Bluehost has three separate types of password, and which one you need to change depends on what you are trying to access. Your main account password controls your Bluehost control panel and cPanel. Your webmail password is a separate per-email-address credential managed inside cPanel. FTP passwords are separate again.
This guide covers all three. Jump to the section that matches what you need:
- Locked out of Bluehost or cPanel: see “Forgotten Your Password?” or “Change Password in Bluerock/Legacy”
- Need to reset a webmail password: see “How to Change Your Bluehost Webmail Password” below
- Need to update an FTP password: see “How to Change Your Bluehost FTP Password”
Does Bluehost use cPanel? Yes. All Bluehost shared and WordPress hosting plans include cPanel for file management, email accounts, MySQL databases, FTP, and software installs. Your main Bluehost account password and your cPanel login are the same credential.
Forgotten Your Password?
If you cannot log in because you have forgotten your password, go to the Bluehost login page and click “Forgot Password.” Enter your username, which is your full domain name, then click “Next.”
Bluehost sends a reset link to the email address on the account. The email may take a few minutes to arrive. Check your spam folder if it does not appear in your inbox.
If the email address on the account is no longer accessible, contact Bluehost support directly. Do not use the self-service reset flow in this case, it will only send to the email address on file. Bluehost’s 24/7 live chat agents can verify your identity using your account details (domain name, billing address, last four digits of payment method) and update the recovery email before sending a reset link.
How to Change Your Bluehost Webmail Password
Your webmail password is not the same as your main Bluehost or cPanel password. On Bluehost, each email account (such as [email protected]) has its own password, managed separately inside cPanel. Changing your main Bluehost account password does not change webmail passwords.
To change or reset a webmail password:
Step 1 - Log In to cPanel
Log into your Bluehost control panel and navigate to the cPanel section. In Bluerock, click “Hosting” in the left menu and then “cPanel.” In Legacy, cPanel is accessible directly from the control panel home.
Step 2 - Email Accounts
In cPanel, find the Email section and click Email Accounts. This lists all the email addresses set up under your domain.
Step 3 - Change Password
Find the email address whose webmail password you want to change. Click Manage next to it, then scroll to the Security section. Enter a new password and click Update Email Settings to save.
The new password takes effect immediately. Use it the next time you log in to webmail. Bluehost webmail supports Roundcube and Horde, both use the same email account password.
How to Find Your Bluehost Webmail Login URL
Bluehost webmail is accessible at https://mail.yourdomain.com or https://webmail.yourdomain.com. Replace yourdomain.com with your actual domain. You can also reach webmail by logging in to cPanel and clicking the webmail icon in the Email section, which takes you directly to the inbox selector without needing to know the URL.
If you cannot access cPanel because you are locked out of your main Bluehost account, reset the main account password first using the steps below.
Password Requirements
Before setting a new password, it must meet these Bluehost requirements:
- At least eight characters
- One capital letter
- One lowercase letter
- One number
- One special character (such as !, @, or #)
The new password cannot match any previous passwords and cannot include your account username. If these requirements feel restrictive, a password manager like Bitwarden or 1Password makes generating and storing a compliant password straightforward. Read our Bluehost review for an overview of what else is included in your account.
Change Password in Bluerock
Bluerock is the current default interface for new Bluehost accounts. Follow these steps:
Step 1 - Log In
Log into your Bluehost control panel using your current credentials.
Step 2 - Security Settings
Click the profile icon at the top right corner of the screen. Click “Security” in the submenu.
Step 3 - Change Password
Under “Main Password,” click the “Change Password” button. Enter a new password that meets the requirements above, then click “Create Password” to save.
Change Password in Legacy
If your account runs the Legacy interface, the steps are slightly different:
Step 1 - Log In
Log into your control panel using your current credentials.
Step 2 - Account Passwords
Click the “Account” menu at the top of the screen, then select “Passwords” from the submenu.
Step 3 - Main Password
Under “Main Password,” enter your new password and retype it to confirm. Click “Continue” to save.
What Else Does Changing Your Main Password Affect?
Your main Bluehost password controls your login and cPanel access, but it does not automatically update these separate credentials:
- Email account passwords (webmail): each email address ([email protected], [email protected]) has its own password managed in cPanel under Email Accounts. Changing your main password does not change these.
- FTP and SFTP passwords: FTP accounts have separate passwords set in the File Manager or FTP Accounts section of cPanel. If you use an FTP client to upload files, update those credentials separately.
- Database passwords: MySQL database users have their own passwords managed in cPanel. These are unaffected by a main password change.
This separation matters if you use SMTP to send email through Bluehost or connect apps directly to your database. Those connections continue working with their existing credentials after you change the main account password.
How to Change Your Bluehost FTP Password
FTP passwords on Bluehost are managed inside cPanel separately from the main account password. To change an FTP password:
- Access cPanel through your Bluehost control panel
- Go to Files → FTP Accounts
- Find the FTP username whose password you want to change and click Change Password
- Enter and confirm the new password, then save
Update your FTP client (FileZilla, Cyberduck, WinSCP, etc.) with the new password before reconnecting.
Enable Two-Factor Authentication
After updating your password, enable two-factor authentication (2FA) on your Bluehost account. With 2FA active, logging in requires both your password and a one-time code from an authenticator app. This blocks unauthorised access even if your password is compromised.
Find the 2FA option in your account Security settings (the same screen as the password change). Bluehost supports authenticator apps and SMS codes. An authenticator app like Google Authenticator or Authy is more reliable than SMS since SMS delivery can be delayed and is vulnerable to SIM-swapping attacks.
Password Reset Not Working?
If the password change does not take effect or the reset email never arrives, try these steps:
- Check spam and junk folders, plus any email filtering rules that might block automated emails
- Enter your domain name as the username without https:// or www.
- Wait at least 10 minutes before requesting another reset link, as duplicate requests can cancel each other out
- Try a different browser or clear your cache if the new password is not accepted after saving
- If you changed your password but it still shows as wrong, log out completely and close all tabs before trying again, some browsers cache Basic Auth credentials that conflict with the new password
- Contact Bluehost’s 24/7 live chat support if none of the above works
Updating Your Email Client After Changing a Bluehost Webmail Password
Changing your webmail password in cPanel does not automatically update any email clients you have configured. If you use Outlook, Apple Mail, Thunderbird, or any other desktop or mobile app to check your Bluehost email, those clients will stop connecting and show authentication errors until you update the password in each app’s account settings.
This is the most common cause of “incorrect password” errors in email clients after a cPanel password change, and it catches a lot of people off guard because the change feels like it should propagate automatically.
Bluehost IMAP and SMTP Settings (for Reference)
When updating your email client settings, use these server values:
- Incoming mail (IMAP): Server:
mail.yourdomain.com, Port: 993, Encryption: SSL/TLS - Incoming mail (POP3, if used): Server:
mail.yourdomain.com, Port: 995, Encryption: SSL/TLS - Outgoing mail (SMTP): Server:
mail.yourdomain.com, Port: 465 (SSL) or 587 (STARTTLS), Encryption: SSL/TLS or STARTTLS - Username: Your full email address (e.g. [email protected])
- Password: The new password you just set in cPanel
Updating Password in Common Email Clients
Outlook (Windows): Go to File → Account Settings → Account Settings. Double-click the account. Update the password in the “Password” field and click Next. Outlook will test the connection and confirm the new credentials work.
Apple Mail (Mac / iPhone / iPad): On Mac, go to Mail → Preferences → Accounts, select the account, click Server Settings, and update the password under both the incoming and outgoing server sections. On iPhone/iPad, go to Settings → Mail → Accounts, select the account, and tap “Account” to update the password.
Thunderbird: Right-click the account in the left panel and choose Settings. Go to Server Settings and update the password. Thunderbird may prompt you for the new password on the next connection attempt, which is often the fastest fix.
Gmail “Fetch from another account” (Gmail import): If you set up Gmail to fetch from your Bluehost address using POP3, go to Gmail Settings → Accounts and Import → Check mail from other accounts, click “edit info” next to the Bluehost address, and update the password there.
After updating the password, send a test message to confirm outgoing mail works, then check that new incoming messages arrive. If the client shows a certificate error after the update (not just a password error), the mailbox may have been set up using a self-signed certificate path instead of mail.yourdomain.com. Re-entering the settings with the correct server hostname and port usually resolves this.
Final Word: How to Change Bluehost cPanel, Webmail, and Email Passwords
Your main Bluehost password and your cPanel password are the same credential, so one change covers both. Your webmail password is separate: it is the individual email account password managed in cPanel under Email Accounts. FTP and database passwords are also separate and need to be updated independently. After any password change, enabling 2FA adds a meaningful second layer of protection to your account. While you are securing your account, also make sure you have a valid SSL certificate active. Here is how to set up SSL on Bluehost if you have not done so yet. Sign in at Bluehost to make these changes. If you decide not to continue with Bluehost, see the guide on how to cancel your Bluehost account and claim a refund within the 30-day window.
