In this circumstance, access should be clearly separated into roles at different levels. When hosting a web application a separate password and user should be used for database access by the web application. The web application should never have root access to any other domain. In a similar way, real world users should be divided into roles and categories and non-should be granted full root access.
==Shared Hosting==
==Dedicated/VPS Hosting==
<li>
File permissions
</li>
</ol>
==Shared Hosting==
<ol>
<li>'''Password Management'''
For shared hosting password managment is a core defence against attack. The administrator password should fit the criteria above for a strong password - long, variance in characters containing no dictionary words.
As above [https://securityinabox.org/en/keepass_main| Keepass] can be used to generate and store a complex admin password. This has the secondary advantage of limiting access to the admin password to those who are trusted with the Keepass store.
</li>
<li>
'''Restrict IP addresses'''
Depending on what version of CPanel your provider offers, it is possible to lock down access via [http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/DenyAccess| Host Access Control] option. This allows you limit access to very specific IP addresses.
</li>
</ol>