We recommend moving all writeable directories to a secure, private location and updating related items to prevent unauthorized web-based access to self-hosted WHMCS installations.
When you secure your self-hosted WHMCS installation, we recommend adjusting the permissions for the configuration.php file to protect your sensitive data.
We recommend moving the crons directory to a custom private directory above your web root to prevent unauthorized web-based access to self-hosted WHMCS installations.
Customizing the WHMCS admin directory name makes it harder for bots and malicious users to find the login URL for the Admin Area of your self-hosted WHMCS installation.
NGINX® can't read the .htaccess file that WHMCS uses, so NGINX users must take additional steps to protect sensitive directories on self-hosted WHMCS installations.