Ultra Web Hosting Docs

Two-Factor Authentication (2FA)

Two-factor authentication adds a second layer of protection to your cPanel account. Even if someone learns your password, they cannot log in without the one-time code from your phone. This guide walks you through setting it up, using it, and recovering access if you lose your device.

Tip Enabling 2FA is the single best step you can take to protect your account. It takes about two minutes to set up and stops the vast majority of unauthorized login attempts.

What You Need

Before you begin, install an authenticator app on your phone. Any of these work well:

These apps generate a fresh six-digit code every 30 seconds. You will enter that code alongside your password each time you log in.

Setting Up 2FA in cPanel

  1. Log into cPanel.
  2. Go to SecurityTwo-Factor Authentication.
  3. Click Set Up Two-Factor Authentication.
  4. Open your authenticator app and scan the QR code shown on the page. If you cannot scan, type in the account setup key displayed beside it instead.
  5. The app will begin showing a six-digit code. Enter that code in the Security Code field to confirm.
  6. Click Configure Two-Factor Authentication.

That's it. Your account is now protected. From now on, cPanel will ask for a code from your app every time you sign in.

Note Keep the setup key (or any backup codes your app offers) somewhere safe and offline, such as a password manager. If you ever replace your phone, that key lets you re-add the account to a new authenticator app.

Logging In With 2FA

  1. Enter your cPanel username and password as usual.
  2. When prompted, open your authenticator app and read the current six-digit code.
  3. Type the code into the Security Code field and continue.

Because the code changes every 30 seconds, enter it promptly. If it expires, simply use the next one your app shows.

Disabling or Resetting 2FA

If you need to turn 2FA off or move it to a new device:

  1. Log into cPanel.
  2. Go to SecurityTwo-Factor Authentication.
  3. Click Remove Two-Factor Authentication to disable it, or set it up again to register a new device.
Lost your device? If you no longer have access to your authenticator app and cannot log in, open a support ticket. We can verify your identity and reset 2FA on your account so you can set it up again.

2FA on the Client Area

Your Client Area login is separate from cPanel, so enable 2FA there too:

  1. Log into the Client Area.
  2. Click your name in the top right corner and select Edit Account Details.
  3. Open the Security Settings section and click Enable under Two-Factor Authentication.
  4. Scan the QR code with your authenticator app and confirm with the six-digit code.

2FA on WordPress

If you run WordPress, protect the admin login with 2FA as well. Install a reputable security plugin — such as Wordfence, WP 2FA, or the Two-Factor plugin — then enable two-factor from its settings and scan the QR code with the same authenticator app you already use. This keeps your site's dashboard safe even if a password is guessed or leaked.

Tip Use the same authenticator app for cPanel, the Client Area, and WordPress. All three accounts will simply appear as separate entries in the app, each with its own rotating code.