Domain Name Registration and Website Hosting - Easy to use Website Builder
GoWebsite provides Domain Name Registration, cPanel Hosting, Website Security, SEO, WordPress Hosting, Email Accounts, SSL Certificates, Website Builder & other Web Development Products.
Free setup! Speak with us anytime: 480-624-2500
Home Guides Glossary

Securing WHMCS Installations

There are additional precautions you can take to secure your installation of WHMCS. While we recommend additional layers of security to protect your server and website, we can only offer these suggestions to point you in the right direction. For technical support regarding these extra security measures, see the WHMCS website.

Change your WHMCS admin folder name

Malicious users who visit your Website and recognize a WHMCS installation might know that they can try logging into your admin area through the /admin/ directory path. To protect against this, you can rename the admin directory. If you do this, add the following line to your configuration.php file:

$customadminpath = "custom_admin_folder_name_goes_here";

NOTE: If you have already created a cron job, you need to update the path on the cron command as well. For example,
php -q /home/username/public_html/whmcs/myadminfoldername/cron.php
(where username is your Reseller Hosting User Name, and myadminfoldername is the new admin directory name).

Move the attachments, downloads, and templates_c folders

The attachments, downloads, and templates_c folders need to be writeable by WHMCS, and therefore require the permissions 777 (writeable by all). When folders have this permission level it is safer to place the folders outside of the publicly accessible folder tree on your website.

If you choose to move the folders, then you must tell WHMCS where they are located by adding the following lines to the configuration.php file:

$templates_compiledir = "/home/username/templates_c/";
$attachments_dir = "/home/username/attachments/";
$downloads_dir = "/home/username/downloads/";

In the above example, username is the Reseller Hosting username and the three folders are located in the home directory — above the public_html directory.

Password protect the admin directory

Add a second layer of protection to the admin directory by setting up .htaccess password protection. You can do this with the Password Protect Directories option in cPanel. Remember to keep your .htaccess username and password distinct and unique. You can use the Random Password Generation feature in cPanel to help.

More GoWebsite Articles
Where can I find more information about cPanel and WebHost Manager? Creating Accounts in cPanel/WebHost Manager Setting up WebHost Manager for the First Time Troubleshooting cPanel FTP Connectivity Issues What is the difference between cPanel and WebHost Manager? Install WHMCS What ports are used by cPanel?

Domain Registration

Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

Website Builder

Build an amazing website in just under an hour with Website Builder. Take advantage of designs created just for your industry and then customize them to reflect your one-of-a-kind idea.

Website Security

Protect your website and keep customers safe. Your comprehensive Website Security solution. Get peace of mind by securing your websites.

cPanel Hosting

Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate
Copyright © 2005 - 2024.  All rights reserved.  Privacy Policy