Configure security questions for WHM login

For enhanced login security to Web Host Manager(WHM), you can setup security questions.

1.Go to WHM->Security Center->Security Questions

whm security questions

2. Click the Edit Questions and Answers button to set up the questions and answers.

WHM Security Questions QA

Please notice that you can’t use one, two or three questions. You must use all four questions and answers.

Each answer/question must be at least 2 characters long.

The predefined security questions are:

What is your primary frequent flyer number?
What is your library card number?
What was your first phone number?
What was your first teacher’s name?
What is your father’s middle name?
In what city was your high school?
What was the name of your first boyfriend or girlfriend?
What is your maternal grandfather’s first name?
What is your maternal grandmother’s first name?
In what city were you born (Enter full name of city only)?
What was the name of your first pet?
What was your high school mascot?
How old were you at your wedding (Enter age as digits)?
In what year (YYYY) did you graduate from high school?
In what city did you honeymoon (Enter full name of city only)?
What is the first name of the best man/maid of honor at your wedding?
What is your mother’s middle name?
In what city were you married?
In what city is your vacation home?
What is the first name of your first child?
What is your paternal grandfather’s first name?
What is your paternal grandmother’s first name?
What is the name of your first employer?
When is your wedding anniversary (Enter the full name of month)?
What is the first name of the best man/maid of honor at your wedding?
In what city was your mother born (Enter full name of city only)?
In what city was your father born (Enter full name of city only)?

3. Click the Continue button. Your questions and answers will be saved.

WHM Security Questions Policy

4. Go to WHM->Security Center->Configure Security Policies and check the option Limit logins to verified IP addresses option. Click the Save button. WHM will ask for security questions only when you connect from a new IP. Each IP from which you successfully signed in will be added to a list of Recognized IPs for “root”. You will not have to enter again the answers to the security questions.

WHM Security Questions List

5. From now on, after entering the correct username and password you will be asked for answers to the security questions.

WHM Security Questions Success

6.1 Entering the correct answers, you will see the message: You have answered your security questions correctly.

WHM Security Questions Fail

6.2 Entering the wrong answers, you will see the message: The system has registered a brute force attempt on security questions for the account “root”. As the message says, the cPHulk Brute Force Protection will be triggered (if it’s enabled).

7. If you want to see the list of Recognized IPs go to WHM->Security Center ->Security Questions and lick the Add or Remove Recognized IP Addresses button.

WHM Security Questions IP Tool

If you forget your WHM security answers:

1. Connect via SSH to your server as root

2. Navigate to file /var/cpanel/cpanel.config. Edit the file.

3. Change the line

SecurityPolicy::SourceIPCheck=1

to

SecurityPolicy::SourceIPCheck=0

Now run the command:

/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings

You should be able to login again to WHM.

If you want to remove the security questions, just delete the file /var/cpanel/userhomes/cpanel/.cpanel/ securitypolicy/questions/root.json

This Post Has One Comment

  1. Chris

    How do I disable this completely from whm. I mistakenly allowed it.

Leave a Reply