We recommend moving the crons directory to a custom private directory above your web root to prevent unauthorized web-based access.
Customizing the WHMCS admin directory name makes it harder for bots and malicious users to find the login URL for your Admin Area.
WHMCS automatically bans IP addresses after three failed login attempts, or you can permanently ban them manually.
Google® reCAPTCHA is a secure tool to help you prevent bots from placing orders, creating accounts, or logging in to your Client Area.
The Security tab allows you to configure security-related features.
We recommend downloading security updates as soon as possible.
You can configure WHMCS to use an encrypted MySQL® database.