Enhancing Security

WHMCS includes features to help keep your data safe, and we recommend taking additional steps to secure your WHMCS installation further.

Secure Writeable Directories

We recommend moving all writeable directories to a private location and updating related items to prevent unauthorized web-based access.

Security Questions

Security questions add an extra level of security for users. During password resets, the system uses them to verify the user's identity.

Spam Orders

WHMCS recommends several options to help you stop spam orders, and includes support for reCAPTCHA, banning email domains, and more.

API Credentials

API authentication credentials allow your API-connected devices and systems to authenticate with WHMCS using API roles that you create.

Client Email Verification

Email verification ensures that a client's registered email address is valid after client creation or changes to the email address.

Secure the Configuration File

When you secure your installation, we recommend adjusting the permissions for the configuration.php file to protect your sensitive data.