Articles on: Reseller Hosting

How To Secure WHMCS from Bot Registrations

WHMCS (Web Host Manager Complete Solution) is widely used across the internet and we use it ourselves! At NameHero we want you to be a success! We have compiled some important steps to help you secure your whmcs from malicious bots.

This tutorial will cover the following items:



Enable Captcha
Implement Email Verification
Use Custom Fields
Block Disposable Email Addresses
Implement Security Question
Enable Whois Lookup
Use IP Blocking
Regular Updates
Monitor & Analyze



Enable CAPTCHA



STEP 1: Follow instructions on how to get your reCaptcha v2 Key here!

STEP 2: Click the Wrench Icon and then System Settings!


STEP 3: Click on General Settings


STEP 3: Click on Security Tab.


STEP 4: Now copy your reCAPTCHA Site Key and Secret Key.





STEP 5: Check Always Enabled, paste your keys and go ahead and check Shopping Cart and Login Forms as well.


STEP 6: Scroll to bottom and hit Save Changes.


STEP 7: Logout and test the login!



Go to Top

Implement Email Verification



Enable Email Verification: This ensures that users must verify their email addresses before they can complete the registration process.

STEP 1: Wrench Icon top right > General Settings > Security tab

Check the top box, scroll to bottom and hit save!









Use Custom Fields




STEP 1: Wrench Icon, upper right, then System Settings.


STEP 2: Click on Custom Fields



STEP 3: Type in a Field Name, description and Validation. Click Save changes!

Add a custom field: Include an extra question or field that only a human can answer correctly. Make sure it’s something simple but effective against bots!




Go to Top


Block Disposable Email Addresses



STEP 1: Go here to download module for mailbox validator

STEP 2: Upload the zip file to the primary directory of your whmcs installation. Then use File Manager to uncompress the file!


STEP 3: Now it's time to activate it. Click on Wrench icon in the upper right, then go to Apps & Integrations. Then Click on Addon Modules.


STEP 5: Click on Activate for the module. Then click on Configure.



STEP 6: Check the boxes and click Save Changes.


STEP 7: Once activated, along the top, click on Addons. Your new addon you activated will show. Click on it. On this page you'll need your API key which you can get from the author's website here. Paste your API key and then save at the bottom.




Go to Top


Implement a Security Question



STEP 1: Wrench Icon upper right. Search for Security Questions.




STEP 2: Add a security question that must be answered correctly to complete the registration and click Save Changes.




Go to Top



Enable WHOIS Lookup


This helps in verifying the domain ownership if your business involves domain registration services.


STEP 1: Wrench Icon, upper right. Search Domain. Click on Domain Pricing.



STEP 2: Click on Configure.


STEP 3: Highlight the domains, check box at bottom and click Save.




Go to Top




Use IP Blocking



STEP 1: Actively monitor IP addresses accessing your whmcs installation. Upper right, click on System Logs.




Identify Suspicious IPs: Block IP addresses that are consistently causing trouble!

STEP 2: Block them!





Go to Top



Regular Updates



Always keep WHMCS updated: Ensure your WHMCS installation is up-to-date with the latest security patches and updates!

STEP 1: Click on Utilities in top menu and click on Update WHMCS.


STEP 2: You may have to create a directory above the public_html directory first!



STEP 3: Set a Temporary Path, update the message to display during updates and then hit Save Changes.






Go to Top



Monitor and Analyze



Regularly check logs: Keep an eye on activity logs to spot unusual patterns.

Use Analytics Tools: Tools like Google Analytics can help you monitor and analyze traffic to identify bot patterns.

Implementing these strategies above should significantly reduce bot registrations on your WHMCS platform and enhance overall security.

The best way is to reach WHMCS support directly for application-level assistance, our assistance on WHMCS would be very limited.

You can reach WHMCS support through: https://www.whmcs.com/members/submitticket.php?step=2&deptid=13


Go to Top

Updated on: 29/05/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!