Make WHMCS Secure: WHMCS is a hosting and billing management software that automates your hosting and domain business. To protect your WHMCS, over the last few years, we’ve received a lot of complaints against WHMCS security vulnerabilities and adapters. There are many hackers as well as intruders who are trying their best to hack and exploit the WHMCS system.

WHMCS stores very sensitive data of your client like server login, clients name, card details You have a lot of data from your customers whose hosting plans are running. All of your registered domains, in addition to server access, provide a large amount of confidential data. There is a great need to protect your WHMCS system. We continuously monitor various security channels in relation to our customers’ complaints. Therefore, to avoid hackers, malware infections, and vulnerability exploits, it is necessary to follow some security measures.

Buy WHMCS Cheap

Six Steps To Secure Your WHMCS

1. Securing the Writable Directories

To prevent web-based access, You must need to move all writable directories to a private directory from the public folder. The three directories that can be written are attachments, downloads as well as templates_c. Therefore, you need to add new paths to these directories by updating the following lines in the configuration.php file.

$attachments_dir = “/home/username/public_html/attachments/”;
$downloads_dir = “/home/username/public_html/downloads/”;
$templates_compiledir = “/home/username/public_html/templates_c”;

After Moving to Pricate

$attachments_dir = “/home/username/whmcsdata/attachments/”;
$downloads_dir = “/home/username/whmcsdata/downloads/”;
$templates_compiledir = “/home/whmcsdate/username/templates_c”;

2. Securing the “configuration.php” file

Securing the configuration.php is very important because it contains the database username, password, and Hash Encrypt, and Decrypts Key, you need to change the permissions for the “configuration.php” file which is in your WHMCS root directory. This is one of the files you cannot recover without backing up the file. adjusting the permissions for the “configuration.php” file in your WHMCS root directory. Change permission set to 400, which will help prevent accidental editing, overwriting, and deleting. Eventually, it will provide read-only access to the file and prevent anyone else from spoofing.

3. Move the Crons directory

Here, we recommend you move the crons folder to a non-public directory which is located above your web root to stop the web-based access. For the relocation, firstly, you need to choose a new location for your crons folder and secondly, uncomment the WHMCS path as well as provide the full path to your WHMCS installation. You need to add the following line to the configuration.php:

$crons_dir= ‘/home/username/whmcs_crons’;

4. Restricting access by IP

To add more privacy to your admin area, you can restrict access to a particular set of IPs. This can only be done by creating a file namely, .htaccess within your admin directory of WHMCS along with the following:

order deny, allow
allow from
allow from

deny from all

5. Changing WHMCS Admin Folder Name

changing WHMCS admin location is very important in whmcs to secure your whmcs admin login area, to customize whmcs admin folder will help your whmcs to get more secured.

  1. Open the configuration.php file within your WHMCS installation’s root directory
  2. At the bottom of the file (before the closing PHP tag ?> if one exists), add the following line:$customadminpath = “myadminfoldername”;
  3. Replacing myadminfoldername with the name you wish to use for your admin directory. This should just be the directory name, not a full path.
  4. If your configuration.php file already contains a custom admin path definition, you can simply update the existing line
  5. Rename the admin directory to the name you specified in step 2 above

6. Enable SSL

the owner of whmcs, which handles all customer data through the billing application, needs to handle the passage of more sensitive data between it and end-users. Therefore, it is important to have a valid SSL certificate that will allow you to use HTTPS as well as encrypted communication.



Quick search

cheap cpanel license
cheap license buy
cheap plesk license
cheap litespeed license

Recent Comments

    Telegram: @licenseman_net | If have any question make Contact with our agents | daily discount code : Show On Telegram Channel