Two-factor authentication (2FA) provides an additional layer of security to protect your WHMCS system. However, there may be situations where an admin or client has lost access to their authentication device and backup codes, or simply needs to disable 2FA temporarily. This guide will walk you through the steps required to disable two-factor authentication in WHMCS, either globally or for specific users.
Step 1: Access phpMyAdmin
- Log in to cPanel: Access your cPanel account through your hosting provider or server login.
- Open phpMyAdmin: From the cPanel dashboard, navigate to the phpMyAdmin tool, usually found under the Databases section.
- Select the Database: In phpMyAdmin, find the database associated with your WHMCS installation. Click on the database to open it.
Step 2: Disable Global Two-Factor Authentication
- Execute SQL Query: Click the SQL tab in phpMyAdmin and run the following query:
update tblconfiguration set value='a:3:{s:11:"forceclient";s:0:"";s:10:"forceadmin";s:0:"";s:7:"modules";a:1:{s:6:"yubico";a:2:{s:8:"clientid";s:0:"";s:9:"secretkey";s:0:"";}}}' where setting='2fasettings';This command resets the two-factor authentication settings, effectively disabling 2FA globally for your entire WHMCS installation.
Step 3: Disable Two-Factor Authentication for Admin Users
To disable 2FA specifically for admin accounts, use the following commands:
- Run SQL Queries:
update tbladmins set authmodule='';
update tbladmins set authdata='';This removes any 2FA authentication modules and clears the associated data for all admin accounts.
Step 4: Disable 2FA for a Specific Admin
If only a particular admin user lost access to their device, you can restrict changes to their account only.
- Target Specific Admin by Username: Run the following SQL queries, replacing
adminwith the relevant username:
update tbladmins set authmodule='' where username='admin';
update tbladmins set authdata='' where username='admin';This way, 2FA will only be disabled for the specified admin.
Why It Works
The SQL commands interact directly with WHMCS’s database tables. By modifying these tables:
- Global Setting (tblconfiguration): Changing the global setting resets the system-wide enforcement of two-factor authentication.
- Admin Authentication (tbladmins): Clearing the authentication data at the admin level ensures that the specific credentials associated with 2FA are removed.
Additional Considerations
After disabling two-factor authentication, it’s crucial to ensure that other security measures are still enforced. Consider re-enabling 2FA after resolving any issues or ensuring backup devices/codes are available.
Conclusion:
By following these steps, you can successfully disable two-factor authentication in WHMCS. Be careful while executing SQL commands, as incorrect queries may affect your system’s integrity. If you’re unsure, consult WHMCS documentation or support for assistance.
