Part 4: Getting to know essential services and how to use them

Summary: In this part, we are going to explain how to install and use some of the essential services like personal emails, FTP, SSL, auto installers and more.

Branded/personalized email address

When it comes to personal and business correspondence, there are very few things that can compare to email. There are other means of video, sound and text exchange, but when it comes to everyday use of important and less important things, we all overuse and love/hate email. It almost completely filled in for the regular snail mail in the areas of personal and business correspondence and the only area that is safe is delivery of physical packages. The rest can be handled over the email.

Most people know how to use email and what the address looks like. You are familiar with the popular email extensions that are named after some of the popular free email client providers, like;;; or They are logical choices when you are starting out because they are free and easy to use.

However, when it comes down to you owning a domain, a whole new world of possibilities opens. You may have hosted emails with your own email extension. For example, if your domain is your email address can be It is much more personal than having an extension of any of the popular email providers (gmail, yahoo, aol, etc.).

Note: Branding not only gives a boost to your professional image, it gives your customers confidence that you believe in your business and are here to stay. Even if you do not have a business site, personalized email extension gives you instant recognition and a certain amount of legitimacy.

Creating email address

You can create your email address in your web hosting control panel. With some web hosting plans, you can have more than one email address. This is useful if you have a need for multiple email addresses. It allows you to assign unique email addresses to each of your employees, family members or whomever you want to give it to. To create an email address you need to determine:

  • name of the email address
  • password
  • mailbox size

There is usually a section dedicated to email in the web hosting control panel. There you will have a few simple steps for creating an email and be asked to enter the three things we mentioned.

Name–when choosing a name for your email address there are few things to consider. Make your address memorable, concise and simple. Do not make it too long or complicated because people will not remember it. The most obvious email address is You can also have more than one email address in case if you have more than one employee or different addresses for different purposes (customer support, billing, etc.)

Password–this is a word or string of characters used to prove the user's identity or to gain access to a resource. It's important not to use a simple password because it can be easily guessed and cracked. You may have the option to use a password generator to create highly secure passwords. Remember to save your password in a safe place. In the worst case if you lose it you can always replace it.

Mailbox size–will depend on your hosting plan. Each email that comes or goes has a physical size that depends on its structure. Let's say that your mailbox size is 200MB. If it is pure text, average email may be about 10K in size, but if it has one picture it may grow to an average size of 2MB. The size limit you will pick is up to you and your needs. You can also select “unlimited” to have a big inbox, but do not forget that the “unlimited” is usually limited by your web hosting plan space. No matter what size you choose, do not forget to delete unnecessary emails.

Reading and writing with email clients

After you are finished creating an email address and want to use it, you have two options:

  • webmail
  • email client

Webmail–is quite popular and widely used. In short, it is a browser interface for your email. You usually go to or some variation of it and log in with your username and password. There are some advantages and disadvantages. Most hosts have several interfaces. After you login in your webmail, you can choose between them. You are not bound to one and it is nice to have a choice. Since your mail is stored on a server, you can use your email on any computer that has internet connection. The biggest disadvantage is that you cannot use your email account if you do not have internet connection.

Email client–there are many email clients, but choose carefully because most of them are built to work with a certain operating system. Additionally, you will have to configure it to be able to connect it to your server. One advantage of email client over webmail is that it has the ability to download your email onto your computer, so you can access it even if you are not online. There are two ways in which email clients work and they essentially do the same thing in a different way:

POP3 (Post Office Protocol 3)–downloads your emails on your computer and removes it from the server by default. However, the drawback of this configuration is obvious if you use more than one device. The other devices would not be able to see the emails since they have already been removed from the server. Each client has its own records of what have you done, and they do not synchronize with each other. That means if you have two email clients connecting to the same email account, for example one at work and one at home, their inboxes can be completely different. Each client will not synchronize with each other. POP3 is not recommended if you use more than one device to connect to an email account. You can configure POP3 to leave the email on the server so this configuration can be a handy failsafe. This way, if you accidentally deleted an email, all you have to do is to login on your server and re-download the email.

IMAP (Internet Message Access Protocol)–synchronizes your email client with your server. The client acts as a window displaying the contents of the email account located on the server. This is great if you have more devices, but it is also less of a failsafe. The synchronization means when you delete an email in your client, IMAP will also delete it from the server. In short, once you delete an email, it is gone and you will not be able to retrieve it from any device or server. IMAP is the preferred method for checking an email account from multiple devices.

Note: Do not forget about your mobile devices. No matter if it is a smartphone, tablet or whatever they invent in the future, it is handy to have fully fledged email functionality on the go. Checking emails on your mobile device is the primary way to check your inbox nowadays. Some devices come with preinstalled email clients but you can download any client you want. Just remember to check if they are compatible with your device. If you prefer webmail, most of providers have already developed official apps, so be sure to search for them in your application store.

Email tips and tricks

Now that you know how email works, here are few helpful tips and tricks that you may want to use in your email.

Forwarding mail

There are many reasons why you should use mail forwarding. The main thing is that it will definitely simplify your email experience. You should use forwarding when:

  • You have multiple domains/email addresses–you have multiple domains (, etc.). It is handy if you are having one primary inbox, for example People can send you emails to other addresses, like but you will still get them all in your primary inbox.

Note: The best part about creating additional forwarder addresses is that they do not have to occupy any physical space on your server unless you want them to.


Another time-saving tool is an auto-responder, which will automatically reply to every mail with a previously composed reply. You should compose an email that is neither too long nor gives too little information. Be short and concise with auto-responding emails. You would want to activate this option if you:

Note There are many more reasons to set an autoresponder, but do not forget about them after you activate it. You want to deactivate it when it is no longer needed.

Managing website files

When it comes to managing your website files, two things that you want to pay close attention to are uploading files and downloading backups. This is where FTP (File Transfer Protocol) will be helpful. It simply allows your computer and server to transfer files without displaying or executing them. To connect to your FTP client you will require username and password, thus this form of connection is pretty secure.

Installing and using FTP client

FTP is the standard for transferring files. To use it you need four things:

  • FTP login username and password
  • FTP address for your server
  • Port for connecting through FTP
  • And FTP client

FTP login details are provided by your web host, usually via email. If by any chance you lose that email, there is usually a section for FTP in your hosting control panel with that information. After you get the login details, you should download and install an FTP client. There are free and commercial options and the most popular ones are:

Again, it is up to your preferences and compatibility. After you open your client, besides your username and password, you will need the FTP address for the server. It usually comes in one of these variations:

Lastly, you will need a port number to connect to. Ports are simple connections that programs use to connect to your server. FTP configured ports are used only for FTP and are open only while you transfer data via FTP. If your host has not designated specific port, it is usually number 21 for FTP and 22 for SFTP. That is not always the case, so check that out with your hosting provider.

After you made a FTP connection with your server you will be able to see exactly what files you have on your server and on your personal computer. Usually, you will see two columns, one on your server and one for your computer. There, like in your OS, you can copy, paste, move, delete and create files and folders that you need. Many hosts' control panels have a section that is dedicated to FTP but they are usually limited when it comes to some more advanced features and have them labeled in various ways. However, you will need to use the control panel if you want to create additional FTP accounts or give someone else FTP access to manage (part of) your site.

Before you manage your files you should know about file permissions. They are tools that give you the ability to determine who can read, write and execute any file. There are three user levels of permissions:

Each file has its own permissions. All three of them are applicable on mentioned users and they are:

There are textual and numeric forms of assigning permissions, but we are going to skip them because FTP clients have a simpler way of setting them up in 99.99% of the cases.

Backing up your website

Once again, backups. There is no better failsafe for your website. It is best to do the backups daily, but let's be honest, nobody has time for that. It is not enough to have a backup of your original site. Weekly or monthly full website backups are sufficient and easy to do. A backup may take a while, but after it is finished, if possible, make a copy on your backup drive or USB stick. It is never too soon to make a backup and there are never too many backup copies.

Manual backup with FTP

You just simply login into your FTP client and drag everything from the document root to a folder on your computer. But what is a document root? Simply, it is a folder that is open to the internet and is protected from the view of anyone online. It is usually named html or public_html. Most of the hosts automatically take you there after you login into your FTP client.

Automated backup

If you do not have time to make a manual backup, you can get an automated backup solution. They usually work through FTP, SFTP or MySQL and are efficient. There is a question of a small fee and usually hosting providers will offer automatic backups. So check with the provider or search for a third-party solution.

Control panels

A control panel, in web hosting, is a web-based interface provided by the hosting company that allows customers to manage their various hosted services in a single place. One of the widely used and well known control panel is cPanel. There are also other alternatives that you could consider such as Plesk, ISPConfig, etc., depending on your needs.

Overview of cPanel

cPanel is one of the most widely used control panels for web hosting. It is easy to use, highly customizable and majority of the hosts are configured to serve its multiple layouts that are available. It comes with various pre-installed options, and from it you can manage email and FTP accounts, your add-on and sub domains, MySQL database, applications, security, and statistics. Everything that we've talked about in this guide you can find in cPanel.

After installing and answering a few questions to customize your cPanel, you are ready to use it. It has an interface for website owners and server owners. Besides the already mentioned pre installed options, you can add almost anything you want to.

In the Web Host Manager part of the cPanel, you can do all things that are related to administrative server hosting. There you can add and manage your accounts, create hosting plans, reseller accounts, change security features, configure server, scale your hosting capabilities and much more.

While it is easy and intuitive enough for beginners, cPanel is powerful enough to meet the needs of more advanced users.


It is most probably the most used control panel tool after cPanel. It is also a commercial control panel and similar in many aspects, from versatility to robust options. There is a number of people that will recommend Plesk over cPanel because of somewhat cheaper price in the long run, but in the end it all comes down to user interface and whether it suits you or not.


Unlike previous two, ISPConfig is a free open source control panel. It is stable, massive and mostly aimed at internet service providers, but it is suited for other users too. Its main selling point is managing several servers from one control panel. It is secure and fast enough with numerous options that are attractive to regular customers, including multi language support.


With different terminology, Kloxo is visually similar to cPanel, but it is free and open source. Although there are some that say it is buggy, there have been a lot of updates and patches that solved them. Considering that, it is still one of the best free alternatives to cPanel. It not only covers the basics, it is equally robust, advanced and easy to use.


ZPanel is one of the most often updated control panels. Besides the developers, the user community is also quick to help out. Free, open source and written in PHP, it is very versatile and easy to modify. Probably not the first choice or recommendation for beginners, but great for personal items and once you figure it out, it allows you to do quite a lot.

Other web hosting control panels that you should also consider are:

  • OpenPanel
  • Webmin
  • Ajenti
  • Virtualmin
  • Vesta
  • DirectAdmin
  • InterWorx
  • ServerPilot
  • Froxlor

Installing web tools/platforms

While CMSs refer to the platforms that makes the whole website, like Wordpress, Joomla or Drupal that we've mentioned in Part 3 of this guide, there are number of smaller and bigger web tools that are built to do a specific thing on your website. When it comes to installing any tools you will have two option: manually with FTP and with the use of third party installers. Most web hosts offer easy to use installer inside their control panels which will help you upload any tools/platforms you need.

Manual installation

If you are installing a tool that you downloaded from the internet manually you will need to use your FTP client. You should find installation instructions for the tool. It is usually a text file labeled readme.txt or install instructions.txt that you can find after you downloaded the files. If there are no instructions, you should probably skip the script because it is probably badly written or potential dangerous. Usually the process involves uploading the files to your server via FTP client to a certain folder. There may be some additional instructions, so look for them in the installation instructions text files that you downloaded with the script.

One-click installers

To make your life faster and easier, there are one-click installers. They will enable you to install almost any tool/platform fast and easy so you can dedicate more time to learning how a certain tool works, rather than spending time on installing them. These one-click installers are free third party software that is incorporated into your host control panel. You just need to follow the instructions for installing the tool of your choice (WordPress, Joomla, Drupal, etc.). The installation process is really simple and with one-click any software can be easy uploaded to your website. There are numerous one-click installers and each hosting provider offers different options. The most popular are:

Those are the most popular and they all have dozens of dozens of free tools that could come in handy.

Note: Any tool/platform can be installed on your server manually with FTP but these one-click installers were specifically created to make your life easier.

Website security

Website security is a concern for many people. If you search the web for How to hack a website, you will literally get millions of hits. Taking the necessary precautions now with your website will help prevent a big headache later on in the event anything does happen to your website.

While it is not possible to cover every security issue for every program and case, we'll talk about the main areas you should focus on in order to prevent any problems.

Vulnerability in software you use

The security of your hosting account is very important. Having a totally secure system would be impractical, so there are few things that you should look after.

Limited access–At some point you will probably add another person that could use your account. Make sure that they are to be trusted and give them a unique username and password that are not easily deciphered. Limiting access means limiting possible entry points and restricting the user's database privileges.

Stable versions of the software–It is not advisable to immediately download the latest version of any software, because they may have bugs and flaws in them. They may be minor hiccups, but it is best to wait for patched-up version so you don't have any problems. However, exceptions are security updates, you should update those immediately.

Trusted sources–Choose only trusted themes, plugins and apps, meaning that they are certified and that you can identify who or what is behind its creation. Getting them from untrusted sources can lead to various problems.

Username and password–A strong password and username will help avoid much vulnerability. For username do not use any variation of your real name, company name, or website name. For passwords do not use only numeric or only letters and don't make it too short.

Common ways sites are hacked

Injection–These happen when untrusted data tricks the system to execute it without proper authorization so it can access and manipulate the data. They usually occur through SQL or OS and the most sensitive parts for this kind of intrusion are login screens, search forms and browser address fields. You can avoid this by sanitizing your user inputs.

Cross Site Scripting (XSS)–Another major issue happens when an app receives and sends untrusted data to the browser and that data then bypasses proper validating. It can redirect users to malicious websites, hijack sessions, steal personal information and much more. It is hard to detect and stop, so it is used by malicious hackers to mess up things and by good hackers to check security and help in repairing the weakness.

Broken authentication and session management–By exploiting weaknesses in your authentication system, somebody can literally steal your identity. They obtain passwords, session IDs, cookies and other things that can allow hackers to access your site from any computer. It is one thing when you forget to logout from social networks, but a whole other thing when it is your bank account. You can prevent this by setting sessions to expire after a specific time, so users are logged out after some inactive time automatically.

Distribute Denial of Service (DDoS)–although not technically a hack, it is a method of bringing a website down. It will make the system unusable or very slow for legitimate users by overloading the resources so no one can access them. It can be used to compromise part or the entire website. To prevent this, plan ahead, strengthen your network and application infrastructure and especially DNS, since DDoS attacks are large and often sending tons of URL requests in a very small time frame.

Brute Forcing–Also known as password cracking. This happens if you have your encrypted usernames/passwords floating on the internet in the unprotected file. That means that everyone with access to Google and password deciphering tools for encoding passwords can find your sensitive information. There are many methods for preventing this kind of attack and some of them are account lockout or throttle requests like typing in captcha.

Transferring domains

The instructions to transfer a domain from one hosting company to another are different for each company. It is best to contact the new hosting company for their specific instructions. The same thing applies if you want to change your domain registrar, meaning that you want to change your domain name.

If you are transferring hosts, be sure that you transfer and download all of your website files, because you do not want to leave something behind. As a precaution, it is wise to download all of your files to your computer or a backup drive. However, do not forget about password protected folders or hidden files because you will need those too. Also, this is a good time to get rid of unwanted things, like additional or unused email or FTP accounts or applications.

Schedule your move when you have least traffic. It would not be wise to have your move during your busiest hours, because there will be some hiccups and delays until everything is set up. You probably want to warn your customers too.

Before you make an actual move, make a checklist so you do not forget something. Usernames, passwords, all kinds of accounts, subdomains, databases, SSL certificates, applications are just a few to name. If you want to have the same website on your new host, you can't forget anything!

If you are transferring registrars, the move is somewhat easy because it is usually less invasive. In short, you will have to obtain the authentication code from the old registrar and deliver it to the new registrar. Then the old registrar will ask you for the authentication and after you confirm it, it will release the authority to the new registrar. Then you will be notified when the transfer is complete. If you are using cPanel, you can do all of this in the “Domain Manager” section.

However there is one thing that you should be aware of. A domain transfer could take up to several days, so do not wait for the last day of your domain registration. If you do that, it could result in incomplete transfer before the registration expires, which could result in loss of the domain name registration and failure of the transfer.

Speeding up your site

Having seconds, or even milliseconds shaved off your site's loading time can be crucial. Sluggish pages are an annoyance to both repeat and new visitors, and can certainly cause you to lose customers. Here are few tricks to speed up your site.

Optimize homepage–The first page your customers see is your homepage and should load as fast as possible. Reduce the number of posts, show excerpts instead of full posts and remove unnecessary widgets and plugins. Incorporate them only where they are necessary, because they slow the site.

Optimize images–Simple, yet a lot of people forget about it. Scale and crop the images to the actual size, remove comments and adapt the color depth. Acceptable formats are JPEG, PNG and GIF. You can even use one of the image optimizer plugins that reduce size, but not the quality of images.

Remove redundant code–Code can sometimes get messy with useless extra parts. You should remove them whenever possible, including line breaks and empty spaces because they add up to the size of the page. There are a lot of tools that can help you with that, and if you cover HTML, CSS and JavaScript, you will cover the majority of your code.

Enable caching–With caching, elements of the pages are stored on visitor's hard drive in a cache, so the next time you visit that page, it loads quicker. This is useful if you want to have returning visitors and it shaves off seconds.

Minimize HTTP requests–A big part of loading of the page falls under downloading different pieces of the page. HTTP request is made for each and every one, so more elements you have, more time it takes to load. Have a simple design and framework, optimize and use CSS instead of images whenever possible, reduce scripts and redirects, etc. In this case, minimalistic is better.

Use Content Delivery Network (CDN)–It essentially takes all your static files, like images, and lets visitors download them from the physically closest server. There are many tools for this, and as we already said, the closer the server, the faster the download.

Stylesheets at the top, scripts lower/at the bottom–Putting stylesheets at the top of your pages will make them appear to load faster, because they will load progressively from top to bottom. Scripts are tricky because they block parallel downloads so, if they start early, the page will take longer to download than the rest of the content.

Note: To have a fast loading page, you should remove all unnecessary and redundant parts, optimize what you can, minimize the size where you can without the suffering of the quality and have as little parts as you must. More isn't always better.

SSL certificates

SSL (Secure Socket Layer) certificates are useful if you have a website that requires personal and/or confidential information. They prove that you are a trustworthy and legitimate person or business. They encrypt the data, so they can prevent the interception and stealing of that data. You do not require a SSL certificate if your website is purely informational, however, if you require name or username, ID, phone number, address or credit card information, you definitely need one.

It is easy to see if the website is using an SSL certificate. Since it uses connection protocol known as Hypertext Transfer Protocol Secure, the web address starts with https:// instead of http://. If the website is using the protocol, but their certificate is expired, not valid or not recognized, https:// will be colored red. So beware because the connection may not be secure. Sites with lower level verification will have a padlock after the https:// and higher level verification websites will have a company name or a whole address bar colored green.

There are different security levels and you should choose the one that serves you and your customers. They vary from Basic to Extended Validation (EV). Consider your customer size and the sensitivity of the data you require. If you are only requiring a name and address, EV level of certificate is overkill.

Buying SSL certificates is easy and you can buy them from different places. However, buying a certificate from your host is sometimes the most practical, because you will usually get help with installing them. Installation can be tricky and sometimes you will not be able to install it without your host. Installation is different for every Certificate Authority (CA), brand and certificate level. By making it complicated, it makes it difficult for fake websites to trick browsers into believing there is a valid certificate where there isn't one. There is no one universal guide for certificate installation and you should follow the certificate provider's instructions to the last letter or your certificate won't work.

And there you have it. You made it to the end. Well, almost, because there is also a web hosting glossary for refreshing your memory. In this guide we presented essential things that you should know about web hosting. Now do not be afraid and take on the journey called website hosting!

All parts

1Introduction to hosting 2Available technologies 3Choosing the company 4Using primary services 5Glossary