remove the use of .contactemail hidden file
As a web-hosting provider I would like to remove the use of .contactemail hidden file so that hackers / bots cannot change cPanel passwords and gain total access to a cPanel account.
After a hacker / bot has hacked a Joomla, Wordpress or other system which a user has not updated or patched, it is possible for the hacker / bot to upload .contactemail file and then use the Password Reset feature to change cPanel password and then gain total access to the cPanel of the web hosting account of the hacked website. The feature request is to remove the use of such .contactemail hidden file to remove this loophole. Perhaps the way to store user to set contact information is via a database which cannot be edited via any means other than a tool provided inside cPanel. Also, there should be an email verification process when the user changes its contact email address.