The WHM root password on a VPS or dedicated server is the most privileged credential you have — it controls every cPanel account, every service, and the underlying operating system. This article covers how to change it, both when you're logged in and when you're not.

This article is for clients with their own VPS or dedicated server. If you're on a reseller plan, your WHM and cPanel share the same password — see Reset your cPanel password.

Change the password while logged in

If you still have access to WHM, this is the quickest way:

  1. Log in to WHM at https://yourhostname.canspace.ca:2087.
  2. In the left-hand menu, search for password and click Change Root Password (under Server Configuration).
  3. Enter your current password, then a new password twice, and click Change Password.

This updates both the WHM login and the underlying Linux root account — they're the same credential. Any open SSH sessions will continue to work, but new SSH logins will require the new password.

Choose a strong password

Because this password controls your whole server, the bar should be higher than for a normal account:

  • 20+ characters, ideally generated by a password manager.
  • Never reuse it anywhere else and never share it in a chat, email, or ticket (we don't need it and will never ask for it).
  • Consider pairing it with a separate sudo user and disabling direct root SSH login — a more involved setup, but it significantly raises the security bar. If you'd like us to help configure this on your server, open a ticket.

Locked out of WHM

If you've forgotten the password and can't log in, open a support ticket. On a VPS or dedicated server you own, the root password isn't stored anywhere we can retrieve — but we do have out-of-band access to the server (via the hosting provider's management console) and can reset it for you. Include in the ticket:

  • The server hostname (e.g. dedi123.canspace.ca or vps2099.canspace.ca).
  • Confirmation that you'd like the root password reset — we'll send the new password through the ticket once it's done.

Because this is a privileged operation, tickets requesting a root password reset must be submitted from the client area, not via email, so we can verify you're the account owner.

After changing the password

If you use any automation that authenticates to WHM or SSH — deployment scripts, monitoring agents, CI/CD pipelines, cron jobs that call whmapi1 from elsewhere — update them with the new password or, better, switch them to SSH keys or WHM API tokens. Leaving old credentials in scripts will generate failed-login alerts and can get the script's IP firewall-blocked.

Related articles

Still stuck? Open a support ticket

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

cPanel Databases section

The Databases section of cPanel is where you create, manage, and inspect your MySQL databases. If...
cPanel Domains Section

The Domains section of cPanel is where you add extra domains to your hosting plan, create...
cPanel Files Section

The Files section of cPanel is where you manage everything that makes up your website: HTML,...
What is cPanel?

cPanel is the control panel for your web hosting account. It's where you create email addresses,...
Change your PHP version and tune PHP settings

Our servers run multiple versions of PHP side-by-side. You can choose the version that each of...