One of the controversial features of cPanel is its ability to host multiple websites. While convenient it can carry hidden risks which need to be planned.

What are addon domain’s?

Addon Domains are a feature of cPanel that allows multiple websites to be hosted under a single cPanel account and share resources. These are often marketed as hostage packages being able to host up to an unlimited number of websites for no extra cost.

In a separate article we discussed the steps of Creating Addon Domains within cPanel.

When is good to use an addon domain?

Hosting multiple sites under a single account can make sense at-least one of the following is true:

  • All websites and data are controlled by the same organisation
  • No or minimal sensitive data stored on the service
  • Technical integration between the sites: Connecting to the same database or sharing files (ie WordPress Multisite)
  • Personal Use and not business critical
  • Minimal and consistent resource usage
  • All sites on the account are well built, frequently updated and secure

When addon domains become an issue?

  • Single cPanel login: It is impossible to create a second cPanel credential if you only want a user or developer to only access one site
  • Vulnerable Security: An attacker may be able to exploit one site using directory traversal or execute Arbitrary Code to compromise all websites on the cPanel account. This is possible due to all PHP processes and commands running under the same linux username as opposed to multiple usernames where each site is sandboxed from each other.

    Security vulnerabilities are very common, just take a look at the Vulnerability Advisories page compiled by WordFence! With each additonal site your risk increases.
  • Unpredictable Performance: As resources are shared between all sites, if one website experiences higher than usual load such as due to a sale, misconfiguration or attack, all the sites on the account will run slow or experience issues
  • Shared Quotas (Bandwidth, emails-per-hour, disk space): Similar to performance, if one site has higher the usual usage such as due to a redesign or is sending out a newsletter to thousands of customers, all sites will be impacted
  • Suspensions: Your web hosting provider may suspend your service if they notice unusual activity or if quotas are exceeded. This will bring all sites offline.
  • Backups: It is not possible to migrate or generate a cPanel backup for just a single addon domain! This may cause difficulty if attempting to migrate away just a single site to a new provider.

Addon Domains vs Reseller Hosting

The major difference with ‘Reseller Hosting’ and ‘Addon Domains’ is that reseller accounts are a collection of individual cPanel accounts. Without many providers you bulk-buy the right to create between 5-50 individual cPanel accounts depending on the plan you buy. This is ideal for agencies looking for a cost-effective way to host multiple websites and eliminates the majority of the risks while adding additional management functionality like the ability to create custom plans for each client.

Summary

All things considered ‘Addon Domains’ are not fundamentally bad, however you do need to treat them with caution and understand they are only good as your weakest site. Outside of personal use and where you can tightly control all websites on it you are often best to spend an extra few dollars and get an additional plan. If reselling web-hosting you are best off investigating WHM hosting plans which allow you to safely scale up your operation.

What are your thoughts on addon domains? Let us know in the comments below

2 Comments

    • Excellent point, thanks for letting me know.
      I’ll have to update my articles 🙂

      While this functionality has changed cosmeticaly, additional ‘(addon) domains’ are still created the same way within the same single cPanel account and the fundementals of the article are haven’t changed.

Leave a Reply

Your email address will not be published. Required fields are marked *