VPS 및 전용 서버(호스팅 컨트롤 센터) 도움말

Securing WHMCS Installations

As of December 2014, Reseller Hosting is no longer available to purchase. If you wish to use WHMCS with your new server, you will need to purchase a license directly from WHMCS, and use their instructions to install it on your server. If you still have Reseller Hosting, you can still use this service for as long as you have the server.

There are additional precautions you can take to secure your installation of WHMCS. While we recommend additional layers of security to protect your server and website, we can only offer these suggestions to point you in the right direction. For technical support regarding these extra security measures, see the WHMCS website.

Change your WHMCS admin folder name

Malicious users who visit your site and recognize a WHMCS installation might know that they can try logging into your admin area through the /admin/ directory path. To protect against this, you can rename the admin directory. If you do this, add the following line to your configuration.php file:

$customadminpath = "custom_admin_folder_name_goes_here";

Note: If you have already created a cron job, you need to update the path on the cron command as well. For example,
php -q /home/username/public_html/whmcs/myadminfoldername/cron.php
(where username is your Reseller Hosting User Name, and myadminfoldername is the new admin directory name).

Move the attachments, downloads, and templates_c folders

The attachments, downloads, and templates_c folders need to be writeable by WHMCS, and therefore require the permissions 777 (writeable by all). When folders have this permission level it is safer to place the folders outside of the publicly accessible folder tree on your website.

If you choose to move the folders, then you must tell WHMCS where they are located by adding the following lines to the configuration.php file:

$templates_compiledir = "/home/username/templates_c/";
$attachments_dir = "/home/username/attachments/";
$downloads_dir = "/home/username/downloads/";

In the above example, username is the Reseller Hosting username and the three folders are located in the home directory — above the public_html directory.

Password protect the admin directory

Add a second layer of protection to the admin directory by setting up .htaccess password protection. You can do this with the Password Protect Directories option in cPanel. Remember to keep your .htaccess username and password distinct and unique. You can use the Random Password Generation feature in cPanel to help.


이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.