Wh whmcs security enhancement technique (hacker failure)

The whmcs script is a professional and comprehensive customer management system that is targeted at web hosting companies.

Full management of sales, invoicing, advanced ticketing system and dozens of other great features that make web hosting companies first choice.

This script is provided by a large English company and you must obtain a commercial license to use it. Of course, the use of this powerful system in Iran has become more of a Null version.

It can be said that 2% of companies and web hosting companies use this script. That is why securing whmcs should be a top priority for its users.

Hackers, aware of the widespread use of this system, carry out widespread attacks on these sites. If you are using this script as well, you should take immediate action to secure whmcs.

Whmcs security methods

Transfer attachment directories “” downloads “” templates_c “”

These three directories in whmcs must have write permissions executable, so permission 777 should be considered for them.

Using private techniques, hackers can upload secret and malicious access to directories such as shells and take full control of your site.

To maximize the security of whmcs we first block these directories by moving these directories to / home and / or root so that hackers cannot access them directly.

After they have been completely redirected to a previous directory for whmcs to work properly, you will need to introduce a new path to the script. To do this, you need to put the following three lines of code in the config file and place your hostname instead of username.

  $ templates_compiledir = "/ home / username / templates_c /";
 $ attachments_dir = "/ home / username / attachments /";
 $ downloads_dir = "/ home / username / downloads /";

2 – Move the crons directory

This directory is one of the places that hackers try to penetrate due to having sensitive files for domain and process sinks. To fix this problem and secure this section we need to rename this directory to another one.

After renaming the directory, we will notify you of this change by adding the following line to the config file located in the crons directory.

  $ whmcspath = '/ home / username / public_html / whmcs /';

Now we need to finalize the changes in the original whmcs configuration file by inserting the following code.

  $ crons_dir = '/ home / username / whmcs_crons /';

You need to enter your username instead of username.

Restrict access to management

One of the common hacker attacks is using the Bruteforce method to guess the whmcs admin password. In this way, the hacker uses programs to try to find your password and access the admin area by giving you a list of passwords if your password is weak.

To increase the security of whmcs, we need to upgrade management access by renaming the directory or by restricting access.

This way by entering the admin directory a file called htaccess. Make. Then insert the following code snippet into it.

  order deny, allow
 allow from 1.2.3.4
 deny from all

You only need to enter your fixed Internet IP instead of just 1 so that only you can access it.

Rename the admin directory

You can make it harder for hackers, in addition to renaming the Admin directory, in the same way as before.

To do this, simply rename the admin directory by inserting the following code into the whmcs config file to identify the new path to the script.

  $ customadminpath = "new_directort_name";

Installing a firewall

Always one of the best ways to secure your firewall. Only this way you should have root access to the server or be the server administrator yourself.

Of course, most hosts have the firewall installed by default and you don’t need to do anything, but if you are a server administrator you can increase the security of the server and hosted sites by installing the csf firewall .

Modify config file permissions

This file is one of the main script files that you should pay close attention to to increase the security of whmcs through this file making it impossible for hackers to read sensitive information by coding the contents inside it.

Often times coding this file itself will cause problems that we try to teach you an alternative way that you can easily use without any problems.

Change the permmg configuration file whmcs

To do this, simply reduce the permissions of the configuration.php file to 2, since users do not need direct access to this file and only need whmcs to read its information. So having read-only access will be enough for usernames.

Enable ssl

Using the https protocol instead of http is one of the best ways to encrypt the information sent between the user and the server.

Using ssl on all websites is highly recommended and not just for whmcs. To do this, in addition to providing ssl, you need to enable this feature via the Setup> General Settings section in the admin area.

Server Administrator Suggestion: http Redirect Training https

Restrict access to the database

Another way to increase the security of whmcs is to limit the permissions of user access to the database. Whmcs only needs the following database access to function properly.

  DELETE
 INSERT
 SELECT
 UPDATE
 LOCK TABLES

Now that you know this, you can safely disable other access to increase security.

How helpful was the training for you?

Leave a Reply

Your email address will not be published. Required fields are marked *