When CGI scripts run on your server, they can potentially access sensitive environment variables — including the REMOTE_PASSWORD variable that contains the user's login password. The Hide login password from cgi scripts setting in WHM prevents this variable from being exposed, adding an extra layer of security to your server.
How to Hide Login Password from CGI Scripts
Step 1: Log in to WHM as the root user.
Step 2: Navigate to Home » Server Configuration » Tweak Settings.
Step 3: Click on the Security tab at the top of the page.
Step 4: Locate the Hide login password from cgi scripts option.
Step 5: Toggle the setting to On.
Step 6: Click Save at the bottom of the page.
Important Notes
- This setting hides the
REMOTE_PASSWORDvariable from scripts executed by thecpsrvddaemon's CGI handler. - This does not hide the password from phpMyAdmin — that is a separate security concern.
- cPanel's CGI Center interface is deprecated and only available in the legacy x3 theme. The current Jupiter theme does not support CGI Center.
- The default value for this setting is Off, so enabling it is recommended for improved security.
Troubleshooting
- Setting not found? Use the search bar at the top of Tweak Settings to search for "hide login password".
- Changes not taking effect? Clear your browser cache and restart the
cpsrvdservice via WHM » Restart Services if needed.
For more information, see the official cPanel Tweak Settings — Security documentation.
