LogoفارسیFA

What Happens When You Suspend an Account in cPanel & WHM

This article explains all actions performed by cPanel & WHM when an account is suspended. It covers system flags, access restrictions, email behavior, FTP and database impacts, Apache configuration changes, and more.c

cPanel account suspensionWHM suspend behaviorsuspended account effects

~3 min read • Updated Feb 14, 2026

1. Introduction


When you suspend an account in cPanel & WHM, the system performs a series of security and access‑limiting actions. These actions stop the account’s activity, restrict access, and prevent further use of server resources.


Note: Suspension is different from bandwidth limiting.


2. Suspension Flags


The system adds the following flags to /var/cpanel/users/user:


  • SUSPENDED=1
  • SUSPENDTIME=epochdate

This updates WHM interfaces to show the account as suspended.


3. Reseller Access Lock


By default, a suspended reseller who owns their own account can still access it.


You can change this behavior in:

WHM » Server Configuration » Tweak Settings


Set Accounts that can access a cPanel user account to cPanel User Only.


Warning: This prevents the root user from accessing any cPanel account.


Alternatively, when suspending an account, enable Prevent resellers from unsuspending. This creates:


/var/cpanel/suspended/user.lock

4. Stops All User Processes


The system terminates all processes owned by the user. Effects include:


  • Forced logout of active sessions
  • Stopping all cron jobs

5. Locks Mailing Lists


The system moves Mailman list files into suspended.lists.


Result: Mailing lists stop functioning.


6. Locks Web Disk


The system adds *LOCKED* to Web Disk password files:


/home/homedir/etc/webdav/shadow

Result: Web Disk access is disabled.


7. Locks Email Passwords


The system adds *LOCKED* to email password files:


/home/homedir/etc/domain/shadow

Result: Email users cannot download mail, but incoming mail is still delivered.


8. Incoming and Outgoing Email


  • Users cannot send email.
  • Messages in the outbound queue fail.

8.1 Email Delivery Behavior

You can configure how Exim handles incoming mail for suspended accounts in:


WHM » Service Configuration » Exim Configuration Manager


SettingDescription
Deliver messages normallyProcesses mail normally (risky)
Accept and discard messagesAccepts then deletes mail
Reject messages at SMTP timeRejects mail with a permanent error
Accept and queue messagesQueues mail until unsuspended (default)

9. Apache Configuration Updates


The system creates the following include file:


/etc/apache2/conf.d/includes/account_suspensions.conf

This file contains a RedirectMatch rule that redirects all website traffic to the suspended account template.


You can edit the suspended page in:

WHM » Account Functions » Web Template Editor


10. Locks the Shadow Password


The system runs:


passwd -l user

Effects:

  • User cannot log in to cPanel
  • Database users cannot authenticate
  • Password cannot be changed

11. FTP Directory Permission Changes


The system sets public_ftp permissions to 0000.


It also creates:


/etc/proftpd/user.suspended

FTP passwords are locked by prepending !!.


Result: FTP users cannot log in.


12. MySQL Password Changes


The system changes all MySQL user passwords.


Result: Database users cannot access their databases.


Note: Amazon RDS remote databases are not affected.


Conclusion


Suspending an account in cPanel & WHM triggers a comprehensive set of restrictions affecting email, FTP, databases, websites, and user access. These measures ensure security and prevent misuse of server resources during suspension.


Written & researched by Dr. Shahin Siami

Next Article