Now that you’ve installed WHMCS, there are a few steps that can be taken to strengthen its security. From this WHMCS security tutorial and the video tutorial, we will look at how we could achieve this.
To start of, open up your favorite FTP client or your control panel’s file manager. For this tutorial, we will be using cPanel’s file manager, but anything will work.
As you know by default all files and directories contained in the public directory of a web server can be directly downloaded by anyone. For certain content such as downloads and attachments, this behavior is generally undesirable.
Therefore you need to move the attachments, downloads, and templates_c directories outside of public access. It is important to note that on most shared hosting accounts, the public directory is named public_html or www. What we need to do is move the folders below that directory; in most cases, that will mean putting them in your home directory. For the purpose of this tutorial we will consider /home/mybiz123 as our home directory.
- Let’s first create a directory in our home directory. Click here and remove path and click Go so we will go to home directory directly.
- Click New folder.
- Give the folder a name and click on Create New Folder, this is the new folder we will move the our folders into.
- Folder is created successfully, which we can see here.
- Let’s go back to our WHMCS installation folder and select those directories. Please note that you can select multiple directories by holding Ctrl and click.
- Now click on Move File icon.
- Let’s place these three directories in the new folder we just created. Set the path to that folder.
- Now click on Move Files and you will see the folders being removed from the list.
- Next, let’s rename the admin directory to add some security through obscurity. This will help prevent malicious users from even attempting to log in to your admin area. Note: The admin directory must remain inside this folder; it cannot be moved like the others. Once renamed it can be moved.
- Select the directory.
- Click Rename.
- Now click on Rename File button.
- The renamed folder will be visible in the list now.
- Finally, we must inform WHMCS of the changes to its directory structure.
- To configuration.php for editing, select it first.
- Next click on Edit.
- First update the variable $templates_compiledir.
- Next, add the two variables and directory paths that follow.
- Lastly, add the following variable to tell WHMCS the new name of the admin directory and click Save Changes.
- Let’s test it out whether the WHMCS admin log in is secure or not.
Success! You’ve finished enhancing WHMCS with extra security.