Secure the Configuration File

We recommend adjusting the permissions for the configuration.php file in the WHMCS root directory. This file contains sensitive data that you can’t recover without a backup copy of the file. Changing the file permissions helps to avoid accidentally overwriting, editing, or deleting the file.

We recommend performing this task and other security measures immediately after installing WHMCS. For a full list, see Enhancing Security.
For more information, see The configuration.php File.

Changing File Permissions

400 permissions provide the system with read-only access and prevent anyone else from reading, editing, or executing the file.

To change the file permissions, run the following command while in your WHMCS root directory:

chmod 400 configuration.php

Errors Loading WHMCS

While 400 permissions suffice for most systems, some server configurations may require you to set the permission to 440 or 444.

If you encounter an error loading the application after setting the permission to 400, try 440 and then 444.

License Key Updates

If you need to update your license key, you must set the permissions on this file to 755 to allow the system to edit the file. After the updating the key, you can revert the permissions to 400.

Last modified: June 5, 2024