WHMCS Firewall uses various methods to help you protect the admin portion of your WHMCS installation.

First, it alerts (consistently unless “silenced”) and encourages you to perform the known WHMCS security best practice steps. Renaming your path to your admin login from the generic “admin” is one of them.

*Steps on how to rename the WHMCS admin path can be found by clicking on “Fix” next to the alert in WHMCS Firewall.

Second, at your new WHMCS admin path you can limit web browsers types that connect (and log web browsers that do not match and try to login also). If you will only be using Chrome to connect to your WHMCS admin, then why do you need to allow Firefox, IE, Opera, etc.? You can use this feature in many creative ways or not at all if you have a large support staff connection from diverse and non-standard web browsers. But if you have a web browser standard and corporate policy that allows only that browser to be used for Secure admin work (a good idea) then this feature can assist you.

*WHMCS also comes with the ability to limit Admin login’s by IP range but that only works well for a limited set amount of companies, from what we have seen.

Two Factor Authentication is a WHMCS security feature you should really look into for all your WHMCS Admins. More information on that can be found on the WHMCS website.

Follow these steps to add extra admin area protection in WHMCS Firewall:

Login to your WHMCS > hover over the menu tab ADDONS > click on FIREWALL MANAGEMENT > hover over FIREWALL TOOLS > click ADMIN PATH
and

Login to your WHMCS > hover over the menu tab ADDONS > click on FIREWALL MANAGEMENT > click the BLACKLIST MANAGER menu tab

whmcs-advanced-admin-protection-2