How To Make WHMCS Secure
  1. All
  2. WHMCS

How To Make WHMCS Secure?

Written by Posted on Less than 0 min read

Make WHMCS Secure: WHMCS is a hosting and billing management software that automates your hosting and domain business. To protect your whmcs, But over the last few years, we’ve received a lot of complaints against WHMCS security vulnerabilities and adapters. There are many hackers as well as intruders who are trying their best to hack and exploit the WHMCS system.

WHMCS stores very sensitive data of your client like server login, clients name, card details You have a lot of data from your customers whose hosting plans are running. All of your registered domains, in addition to server access, provide a large amount of confidential data. There is a great need to protect your WHMCS system. We continuously monitor various security channels in relation to our customers’ complaints. Therefore, to avoid hackers, malware infections and vulnerability exploits, it is necessary to follow some security measures.

1. Securing the Writable Directories

To prevent web-based access, You must need to move all writable directories to a private directory from the public folder. The three directories that can be written are attachments, downloads as well as templates_c. Therefore, you need to add new paths to these directories by updating the following lines in the configuration.php file.

Old 
$attachments_dir = “/home/username/public_html/attachments/”;
$downloads_dir = “/home/username/public_html/downloads/”;
$templates_compiledir = “/home/username/public_html/templates_c”;


After Moving to Pricate

$attachments_dir = “/home/username/whmcsdata/attachments/”;
$downloads_dir = “/home/username/whmcsdata/downloads/”;
$templates_compiledir = “/home/whmcsdate/username/templates_c”;

2. Securing the “configuration.php” file

Securing the configuration.php is very important because it contains database username, password and Hash Encrypt and Decrypts Key, you need to change the permissions for the “configuration.php” file which is in your WHMCS root directory. This is one of the files you cannot recover without backing up the file. adjusting the permissions for the “configuration.php” file in your WHMCS root directory. Change permission set to 400, which will help prevent accidental editing, overwriting and deleting. Eventually, it will provide read-only access to the file and prevent anyone else from spoofing.

3. Move the Crons directory

Here, we recommend you move the crons folder to a non-public directory which is located above your web root to stop the web-based access. For the relocation, firstly, you need to choose a new location for your crons folder and secondly, uncomment the WHMCS path as well as provide the full path to your WHMCS installation. You need to add the following line to the configuration.php:

$crons_dir= ‘/home/username/whmcs_crons’;

4. Restricting access by IP

To add more privacy to your admin area, you can restrict access to a particular set of IPs. This can only be done by creating a file namely, .htaccess within your admin directory of WHMCS along with the following:

order deny, allow
allow from 12.34.5.67
allow from 98.76.54.32

deny from all

5. Changing WHMCS Admin Folder Name

changing whmcs admin location is very important in whmcs to secure your whmcs admin login area, to customize whmcs admin folder will help your whmcs to get more secured.

  1. Open the configuration.php file within your WHMCS installation’s root directory
  2. At the bottom of the file (before the closing PHP tag ?> if one exists), add the following line:$customadminpath = “myadminfoldername”;
  3. Replacing myadminfoldername with the name you wish to use for your admin directory. This should just be the directory name, not a full path.
  4. If your configuration.php file already contains a custom admin path definition, you can simply update the existing line
  5. Rename the admin directory to the name you specified in step 2 above

6. Enable SSL

the owner of whmcs, which handles all customer data through the billing application, it needs to handle the passage of more sensitive data between it and end-users. Therefore, it is important to have a valid SSL certificate that will allow you to use HTTPS as well as encrypted communication.

  1. Install Mod Security in Easy Apache: You can take additional steps and one of them is installing Mod security in Apache which will help in blocking SQL injection attacks.
  2. install imunify365 on your server
  3. You need to secure your physical server. For this, you need access to the files via SSH/SFTP and relocate the SSH port.
  4. Block all unwanted Ports on your server.
  5. Choose Storgae Password of your whmcs when you setup and make sure there is no other CMS platform hosted in same hosting account or sub folder like wordpress.
  6. One more step is to backup your server and the database files of the server.
  7. Install WHMCS alone on a server.
  8. Hire Any WHMCS Expert To Make secure your whmcs all configuartion is good! if you want to hire me? Hire Now

Related articles

Install Let's Encrypt SSL on Ubuntu 20.04
  1. All
  2. Linux Server
  3. Server Configuration
  4. Ubuntu

Install Let’s Encrypt SSL on Ubuntu 20.04

Install Let’s Encrypt SSL on Ubuntu 20.04: The easiest way to install the Let’s Encrypt certificate is by using Certbot with instructions for the various web server or hosting platforms (Nginx, Apache) In this tutorial, we’ll use Certbot to Install Let’s Encrypt SSL on Ubuntu 20.04 using certbot and step up the SSL certificate to automatically renew. Prerequisites: […]
Written by
ElySpace Hosting: The Leading WHMCS Reseller Hosting Provider
  1. cPanel - WHM
  2. Hosting and Server Reviews
  3. WHMCS

ElySpace: The Leading WHMCS Reseller Hosting Provider

Summary: This article reveals all about how ElySpace is the leading whmcs reseller, hosting provider. With the growing demand for web hosting services, more and more business owners are leaning towards the web hosting business and aiming to become resellers of hosting providers. One of the easiest and most popular ways to get web hosting […]
Written by
  1. All

How do I disable ONLY_FULL_GROUP_BY in MySQL?

If you’re encountering the “ONLY_FULL_GROUP_BY” error in MySQL and want to disable it, you can follow these easy steps to make the necessary changes. Please note that modifying the MySQL configuration file requires root access or access to WHM >> Terminal via SSH. Here’s a step-by-step guide to disabling ONLY_FULL_GROUP_BY: Take note of the output […]
Written by
  1. AI
  2. All
  3. Creative
  4. Digital
  5. Featured
  6. Featured Post
  7. Hosting Control Panels

Unleashing the Potential of AI: A Guide to Monetizing Artificial Intelligence

Introduction Artificial Intelligence (AI) has not only revolutionized industries but has also opened up new avenues for individuals and businesses to make money. The advanced capabilities of AI, such as automation, data analysis, and predictive modelling, have created opportunities for generating income and optimizing business strategies. If you’re interested in leveraging AI to make money, […]
Written by
  1. All
  2. ArchLinux
  3. Kali Linux
  4. Linux Server
  5. Oracle Linux

Building a Resilient Server: A Comprehensive Guide to Backup Strategies on Linux

Introduction: In this comprehensive guide, we will explore the importance of backup strategies for building a resilient server on Linux. A server plays a critical role in hosting websites, running applications, and storing valuable data. However, unforeseen events such as hardware failures, human errors, or security breaches can lead to data loss and service interruptions. […]
Written by
Next
No Comments
Leave a comment Cancel
Comments to: How To Make WHMCS Secure?

    Your email address will not be published. Required fields are marked *