How to Enable Two-Factor Authentication for cPanel and WHM Accounts (2FA)

This article provides a guide demonstrating how to enable two-factor authentication for cPanel and WHM accounts.

GET SECURE CPANEL HOSTING AT 50% OFF

How to Enable Two-Factor Authentication for cPanel and WHM Accounts

Two-Factor Authentication (2FA) adds an extra layer of protection to your hosting environment by requiring both your password and a temporary verification code from a trusted device. Enabling 2FA helps protect against:

• Stolen passwords
• Credential stuffing attacks
• Brute-force login attempts
• Unauthorized access to hosting accounts

This guide explains how to enable 2FA for both:

• cPanel user accounts
• WHM reseller/root accounts

Compatible apps include:

• Google Authenticator
• Microsoft Authenticator
• Authy
• Duo Mobile

Why Enable 2FA?

Without 2FA, anyone who obtains your password can log into your hosting account.

With 2FA enabled:

1. User enters username/password
2. System requests a temporary security code
3. Code changes every 30 seconds
4. Access is granted only if both are correct

This dramatically improves account security.

Requirements

Before starting, you need:

• Access to your cPanel or WHM account
• A smartphone or tablet
• An authenticator app installed

How to Enable 2FA for cPanel Accounts

1. Log Into cPanel

   Access your cPanel account through one of the following URLs:
   https://yourdomain.com:2083

   or
   https://server-hostname:2083


2. Open Two-Factor Authentication

   Inside cPanel:

   1. Scroll to the Security section
   2. Click Two-Factor Authentication

3. Set Up Two-Factor Authentication

   Click:

   Set Up Two-Factor Authentication
   

   You will see:

   • A QR code
   • A manual setup key

4. Open Your Authenticator App

   Using your mobile device:

   1. Open Google Authenticator, Authy, or another supported app
   2. Tap:
      • “+”
      • “Add Account”
      • or “Scan QR Code”
   3. Scan the QR code shown in cPanel

   If scanning fails, manually enter the setup key.

5. Enter Verification Code

   Your authenticator app will generate a 6-digit code.

   In cPanel:

   1. Enter the code
   2. Click Configure Two-Factor Authentication

   If successful, 2FA will be enabled immediately.

Testing cPanel 2FA

Log out of cPanel and sign back in.

You should now see:

1. Username/password prompt
2. Verification code request

Enter the current code from your authenticator app.

How to Disable cPanel 2FA

If needed:

1. Log into cPanel
2. Open Two-Factor Authentication
3. Click:

Remove Two-Factor Authentication

You may be asked to confirm with a verification code.

How to Enable 2FA for WHM

WHM administrators, resellers, and root users should also enable 2FA.

1. Log Into WHM

   Access WHM:

   https://your-server-hostname:2087
   

2. Open Two-Factor Authentication

   In WHM:

   1. Search for:

      Two-Factor Authentication
      

   2. Click the feature under:

   Security Center
   

3. Enable 2FA Globally (Root Only)

   If logged in as root:

   1. Navigate to:

      Home → Security Center → Two-Factor Authentication
      

   2. Toggle:

      Enable
      

   3. Save changes

   This enables 2FA capability for WHM users and cPanel accounts.

Configure WHM User 2FA

After enabling globally:

1. Click Manage My Account
2. Scan the QR code using your authenticator app
3. Enter the generated verification code
4. Click Configure Two-Factor Authentication

How Resellers Enable 2FA

Reseller users can:

1. Log into WHM
2. Open:
   • Security Center
   • Two-Factor Authentication
3. Configure their own account similarly

Root access is not required for reseller self-enrollment.

Recommended Authenticator Apps

Google Authenticator

Pros:

• Simple
• Lightweight
• Widely supported

Cons:

• Limited backup/recovery features

Authy

Pros:

• Cloud backup
• Multi-device sync
• Easy device migration

Cons:

• Requires phone number registration

Microsoft Authenticator

Pros:

• Enterprise-friendly
• Backup support
• Push notification support for some services

Best Security Practices

Use Strong Passwords

2FA should complement strong passwords, not replace them.

Recommended:

• 16+ characters
• Randomized
• Unique per account

Store Backup Codes Securely

Some systems provide recovery or backup codes.

Store them:

• Offline
• In a password manager
• In encrypted storage

Protect Root WHM Access

Always enable 2FA on:

• Root WHM accounts
• Reseller WHM accounts
• Billing/admin systems

Avoid SMS-Based 2FA

Authenticator apps are generally safer than SMS verification because they are less vulnerable to SIM-swapping attacks.

Troubleshooting 2FA Issues

Incorrect Verification Codes

Common causes:

• Phone clock out of sync
• Wrong account selected
• Expired 30-second token

Fix:

• Enable automatic time synchronization on your phone
• Wait for the next code refresh
• Re-scan the QR code if needed

Lost Phone or Authenticator App

If you lose access:

cPanel Users

Contact your hosting provider to reset 2FA.

Root WHM Users

You may disable 2FA via WHM or server-side recovery procedures.

QR Code Will Not Scan

Try:

• Increasing screen brightness
• Zooming browser view to 100%
• Using manual key entry instead

Server Administrator Notes

WHM administrators can enforce broader security policies including:

• Password strength requirements
• IP restrictions
• cPHulk brute-force protection
• ModSecurity rules
• SSH hardening

For maximum protection, combine 2FA with:

• cPHulk Brute Force Protection Documentation
• ModSecurity Documentation
• Imunify360

Final Thoughts

Enabling Two-Factor Authentication for cPanel and WHM is one of the most effective ways to secure your hosting environment against unauthorized access.

Whether you manage:

• A single website
• A reseller business
• Multiple production servers

2FA significantly reduces the risk of account compromise and should be considered essential for all hosting administrators.

GET SECURE CPANEL HOSTING AT 50% OFF

Conclusion

You now know how to enable two-factor authentication for cPanel and WHM accounts.

✅ Easy Website Management with cPanel Support

Running a business is hard enough — managing your website shouldn’t be. That’s why we include full cPanel support with every hosting plan:

• ✅ Simple Dashboard – No tech skills needed. Easily manage your website, emails, and more from one place.
• ✅ Quick App Installs – Launch WordPress, shopping carts, or other tools with just one click.
• ✅ Professional Email – Create business email addresses (like you@yourbusiness.com) in minutes.
• ✅ Reliable Backups – Keep your website safe with easy-to-use backup and restore options.
• ✅ Secure & Protected – Manage your site’s security and SSL certificates with built-in tools.
• ✅ Real Help, Anytime – Our expert support team is available 24/7 for anything you need.

---

💬 What Our Customers Say

“I have had nothing but good experiences with Rad Web Hosting. The staff is there to help you to make sure that you stay online and I haven't had any downtime with my server in the time I have been with Rad Web Hosting and I have had my server for over two years.”

— Janice L., Owner of RJGM

---

🏆 Trusted by Small Business Owners Nationwide

🚀 Get Started Today

Take the stress out of website management. With cPanel support and expert help just a click away, you can focus on what matters most — growing your business.

Choose Your Plan Now