05-30-2012, 09:32 AM
|
|
MANAGEMENT KING!
|
|
Join Date: Nov 2009
Posts: 8,193
|
|
WHMCS Security: How To Remove The "Forgot your password?" Link From Admin Login Area.
Hello,
To stop the "Forgot your password?" link from displaying on your admin login area on WHMCS.
Simply edit and add the following line (below) to your root WHMCS "configuration.php" file:
Quote:
|
$disableadminforgottenpw = true;
|
By disabling this feature it will reduce the risk of someone gaining access to your WHMCS admin area should your email account be compromised.
Regards,
|
05-30-2012, 09:35 AM
|
|
Newbie
|
|
Join Date: Dec 2011
Posts: 14
|
|
Thank you. Doing this right now.
|
05-30-2012, 09:54 AM
|
|
MANAGEMENT KING!
|
|
Join Date: Nov 2009
Posts: 8,193
|
|
Quote:
Originally Posted by rsfk
Thank you. Doing this right now.
|
Thank You, Please help spread the word 
Regards,
|
05-30-2012, 10:06 AM
|
|
Web Hosting Master
|
|
Join Date: Jun 2010
Location: Grand Rapids, Mi
Posts: 1,193
|
|
ditto.
Do they happen to have a list of variables you can set in the config at WHMC's documentation?
|
05-30-2012, 10:15 AM
|
|
Web Hosting Master
|
|
Join Date: Jun 2010
Posts: 584
|
|
Setup > General Settings > Security > Disable Admin Password Reset [x]
|
05-30-2012, 10:27 AM
|
|
MANAGEMENT KING!
|
|
Join Date: Nov 2009
Posts: 8,193
|
|
Quote:
Originally Posted by kbeezie
ditto.
Do they happen to have a list of variables you can set in the config at WHMC's documentation?
|
I dont think they do
Quote:
Originally Posted by SirMarcel
Setup > General Settings > Security > Disable Admin Password Reset [x]
|
Although this is available for newer WHMCS installations...
The older ones dont have this option available as it was only implemented into WHMCS during the Version 5.0 release 
|
05-30-2012, 10:32 AM
|
|
Web Hosting Master
|
|
Join Date: Jun 2010
Posts: 584
|
|
is there any particular reason one wouldn't want to upgrade to the most recent version? surely just by having an outdated installation you're risking your system being compromised
|
05-30-2012, 10:34 AM
|
|
MANAGEMENT KING!
|
|
Join Date: Nov 2009
Posts: 8,193
|
|
Quote:
Originally Posted by SirMarcel
is there any particular reason one wouldn't want to upgrade to the most recent version? surely just by having an outdated installation you're risking your system being compromised
|
Mainly because people have heavily modified WHMCS installations which includes various modules so some people find it easyer to stay patched and focused on security rather than being an upgrade junkie
A patched WHMCS 4.5 is just as secure as an patched WHMCS 5.0
However this isnt a debate about release notes and release candidate security, Its merely a tutorial to help all WHMCS users disable the link.
Last edited by cd/home; 05-30-2012 at 10:38 AM.
|
05-30-2012, 10:38 AM
|
|
Web Hosting Master
|
|
Join Date: Jun 2010
Location: Grand Rapids, Mi
Posts: 1,193
|
|
Quote:
Originally Posted by cd/home
Mainly because people have heavily modified WHMCS installations which includes various modules so some people find it easyer to stay patched and focused on security rather than being an upgrade junkie
A patched WHMCS 4.5 is just as secure as an patched WHMCS 5.0 |
Adding to this, in theory you only lacking 'new features' and such, as any security patches they release tend to be available for as far back as version 4.0 (as you would have noticed from their most recent patch). The upgrades aren't really for security fixes but rather features and such.
|
05-30-2012, 10:53 AM
|
|
MANAGEMENT KING!
|
|
Join Date: Nov 2009
Posts: 8,193
|
|
Quote:
Originally Posted by kbeezie
Adding to this, in theory you only lacking 'new features' and such, as any security patches they release tend to be available for as far back as version 4.0 (as you would have noticed from their most recent patch). The upgrades aren't really for security fixes but rather features and such.
|
Thank You for adding additional information on the subject.
The more information we can get around about securing WHMCS the better
However I shall forward my opinion about having this included to the WHMCS documentation to Matt.
Regards,
Last edited by cd/home; 05-30-2012 at 11:01 AM.
|
06-07-2012, 10:09 AM
|
|
Junior Guru
|
|
Join Date: Apr 2008
Location: UK
Posts: 232
|
|
Why not just VPN the backend altogether ? i mean this is going to do very little security wise !
|
06-07-2012, 10:10 AM
|
|
Aspiring Evangelist
|
|
Join Date: Sep 2011
Posts: 370
|
|
Quote:
Originally Posted by SafeSrv
Why not just VPN the backend altogether ? i mean this is going to do very little security wise !
|
Indeed, a lot of people miss this...
|
06-07-2012, 03:45 PM
|
|
Web Hosting Master
|
|
Join Date: Jun 2010
Location: Grand Rapids, Mi
Posts: 1,193
|
|
Quote:
Originally Posted by SafeSrv
Why not just VPN the backend altogether ? i mean this is going to do very little security wise !
|
Wouldn't that throw off the licensing? (i.e.: thinks the app being hosted on a internal/VPN IP then won't let you login on account of the licensing) ?
|
06-07-2012, 08:19 PM
|
|
Junior Guru
|
|
Join Date: Apr 2008
Location: UK
Posts: 232
|
|
Quote:
Originally Posted by kbeezie
Wouldn't that throw off the licensing? (i.e.: thinks the app being hosted on a internal/VPN IP then won't let you login on account of the licensing) ?
|
No it won't affect licensing at all, i have always restricted backends to either my ISP IP or VPN, its the best way to keep your backend secure.
|
08-20-2012, 08:02 AM
|
|
Newbie
|
|
Join Date: Jul 2012
Posts: 10
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
