Two-Factor Authentication (2FA) enhances account security by requiring a second form of verification beyond just the password. In cPanel/WHM, 2FA can be enforced or disabled at the server level using the WHM API.
✅ To Enable Two-Factor Authentication (2FA) Globally
Run the following command as root via SSH to enable the 2FA policy for all users:
whmapi1 twofactorauth_enable_policyThis enforces the use of 2FA for users who have it configured. It does not automatically set up 2FA for users—it only enforces the policy where configured.
To set up 2FA for an individual cPanel user:
- Log into cPanel.
- Navigate to Security > Two-Factor Authentication.
- Click Set Up Two-Factor Authentication, scan the QR code using an authenticator app, and verify.
To set up 2FA for WHM/root:
- Log into WHM.
- Go to Security Center > Two-Factor Authentication.
- Click Manage My Account to configure 2FA for root or a reseller.
❌ To Disable Two-Factor Authentication (2FA) Globally
Run the following command as root via SSH to disable the 2FA policy:
whmapi1 twofactorauth_disable_policyThis will stop enforcing 2FA for all accounts, though any existing user configurations remain and can be manually removed.
🔄 Useful References:
- WHM Interface: Main >> Security Center >> Two-Factor Authentication
- API Reference: https://api.docs.cpanel.net/openapi/whm/operation/twofactorauth-enable-policy/
- Log file for 2FA issues:
/usr/local/cpanel/logs/login_log