Customising/Branding the email Templates (user emails)
This documentation allows you to customise the email notifications sent to end-users (cPanel users etc). As a hosting provider, you can fully brand these emails to align with your company’s identity, ensuring that your customers (who may not recognise cPGuard) only see communication from the hosting provider they trust. This gives you full control over the look, feel, and content of the emails, allowing for a seamless customer experience and stronger brand recognition.
How to Customize:
- Make a Copy of the File:
- Locate the original file on your server under /opt/cpguard/app/resources/email_templates
(e.g., user_infected_files.html). - Create a duplicate and rename it by adding _custom to the filename (e.g.,
user_infected_files_custom.html).
- Locate the original file on your server under /opt/cpguard/app/resources/email_templates
- Edit the Copied File:
- Open the copied file (user_infected_files_custom.html) in any text editor.
- Modify the content and Twig variables as needed to suit your requirements.
- Save Your Changes:
Once you’ve edited and saved the file, the system will use your custom template in place of the default one.
Twig Templating Engine Overview:
This template uses Twig, a flexible, secure, and powerful templating engine for PHP. Twig allows you to dynamically generate HTML content by embedding logic directly into your templates using placeholders, loops, and conditions.
Some Twig syntax you’ll see in these templates:
Variables: Displayed with {{ }} syntax.
{{ user }} <!-- Will display the username -->Conditionals: Used for conditional content.
{% if logs|length > 0 %}
<!-- Code for displaying logs -->
{% else %}
<!-- Code if no logs are found -->
{% endif %}Loops: Used to iterate over arrays/lists like logs.
{% for log in logs %}
<!-- Display each log -->
{% endfor %}Modifiers/Filters used
| Filter | Example | Description |
| e | {{ log.path|e }} | Escape characters that affect the resulting HTML |
| date | {{ log_time|date(‘F j, Y, g:i a’) }} | Format the date to specified format |
| first | {% set log = logs|first %} | Get the first item of array/list |
| lower | {{ log.reason|lower }} | Convert text to lowercase |
| length | {{ logs|length }} | Length of array/list |
For detailed documentation on Twig, you can refer to the official documentation here: Twig Documentation
Important Notes:
- Logic Control: Try to keep the Twig logic intact, such as loops ({% for %}) and conditionals ({% if %}), to ensure the template functions properly.
- Limited HTML Support in Emails: It’s important to note that email clients generally have limited support for HTML and CSS. Unlike modern web browsers, email clients (like Gmail, Outlook, and Apple Mail) do not support all the latest HTML5 features, which can impact the appearance and functionality of your emails.
Infected files email
This email is sent to notify end-users when an infected file is detected on their hosting account by the malware scanner. The notification serves to inform them of potential security risks and lets them ensure that the working of the website or application is not affected.
Filename : email_templates/user_infected_files.html
Variable List:
| Variable | Description |
| user | The username of the account |
| domain | The domain name of the user account. (primary domain) |
| logs | An array of logs representing infected files. Each log contains file details (e.g., path, reason, definition). |
| hostname | Server hostname |
| __year | Current year (used for copyright). |
The logs array/list on iterating has the following keys/variables {% for log in logs %}
logs Array Items
| log.path | Infected file path |
| log.definition | virus or malware signature |
| log.reason | Type/Category |
| log.action | action taken (e.g., quarantined, deleted). |
| log_time | timestamp of the infection detection. |
Outdated CMS and vulnerability report
This email is sent to notify end-users when vulnerabilities or threats are detected in their CMS installations. These vulnerabilities may pose security risks, and attackers can exploit them to gain unauthorized access. The email informs users of critical issues, outdated CMS versions, and other potential threats, encouraging them to take immediate remedial actions such as updating their CMS or addressing security concerns.
Filename : email_templates/user_cms_threats.html
Variable List:
| Variable | Description |
| title | Title/subject of the email |
| user | Username of the account |
| domain | Domain name of the user account. (primary domain) |
| critical_count | Nnumber of critical CMS issues detected |
| outdated_count | Number of CMS that are not latest version |
| threats_count | Total number of CMS threats found |
| cms_list | An array containing details of each CMS installation foundow). |
| threats | An array containing details of each identified threat |
| hostname | Server hostname |
| __year | Current year (used for copyright). |
cms_list Array Items
| cms.domain | Domain of the CMS |
| cms.path | Path on server |
| cms.version | Current version of the CMS |
| cms.version_status | Status of the CMS version (e.g., latest, outdated). |
| cms.threat_rating | CVE rating of the CMS, e.g., “critical”, “high”, “medium”. (highest) |
| cms.threat_score | Highest CVE score |
threats Array Items
| threat.path | File path of the detected threat |
| threat.version | Reason for identifying the file as a threat |
| threat.version_status | Severity level of the threat (e.g., “Low”, “Moderate”, “Severe”, “Critical”). |
User account suspension email
This email is sent to notify end-users when suspicious activities have been detected on their hosting account or domain, prompting automatic suspension for security reasons. The notification serves to inform the user of potential threats, enabling them to take necessary actions to secure their account and avoid further compromise.
Filename : email_templates/user_account_suspension.html
Variable List:
| Variable | Description |
| title | Title/subject of the email |
| domain | Domain name of the user account. (primary domain) |
| suspended_user | Username of the account that has been suspended due to suspicious activities. If this is not provided, the email will instead display information about a domain. |
| suspended_domain | Domain name that has been suspended. If no user account is suspended, this variable shows which domain is impacted. |
| reason | Provides the specific reason for the suspension. |
| count | Represents the total number of infected files detected on the hosting account or domain during a certain time period. (conditional) |
| interval | Specifies the time range (in hours) during which the infected files were detected, used in conjunction with count to form a detailed message in the absence of reason. (conditional) |
| hostname | Server hostname |
| __year | Current year (used for copyright). |
User account login disabled email (cPanel only)
This email is sent to notify end-users when suspicious activities have been detected with a specific user account, leading to the automatic disabling of the account login as a security precaution. The notification serves to inform the user of the detected issues, enabling them to review the account and take necessary actions before re-enabling login.
Filename : email_templates/user_account_disable.html
Variable List:
| Variable | Description |
| title | Title/subject of the email |
| domain | Domain name of the user account. (primary domain) |
| user | Username of the account |
| hostname | Server hostname |
| __year | Current year (used for copyright). |