Secure Writeable Directories

We recommend moving all writeable directories to a private location to prevent web-based access. When you move them, you must also update their locations in your installation’s file storage and the templates cache.

We recommend performing this task and other security measures immediately after installing WHMCS. For a full list, see Enhancing Security.

Writeable Directories

WHMCS requires three writeable directories:

  • attachments
  • downloads
  • templates_c

The attachments and downloads directories include the files that you or your customers attach to support tickets and any files that you offer for download. You can either move the attachments and downloads storage directories to a local location or store them remotely on an Amazon S3™-compatible service.

The templates cache (templates_c) improves the performance of templated pages and emails. You can move the templates_c directory to a local location.

If you are running suPHP or PHP suEXEC, run chmod 755 to make the directories writeable. This is the highest permission available for both folders and files when running in that condition.

Moving the Directories

The method to use to move the directories depends on your hosting control panel and the methods that you prefer.

For help moving files in other control panels, see the control panel’s documentation or contact your hosting provider or system administrator.

Moving Directories in cPanel

To do this in cPanel:

  1. In your cPanel account, go to Files » File Manager.

  2. Go to your WHMCS installation directory.

  3. For each of the three folders:

    1. Right-click on the folder and choose Move.
    2. Enter the new path for the directory. This path must be above the public_html directory.
    3. Click Move File(s). As you move each folder, they will appear in the left-side navigation pane.
      Make certain that you note the new directory paths. You will need them in later steps.
  4. Still in cPanel at Files » File Manager, navigate back to the WHMCS installation path.

  5. Right-click on the configuration.php file and choose Edit.

  6. Update the $templates_compiledir setting to use the new path to the templates_c directory. For example:

    $templates_compiledir = "/home/username/templates_c/";
    
    For more information about updating the configuration.php file, see The configuration.php File.
  7. Click Save Changes.

  8. In the WHMCS Admin Area, go to Configuration () > System Settings > Storage Settings.

  9. In the Configurations tab, select Local Storage for Add New Configuration and click +.

  10. Enter the new path to the attachments directory and click Save Changes.

  11. Repeat steps 9-10 for the downloads directory.

  12. In the Settings tab, choose the new directory locations in each menu.

  13. Click Switch.

Only click Switch if you have successfully moved the directories. If you created new directories instead, use Migrate instead to copy the files from the old directory to the new directory.
For more information on setting up storage locations, see Storage Settings.

Last modified: June 11, 2024