WHMCS includes features to help keep your data safe, and we recommend taking additional steps to secure your WHMCS installation further.
We recommend moving all writeable directories to a secure, private location and updating related items to prevent unauthorized web-based access.
The configuration.php file contains many of the most important and sensitive configuration details for your WHMCS installation.
When you secure your installation, we recommend adjusting the permissions for the configuration.php file to protect your sensitive data.
We recommend moving the crons directory to a custom private directory above your web root to prevent unauthorized web-based access.
Customizing the WHMCS admin directory name makes it harder for bots and malicious users to find the login URL for your Admin Area.
The Getting Started Wizard appears the first time that you log in to the Admin Area. These steps help you configure company information, payments, domain registrations, MarketConnect sales, and other important settings and features in WHMCS. In WHMCS 8.12 and earlier, this was the Setup Wizard.