cPanel account provides access to key features of your website and hosting service. You can manage your website files, emails, databases, domains, backups, SSL certificates, and other hosting features from your cPanel account.
Because of this, it is very important to protect your cPanel account from unauthorized access.
One of the best ways to secure your cPanel login is to enable Two-Factor Authentication (2FA).
Two-Factor Authentication adds an extra security step to your cPanel login. Instead of logging in with only your username and password, you will also need to enter a temporary security code from an authenticator app on your phone.
This means that even if someone knows your cPanel password, they still cannot log in without the 2FA code from your device.
Table of Contents
What Is Two-Factor Authentication?
Two-Factor Authentication is a login security method that requires two forms of verification.
The first factor is your normal cPanel username and password.
The second factor is a temporary 6-digit security code generated by an authenticator app on your phone.
This code changes regularly and can only be generated from the device where you set up the authenticator app.
Why You Should Enable 2FA on cPanel
Your cPanel account controls many sensitive areas of your hosting account, including:
Website files.
Email accounts.
Databases.
Domain settings.
DNS records.
SSL certificates.
Backups.
FTP accounts.
Application installations.
If someone gains access to your cPanel account, they may modify your website, upload malicious files, delete data, create email accounts, or make unauthorized changes to your hosting service.
Enabling 2FA helps reduce this risk by adding a second layer of protection to your login.
What You Need Before You Start
Before enabling 2FA in cPanel, make sure you have the following:
Access to your cPanel account.
Your cPanel username and password.
A smartphone.
An authenticator app installed on your phone.
You can use any supported authenticator app, such as:
Google Authenticator.
Microsoft Authenticator.
Authy.
1Password.
Bitwarden Authenticator.
Any standard time-based one-time password authenticator app should work.
Step 1: Log in to cPanel
First, log in to your cPanel account.
You can usually access cPanel using one of these methods:
Through your HarmonWeb Client Area.
Through your direct cPanel login URL.
Through your domain followed by the cPanel port.
For example:
or
Replace yourdomain.com with your actual domain name.
Enter your cPanel username and password, then click Log in.
Step 2: Go to the Security Section
After logging in to cPanel, scroll down to the Security section.
The cPanel dashboard is divided into different sections such as Files, Databases, Domains, Email, Metrics, Security, Software, and Advanced.
Under the Security section, look for Two-Factor Authentication.
Click Two-Factor Authentication.
Step 3: Click Set Up Two-Factor Authentication
On the Two-Factor Authentication page, you should see an option to configure or set up 2FA.
Click Set Up Two-Factor Authentication.
cPanel will display a QR code and an account key.
The QR code is what you will scan using your authenticator app.
Step 4: Open Your Authenticator App
Open the authenticator app on your phone.
Tap the option to add a new account.
Depending on the app you use, the button may appear as:
Add account.
Scan QR code.
Add code.
Set up account.
Use your phone camera to scan the QR code displayed in cPanel.
Once the QR code is scanned successfully, your cPanel account will be added to the authenticator app.
The app will start generating temporary 6-digit security codes for your cPanel login.
Step 5: Enter the Security Code in cPanel
After scanning the QR code, check your authenticator app.
You should see a 6-digit code for your cPanel account.
Enter the current code into the security code field in cPanel.
Then click Configure Two-Factor Authentication or the confirmation button shown on your screen.
If the code is correct, cPanel will enable Two-Factor Authentication on your account.
Step 6: Confirm That 2FA Is Enabled
Once the setup is complete, cPanel should show a success message confirming that Two-Factor Authentication has been configured.
This means your cPanel account is now protected with 2FA.
The next time you log in to cPanel, you will need to enter your username, password, and the security code from your authenticator app.
Step 7: Test Your cPanel 2FA Login
To make sure everything works correctly, you can test your login.
Log out of cPanel.
Go back to your cPanel login page.
Enter your cPanel username and password.
After entering your password, cPanel will ask for your 2FA security code.
Open your authenticator app.
Enter the current 6-digit code.
If the code is accepted, you will be logged in to cPanel successfully.
What Happens After You Enable 2FA?
After enabling 2FA, your cPanel login process will work like this:
You visit your cPanel login page.
You enter your username and password.
cPanel asks for your security code.
You open your authenticator app.
You enter the current 6-digit code.
cPanel verifies the code and logs you in.
The code changes regularly, so you must always use the latest code shown in your authenticator app.
What to Do If the 2FA Code Is Not Working
If cPanel rejects your 2FA code, try the following:
Make sure you entered the latest code from your authenticator app.
Wait for the code to refresh and try again.
Make sure the time and date on your phone are correct.
Make sure you selected the correct cPanel account in your authenticator app.
Do not use an expired code.
Authenticator apps depend on accurate time settings. If the time on your phone is incorrect, the generated code may not work.
If you still cannot log in, contact HarmonWeb support for assistance.
What to Do If You Lose Your Phone
If you lose the phone where your authenticator app is installed, you may not be able to generate your cPanel 2FA code.
In this case, contact HarmonWeb support immediately.
For security reasons, you may be required to verify that you are the rightful owner of the hosting account before 2FA can be reset or removed.
This process helps protect your account from unauthorized access.
Important Security Tips
Do not share your cPanel password with anyone.
Do not share your 2FA code with anyone.
HarmonWeb support will never ask you to send your current 2FA code.
Use a strong and unique password for your cPanel account.
Avoid using the same password on multiple websites.
Keep your phone secure with a screen lock.
Keep your email account secure.
Update your password if you suspect unauthorized access.
Contact HarmonWeb support immediately if you notice suspicious activity.
Frequently Asked Questions
Is 2FA required for cPanel?
2FA may be optional or required depending on the security settings on the hosting server. However, we strongly recommend enabling it if the option is available in your cPanel account.
Can I use Google Authenticator for cPanel?
Yes. Google Authenticator can be used to generate the 6-digit security code needed for cPanel 2FA.
Can I use Microsoft Authenticator?
Yes. Microsoft Authenticator can also be used for cPanel Two-Factor Authentication.
Why can I not see Two-Factor Authentication in cPanel?
If you do not see the Two-Factor Authentication option in cPanel, it may not be enabled on the server or may not be available in your hosting package interface.
You can contact HarmonWeb support for assistance.
Can HarmonWeb see my 2FA code?
No. Your 2FA code is generated by your authenticator app. HarmonWeb support does not need your 2FA code and will never ask you to share it.
What should I do before changing my phone?
Before changing your phone, make sure you can transfer your authenticator app accounts to the new device.
If your authenticator app does not support transfer, you may need to disable and set up 2FA again before you lose access to the old phone.
Final Thoughts
Enabling Two-Factor Authentication in cPanel is a simple but powerful way to protect your hosting account.
Your cPanel account controls important parts of your website, email, files, databases, and domain settings. Adding 2FA helps prevent unauthorized users from accessing these areas, even if they know your password.
We strongly recommend that every HarmonWeb hosting user enable 2FA on their cPanel account where available.
Log in to your cPanel account today, go to Security, open Two-Factor Authentication, and complete the setup using your authenticator app.
