WHMCS includes features to help keep your data safe, and we recommend taking additional steps to secure your WHMCS installation further.
We recommend moving all writeable directories to a private location and updating related items to prevent unauthorized web-based access.
Security questions add an extra level of security for users. During password resets, the system uses them to verify the user's identity.
WHMCS recommends several options to help you stop spam orders, and includes support for reCAPTCHA, banning email domains, and more.
API authentication credentials allow your API-connected devices and systems to authenticate with WHMCS using API roles that you create.
Email verification ensures that a client's registered email address is valid after client creation or changes to the email address.
When you secure your installation, we recommend adjusting the permissions for the configuration.php file to protect your sensitive data.