WHMCS includes features to help keep your data safe, and we recommend taking additional steps to secure your WHMCS installation further.
We recommend moving all writeable directories to a secure, private location and updating related items to prevent unauthorized web-based access.
The configuration.php file contains many of the most important and sensitive configuration details for your WHMCS installation.
When you secure your installation, we recommend adjusting the permissions for the configuration.php file to protect your sensitive data.
We recommend moving the crons directory to a custom private directory above your web root to prevent unauthorized web-based access.
Customizing the WHMCS admin directory name makes it harder for bots and malicious users to find the login URL for your Admin Area.
The Setup Wizard or Getting Started Wizard appears the first time that you log in to the Admin Area. It helps you start configuring WHMCS.
Check off each item in the System Settings Setup Tasks list to ensure that you have completed initial setup for your WHMCS installation.
NGINX® can't read the .htaccess file that WHMCS uses, so NGINX users must take additional steps to protect sensitive directories.