WHM allows server administrators to enforce password strength requirements across the entire hosting environment. By setting minimum password strength levels, administrators can ensure that users create secure passwords that reduce the risk of brute-force attacks, account compromises, and unauthorized access attempts.<\/p>\n
In this guide, you’ll learn how to configure password strength requirements for WHM and cPanel users.<\/p>\n
Why Password Strength Matters<\/h3>\n
Passwords are the first line of defense against unauthorized access.<\/p>\n
Weak passwords can lead to:<\/p>\n
- \n
- Account Hijacking<\/li>\n
- Data Breaches<\/li>\n
- Website Defacement<\/li>\n
- Email Abuse<\/li>\n
- Malware Infections<\/li>\n
- Unauthorized Server Access<\/li>\n<\/ul>\n
Implementing strong password requirements helps improve overall server security and protects customer accounts.<\/p>\n
What Is Password Strength Configuration in WHM?<\/h3>\n
WHM includes a built-in feature called Password Strength Configuration<\/strong> that allows server administrators to define the minimum password strength required for various hosting components.<\/p>\n
This feature applies to:<\/p>\n
- \n
- cPanel Accounts<\/li>\n
- Email Accounts<\/li>\n
- FTP Accounts<\/li>\n
- Database Users<\/li>\n
- Mailing Lists<\/li>\n
- Web Disk Accounts<\/li>\n
- Other Hosting Services<\/li>\n<\/ul>\n
Administrators can configure a global password strength policy or customize strength requirements for individual services.<\/p>\n
Prerequisites<\/h3>\n
Before you begin:<\/p>\n
\u2714 Root Access to WHM<\/p>\n
\u2714 Administrative Privileges<\/p>\n
\u2714 Access to Security Center<\/p>\n
Step 1: Log in to WHM<\/h3>\n
Common WHM login URLs include:<\/p>\n
- \n
- https:\/\/yourdomain.com:2087<\/a><\/li>\n
- https:\/\/server-ip-address:2087<\/a><\/li>\n<\/ul>\n
Enter your WHM username and password to log in.<\/p>\n
After successful authentication, you’ll be redirected to the WHM dashboard.<\/p>\n
Step 2: Navigate to Security Center<\/h3>\n
From the WHM dashboard:<\/p>\n
Home \u2192 Security Center<\/h4>\n
The Security Center contains several server security settings and password management tools.<\/p>\n
Click on Security Center<\/strong> to continue.<\/p>\n
![\"whm-security-center\"](\"https:\/\/www.webystrata.co.uk\/blog\/wp-content\/uploads\/2026\/06\/whm_security_center-300x154-1.webp\")
<\/p>\n<\/h3>\n
Step 3: Open Password Strength Configuration<\/h3>\n
Inside Security Center, locate:<\/p>\n
Password Strength Configuration<\/h4>\n
Click the option to open the password policy settings page.<\/p>\n
The Password Strength Configuration interface will appear.<\/p>\n
This section allows you to define minimum password requirements for your server users.<\/p>\n
![\"whm_password_strength_configuration\"](\"https:\/\/www.webystrata.co.uk\/blog\/wp-content\/uploads\/2026\/06\/whm_password_strength_configuration-300x179-1.webp\")
<\/h1>\nStep 4: Set the Default Required Password Strength<\/h3>\n
Locate the field:<\/p>\n
Default Required Password Strength<\/h4>\n
Enter the desired password strength value.<\/p>\n
WHM uses a scoring system to evaluate password complexity based on:<\/p>\n
- \n
- Length<\/li>\n
- Uppercase Letters<\/li>\n
- Lowercase Letters<\/li>\n
- Numbers<\/li>\n
- Special Characters<\/li>\n<\/ul>\n
The higher the value, the stronger the password requirement becomes.<\/p>\n
This default setting applies to:<\/p>\n
- \n
- Hosting Accounts<\/li>\n
- Email Accounts<\/li>\n
- FTP Accounts<\/li>\n
- Mailing Lists<\/li>\n
- Other Hosting Components<\/li>\n<\/ul>\n
unless custom values are configured.<\/p>\n
Step 5: Customize Password Strength for Specific Services<\/h3>\n
WHM also allows administrators to configure different password strength requirements for individual hosting services.<\/p>\n
To customize:<\/p>\n
- \n
- Locate the service list.<\/li>\n
- Select the radio button next to the desired service.<\/li>\n
- Enable custom configuration.<\/li>\n<\/ol>\n
Once enabled, the service can use its own password strength requirement instead of the default value.<\/p>\n
This flexibility allows administrators to apply stricter security rules where necessary.<\/p>\n
Step 6: Configure Password Strength Value<\/h3>\n
After selecting a hosting component:<\/p>\n
Enter or Adjust the Password Strength Value<\/h4>\n
You can:<\/p>\n
- \n
- Use the slider control<\/li>\n
- Enter the value manually<\/li>\n<\/ul>\n
Set a value appropriate for your organization’s security requirements.<\/p>\n
Higher values generally require more complex passwords.<\/p>\n
Step 7: Save the Configuration<\/h3>\n
After completing all changes:<\/p>\n
Click: Save<\/strong><\/p>\n
WHM will apply the new password strength settings across the server.<\/p>\n
The updated password policies will be enforced whenever users create or modify passwords.<\/p>\n
![\"set-password-strength-whm-cpanel-users\"](\"https:\/\/www.webystrata.co.uk\/blog\/wp-content\/uploads\/2026\/06\/whm_password_strength_save.png\" "\\"set-password-strength-whm-cpanel-users\\"")
<\/h1>\n<\/h3>\n
Benefits of Enforcing Strong Passwords<\/h3>\n
Configuring password strength requirements provides several security advantages.<\/p>\n
Improved Account Security<\/h4>\n
Strong passwords reduce the likelihood of unauthorized access.<\/p>\n
Better Protection Against Brute Force Attacks<\/h4>\n
Complex passwords are more difficult for attackers to guess.<\/p>\n
Reduced Risk of Data Breaches<\/h4>\n
Stronger authentication improves overall server security.<\/p>\n
Enhanced Customer Protection<\/h4>\n
Hosting customers benefit from improved account security.<\/p>\n
Compliance with Security Best Practices<\/h4>\n
Strong password policies align with industry security recommendations.<\/p>\n
Recommended Password Strength Practices<\/h3>\n
For maximum security:<\/p>\n
Use Long Passwords<\/h4>\n
Encourage passwords with at least 12\u201316 characters.<\/p>\n
Include Multiple Character Types<\/h4>\n
Use:<\/p>\n
- \n
- Uppercase Letters<\/li>\n
- Lowercase Letters<\/li>\n
- Numbers<\/li>\n
- Special Characters<\/li>\n<\/ul>\n
Avoid Common Words<\/h4>\n
Dictionary words are easier to crack.<\/p>\n
Avoid Personal Information<\/h4>\n
Names, birthdays, and phone numbers should never be used as passwords.<\/p>\n
Encourage Unique Passwords<\/h4>\n
Users should avoid reusing passwords across multiple accounts.<\/p>\n
Common Use Cases<\/h4>\n
Server administrators commonly configure password strength policies when:<\/p>\n
- \n
- Setting up new hosting servers<\/li>\n
- Improving server security<\/li>\n
- Managing reseller hosting environments<\/li>\n
- Following compliance requirements<\/li>\n
- Protecting customer accounts<\/li>\n<\/ul>\n
\u00a0Conclusion<\/h4>\n
The Password Strength Configuration<\/strong> feature in WHM allows administrators to enforce secure password policies across hosting accounts, email accounts, FTP users, mailing lists, and other services.<\/p>\n
By setting appropriate password strength requirements, you can significantly improve server security, reduce the risk of account compromise, and create a safer hosting environment for all users.<\/p>\n
Regularly reviewing and updating your password policies is an important part of maintaining a secure and reliable hosting infrastructure.<\/p>\n
- https:\/\/server-ip-address:2087<\/a><\/li>\n<\/ul>\n
- https:\/\/yourdomain.com:2087<\/a><\/li>\n