Cantech Knowledge Base

Your Go-To Hosting Resource

  1. WHM
  2. How to Force a User to Change Password in WHM?

How to Force a User to Change Password in WHM?

introduction

WHM (Web Host Manager) administrators sometimes need to enforce a password change due to security reasons. You can urge or force a certain hosting client to change his or her password. After making the necessary settings, the system will automatically alert them to change their password as a user the next time they log in.

Why Force a Password Change?

A password change should be enforced as an important security measure. It is mostly employed in cases where you think that the password of a user has been compromised or the password was too weak and does not meet the standards. It is possible to secure the account with a new and strong password quickly by forcing a change. This is done to secure the whole server environment.

How to Force a User to Change Password

You need your root access to WHM to enforce such a password change requirement on your users. Follow these steps to configure the settings.

Log in to WHM Root Account

The first thing that you must do is to log in to your WHM panel. Use your full root account credentials to log in. It will give you the required permissions to manage user accounts.

Click on the Account Functions Option

When you are logged in, in the main navigation menu, you see the Account Functions option. Click on this option to access the tools for managing user accounts.

Click on Force Password Change

In the Account Functions section, select the Force Password Change link. Such a move will show all the active user accounts on your server.

Select Users and Apply Force

The list of users will be shown, with a column specifically for forcing the change.

Check Box: Find the column called Forced?. Check the box beside this column for the user(s) that you want to prompt to change their password.

Click Submit: Once you have chosen the preferred users, press the Submit button.

This is all that is needed to urge or compel your clients to change their passwords using WHM.

Note: In case a user does not change the password instantly, the checkbox Forced? of their account will remain checked. WHM will keep reminding the user of the need to change the password. It will also limit the use of the cPanel interface until a successful change of password is made.

Conclusion

Simple and effective security control includes forcing a user to change his/her password via the WHM interface. Using the ‘Forced?’ checkbox and pressing the change button will make sure that the user is always informed to change his or her password. This is done till the user completes the necessary security update.

Frequently Asked Questions

What happens on the user’s end when I force a password change?

The next time the user tries to log into his/her cPanel, the system will automatically come up with a prompt/interface that will force him/her to change the password, or the system will not fully allow him/her to access his/her services.

Will the user be able to use their cPanel account if they ignore the prompt?

No, when the user neglects the warning and fails to update his password, the features that the user can perform in his cPanel interface will be restricted by WHM. Full functionality is restored only after the password is updated.

Does the ‘Forced?’ checkbox automatically untick itself after the user changes the password?

Yes, once the user successfully changes their password, the Forced? checkbox for that account will automatically untick itself. This indicates the requirement has been met.

Where do we find the Force Password Change tool in WHM?

A Force Password Change tool is located in WHM. Next, in the main navigation menu, open the Account Functions option.

Can I force a password change for multiple users at the same time?

Yes, all you have to do is check the Forced? box to all the user accounts that you want in the list, and then hit the Submit button.

April 22, 2026