes familiarizing yourself with the user interface/control panel.

    Please note that the default settings we create when you activate SpamExperts will address nearly all of the common requirements for most users. You're not required to do any further configuration or modification unless you deem it necessary for your domain(s)/setup. Should you experience any issues activating SpamExperts, or if you're unsure about a specific feature or setting, our support team would be happy to help. Please submit a ticket at https://my.hawkhost.com/submitticket.php for further assistance.

    Proactive Defense is a unique Imunify360 feature that can prevent malicious activity through PHP scripts. It is available as a PHP module for Apache and LiteSpeed web servers and analyzes script activity using known patterns like obfuscated command injection, malicious code planting, sending spam, SQL injection etc. This feature is available on all shared, cloud web hosting, semi-dedicated, and reseller hosting plans.

    To enable Proactive Defense:

    1. Login to cPanel and use the search to locate the Imunify360 interface. Click the Imunify360 icon.



    2. From the Imunify360 interface, select the Proactive Defense option from the top menu navigation.

    Using Proactive Defense:

    1. Proactive Defense offers three modes:

      Disabled: Proactive Defense will not be used for your account.
      Log only: Proactive Defense will detect/identify malicious PHP scripts, code, etc. but it will not take action, only log the events.
      Kill Mode: Proactive Defense will immediately kill the PHP script performing malicious activity under your account. Kill Mode also logs events in addition to killing scripts.

    2. When Kill Mode is enabled, any detected malicious PHP scripts and their actions will be displayed under Detected Events. When an event is detected you will be given Action options on how to handle the Detected Event. Options include:

      View file content: View the content (code) of the malicious PHP script
      Move IP to the Black List: Block the IP which called the script and prevent it from completing the same request in the future
      Move file to Ignore List (ignore detected rule): Allows you to exclude the file from Proactive Defense analysis for a particular rule. Useful in the case of a false-positive detection, or when debugging a detection issue.
      Move file to Ignore List (ignore all rules): Allows you to exclude the file from Proactive Defense for all rules
      Remove file from Ignore List: Removes the file form your Ignore List and will enable Proactive Defense detection on the file again

    Additional reading/details about Proactive Defense can be found on the the Imunify360 Documentation Page

    We allow you to change your primary domain or your accounts username. All you'd need to do is submit a support ticket providing the domain you'd like to change to, or the new user name you'd like.

    Note: The username cannot start with a number, it must start with a letter and is limited to 8 characters. Resellers also are unable to change their username.
    Our AutoSSL system will email your cPanel contact email address when there is a successful renewal, expiration, or installation failure. If you wish to modify your notifications you can do so using the "Contact Information" interface in cPanel:

    1. Login to cPanel for your account (login details can be found in your client area).

    2. Once you've logged in to cPanel, search for the "Contact Information" interface. Click on the "Contact Information" icon.





    3. Within the "Contact Information" interface you will see multiple options related to AutoSSL. Select the check box next to each option to enable/disable per your notification preferences.





    4. Scroll down and click "Save" when you've made the desired changes.

    If you've lost your hardware device previously used to configure cPanel Two-Factor Authentication please refer to this KB article on how to disable 2FA.

    If you still have access to your hardware device and still wish to disable Two-Factor Authentication for cPanel please follow the steps below:

    1. Login to cPanel for your account and use the search bar to locate the 'Two-Factor Authentication' interface. Click the 'Two-Factor Authentication' icon that appears.

    2. You will see an icon titled 'Remove Two-Factor Authentication'. Click this button.

    3. You will be asked 'Are you sure you want to remove two-factor authentication from your account?'. If you wish to proceed click 'Remove'.

    4. You will be prompted to enter the current 6 digit 2FA code from your hardware device. Enter the code and click 'Proceed'.

    5. Two-Factor Authentication will now be disabled on your cPanel account.

    All of our shared, cloud web hosting, semi-dedicated, and reseller hosting plans support enabling DNSSEC. To enable DNSSEC on your domains:

    1. Login to cPanel for your hosting account and use the search bar to look for the "Zone Editor" interface:



    2. From the "Zone Editor" interface select the "DNSSEC" button to the right of your domain:



    3. From the "Zone Editor DNSSEC" page click "Create Key":



    4. You will then be met with a popup dialogue window titled "Confirm Create". For most users the default values will be accepted by the registry, but if you do have special requirements use the "Customize" interface. Otherwise, click "Create":



    5. Once you click create you will be redirected to the "DNSSEC Key Details" page which contains all the DNSSEC information necessary to configure DNSSEC on your domain with your registrar:



    6. You will now be able to view these DNSSEC keys at any time through cPanel in the Zone Editor:

    You can install the WordPress CLI (wp-cli) on any hosting plan by following these instructions:
    1. Connect to your hosting plan via SSH

    2. Once connected run the following command in your SSH terminal: curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar

    3. The phar file needs to be executable so we'll chmod it by typing: chmod +x wp-cli.phar

    4. Now that the wp-cli is installed we'll modify your .bashrc file to respect the wp command. To do this, type the following in your SSH terminal: alias wp='~/wp-cli.phar'

    5. Next type the following command in your terminal: echo "alias wp='~/wp-cli.phar'" >> .bashrc

    6. Lastly we'll use the source command to make sure bash initializes properly: source .bashrc
    You should now be able to change to your active Wordpress installation directory and use the wp command.

    All shared, reseller, and semi-dedicated hosting services with us allow you to mass install free and trusted SSL certificates from Let's Encrypt. Our servers have AutoSSL enabled meaning we will attempt to automatically install an SSL certificate on your domains. If you wish to disable AutoSSL on a domain hosted from your account please follow these instructions:

    1. Login to cPanel for your account (login details can be found in your client area).


    2. Once you've logged in to cPanel, search for the "SSL/TLS Status" interface. Click on the "SSL/TLS Status" icon.




    3. By default all of your domains will be included in AutoSSL. To exclude a domain, use the provided search bar to locate the domain name. Select the domain(s) you wish to disable and then click "Exclude Domains from AutoSSL":




    4. The previously selected domain names will now be excluded from future AutoSSL runs.
    The following rules can be added to your sites .htaccess file to force visitors to use SSL/HTTPS when visiting your website.

    To force SSL on all websites located under your .htaccess, add this rule:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    To force SSL on a single/specific website and not all websites, add this rule:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^domain\.com [OR,NC]
    RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    In the above example you would replace "domain.com" with your specific domain name.

    Please note that in order for SSL/HTTPS to work you must first have an SSL certificate install on your site. We offer free SSL certificates through Let's Encrypt. Instructions on how to install your free SSL certificates can be found here: How to install your free Let's Encrypt SSL Certificates

    These instructions are for a purchased SSL certificate. All shared, cloud web hosting, semi-dedicated, and reseller plans include free SSL via Let's Encrypt: How to install Let's Encrypt SSL

    You can easily generate a CSR (Certificate Signing Request) for an SSL certificate through the SSL/TLS manager in cPanel. The generated CSR can be used for certificates purchased from Hawk Host or any other third party CA (certificate authority).

    1. Login to cPanel for the account you wish to generate the CSR for. Once you've logged in, type 'SSL' into the top left finder and select the "SSL/TLS" interface:



    2. Before you can generate a CSR, you must generate a private key for the domain. Select the option to 'Generate, view, upload or delete your private keys.' under the Private Keys (KEY) section:



    3. Your key size should be either 2,048 or 4,096 bits. For the "Description", enter the domain name that will have this SSL certificate:



    4. Once generated, you will be redirected to a page which displays your Private Key information. Scroll to the bottom and click "Return to SSL Manager"

    5. Now that you have a Private Key generated for your domain, you will want to generate a Certificate Signing Request (CSR) for the host. From the SSL/TLS manager page in cPanel, select the 'Generate, view, or delete SSL certificate signing requests under the Certificate Signing Request (CSR) section:



    6. You will now be on the page to generate a new CSR. From the Key* dropdown, select the key you generated from step 2 above:



    7. In the Domains* field, enter the domain name you will be using for this certificate. If you wish to secure both "www.yourdomain.com" and "yourdomain.com" you should enter "www.yourdomain.com in this field:

    8. Go through the remaining fields and provide the required information. Only fields with an asterisk(*) next to them are required. The rest are optional. Once the fields are completed, click "Generate" to create your CSR.

    9. You will be redirected to a page showing your newly generated CSR. This is what you will copy and paste to your certificate authority (CA) to complete the process of generating your purchased SSL certificate. Your CSR can be found at any time through the SSL/TLS interface. It is okay to navigate away from this page.

    If you still need help with your CSR or SSL certificates, please contact our support department and provide details of your issue, including the steps you completed and any error(s) you received.

    These instructions are for a purchased SSL certificate. All shared, cloud web hosting, semi-dedicated, and reseller plans include free SSL via Let's Encrypt: How to install Let's Encrypt SSL

    Before you can install a purchased SSL certificate using the SSL/TLS manager in cPanel, you will first need to have generated a CSR/key and submitted this to your CA (certificate authority). If you have not done this yet, please follow these steps before proceeding.

    If you have generated your CSR/key and have been provided your purchased SSL certificate, follow these steps:

      1. Login to cPanel and type 'SSL/TLS' into the top left finder:



      2. From the SSL/TLS interface select "Install and Manage SSL for your site (HTTPS)":



      3. In the CRT field, copy and paste in the CRT (certificate) you were sent from your purchasing SSL company:



      4. Then select "Autofill by Domain":



      5. Your Private Key and CABUNDLE fields will now be filled in: