How To Edit A Host

First choose the host you want to edit.

Choosing the host to edit

Next enter the following 3 fields carefully and correctly:

  • The cPanel URL – this will typically end in :2083. This uses port 2083 which is a secure port and hence HTTPS will be used. 2082 is an insecure port and hence you data can be sniffed. IF you are concerned about security you should never use port 2082 whether using Whoosh or when accessing cPanel directly via a browser.
  • The cPanel User – a maximum of 8 characters in length
  • The cPanel Password

After clicking on the Update button a popup will appear where you enter your API secret.

If any of the 4 values is incorrect then the host will not be validated.

Screenshot of annotated API Secret popup


cPanel URL

Sometimes the cPanel URL you are given by your hosts redirects to another URL. Use the final URL here

It will be of the form

cPanel User

This will not be an email address and it will not be more than 8 characters in length.

cPanel Password

This will typically be a generated password between 8 and 15 characters. You should cut and paste it into the field to avoid typos.

API Secret

A good API secret will be over 16 characters in length and can be a memorable phrase with a twist Jack and Jill went up Constitution Hill or something you cut and paste such as 4784343fddfbs$%%&^hsbsd545452

No API Secret Popup

If you do not get a popup appearing then we have one of the following scenarios:

  1. You have not yet set an API secret
  2. You had an API secret but have disabled it by setting the API secret as blank
  3. You have enabled an API secret but WPWhoosh cannot use it as there is no (MCRYPT) encryption software on your web server and hence Whoosh cannot use the API secret for decryption or encryption purposes.

In this last case you can choose to disable the API secret, by requesting an Authorization code and saving a blank secret. However, for security reasons we would normally advise you not to use the Whoosh plugin on this server and install the plugin on a more secure host. That said if you are building sites on a demo or test server with lower security requirements then operating without an API secret and encryption may be acceptable.

In any case, after installation you can always simply redact (or save with an incorrect value) the host username and password which removes any security risk.

In fact, in the next release of the WP Whoosh plugin we will have a checkbox option redact host details after installation which will remove the cPanel username and password after each successful installation.

Speak Your Mind