Results 1 to 15 of 15
-
05-30-2012, 09:32 AM #1Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
WHMCS Security: How To Remove The "Forgot your password?" Link From Admin Login Area.
Hello,
To stop the "Forgot your password?" link from displaying on your admin login area on WHMCS.
Simply edit and add the following line (below) to your root WHMCS "configuration.php" file:
$disableadminforgottenpw = true;
Regards,UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
05-30-2012, 09:35 AM #2Newbie
- Join Date
- Dec 2011
- Posts
- 15
Thank you. Doing this right now.
-
05-30-2012, 09:54 AM #3Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
05-30-2012, 10:06 AM #4Web Hosting Master
- Join Date
- Jun 2010
- Location
- Grand Rapids, Mi
- Posts
- 1,200
ditto.
Do they happen to have a list of variables you can set in the config at WHMC's documentation?IonVz - Nginx/FreeBSD/VPS Consulting | VPSNodeBox - Managed Support Representative
-
05-30-2012, 10:15 AM #5Web Hosting Master
- Join Date
- Jun 2010
- Posts
- 592
Setup > General Settings > Security > Disable Admin Password Reset [x]
-
05-30-2012, 10:27 AM #6Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
05-30-2012, 10:32 AM #7Web Hosting Master
- Join Date
- Jun 2010
- Posts
- 592
is there any particular reason one wouldn't want to upgrade to the most recent version? surely just by having an outdated installation you're risking your system being compromised
-
05-30-2012, 10:34 AM #8Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Mainly because people have heavily modified WHMCS installations which includes various modules so some people find it easyer to stay patched and focused on security rather than being an upgrade junkie
A patched WHMCS 4.5 is just as secure as an patched WHMCS 5.0
However this isnt a debate about release notes and release candidate security, Its merely a tutorial to help all WHMCS users disable the link.Last edited by Server Management; 05-30-2012 at 10:38 AM.
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
05-30-2012, 10:38 AM #9Web Hosting Master
- Join Date
- Jun 2010
- Location
- Grand Rapids, Mi
- Posts
- 1,200
Adding to this, in theory you only lacking 'new features' and such, as any security patches they release tend to be available for as far back as version 4.0 (as you would have noticed from their most recent patch). The upgrades aren't really for security fixes but rather features and such.
IonVz - Nginx/FreeBSD/VPS Consulting | VPSNodeBox - Managed Support Representative
-
05-30-2012, 10:53 AM #10Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Last edited by Server Management; 05-30-2012 at 11:01 AM.
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
06-07-2012, 10:09 AM #11Junior Guru
- Join Date
- Apr 2008
- Location
- UK
- Posts
- 239
Why not just VPN the backend altogether ? i mean this is going to do very little security wise !
SafeSrv.net - Secure Hosting, VPN and Management Services.
WHMCS FreeRADIUS VPN Module. - Build a fully featured VPN business in no time.
-
06-07-2012, 10:10 AM #12Aspiring Evangelist
- Join Date
- Sep 2011
- Posts
- 411
SimplexWebs for awesome British web hosting, servers & domain names. Seven fantastic years of it.
Need more power? We've got Enterprise Hosting for that.
-
06-07-2012, 03:45 PM #13Web Hosting Master
- Join Date
- Jun 2010
- Location
- Grand Rapids, Mi
- Posts
- 1,200
IonVz - Nginx/FreeBSD/VPS Consulting | VPSNodeBox - Managed Support Representative
-
06-07-2012, 08:19 PM #14Junior Guru
- Join Date
- Apr 2008
- Location
- UK
- Posts
- 239
SafeSrv.net - Secure Hosting, VPN and Management Services.
WHMCS FreeRADIUS VPN Module. - Build a fully featured VPN business in no time.
-
08-20-2012, 08:02 AM #15Newbie
- Join Date
- Jul 2012
- Posts
- 11
Thanks for tutorial.
Similar Threads
-
"Forgot your password?" link does not work in VZCC error 'Password restore....
By ideas in forum VPS HostingReplies: 2Last Post: 07-28-2010, 03:07 AM -
Typo3 Security Question for "Forgot Password"
By bsimoneau in forum Web Design and ContentReplies: 0Last Post: 04-30-2008, 01:31 PM -
What link do you use for your "client" management area?
By mrzippy in forum Running a Web Hosting BusinessReplies: 1Last Post: 10-08-2006, 09:26 PM -
MCHost - please fix your "secure" client area login form...
By mrzippy in forum Reseller HostingReplies: 6Last Post: 08-05-2003, 11:29 PM -
I want to make a "forgot my password" form...but I can't....help?
By hdezela in forum Programming DiscussionReplies: 10Last Post: 07-23-2003, 12:55 PM