How To Secure WHMCS from Bot Registrations
WHMCS (Web Host Manager Complete Solution) is widely used across the internet and we use it ourselves! At NameHero we want you to be a success! We have compiled some important steps to help you secure your whmcs from malicious bots.
Enable Captcha
Implement Email Verification
Use Custom Fields
Block Disposable Email Addresses
Implement Security Question
Enable Whois Lookup
Use IP Blocking
Regular Updates
Monitor & Analyze
STEP 1: Follow instructions on how to get your reCaptcha v2 Key here!
STEP 2: Click the Wrench Icon and then System Settings!

STEP 3: Click on General Settings

STEP 3: Click on Security Tab.

STEP 4: Now copy your reCAPTCHA Site Key and Secret Key.


STEP 5: Check Always Enabled, paste your keys and go ahead and check Shopping Cart and Login Forms as well.

STEP 6: Scroll to bottom and hit Save Changes.

STEP 7: Logout and test the login!

Go to Top
Enable Email Verification: This ensures that users must verify their email addresses before they can complete the registration process.
STEP 1: Wrench Icon top right > General Settings > Security tab
Check the top box, scroll to bottom and hit save!


STEP 1: Wrench Icon, upper right, then System Settings.

STEP 2: Click on Custom Fields

STEP 3: Type in a Field Name, description and Validation. Click Save changes!
Add a custom field: Include an extra question or field that only a human can answer correctly. Make sure it’s something simple but effective against bots!


Go to Top
STEP 1: Go here to download module for mailbox validator
STEP 2: Upload the zip file to the primary directory of your whmcs installation. Then use File Manager to uncompress the file!

STEP 3: Now it's time to activate it. Click on Wrench icon in the upper right, then go to Apps & Integrations. Then Click on Addon Modules.

STEP 5: Click on Activate for the module. Then click on Configure.

STEP 6: Check the boxes and click Save Changes.

STEP 7: Once activated, along the top, click on Addons. Your new addon you activated will show. Click on it. On this page you'll need your API key which you can get from the author's website here. Paste your API key and then save at the bottom.

Go to Top
STEP 1: Wrench Icon upper right. Search for Security Questions.

STEP 2: Add a security question that must be answered correctly to complete the registration and click Save Changes.

Go to Top
This helps in verifying the domain ownership if your business involves domain registration services.
STEP 1: Wrench Icon, upper right. Search Domain. Click on Domain Pricing.

STEP 2: Click on Configure.

STEP 3: Highlight the domains, check box at bottom and click Save.

Go to Top
STEP 1: Actively monitor IP addresses accessing your whmcs installation. Upper right, click on System Logs.

Identify Suspicious IPs: Block IP addresses that are consistently causing trouble!
STEP 2: Block them!

Go to Top
Always keep WHMCS updated: Ensure your WHMCS installation is up-to-date with the latest security patches and updates!
STEP 1: Click on Utilities in top menu and click on Update WHMCS.

STEP 2: You may have to create a directory above the public_html directory first!

STEP 3: Set a Temporary Path, update the message to display during updates and then hit Save Changes.

Go to Top
Regularly check logs: Keep an eye on activity logs to spot unusual patterns.
Use Analytics Tools: Tools like Google Analytics can help you monitor and analyze traffic to identify bot patterns.
Implementing these strategies above should significantly reduce bot registrations on your WHMCS platform and enhance overall security.
The best way is to reach WHMCS support directly for application-level assistance, our assistance on WHMCS would be very limited.
You can reach WHMCS support through: https://www.whmcs.com/members/submitticket.php?step=2&deptid=13
Go to Top
This tutorial will cover the following items:
Enable Captcha
Implement Email Verification
Use Custom Fields
Block Disposable Email Addresses
Implement Security Question
Enable Whois Lookup
Use IP Blocking
Regular Updates
Monitor & Analyze
Enable CAPTCHA
STEP 1: Follow instructions on how to get your reCaptcha v2 Key here!
STEP 2: Click the Wrench Icon and then System Settings!

STEP 3: Click on General Settings

STEP 3: Click on Security Tab.

STEP 4: Now copy your reCAPTCHA Site Key and Secret Key.


STEP 5: Check Always Enabled, paste your keys and go ahead and check Shopping Cart and Login Forms as well.

STEP 6: Scroll to bottom and hit Save Changes.

STEP 7: Logout and test the login!

Go to Top
Implement Email Verification
Enable Email Verification: This ensures that users must verify their email addresses before they can complete the registration process.
STEP 1: Wrench Icon top right > General Settings > Security tab
Check the top box, scroll to bottom and hit save!


Use Custom Fields
STEP 1: Wrench Icon, upper right, then System Settings.

STEP 2: Click on Custom Fields

STEP 3: Type in a Field Name, description and Validation. Click Save changes!
Add a custom field: Include an extra question or field that only a human can answer correctly. Make sure it’s something simple but effective against bots!


Go to Top
Block Disposable Email Addresses
STEP 1: Go here to download module for mailbox validator
STEP 2: Upload the zip file to the primary directory of your whmcs installation. Then use File Manager to uncompress the file!

STEP 3: Now it's time to activate it. Click on Wrench icon in the upper right, then go to Apps & Integrations. Then Click on Addon Modules.

STEP 5: Click on Activate for the module. Then click on Configure.

STEP 6: Check the boxes and click Save Changes.

STEP 7: Once activated, along the top, click on Addons. Your new addon you activated will show. Click on it. On this page you'll need your API key which you can get from the author's website here. Paste your API key and then save at the bottom.

Go to Top
Implement a Security Question
STEP 1: Wrench Icon upper right. Search for Security Questions.

STEP 2: Add a security question that must be answered correctly to complete the registration and click Save Changes.

Go to Top
Enable WHOIS Lookup
This helps in verifying the domain ownership if your business involves domain registration services.
STEP 1: Wrench Icon, upper right. Search Domain. Click on Domain Pricing.

STEP 2: Click on Configure.

STEP 3: Highlight the domains, check box at bottom and click Save.

Go to Top
Use IP Blocking
STEP 1: Actively monitor IP addresses accessing your whmcs installation. Upper right, click on System Logs.

Identify Suspicious IPs: Block IP addresses that are consistently causing trouble!
STEP 2: Block them!

Go to Top
Regular Updates
Always keep WHMCS updated: Ensure your WHMCS installation is up-to-date with the latest security patches and updates!
STEP 1: Click on Utilities in top menu and click on Update WHMCS.

STEP 2: You may have to create a directory above the public_html directory first!

STEP 3: Set a Temporary Path, update the message to display during updates and then hit Save Changes.

Go to Top
Monitor and Analyze
Regularly check logs: Keep an eye on activity logs to spot unusual patterns.
Use Analytics Tools: Tools like Google Analytics can help you monitor and analyze traffic to identify bot patterns.
Implementing these strategies above should significantly reduce bot registrations on your WHMCS platform and enhance overall security.
The best way is to reach WHMCS support directly for application-level assistance, our assistance on WHMCS would be very limited.
You can reach WHMCS support through: https://www.whmcs.com/members/submitticket.php?step=2&deptid=13
Go to Top
Updated on: 29/05/2025
Thank you!