How to Disable the “Check Email” Button in cPanel Jupiter Theme (Without Breaking Webmail)

Introduction

In this guide, we’ll show you how to disable the Check Email button in cPanel Jupiter safely without breaking webmail or blocking users.

If you manage email accounts in cPanel, you’ve probably noticed the “Check Email” button in the Email Accounts section. By default, this button lets any cPanel user (or IT staff with access) auto-login into a mailbox without entering its password.

While convenient, this is a serious privacy concern: it effectively gives administrators direct inbox access. For many organizations, that crosses the line between IT support and email snooping.

Unfortunately, cPanel doesn’t provide a simple toggle in WHM → Tweak Settings to disable this feature in the Jupiter theme. Hiding the button with Feature Manager also disables Roundcube/Horde for real users, which isn’t acceptable.

So what’s the solution?

The Problem With “Check Email” in cPanel Jupiter

  • No direct toggle: cPanel 130.x and Jupiter don’t have a setting to disable the button.
  • Feature Manager too harsh: disabling webmail globally blocks Roundcube for everyone.
  • IT needs access, not inboxes: administrators should be able to reset passwords and quotas but should not be able to read user emails with one click.

The Solution: Safe UI Customization

The cleanest method is to use cPanel’s supported content_includes system to inject a small CSS + JS override. This removes the “Check Email” button from the Email Accounts page without touching core Jupiter files, so your changes survive cPanel updates.

Step-by-Step Guide

  • Create the customization directory (if it doesn’t already exist):
mkdir -p /var/cpanel/customizations/content_includes
  • Create the page-scoped include file:
cat > /var/cpanel/customizations/content_includes/cpanel_jupiter_email_accounts_header.html.tt <<'EOF'
<style>
a[id^="email_table_menu_webmail_"],
a[href*="webmailform.html"],
a[ng-href*="webmailform.html"],
a[aria-label="Check Email"],
button[aria-label="Check Email"],
a[title="Check Email."] { display: none !important; }
</style>
<script>
(function(){
  function nuke(){document.querySelectorAll(
    'a[id^="email_table_menu_webmail_"],a[href*="webmailform.html"],a[ng-href*="webmailform.html"],a[aria-label="Check Email"],button[aria-label="Check Email"]'
  ).forEach(e=>e.remove());}
  new MutationObserver(nuke).observe(document.documentElement,{childList:true,subtree:true});
  nuke();
})();
</script>
EOF
  • Restart the cPanel web service:
/scripts/restartsrv_cpsrvd

Clear browser cache and reload the Email Accounts page.
✅ The “Check Email” button should now be gone.

What This Fix Achieves

  • Admins can still reset passwords and manage accounts.
  • Users can still log into webmail (Roundcube/Horde/Afterlogic) directly via /webmail or :2096, but only with their own password.
  • No inbox snooping via cPanel UI.
  • Safe, update-resistant, and reversible by removing the include file.

Conclusion

The “Check Email” auto-login button is convenient, but for organizations that care about privacy, it’s a liability. With a simple content_includes customization, you can remove that backdoor while keeping all legitimate functions intact.

If your IT team only needs to reset passwords, this is the most practical and update-proof solution.

🔹 Why Disable “Check Email” in cPanel?

Explain risks:

  • Allows IT staff or admins to auto-login without user consent.
  • Breaks privacy policies / GDPR compliance.
  • Could be abused to spy on staff mailboxes.

🔹 Other Methods People Try (and Why They Fail)

  • Feature Manager: Disables all webmail, punishing users.
  • Disabling Dovecot/Exim: Breaks mail entirely.
  • Editing Jupiter Core Templates: Overwritten by updates.
    → Only content_includes is safe and supported.

🔹 Reversibility & Best Practices

  • How to remove the include file.
  • Suggest combining with “Manage Team” feature for limited IT roles.
  • Recommend documenting this change for compliance audits.

3. Add FAQ Block (Rank Math FAQ Schema)

Drop this into WordPress Gutenberg (FAQ block) or Elementor:

Q: Can I disable the Check Email button in cPanel without losing webmail?
A: Yes. By using a content_includes customization, you can hide the button but still allow direct Roundcube/Horde logins.

Q: Does this work in Jupiter theme only?
A: Yes, this method is written for Jupiter (cPanel 102+). Older Paper Lantern can be customized differently.

Q: Will cPanel updates remove my changes after updates?
A: No. Because the file is stored in /var/cpanel/customizations/content_includes/, cPanel preserves it across updates.

Similar Posts

  • Splitting cPanel Backups Across Days With a Rotation Script

    Managing backups on a busy cPanel server can get tricky, especially when account sizes vary widely. Running full backups of all accounts every day can push disk usage to the limit,slow down the server, or even fail if temporary archives eat up available space. therefor splitting cpanel backups into groups fixes this. We faced exactly…

Leave a Reply

Your email address will not be published. Required fields are marked *