How to Remove All Suspended cPanel Accounts at Once Using WHM and SSH (Bulk Delete Guide)

---

What This Guide Covers

If you manage a WHM server with multiple cPanel accounts, there comes a time — during a server migration, a major cleanup, a decommission, or routine maintenance — when you need to permanently remove all suspended accounts at once rather than clicking through each one individually in WHM’s interface.

This guide explains the exact command that does it, breaks down every component so you know precisely what is happening on your server, walks through the prerequisites, shows you how to run it safely, and documents what to do if anything goes wrong.

⚠ CRITICAL WARNING BEFORE PROCEEDING: The command in this guide permanently and irreversibly deletes all suspended cPanel accounts on your server — including all their files, databases, email accounts, DNS zones, and associated data. There is no undo. There is no Recycle Bin. Once run, deleted account data cannot be recovered unless a backup exists.

Take a full server backup before running this command. No exceptions.

---

When Would You Use This Command?

This bulk deletion command is appropriate in specific, deliberate situations:

• Server migration — you are moving active accounts to a new server and the remaining suspended accounts are confirmed to be permanently abandoned
• End-of-year or quarterly cleanup — removing accounts that have been suspended for 30, 60, or 90+ days with no chance of renewal
• Decommissioning a server — clearing all suspended accounts before taking a server offline
• Reseller account management — a reseller is removing all suspended sub-accounts after verifying none need restoration
• Storage reclamation — suspended accounts are consuming significant disk space that is needed for active accounts

This command is not appropriate for:

• Removing a single specific account (use removeacct username instead)
• Removing active (non-suspended) accounts
• Any situation where you have not verified that every suspended account is genuinely abandonable
• Any server where backups have not been confirmed current

---

Part 1: The Complete Command

for user in $(ls -A /var/cpanel/suspended/); do /usr/local/cpanel/scripts/removeacct --force "$user"; done

This is a single-line Bash loop. Run it as root via SSH on your WHM server.

---

Part 2: Command Breakdown — What Every Component Does

Understanding exactly what this command does gives you full control and confidence before executing it.

for user in $(...); do ... done

This is a standard Bash for loop. It iterates over a list of items — in this case, cPanel usernames — and executes a command for each one.

• for user in — declares a variable named user that will hold each username in turn
• do — begins the loop body (the command to run for each item)
• done — ends the loop

ls -A /var/cpanel/suspended/

This lists the contents of the /var/cpanel/suspended/ directory.

What is /var/cpanel/suspended/?

When a cPanel account is suspended in WHM — whether manually by an administrator or automatically for non-payment, abuse, or policy violation — cPanel creates an empty file in this directory named after the cPanel username. For example, if a user john123 is suspended, cPanel creates the file /var/cpanel/suspended/john123.

This directory is the source of truth for which accounts on your server are currently in a suspended state.

The -A flag tells ls to show all entries including those beginning with a dot (.), but excluding the current directory (.) and parent directory (..) entries themselves. This ensures the loop iterates over actual account names rather than directory navigation entries.

You can verify which accounts are currently suspended before running the loop by executing this on its own:

ls -A /var/cpanel/suspended/

This shows you the complete list of usernames that will be deleted when the full command is run. Review this list carefully before proceeding.

/usr/local/cpanel/scripts/removeacct

This is cPanel’s official account removal script, located at the standard cPanel installation path. It handles the complete, clean removal of a cPanel account including:

• Removing all files in the account’s home directory (/home/username/)
• Removing all MySQL databases owned by the account
• Removing all MySQL database users associated with the account
• Removing all email accounts and mailboxes
• Removing all DNS zones associated with the account’s domains
• Removing the cPanel account metadata from WHM
• Removing the system user and group
• Cleaning up cron jobs, FTP accounts, and SSL certificates associated with the account

This script is the correct, supported method for account removal — not rm -rf or manual filesystem deletion, which leaves orphaned database records, DNS entries, and system users.

--force

This flag tells removeacct to skip the standard confirmation prompt that it normally displays before deleting an account.

Without --force, removeacct asks you to type y to confirm the deletion of each account — fine when removing one account interactively, but impossible to automate in a loop. The --force flag bypasses this prompt, allowing the loop to run through all suspended accounts without requiring manual confirmation at each step.

This is exactly why the pre-run backup check is non-negotiable. The --force flag removes the last manual checkpoint between you and irreversible data deletion.

"$user"

This is the variable holding the current username from the loop iteration, quoted with double quotes to handle any edge cases in usernames (though cPanel usernames are alphanumeric, quoting is always good practice in shell scripts).

---

Part 3: Prerequisites — Do Every One of These Before Running

Prerequisite 1 — Take a Full WHM Server Backup

Before executing any bulk deletion command on a WHM server, take a complete backup of the entire server. This includes all cPanel account files, all MySQL databases, all DNS zones, and all WHM configuration.

For backing up individual cPanel accounts that you want to preserve: How to Take a Full Account Backup in cPanel Manually

For MySQL-specific backups: How to Backup MySQL Databases with Mysqldump

On myglobalHOST VPS plans, server-level snapshots can be taken before major maintenance operations — contact support via your Client Dashboard before proceeding.

Prerequisite 2 — Audit the Suspended Account List

Run this command first and save its output:

ls -A /var/cpanel/suspended/

For each username in the list, verify:

• Is this account genuinely abandoned and safe to delete permanently?
• Does the account owner have any outstanding data they need to retrieve?
• Are there any databases that need to be archived before deletion?
• Have all regulatory data retention requirements been met?

Do not skip this audit step. The --force flag will delete every account in that directory without hesitation.

Prerequisite 3 — Verify You Are Logged In as Root

The removeacct script requires root access. Confirm your current user:

whoami

The output must be root. If you are logged in as a non-root user with sudo access, prefix the command with sudo.

Prerequisite 4 — Check Available Disk Space Before and After

Suspended accounts may be occupying significant disk space. Note current disk usage before deletion:

df -h

You can also check each suspended account’s individual disk usage before deleting:

for user in $(ls -A /var/cpanel/suspended/); do du -sh /home/"$user" 2>/dev/null; echo "$user"; done

This shows you how much space each suspended account is using — useful for confirming that the cleanup will reclaim meaningful storage, and for documenting what was deleted.

For ongoing disk management guidance, see: How to Use cPanel Disk Usage Tool to Clean Up Server Space

Prerequisite 5 — Confirm No Active Services Depend on Suspended Accounts

In some WHM configurations, suspended accounts may still have:

• DNS zones being referenced by other accounts
• Email forwards routing to active accounts from suspended domains
• SSL certificates shared across accounts

Check for DNS dependencies:

for user in $(ls -A /var/cpanel/suspended/); do grep -r "$user" /var/named/ 2>/dev/null | head -2; done

---

Part 4: Running the Command — Step by Step

Step 1 — SSH into Your Server as Root

Connect to your server via SSH. For myglobalHOST VPS customers, your SSH credentials are available in your Client Dashboard.

ssh root@your.server.ip.address

For guidance on restarting services via SSH if needed during the process: How to Restart Services in cPanel Using SSH Access

Step 2 — Preview the Accounts to Be Deleted (Dry Run)

Before running the deletion command, preview exactly which accounts will be affected:

echo "The following suspended accounts will be permanently deleted:"
ls -A /var/cpanel/suspended/
echo "Total count: $(ls -A /var/cpanel/suspended/ | wc -l)"

Review this list one final time. If any account should not be deleted, either unsuspend it in WHM first or remove it from the suspended directory before proceeding.

To unsuspend a single account to save it from bulk deletion:

/usr/local/cpanel/scripts/unsuspendacct username

Or use WHM → Account Functions → Manage Account Suspension.

Step 3 — Run the Bulk Removal Command

Once you are satisfied with the account list and your backup is confirmed, run the command:

for user in $(ls -A /var/cpanel/suspended/); do /usr/local/cpanel/scripts/removeacct --force "$user"; done

What you will see during execution:

For each account, removeacct outputs a log of what it is removing:

Removing user: username1
Removing home directory...
Removing MySQL databases...
Removing DNS zones...
Account removal complete: username1

Removing user: username2
...

The speed depends on how many accounts are being removed and how much data each contains. A server with 50 suspended accounts of modest size may complete in a few minutes. Accounts with large filesystems or many databases will take longer.

Step 4 — Verify Completion

After the loop completes, confirm that the suspended accounts directory is empty:

ls -A /var/cpanel/suspended/

This should return no output (empty directory). If any accounts remain, investigate why removeacct did not process them — possible causes include locked files, ongoing processes, or database connection issues.

Also confirm freed disk space:

df -h

---

Part 5: Alternative — Remove a Single Suspended Account

If you want to remove one specific suspended account rather than all of them, use:

/usr/local/cpanel/scripts/removeacct username

Or with force flag to skip confirmation:

/usr/local/cpanel/scripts/removeacct --force username

Replace username with the actual cPanel username of the account to remove.

This is the correct approach when:

• Only one or a few specific accounts need to be removed
• You want interactive confirmation before each deletion
• You are not certain all suspended accounts should be deleted

---

Part 6: Alternative — Remove Only Accounts Suspended Longer Than X Days

A more surgical approach for production servers is to only delete accounts that have been suspended for more than a defined number of days — rather than all suspended accounts indiscriminately.

This uses the file’s modification timestamp (the date cPanel created the suspension file) as a proxy for how long the account has been suspended:

Remove only accounts suspended more than 30 days:

for user in $(find /var/cpanel/suspended/ -maxdepth 1 -type f -mtime +30 -exec basename {} \;); do
    echo "Removing account suspended over 30 days: $user"
    /usr/local/cpanel/scripts/removeacct --force "$user"
done

Remove only accounts suspended more than 60 days:

for user in $(find /var/cpanel/suspended/ -maxdepth 1 -type f -mtime +60 -exec basename {} \;); do
    echo "Removing account suspended over 60 days: $user"
    /usr/local/cpanel/scripts/removeacct --force "$user"
done

Change +30 or +60 to any number of days that matches your data retention policy. This approach is significantly safer than deleting all suspended accounts indiscriminately on a production server.

---

Part 7: Logging the Deletion for Audit Trail

On production or multi-tenant servers, maintaining a log of what was deleted, when, and by whom is good practice — both for accountability and for potential customer disputes.

Run the command with timestamped logging:

LOGFILE="/var/log/cpanel_bulk_removal_$(date +%Y%m%d_%H%M%S).log"
echo "Bulk cPanel account removal started: $(date)" | tee -a "$LOGFILE"
echo "Accounts to be removed:" | tee -a "$LOGFILE"
ls -A /var/cpanel/suspended/ | tee -a "$LOGFILE"
echo "---" | tee -a "$LOGFILE"

for user in $(ls -A /var/cpanel/suspended/); do
    echo "Removing: $user at $(date)" | tee -a "$LOGFILE"
    /usr/local/cpanel/scripts/removeacct --force "$user" 2>&1 | tee -a "$LOGFILE"
    echo "---" | tee -a "$LOGFILE"
done

echo "Bulk removal completed: $(date)" | tee -a "$LOGFILE"
echo "Log saved to: $LOGFILE"

This creates a timestamped log file at /var/log/ with a complete record of every account removed, the output of the removeacct script for each, and the exact timestamps of start and completion.

---

Part 8: Troubleshooting Common Issues

Issue: “Account does not exist” Error

removeacct: username does not exist

Cause: The file in /var/cpanel/suspended/ exists but the corresponding cPanel account metadata is already missing or corrupted.

Fix: The account data is already partially or fully gone. Remove the orphaned suspension file manually:

rm /var/cpanel/suspended/username

Issue: “MySQL error” or Database Removal Fails

Cause: MySQL/MariaDB service is not running or a database lock is preventing removal.

Fix: Verify MySQL is running:

systemctl status mysql

If stopped, restart it:

systemctl restart mysql

Then retry removeacct for the affected username. For database maintenance guidance: Repair and Optimise MySQL Database on cPanel/WHM Server

Issue: DNS Zone Removal Fails

Cause: The DNS zone for the account’s domain has already been manually removed, or the named service has an issue.

Fix: Check the named service:

systemctl status named

For DNS management: How to Force Delete DNS from Command Line CLI in WHM

Issue: Home Directory Files Cannot Be Removed (Permission Error)

Cause: Files within the account’s home directory may have unusual permissions or be owned by another process.

Fix: Run a permission check on the directory first:

ls -la /home/username/

If files are locked by a running process:

lsof | grep /home/username

Kill the relevant process if safe to do so, then retry removeacct.

Issue: Loop Exits Early Without Completing All Accounts

Cause: A removeacct failure on one account causes the shell to exit the loop (depending on your shell’s error handling settings).

Fix: Add error handling to the loop so it continues even if one account fails:

for user in $(ls -A /var/cpanel/suspended/); do
    echo "Processing: $user"
    /usr/local/cpanel/scripts/removeacct --force "$user" || echo "FAILED to remove: $user — continuing"
done

The || echo "FAILED..." ensures the loop continues to the next account even if removeacct returns a non-zero exit code for a specific account.

---

Part 9: Related WHM Account Management Commands

While you have SSH access open, here are related account management commands that server administrators frequently need alongside bulk removal:

List all cPanel accounts on the server:

ls /var/cpanel/users/

List only active (non-suspended) accounts:

for user in $(ls /var/cpanel/users/); do
    if [ ! -f /var/cpanel/suspended/$user ]; then
        echo "$user"
    fi
done

Suspend a specific account (without deleting it):

/usr/local/cpanel/scripts/suspendacct username

For the complete guide on forceful suspension: How to Forcefully Suspend a cPanel Account via SSH Using suspendacct

Unsuspend a specific account:

/usr/local/cpanel/scripts/unsuspendacct username

Check the current disk usage of all home directories (useful before bulk deletion):

du -sh /home/* | sort -rh | head -20

Restart cPanel and WHM services after bulk operations:

/usr/local/cpanel/scripts/restartsrv_cpsrvd

For full service restart guidance: How to Restart Services in cPanel Using SSH Access

---

Part 10: Security Considerations for WHM Server Administrators

Running bulk account deletion commands has security implications beyond the immediate data loss risk. Here are the practices that should accompany any major WHM administrative operation:

Restrict SSH Access by IP

Before running destructive commands via SSH, ensure your server’s SSH access is restricted to known, trusted IP addresses. Unrestricted SSH access means any compromised credential can run these same commands against your server.

For IP blocking and firewall configuration: IP Blocking and iptables in Linux cPanel

Run CSF Firewall

CSF (ConfigServer Security & Firewall) is the industry-standard firewall for cPanel/WHM servers. It provides SSH brute force protection, login failure monitoring, and connection tracking that protects your server before, during, and after maintenance operations.

See: How to Install CSF Firewall in WHM/cPanel and How to Configure CSF in WHM/cPanel for Maximum Security

Use Imunify360 for Ongoing Protection

After bulk operations, ensure Imunify360 is active and scanning the remaining active accounts for malware. Compromised files in active accounts sometimes originate from previously suspended accounts — a bulk cleanup is a good trigger to run a full server scan.

See: Auto Block Attackers with Imunify360 and LiteSpeed WHM

Enable CloudLinux Site Isolation

CloudLinux with CageFS isolates each cPanel account’s filesystem from others. This is particularly important after removing suspended accounts — ensuring that any residual processes or files from deleted accounts cannot affect remaining active accounts.

See: CloudLinux Site Isolation in cPanel/WHM

Keep cPanel/WHM Updated

Always run the latest stable cPanel/WHM version. The removeacct script and all related cPanel CLI tools are updated with each release — using outdated versions may cause compatibility issues or miss important bug fixes in account removal.

See: How to Check cPanel/WHM Version and How to Rollback a cPanel Update

---

Quick Reference Card

# STEP 1: Preview accounts to be deleted (safe — no deletion)
ls -A /var/cpanel/suspended/

# STEP 2: Check disk usage of suspended accounts (safe — no deletion)
for user in $(ls -A /var/cpanel/suspended/); do du -sh /home/"$user" 2>/dev/null; echo "$user"; done

# STEP 3: Bulk remove ALL suspended accounts (IRREVERSIBLE — backup first)
for user in $(ls -A /var/cpanel/suspended/); do /usr/local/cpanel/scripts/removeacct --force "$user"; done

# STEP 4: Bulk remove accounts suspended more than 30 days (safer alternative)
for user in $(find /var/cpanel/suspended/ -maxdepth 1 -type f -mtime +30 -exec basename {} \;); do /usr/local/cpanel/scripts/removeacct --force "$user"; done

# STEP 5: Verify completion
ls -A /var/cpanel/suspended/
df -h

# RELATED: Remove a single account
/usr/local/cpanel/scripts/removeacct --force username

# RELATED: Suspend (not delete) a single account
/usr/local/cpanel/scripts/suspendacct username

# RELATED: Unsuspend a single account
/usr/local/cpanel/scripts/unsuspendacct username

---

Need Root SSH Access? myglobalHOST VPS Plans Include Full Control

This command requires root SSH access to your server — available on all myglobalHOST VPS plans. If you are currently on a shared hosting plan and need the server-level access to run commands like this, consider upgrading to:

• SSD VPS — dedicated SSD storage, full root SSH access, USA/India/Europe/Singapore data centres
• NVMe VPS — dedicated NVMe storage for maximum performance, full root SSH access

For Reseller Hosting customers managing cPanel accounts via WHM, the removeacct script and account management commands are accessible through your WHM panel’s Terminal or via the SSH access provided with your reseller plan.

If you need assistance with bulk account management, server cleanup, or any WHM-level operation, raise a support ticket through your Client Dashboard. See How to Open a Ticket at myglobalHOST and What Are the Support Timings? before reaching out.

---

Related Knowledge Base Articles

WHM Account Management

• How to Forcefully Suspend a cPanel Account via SSH Using suspendacct
• How to Restart Services in cPanel Using SSH Access
• How to Force Delete DNS from Command Line CLI in WHM
• How to Fix and Rebuild Apache in cPanel/WHM
• How to Check cPanel/WHM Version
• How to Rollback a cPanel Update
• How to Disable IPv6 in cPanel
• How to Install MariaDB Instead of MySQL8 in cPanel/WHM

Database Management

• Repair and Optimise MySQL Database on cPanel/WHM Server
• How to Backup MySQL Databases with Mysqldump
• How to Take a Full Account Backup in cPanel Manually

Security

• How to Install CSF Firewall in WHM/cPanel
• How to Configure CSF in WHM/cPanel for Maximum Security
• Auto Block Attackers with Imunify360 and LiteSpeed WHM
• Auto Block Attackers with CSF and LiteSpeed WHM
• CloudLinux Site Isolation in cPanel/WHM
• IP Blocking and iptables in Linux cPanel
• Whitelisting Multiple IPs in Imunify360
• Imunify360 Cache Ignore Script — Fix WordPress False Positive Malware Alerts
• Fix Apache Symlink Protection CloudLinux sysctl Error in WHM
• Urgent Fix CVE-2026-41940 Authentication Bypass in cPanel/WHM

DNS Management

• How to Add, Edit and Manage DNS in cPanel

Storage and Performance

• How to Use cPanel Disk Usage Tool to Clean Up Server Space
• Bulk Delete LSCache Folder in cPanel/WHM
• What is NVMe SSD Hosting and Why is it Faster Than Regular SSD?
• Shared Hosting vs VPS Hosting: Which One Do You Actually Need?

myglobalHOST Account

• How to Open a Ticket at myglobalHOST
• What Are the Support Timings?

---

This article is part of the myglobalHOST Knowledge Base — advanced WHM, cPanel, and server administration guides written for hosting professionals, resellers, and VPS customers managing cPanel/WHM environments.