Seeing “The login is invalid” in cPanel even though you’re using the correct username and password is one of the most annoying errors for hosting clients and server admins.
This problem happens due to authentication failures, IP blocking, inconsistent DNS routing, or corrupted session tokens — not usually because the credentials are wrong.
If you want experts to fix this instantly and secure your server, check our cPanel Server Management or Server Security Service.
1. Why cPanel Shows “Invalid Login” Even With Correct Credentials
Below are the real-world causes (not the generic textbook answers). These apply to shared hosting, VPS, dedicated servers, and WHM-managed environments.
1. Your IP or device is blocked by cPHulk or CSF
cPHulk (cPanel brute force protection) locks out:
-
IP addresses
-
Usernames
-
Login attempts
-
Countries
-
Entire /24 or /16 ranges in aggressive mode
Symptoms:
-
WHM login works but cPanel doesn’t
-
Only specific devices can’t log in
-
No error in logs except “The login is invalid”
Check logs:
grep "blocked" /var/log/lfd.log
grep "Login failure" /usr/local/cpanel/logs/cphulkd.log2. Browser session or cookies are corrupted
This is common when the URL changes or you recently switched SSL certificates.
Fix:
-
Try Incognito mode
-
Clear cookies for the domain
-
Try the server hostname instead of domain:
https://server.yourhost.com:20833. Wrong login interface (cPanel vs WHM vs Webmail)
Users often attempt:
-
cPanel login on WHM port
-
Webmail login on cPanel port
-
Reseller login on root port
Correct ports:
-
cPanel → 2083
-
WHM → 2087
-
Webmail → 2096
4. DNS still points to an old server
If the domain’s DNS points to a server where:
-
The account doesn’t exist
-
The password differs
-
You’re logging into a suspended/terminated account
-
The old server cached the wrong credentials
Fix: use direct IP login:
https://SERVER_IP:20835. Username changed after a migration
On some transfers, WHM may rename:
-
Long usernames (>8 characters)
-
Conflicting usernames
-
Duplicate database users
This makes the old username invalid even though the text looks correct.
Check actual username:
ls /var/cpanel/users/6. Account is suspended
Suspended accounts show the invalid login error instead of a suspension page.
Check:
ls /var/cpanel/suspended/7. Password hash corrupted
The password hash stored under /etc/shadow or cPanel’s internal auth file may be damaged.
Reset password from WHM:
WHM → List Accounts → Password & Authentication → Change Password
8. Server time desync
If system time drifts (common in OpenVZ/KVM), cPanel logins may fail silently.
Check:
timedatectl2. How to Fix cPanel Invalid Login (Step-by-Step)
These are safe steps you can perform on production servers.
Step 1 — Reset the Password (WHM)
Even if you KNOW the password is correct, reset it:
WHM → List Accounts → Change Password
This regenerates:
-
/etc/shadow entry
-
cPanel authentication token
-
FTP & Webmail sync
Step 2 — Clear cPHulk Blocks
In WHM:
Security Center → cPHulk Brute Force Protection → History Reports
Unblock:
-
IP address
-
Username
-
Country lockouts
-
Temporary blacklist
Or from CLI:
whmapi1 flush_cphulk_login_history
whmapi1 flush_cphulk_bruteforce_logStep 3 — Check CSF/LFD Firewall
csf -g YOUR_IPIf blocked:
csf -dr YOUR_IP
csf -tr YOUR_IPReload:
systemctl restart csfStep 4 — Try Direct Hostname Login
Use:
https://server.hostname.com:2083This bypasses DNS issues entirely.
Step 5 — Unsuspend Account
Check:
ls /var/cpanel/suspended/Unsuspend:
WHM → Manage Account Suspension
Step 6 — Fix Browser Token Issues
Clear cookies:
-
Chrome → Settings → Privacy → Clear browsing data
-
Firefox → Clear recent history
Or test quickly:
-
Open Incognito
-
Try another device
-
Try mobile data
Step 7 — Verify Username Is Correct
Check actual system account:
grep -i USERNAME /etc/trueuserownersOr:
ls /var/cpanel/users/3. Advanced Fixes (For Admins Only)
Fix corrupted password hashes
/scripts/passwd username newpasswordReset cPanel session tokens
rm -f /var/cpanel/sessions/* Rebuild system authentication
/usr/local/cpanel/scripts/upcp --force4. When the Error Means a Security Breach
You MUST investigate deeper if:
-
Password suddenly stopped working
-
Brute force logs spike
-
Multiple users experience the same error
-
Unexpected IPs show up in logs
-
cPHulk is constantly blocking new addresses
Review logs:
grep -i "authentication" /var/log/secure
grep -i "invalid" /usr/local/cpanel/logs/login_log
tail -f /var/log/lfd.logIf you suspect compromise, get immediate help via Emergency Server Support.
5. Prevent This Issue From Happening Again
-
Enable 2FA for cPanel & WHM
-
Whitelist your static IP in CSF
-
Enable Google Authenticator
-
Keep OS & cPanel updated
-
Schedule log monitoring
-
Ensure DNS matches the active server
-
Use secure passwords
-
Enable cPanel AutoSSL
Our Server Security Service handles all of this automatically.
Conclusion
The “Invalid login” error in cPanel is almost never caused by the wrong password.
It’s usually a security block, DNS mismatch, token corruption, or an account-level issue. With the steps above, you can diagnose and fix the problem quickly without impacting uptime.
If you need expert help with cPanel authentication issues, brute force blocks, or full server hardening, our team can take care of it under cPanel Server Management or Emergency Server Support.
my ip is not static its changing always. i whitelisted ip but i got these error many times what should i do?
If IP is not static whitelist wont really work. Install a firewall to prevent bruteforce attack, also if you add ssh key you can whitelist IP using the command /scripts/cphulkdwhitelist “IP”
Thank you, it worked perfect!
I’m glad to hear that it worked worked for you :)
How and where i enter that script to whiltelist my IP
You can do it from whm or command line using ssh.
I have developed a website and when I passed cPanel details to my client, he is not able to login to cpanel and showing error “Unable to login” Please reply me.
It should be an issue with cphulk as well. Make sure the user use correct login details and allow their IP in firewall and cphulk
cant login while using correct username and password while my site is also showing 500 internal server error
I am having this problem on my web-mail whenever i want to login it’s says login invalid,i tried using outlook Microsoft word,and it always says server not found,i have tried to explain to the person who designed the website for me and he say the web mail works perfect on his laptop,we are very far away that i can’t visit the guy where he stays i want to know if i can get a great guideline to take so i can start using my email and also login and make use of the email. Thank you looking forward to receive a wonderful reply.
This should be an issue with the cphulk block, if you are not able to access website via webmail you wont be able to access via email client as well. So first find the IP address and allow it on cphulk and and firewall you are using.
Hello,
You need to know your public IP address when you add the IP whitelist cphulk.
You need to run the exact commands /scripts/cphulkdwhitelist your public ip address and all will work again. for some reason, your public IP was banned and you need to allow it through the built in cpanel firewall. Probably due to incorrect passwords or some unusual activity.
David Gawler
It could be that you are trying to log into the wrong cPanel account. Make sure you are using the correct username and password for the account you are trying to access. If you continue to have trouble, you may need to contact your hosting provider for assistance.