Mass change cPanel account passwords

There are situations like a server hack when it might be necessary to mass change passwords of all cPanel accounts in a WHM/cPanel server.

On a normal server, it is easy to reset passwords by writing a bash to run passwd command in  a for loop. But in a cPanel environment, the password of the cPanel account is the same for MySQL default user and FTP User. So we will have to update the changes for MySQL and FTP Accounts as well.

Fortunately, WHM provides an API to reset the password of FTP and MySQL default user ( the same cPanel account name ) in a single command. What we do now is we take the account list from /etc/trueuserdomains and run a for loop to change passwords.


touch /root/final-list

for i in `cat /etc/trueuserdomains | awk ‘{print $2}’`


echo “Username: $i” >> /root/final-list

pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs`

whmapi1 passwd user=$i password=$pass db_pass_update=1

echo “Password: $pass >> /root/final-list



There are no modifications to be done to this script and can be run safely. What it does is it generates a random password in password in variable pass and resets the cPanel,FTP and MySQL Password of the account with this new password.  The username and password are saved to /root/final-list which you can use to update clients/further reference.



You may also like...

2 Responses

  1. George Tonias says:

    This was really helpful. thanks for saving me a great headache during a hack 🙂

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.