How to Add Two-factor Authentication to cPanel and WHM

Adding an extra layer of protection to your website is always a good idea. It makes it harder for hackers to penetrate through your backend and gain access to things you don’t want them to. In this post, I’m going to show you how to add two-factor authentication (2FA) to your web hosting’s control panel – cPanel.

Before we get started, here are a couple of things you will be needing:

• Access to your web hosting’s cPanel and WHM.
• Smartphone with a time-based one-time password (TOTP) app installed.

Once you have both these things, you can start the process by following the steps below.

1. Log in to WHM.

2. Look for the "Security Center".

3. Under Security Center, look for "Two-Factor Authentication".

4. Toggle on Two-Factor Authentication by clicking on the off button. Once this is done, the red dot will turn green. Now click Save.

5. Go to "Manage My Account" tab and scan the QR code given there with your TOTP app on your smartphone.

6. Enter the 6-digit security code from your TOTP app back to "Security Code" under Step 2. Next, click "Configure Two-Factor Authentication"

Two-factor authentication is now set up. Let’s keep this browser window open. In case anything goes south, you can easily disable the two-factor authentication right away.

Test 2FA

Now let’s test if it’s working properly.

1. Open a new browser and go to your website’s cPanel URL. The URL should be either www.domain.com/cpanel, or cpanel.domain.com. Now log in with your credentials.

2. You should be prompted to enter the security code. Get the 6-digit security code from your smartphone’s TOTP app, enter and click "Continue"

If you’re able to login to your cPanel page, that means it worked!

Read Also: 5 Tips to Toughen Up Your WordPress Login Security