Browse by Category

360 Monitoring
0
AccelerateWP
12
Account & Billing
86
Backups
24
Cloudflare FAQs
19
CodeGuard Backup
0
cPanel
120
cPanel Databases
10
cPanel File Manager
35
cPanel Git
0
cPanel Resellers
11
Domain & DNS
111
Drupal
1
Email Hosting
85
FAQs
5
Joomla
2
Koality
0
Linux Administration
104
Plesk
92
Reseller Hosting
40
SEO Optimization
1
Sitejet
0
SiteLock
11
SitePad
1
Softaculous
45
SolusVM
0
Spam Experts
20
SSL/TLS
1
Web Apps
1
Web Hosting Addons
3
Website Security
60
Webuzo
0
Weebly Builder
6
WHMCS
35
WordPress
87
WP Squared
26
XOVI SEO
5

  Browse by Category

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

Essential Security Steps After Installing WHMCS Make it Rain Paper

  • WHMCS, WHMCS Security
  • 0

Securing your WHMCS installation is crucial for protecting sensitive customer and business information. While WHMCS has built-in security features, following additional steps can further safeguard your system against potential threats.

Pre-requisites

  • Access to cPanel or a similar web hosting control panel.
  • FTP/SFTP access to your server.
  • Basic knowledge of Linux commands (if applicable).
  • WHMCS installed and operational.

Step-by-Step Guide to Secure Your WHMCS Installation

1. Secure Writeable Directories

It's recommended to move all writeable directories to a private location to prevent unauthorized web access. The following directories need to be moved:

  • attachments
  • downloads
  • templates_c

The attachments and downloads directories contain files attached to support tickets, while templates_c enhances the performance of templated pages and emails.

Moving Directories in cPanel

  1. Log in to your cPanel account and navigate to Files » File Manager.
  2. Locate your WHMCS installation directory.
  3. For each of the three directories mentioned:
    1. Right-click on the folder and select Move.
    2. Enter the new path (above the public_html directory).
    3. Click Move File(s).
  4. Note the new directory paths for later steps.
  5. Return to the WHMCS installation path.

2. Update Configuration Files

  1. Right-click on configuration.php and select Edit.
  2. Update the $templates_compiledir setting: 
    $templates_compiledir = "/home/username/templates_c/";
  3. Save changes.

3. Update Storage Settings in WHMCS Admin Area

  1. In the WHMCS Admin Area, navigate to Configuration > System Settings > Storage Settings.
  2. In the Configurations tab, select Local Storage for Add New Configuration and click +.
  3. Enter the new path for the attachments directory and click Save Changes.
  4. Repeat the above step for the downloads directory.
  5. In the Settings tab, select the new directory locations and click Switch.
  6. Only click Switch if you have successfully moved the directories. If you created new directories, use Migrate instead to copy the files.

Gotchas to Avoid

  • Ensure that the new directories are above the public_html directory to prevent direct access.
  • Confirm that permissions are set correctly. Use the following command for Linux systems: 
    chmod 755 /path/to/directory
  • If using suPHP or PHP suEXEC, verify that permissions are compatible.

By following these steps, you can significantly enhance the security of your WHMCS installation. If you have any questions or need further assistance, consider reaching out to your hosting provider or system administrator.

Learn how to create a reseller hosting account:

Did this answer help?

Related Articles

How To Create New Users Or Add Team Users to Your WebHostingM cPanel Learn how to create and manage new users in cPanel using the Manage Team feature.  This... Changes To Keep in Mind When cPanel Migrating from Apache 2.2 to Apache 2.4 Learn how to migrate your application running on an old Apache 2.2 server to a newer Apache 2.4+... Can I Host A Website with Old PHP Versions with WebHostingM? Learn how to migrate PHP applications to a hosting platform supporting PHP versions 7.4 to 8.3.... Can I Use the CGIEmail Script on WebHostingM? Discover why using the CGIEmail script on WebHostingM is not recommended. Learn about the... How To Manage Email Account Quotas in cPanel Learn how to set a quota for email accounts in cPanel to manage mailbox storage effectively....
« Back

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket