Every time I begin work with a new client, there is a process of gathering all of the accounts and passwords needed to start development. But what if the project was an emergency, not development? Knowing what passwords you need to access files on your site, and what each of them do, will help speed up your development process AND save your butt in an emergency situation.

Here are the logins you will need:

1. Your cpanel Login

Your cpanel, or control panel, is the login that gets you into your hosting account. If you have an account where the domain and hosting services are combined, like GoDaddy, then your login would be your main GoDaddy login. If you have hosting through a company like HostGator, this login often comes to you in your initial welcome e-mail.

A cpanel login gets you into the hosting files, user access control, and the database admin — so this is very important! If your WordPress installation ever breaks or becomes infected, you will need the cpanel login to fix it.

Your cpanel login will take the form of…

  • A login URL like the main URL for the host, a directory on your domain, or something like yourdomain.com:portnumber
  • A login name or e-mail address
  • A password that is case-sensitive

The cpanel login gets you in to the very base level of your site, so it should be kept safe, changed regularly, and not handed out to just anyone.

2. Your FTP Login

An FTP (file transfer protocol) login is what you would use to upload files to your server or download backups of your site. On some hosts, your ftp login might be the same as your cpanel login — but on others it might be different. The FTP login consists of:

  • A hostname, like ftp.yourdomain.com, yourdomain.com, or hostdomain.com
  • A username, which is typically one word without spaces or an e-mail address
  • A password

Note: Some hosts require you to use certain FTP settings like only using sftp (secure file transfer) or limiting you to a certain port. If your FTP login isn’t working, ask your host about their rules for FTP.

Most FTP logins give the user access to modify or delete all of your web server files, so use this and give it out with caution. Like the cpanel password, you should change your ftp account passwords regularly to keep hackers at bay, and delete any unused accounts such as those for former developers or employees.

3. Your WordPress Login

Your WordPress login is what you use to log in to your site at yourdomain.com/wp-login.php or yourdomain.com/wp-admin/. It consists of:

  • Your admin username (which is hopefully not Admin or ADMIN or admin, etc)
  • Your password

4. Your Google Login

I had a client recently (not naming any names but you know who you are!) who needed to replace and upgrade her Google Analytics code… only she wasn’t sure what account her site analytics were actually connected to, so it created a bit of confusion. Not knowing your Google login is especially problematic if you are running Google Apps, where you could have one login for the domain and another for your primary email — or in the case where you are directing a yourdomain.com e-mail address to yourname@gmail.com address. Make sure you know what logins control which of your Google services, and you are golden! These logins might include:

  • Gmail/e-mail account(s)
  • Google Apps for your domain
  • The company YouTube account
  • Google Analytics for your company site
  • Google Webmaster Tools

If any of these services are not under your current control (for example, your Analytics information is in your former developer’s account and you only have access to reports), now might be the time to fix that!

5. Your Purchased Theme and Plugin Logins

Are you using a Premium WordPress theme, like one from WooThemes, ThemeForest, or StudioPress? Have you purchased a WordPress plugin for your website, like Wishlist Member, BackupBuddy or Pippity? If so, keep that purchase information, support login, and/or download information handy, in case you need to replace or upgrade any of these files.

6. Associated Services

Are you using DISQUS, IntenseDebate or Livefyre for your site? You’ll want to have these logins handy for administration, updates and fixes.

If you are storing your backups on a 3rd-party service like Amazon Web Services or Dropbox, you’ll also need those logins handy too!


I hope that I have given you some good direction on organizing the passwords needed to run your website. As always, if you have questions, please contact me or ask a question below! If you are worried about your WordPress password and site security, you may want to check out this recent post on that topic.

Pin It on Pinterest