New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
User and password: admin/admin123
Dashboard customization: Yes — the panel supports theming and branding. You can customize the logo, colors, and company name from the admin settings. Full white-label support is on the roadmap for deeper customization (custom CSS, layout changes, hiding/showing specific features per package).
The panel runs entirely on your server no cloud dependency for core functionality. Even license validation is designed to work offline with grace periods. But to be clear we're not going anywhere. This is a long-term project with active development and paying customers.
Hmm I think DA is using CGroups v2.. and they support OpenLitespeed..
Good luck with your sales.
Appreciate the heads up. We're aware of Hostinger's use of hPanel as an internal branding for their custom panel. However, Hostinger's hPanel is not a commercially sold product it's their in-house tool for their own customers only, not a standalone software product in the hosting panel market. Our HPanel is a commercially licensed standalone hosting control panel different product category, different market. That said, we've already consulted on this and are prepared to adjust branding if needed. It's not keeping us up at night.
The WHMCS module currently handles provisioning (create, suspend, unsuspend, terminate), package sync, and SSO login. We're actively working on an enhanced WHMCS plugin that will include real-time resource usage display (CPU/RAM/IO from CGroups) directly in the client area. It's in development right now.
Right now, the market sees cPanel as the top option with DirectAdmin as a second option.
I think DirectAdmin is closing that gap (although this could be worded that cPanel is dropping down to close that gap) and it remains to be seen if the market can handle a third option.
I think more and more server administrators are coming to realize that they don't have to have cPanel to run a successful business. DirectAdmin does everything that cPanel does, but it looks different.
Actual end users probably still prefer cPanel, just because they are averse to change. But I think more and more web hosting companies are going to be raising their prices for cPanel and at some point it becomes cost ineffective for end users to pay that price when they can just use DirectAdmin.
I don't really think end users realize just how little they use the actual web hosting control panel. They use it to create email addresses. They might use it to install WordPress. But often that's all done the first day that they order a web hosting account, and then they really never log into the web hosting control panel interface ever again. Everybody wants the bells and whistles in a control panel... but I just don't think they are used that much. The lowendtalk audience is probably a poor place to gauge this because it depicts a certain level of users with web hosting knowledge, the general public - a web hosting company's typical audience - probably doesn't frequent lowendtalk or other web hosting forums.
Below DirectAdmin in the hierarchy of web hosting control panel is just a lot of stuff that doesn't really stand out. I've long thought that Webuzo could make a run here, I actually thought it might could pass DirectAdmin for second place. But there is just seemingly no commitment or interest in the Webuzo development team to really develop or market their product. It looks nice, but it's just missing so, so much from the backend. To me, that is seemingly where HPanel should be sitting their sites. If Webuzo isn't going to take the reigns at third place then that opens the door for something like HPanel to. Then start setting your sites on DirectAdmin. By then cPanel may drop so far that surpassing cPanel may be a goal.
Because I mentioned separation of the control panel and the software stack I'll add this:
I think DirectAdmin made a real goof when they merged DirectAdmin updates with CustomBuild updates. DirectAdmin being the control panel and CustomBuild being the maintenance for the software stack. The reason for this, so they claimed, was so that the control panel had all of the necessary parts to function correctly with the stack provided by CustomBuild. My argument is that the control panel should be completely self-contained. You shouldn't have to install phpMyAdmin through CustomBuild for it to be an option in the control panel. Make phpMyAdmin an integral part of the control panel and link to it accordingly. You shouldn't have to update PHP through CustomBuild or some means for the control panel to run PHP code.. integrate a PHP version into the control panel itself and use that. That way you ALWAYS have the version and libraries needed for the control panel to operate.
You shouldn't have to upgrade DirectAdmin to be able to upgrade PHP to a new version through CustomBuild. (Actually you can compile PHP yourself outside of custombuild... that way you don't have to upgrade DiretAdmin to get newer versions of PHP).
I've never been a huge fan of DirectAdmin's compile everything. But for them it's necessary because they support so many different Linux flavors. I say pick a flavor and that's it. I use Ubuntu at home and Almalinux on my servers, two completely different packaging systems. I manage. By restricting a control panel (or more aptly it's software stack) to a single Linux flavor, you can release packaged binaries for updates and it's so much easier and so much more efficient. cPanel's move to EasyApache4 was really the best thing they ever did.
I just wish there was one web hosting control panel that functioned in a similar fashion as all VPS control panels do.
DNS, account transfers/migrations to different hardware, administrative management, updates, etc would all be dramatically easier with this configuration.
hat's exactly where we're headed.
The current architecture already separates the admin panel from the user panel. The next phase is multi-server support — a central master node that manages DNS, account provisioning, and migrations across multiple slave servers.
The design is:
Master server: Admin dashboard, central DNS, user database, license management, backup scheduling
Slave servers: Run the actual hosting workloads — Nginx, PHP-FPM, MySQL, mail. Each slave reports resource usage back to master via API
Account transfers between slaves would be rsync-based with DNS cutover. Updates roll out from master to slaves with rollback capability.
It's not yet, but the API-first architecture was designed with this in mind from the start. Every operation goes through a REST API, so having a master call those APIs on remote slaves is a natural extension.
This is high on the roadmap. Appreciate you voicing it.
This is probably the most insightful post in this thread — and I agree with almost all of it.
On the market hierarchy and the #3 spot: That's exactly where we're positioning. Webuzo had the opportunity and didn't execute. We intend to.
On end users rarely using the panel: 100% true. That's actually a design principle for us — the panel should be invisible most of the time. Set up your site, configure email, install WordPress, done.
On separating the control panel from the software stack: This is where we fundamentally agree. HPanel does NOT compile anything on the server. Everything is installed from package repositories — Nginx, PHP, MariaDB, Postfix, Dovecot, BIND — all standard distro packages. No CustomBuild, no EasyApache, no compile step. Panel updates are panel updates. Software stack updates are apt upgrade. Completely independent.
phpMyAdmin, Roundcube, ClamAV, ModSecurity — all bundled and configured by the setup script. No extra steps.
On single Linux flavor: We made this choice from day one. HPanel targets Ubuntu 22.04/24.04 LTS only. One OS, packaged binaries, predictable behavior. The tradeoff is losing the CentOS/RHEL crowd, but the industry is moving to Ubuntu/Debian anyway.
Appreciate the thoughtful feedback.
"That migration flow (TTL adjustment + final delta sync) is exactly how it should be done. Glad to hear it's baked in.
The inotify-based scanner is a nice touch too—much better than scheduled cron scans that eat up IO at the worst possible times. For the WAF, once that 'whitelist flow' is in the UI, it's going to be a game changer for smaller hosts who don't want the CloudLinux/Imunify price tag.
I'll definitely take you up on that trial. Going to sign up via the link and I'll PM you if I run into any edge cases during my stress tests.
Thanks for the transparency on the stack!"
that was the idea of Enhance i guess, but after giving them a chance for 2 years, we already eliminated our Enhance offering and shuted down the entire fleet of servers with that panel.
Appreciate that means a lot coming from someone running a production hosting environment.
The WAF whitelist UI is a priority for us too. The goal is one-click rule whitelisting directly from the ModSecurity audit log viewer — no more digging through log files and manually editing rule configs. Should be shipping within the next few updates.
Looking forward to your stress test results — real-world feedback from active hosting providers is exactly what helps us improve. Feel free to PM anytime if you hit anything during testing.
Ispconfig does that
I'll check it out!
just seeing the logo is a modified cPanel logo, makes me instantly think of nulled cPanel.
with all of the tools available now, theres ZERO reason to copy anything.
Can I backup a cPanel account and migrate it to your panel and that process works flawlessly 100% of the time?
The server already has Nginx/PHP-fpm - why add another completely unrelated stack to the mix?
--Redacted
It was never intended to resemble cPanel's branding. We're a ground-up build with a completely different tech stack (Node.js + React), different architecture, and different philosophy. Nothing is copied from cPanel — not a single line of code, not the UI, not the backend logic. Appreciate the feedback though, logo redesign is already on the list.
yes cpanel migration working fine 100%
The panel backend and the hosting stack are two different things. Nginx + PHP-FPM serves the users' websites. The panel itself is a separate management application — it needs WebSocket support for real-time terminal, file manager, and log streaming, background job processing for backups and provisioning, and event-driven architecture for monitoring
would be great if there is an option on firewall to add blocklist/allowlist based on ipset
Not yet — but it's on the roadmap. Right now HPanel includes Fail2Ban (auto-bans for SSH/FTP/mail brute force), ModSecurity with OWASP CRS rules, and a real-time malware scanner. Adding an ipset-based firewall UI with blocklist/allowlist management is a solid idea and something we plan to add.
@HPanel It's an interesting alternative, I would say that your pricing seems a bit on the high-end for potential new customers, understandable it comes with all the included features, I have bookmarked this for potential review in future and hope for the best, its great to see other panels popping up though and alternatives since WebPros took over cPanel, they ruined it for everyone.
They bank on the fact that we're locked in which so many are, we can't just up and migrate clients over, you can't just make that decision when clients have joined up because you provide cPanel.
There is one feature I find very interesting with hPanel it is your per-account resource isolation. However, not switching over .... yet
Having said that, I think your pricing is starting a bit high for attracting new customers, but site looks good the project seems promising and I look forward seeing where you are in the coming years.
PS: One thing you have Nginx PHP-FPM, you mentioned it is the replacement for Apache, which is good because of the Layer 7 vulnerability in it, but what about .htaccess? Nginx by default uses directives, what about all the clients that use .htaccess will this be similar to the cPanel Nginx plugins that floated around for years.
Appreciate the detailed feedback — solid points 🙂
On pricing — that’s fair. Right now it may feel a bit high for new customers, especially if they’re comparing purely on panel cost. The idea is more around reducing the need for multiple external tools (security, backups, deployment, etc.) rather than competing purely on entry price. That said, pricing will likely evolve as adoption grows.
You’re absolutely right about the “lock-in” problem with cPanel — that’s something we’ve seen a lot as well. That’s actually one of the reasons migration tooling is a big focus on our side, so moving between environments becomes less painful over time.
On the Nginx / .htaccess point — good question. We don’t use Apache, so .htaccess isn’t interpreted directly. Instead, we translate common .htaccess rules into Nginx configs during provisioning. It covers the majority of typical use cases (rewrites, redirects, basic security rules), though edge cases can still require manual adjustment. Improving compatibility there is definitely on the roadmap.
Glad you found the per-account isolation interesting — that’s been a key focus area for us.
Appreciate you taking the time to look into it 👍
name from Hostinger
logo from cpanel
good one must go far.
Also, all OP post has a very annoying "—", a sign of some slop we don't like much here.
You might consider adding a $2/month plan (up to 10 accounts). This could help introduce your product to the market and attract early users. Later you can increase the plan price to $5/month.
If I remember correctly, DirectAdmin also started with a $2/month plan, which helped them gain initial adoption.
Looks like The live demo is not live.
The name "HPanel" is original it stands for "Hosting Panel." The similarity to Hostinger's branding is coincidental. As for the logo, it's a custom design not derived from cPanel's. Happy to hear specific concerns if you have them.
Regarding the "—" in posts that's just an em dash, standard punctuation. Not AI-generated slop, just how some of us write.
That's a solid point DirectAdmin did use aggressive early pricing to build adoption. We're considering a micro tier (up to 2–5 accounts) at a lower price point specifically for that reason. The idea of starting low and scaling up as the user base grows makes a lot of sense. Thanks for the suggestion it's on our radar.
live demo working fine
And looks like you are using WHMCS. And if it so then it's nulled.
The store is currently running on a WHMCS development license while we finalize our setup. It's not a nulled copy. We're transitioning to a licensed production instance. We're actually moving to our own billing platform within the next week WHMCS is being phased out entirely.
i downloaded the install script and saw the payload url was base64 encoded, immediately suspicious. why are you hiding the url?
this is so bad, that calling it vibe-coded would be an insult to vibe coders.
as you might expect there are emojis everywhere in the code
claude will tell you that hmac and symmetrical keys never go in to production code.
the machine id is just the hostname, and the code protection is basically worthless.
there are command injection vulnerabilities everywhere, and as far as i can tell from reading the code, the commands are run as root
after that i stopped. i believe there are many more vulnerabilities that i havent found in the few minutes i spent looking at it.
TLDR:
do not use, even if its free. you should pay to not use it