Two-Factor Authentication in cPanel
- Two-Factor Requirements for cPanel
- Enabling Two-Factor Authentication in cPanel
- Disabling Two-Factor Authentication in cPanel
- Troubleshooting Issues with Two-Factor Authentication in
cPanel
- I deleted or lost the authentication application or token, what can I do?
- I have access to root WHM or SSH on my server, how can I disable two-factor authentication to regain access to the cPanel account?
- I have my authentication app, but for some reason, when I enter the code, it doesn't work.
- I'm getting a new mobile device, how do I transfer my authentication application settings to the new device?
This article explains how to set up two-factor authentication for your cPanel account.
If enabled on your server, you have the ability to add an additional layer of protection to your cPanel account. Normally, your cPanel account is protected by a username and a password, but it is possible to enable another layer of authentication on top of that. This is known as two-factor authentication as there are two different types of authentication required in order to access your account.
This additional protection will require you to enter a constantly changing 6-digit security code in addition to your username and password.
Two-Factor Requirements for cPanel
In order for two-factor authentication to work with your cPanel account, you'll need to meet the following requirements:
-
You are using a supported version of cPanel.
-
Two factor authentication is enabled on your server.
-
Your cPanel account is permitted to access this feature.
-
You have a supported authentication application like Google Authenticator, Authy or 1Password.
✅ Direct links to popular two-factor authentication applications:
Application Android iOS Windows Mac Authy Android iOS Windows 64-bit
Windows 32-bitMac Google Authenticator Android iOS n/a n/a 1Password Android iOS Windows Mac Make sure you always have the authentication application with you where ever you access cPanel, or you will be unable to log in.
Enabling Two-Factor Authentication in cPanel
Once you have at least one of the apps above, log into cPanel to enable two-factor authentication.
-
Log into cPanel. Typically, you can do this via a URL like: https://DOMAIN.COM/cpanel (Replace *DOMAIN.COM *with your cPanel main domain name.)
-
In cPanel's search box, type "factor" or "two" and select Two-Factor Authentication.
-
Click **Set Up Two-Factor Authentication **to start the process.
-
In your authenticator application, add a new a account/token/login item depending on the app you are using.
-
If you are using a mobile application as your authenticator, you can use the application to scan the large QR code that is displayed on the screen. If you are using a desktop app, you can use the code displayed under the QR code.
- If you need to set up more than one authenticator, now is the time to do that. Repeat **step 5 **with every authenticator you need to use.
-
Once set up in your authenticator, it will start displaying a 6-digit code. Type the code displayed in your app into the Security Code box and click the Configure Two-Factor Authentication button to finish setup.
ℹ️ From now on, when you try to log into your cPanel account, you will be asked to enter your username and password as well as the 6-digit code from your authentication application.
Disabling Two-Factor Authentication in cPanel
If you have two-factor authentication enabled and you have a working authenticator, you can turn off this feature when logged into cPanel.
-
Log into cPanel. Typically, you can do this via a URL like: https://DOMAIN.COM/cpanel (Replace *DOMAIN.COM *with your cPanel main domain name.)
-
In cPanel's search box, type "factor" or "two" and select Two-Factor Authentication.
-
Click **Remove Two-Factor Authentication **to disable it.
-
Once the feature is disabled, remove the entry from any of your authentication applications, as those login tokens will no longer be good.
Troubleshooting Issues with Two-Factor Authentication in cPanel
If you are having problems accessing your account after you set up two-factor authentication, here are some things to try.
I deleted or lost the authentication application or token, what can I do?
If you are not currently logged into cPanel when you lose or delete your token, then your two factor authentication must be disabled by someone with root WHM or root SSH access to your server (see below). Contact that person or HostDime if we are your hosting provider.
If you are currently logged into your cPanel account, you can follow the directions above to disable two-factor authentication or you can click the Reconfigure Two-Factor Authentication button to create a new token and revoke the old one.
I have access to root WHM or SSH on my server, how can I disable two-factor authentication to regain access to the cPanel account?
Root SSH
-
Log into your server via SSH as root.
-
Execute the following command:
whmapi1 twofactorauth_remove_user_config user=CPANELUSERNAME
⚠️ Replace CPANELUSERNAME in the example above with the actual lowercase cPanel username of the account where you want to disable two-factor authentication.
-
Try logging into the cPanel account to make sure it works.
Root WHM
This will disable two-factor for the cPanel account and invalidate any tokens they have set up. They can set up two-factor again if they wish.
-
Log into WHM as root.
-
Select Two-Factor Authentication from the Security Center section of the sidebar on the left.
-
Find the user account you want to remove two-factor authentication from and click the Disable link and confirm removal.
-
Test logging into the cPanel account to make sure it is possible to get in without the token.
This will disable two-factor for the cPanel account and invalidate any tokens they have set up. They can set up two-factor again if they wish.
I have my authentication app, but for some reason, when I enter the code, it doesn't work.
The codes generated are time-based, so if there is an issue with the time on the server or on your authenticator device you may have issues because the authenticator will be generating codes that don't match what the server is expecting.
Try resetting the time on your device to the correct time and try again.
If that doesn't work, try restarting your authenticator application or the device itself and try logging in again.
If it still doesn't work, disable your two-factor authentication as directed above and set it up again using a new token.
I'm getting a new mobile device, how do I transfer my authentication application settings to the new device?
Most mobile operating systems have methods of restoring your data securely from one device to another. Refer to your OS's restoration directions for how to accomplish this.
In addition, some applications (like Authy) offer a separate secure method of backing up your authenticators and syncing them between devices.
If you don't think you can handle this or you are concerned something might go wrong, disable two-factor authentication in cPanel before migrating to your new device.
Don't forget to disable your authenticator app on your old device.