1. 24 september 2018
  2. Tips

I've seen it happening hundreds of times. People with hacked installations of WHMCS, convinced that it was all fault of WHMCS or of any of its modules. Then I connect via FTP to their server and see that they're sharing the same hosting package with another CMS like Wordpress or Joomla.

You can't trust your neighbour

Multiple systems on the same hosting package is like having multiple doors from which any thief could try to break in. There's really no point in having such an unnecessarily risky structure. If someone manages to upload a backdoor in Wordpress the access to your WHMCS is automatically granted.

Dedicated FTP accounts don't help

If you think you're safe because you're using different FTP accounts for each of your systems, think twice. This gives you litterally zero protection against backdoors. Crackers can freely navigate up and forth through your directory structure to upload and download files ignoring FTP passwords.

It's all about URLs

Yes, yes. I know. You wanted WHMCS accessible from example.com/clientarea, your Wordpress Blog on blog.example.com and vBulletin Forum on example.com/forum. Everyone wants that. You can get your favorite URL structure mixing subdirectories and subdomains by creating multiple dedicated hosting accounts for each system. This way you are a lot more safe.

Recap:
  • WHMCS & Wordpress on separate hosting package
  • WHMCS & Joomla & vBulletin on separate hosting package
  • WHMCS & vBulletin sharing hosting package

Written by

Davide - Founder, Developer