Locked out of WHM? Gain access to your WHM with these simple steps

Locked out of WHM? Gain access to your WHM with these simple steps

One of the best practices in server management services is to secure your servers to protect it from hacks or attacks. But sometimes you secure it so well that you may accidentally lock yourself out from the server.

Wrongly entering your account password multiple times can exceed the allowed login limits set for your server and WHM and thus can lock you out from the server.

You may see the following message in your WHM:

Brute Force Protection
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.

Click here to seamlessly access your WHM

Why do you get locked out of WHM?

This happens due to a feature called cPHulk Brute Force Protection provided by cPanel/WHM servers. cPHulk service provides protection for your server against brute force attacks.

In a brute force attack, attackers use an automated system to guess the password to the web server or services. cPHulk offers protection in account level and IP based restrictions.

When cPHulk detects too many invalid attempts from an IP or account, it blocks that IP address or account, and you would get locked out of WHM.

cPHulk stores two types of information in its database ‘cphulkd’. 1. The logins table that stores login authentication failures and 2. The brutes table that stores excessive authentication failures.

The cPHulk protection rules vary from one server to the other, and depending on the strictness of the rules you have set in your server, the level and duration of the block would vary.

[ Use your time to build your business. We’ll take care of your servers. Hire Our Hosting Support Specialists and boost your server performance. ]

How to remove WHM lock out for your account

While many support technicians simply disable and enable the cPHulk service to flush the entire database and regain access, it is not something we recommend.

Flushing the entire database rules can cause problematic IPs also to get un-banned and attackers can try to access your server. Moreover, disabling brute force protection even for a second is not an advisable thing to do with regard to server security.

The immediate fix we do in such cases to restore normal WHM access to valid users is to unblock their IP address. We obtain the website owner’s IP using a tool like whatismyip.com, or by checking the relevant log files.

With our step-by-step procedure, we lookup the IP block in the following firewalls and unblock it:

1. Check CSF for the IP block and unblock if present.
2. Check for the IP under "WHM >> ConfigServer Security&Firewall >> Firewall Deny IPs" and delete if found.
3. Check if the IP is blacklisted in '"cPHulk Brute Force Protection" and delete it from the list.

Another work around is to access the cPHulk database from MySQL and delete the entries corresponding to this IP address from the two tables of cPHulk – ‘cphulkd.brutes’ and ‘cphulkd.logins’.

You don’t have to lose your sleep to keep your customers happy. Our friendly Hosting Support Specialists are online 24/7/365 to help your customers. ]

How to prevent further lock-outs for valid accounts from WHM

Once we ensure that the customer is able to access his WHM, we check the root cause of the block, which is important to prevent recurrent lock outs in the server.

Lock out from WHM can recur due to 2 main reasons

  • Customer’s web or other application have any conflicting settings with the server firewall.
  • Server firewall is too strict with tight security rules that hinder proper server functioning.

Once the reason is identified, we take proper corrective measures to prevent the IP from getting blocked again – either update the settings at client end or adjust the server security settings.

For valid customers, we obtain their IP addresses and whitelist them in the server firewall to prevent them from being blocked again unnecessarily.

Our 24/7 cPanel expert technicians audit the firewall logs regularly and if lock out issues are frequently noted for many users, we go ahead and optimize the firewall settings.

Based on the reason detected for the IP blocks – such as service login failures, mod_security auto-block, port scanning, etc. – we update the firewall configuration settings to avoid block of legitimate user access.

[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at affordable pricing. ]

Improper firewall rules can cause too many customer complaints and can interfere their normal functions. If you would like to know how to avoid downtime for your customers due to cPanel IP blocks, we would be happy to talk to you.




Never again lose customers to poor service! Sign Up once. Enjoy Peace Of Mind For Ever!


Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.

Privacy Preference Center


    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    PHPSESSID - Preserves user session state across page requests.

    gdpr[consent_types] - Used to store user consents.

    gdpr[allowed_cookies] - Used to store user allowed cookies.

    PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


    Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

    _ga - Preserves user session state across page requests.

    _gat - Used by Google Analytics to throttle request rate

    _gid - Registers a unique ID that is used to generate statistical data on how you use the website.

    smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

    _ga, _gat, _gid
    _ga, _gat, _gid


    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

    test_cookie - Used to check if the user's browser supports cookies.

    1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

    NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

    DV - Google ad personalisation

    IDE, test_cookie, 1P_JAR, NID, DV, NID
    IDE, test_cookie
    1P_JAR, NID, DV