Enhancing Security

WHMCS includes features to help keep your data safe, and we recommend taking additional steps to secure your WHMCS installation further.

Secure Writeable Directories

We recommend moving all writeable directories to a private location and updating related items to prevent unauthorized web-based access.

The configuration.php File

The configuration.php file contains many of the most important and sensitive configuration details for your WHMCS installation.

Secure the Configuration File

When you secure your installation, we recommend adjusting the permissions for the configuration.php file to protect your sensitive data.

Move the Cron Directory

We recommend moving the crons directory to a custom private directory above your web root to prevent unauthorized web-based access.

Rename the Admin Directory

Customizing the WHMCS admin directory name makes it harder for bots and malicious users to find the login URL for your Admin Area.

Setup Wizard

The Setup Wizard or Getting Started Wizard appears the first time that you log in to the Admin Area. It helps you start configuring WHMCS.