By default, cPanel users can reset their own account password through the cPanel login page. If you manage a shared hosting environment and want all password changes handled by support staff (for security, compliance, or policy reasons), you can disable this feature globally through WHM's Tweak Settings.
Step 1: Log in to WHM
Open your browser and navigate to https://your-server-ip:2087. Enter your root or reseller credentials to access the WHM dashboard.
Step 2: Navigate to Tweak Settings
Use the left-hand sidebar to go to Home » Server Configuration » Tweak Settings.
Step 3: Locate the Password Reset Option
Use the search bar at the top of Tweak Settings and type Reset Password to quickly find the setting. Look for the option labeled Reset Password for cPanel accounts.
Step 4: Disable the Option
Toggle or set Reset Password for cPanel accounts to Off.
Step 5: Save Changes
Click the Save button at the bottom of the page to apply the change.
Important Notes
- After disabling, cPanel users will no longer see the "Change Password" option on the cPanel login page.
- Server administrators (root) can still reset any cPanel password via WHM » Account Functions » List Accounts or the Change Password function.
- This setting applies globally to all cPanel accounts on the server.
- This only affects the cPanel login password — it does not affect email, FTP, or database password resets.
- This does not prevent users from changing their password via cPanel » Preferences » Password & Security inside cPanel itself.
Troubleshooting
- Cannot find the option: The exact label may vary by WHM version. Use the Tweak Settings search bar and search for
password reset. - Need to change a user's password: Use WHM » Account Functions » Password & Security for the specific account, or run
passwd usernamevia SSH.
