Checklist
- Keep WHMCS updated.
- Restrict admin directory access where practical.
- Use strong admin passwords and two-factor authentication.
- Use HTTPS everywhere.
- Keep custom modules, hooks, templates, and payment gateways maintained.
- Use least-privilege staff permissions.
- Back up files and database before upgrades.
- Monitor admin logins and failed login attempts.
- Protect configuration files and avoid exposing backups publicly.
Operations
Test WHMCS upgrades on staging first, especially when using custom themes, registrar modules, payment modules, or provisioning hooks.
Security baseline
- Use strong unique passwords.
- Enable two-factor authentication.
- Keep software updated.
- Remove unused users, scripts, themes, and plugins.
- Review logs after suspicious activity.
- Use backups before cleanup or repair.
Quick support handoff
If this article does not solve the issue, open a support ticket with the domain, service name, exact error, time the problem started, and what changed recently.
