7 Basic things everyone would love
Based on my years of experience in hosting services, and possible using many control panels as well (commercial ones and open sources ones)), which I don´t need, but customers do, here is a quick suggestions of features I would cPanel to
WHM Log Audit
There is no way easy to way to look in a simple screen the logs for cPanel accounts. You probably have to look the logs files itself. A nice feature in WHM would be a formatted nice visual screen which let s you look the last 10 access to cPanel accounts, all of them, or search by account.
This should include at least IP, time and date.
This is a must feature for security. Hacked accounts could be easily spotted and in terms of security lately 24 hours would had made the difference in my case, instead of having to deal with finding manually logs path and taking hours to read logs in text files for a specific account.
A formatted visual log could really make a difference in minutes of spotting strange logins to an account.
User side account audit
From the user side, the only a client is able to know if someone was logged into his account, was the last access from IP, nothing more. And if you logged in from WHM as admin, it overwrites this. Really? How hard can it actually be to read the logs in:
The logs exists, but no nice visual formatting for administrators or users. For the user side please at least let them see the last 25 log ins with IP and time.
There is no way today for a customer to spot someone breaking into their cPanel account. Something like the email exim queue and reporter does would be nice here.
Please allow the customer to restrict his cPanel account access by IP.
Let them trigger a notification each time someone access his cPanel account, with IP, date and time, better if IP resolves to country like the brute force email alert does. At least some customers would know his account was hacked if they see someone accessing from China.
All this 4 features are very easy to implement since cPanel already uses similar features in other parts of the software.
Please don´t let the user use the password for a MySQL user account as he does for this cPanel. MySQL details are stored in plain text, like “wp-config.php” in Wordpress, the symlink hack with this basically gets access to cPanel accounts. This feature sounds more complicated, but it’s very easy actually.
Must users will create the MySQL users from the cPanel interface, so all cPanel needs to do is check if it’s the same as login to cPanel and if yes, show an alert and not allow it.
Don´t allow the user to use the email account as the domain he is hosting on. This is just plain dumb.
If you want to extend this features, add the above mentioned also for FTP access.
Now honestly, developer’s don´t be lazy, this stuff is very easy to code and add, but it’s not here. Why? These are very basic stuff which would be very easy to implement and customers would really appreciate it.
Why does cPanel assume everyone using cPanel is an idiot? It seems they don´t want to add anything in terms of features that someone would consider more complicated or complex for a customer to understand. Yes, some users are like that, but some are developers, or web designers, and would use this features.
I could go on and on, but honestly I don´t have the energies to do so since I know this things will just vanish in the air and it's time spend for nothing.