Hi The password field on the Configure Backup page that is used for the authentication details of the remote FTP backup either uses htmlentities (or equivalent to the PHP function) on form submission but definately uses it on page load. This means any instances of ampersand, for example, get reinterpreted on form submit and saves an invalid password. In addition to this, it doesn't unhtmlentities when restoring the password into the field on new page load so therefor on further submits you end up saving &amp;amp;amp; On a sidenote, I know it's not crucial, I'm not too sure the password should be viewable in the HTML and instead should remain empty so that an empty password form submission doesn't update the password. I was able to ascertain the htmlentities problem by viewing in plain text my password in the html source. I appreciate that someone needs to be logged into WHM to do this, and the only obvious scenario for malicious use of this would be someone using the logged in computer but it wouldn't take much effort to resolve this permanently. I see cleartext has been filed as a bug: http://bugzilla.cpanel.net/show_bug.cgi?id=2150 (in 2005!) but haven't been able to find the htmlentities bug logged.