All Activity

At $1.99 a month, that would be a waste of effort. 😉

Simplest way to tell if the licence is a genuine licence is by entering your domain here it will tell you if your licenced or not. https://www.whmcs.com/members/verifydomain.php/verifydomain.php

Yeah, the fact that they offer a lifetime license and that their updater is basically a work around the built-in updater suggest that you're using a nulled version af WHMCS.

I’m actually experiencing something very similar after upgrading, and I have the same question because the financial inconsistencies are really concerning. The way certain transactions are being classified just doesn’t make sense from an accounting perspective, especially things like late fees showing as “Amount Out” or cancelled invoices appearing as income. It makes it really hard to trust the reports or use them for any kind of real decision-making. What’s also frustrating is the lack of a clear update or workaround, especially if support has already confirmed it’s a critical issue. I’m in the same position where I’m double-checking everything manually just to be sure the numbers are accurate, which defeats the purpose of having an automated system. Really hoping others can share if they’re seeing the same behavior and whether there’s any temporary fix or timeline for a proper resolution.

Yes, I see this a lot also

Strongly suggest this is not a legal version of WHMCS. There are few companies allowed to sell this as a standalone, and no chance whatsoever it's legal at $1.99 a month.

- Just got a WHMCS license from a reseller - Download WHMCS 9.0.3 file from : docs.licensedash.com/whmcsauto , since i dont have whmcs.com account - WHMCS installed, but still just got error message below Using PHP 8.3, ioncube 13.3.1 : The file /home/username/domains/mydomain.com/public_html/vendor/whmcs/whmcs-foundation/lib/License.php is corrupted. Using PHP 8.2, ioncube 13.3.1 : 503 Service Unavailable Please help, what could be the problem or i can try Other info -Directadmin latest version -Webmaster expert, my latest whmcs install 10 years ago, discontinue & lost the whmcs.com account

Here is their latest reply, basicly telling me to * off, they dont care that 1: Domain is already paid and renewed properly as shown in WHOIS 2: that they are scamming people with double renewals Dear Thomas, Regarding the issue with the restore for XXXXX.pl I've confirmed with our technical team that our system is working within the rules of the .PL registry. Since your contact for domain management services for XXXXXXX.pl is with us and not with the registry directly, the service is provided as-is per the terms and conditions existing. What a shitshow of a domain provider. But im gonna escalate this to icann and nask what is governing .PL domains

Any chance you could stop bumping old threads and advertising in the sections where it's not allowed?

I see, thank you! Is there no "proper" way to modify these panels? All other elements in the clientarea can be changed via hooks, so I found it odd that there doesn't seem to be any way to do the same for these panels. I might want to replace the quotes panel with a custom one so it would be nice to be able to do it in the same fashion as the other elements in there. But if that's not an option I can just go via the tpl files of course.

https://docs.whmcs.com/8-13/troubleshooting/troubleshoot-the-support-system/ticket-replies/mail-import-test-failed-errors/

You can't add a meta description directly. But you can do this using the SEO SMO Manager addon module it can add all possible metadata automatically and manually. For more details, you can visit the link WHMCS SEO SMO Manager

Find the clientareahome.tpl file into your selected template directory. in this file you will find the code {else} <div class="col-sm-3 col-xs-6 tile" onclick="window.location='clientarea.php?action=quotes'"> <a href="clientarea.php?action=quotes"> <div class="icon"><i class="far fa-file-alt"></i></div> <div class="stat">{$clientsstats.numquotes}</div> <div class="title">{$LANG.quotes}</div> <div class="highlight bg-color-green"></div> </a> </div> just remove or comment it to remove it from this section

thank you ❤️

What it is: An enterprise-grade fraud detection addon for WHMCS. We built this internally for our own hosting operation and are releasing it open-source under MIT. What it does: Cloudflare Turnstile invisible bot challenge (server-side validated) IP intelligence — proxy, VPN, Tor, datacenter detection Device fingerprinting (canvas, WebGL, fonts, screen) Email validation with disposable address detection OFAC/SDN sanctions screening Behavioral biometrics (mouse entropy, keystroke dynamics) 15-pattern bot recognition engine FraudRecord community database integration Duplicate client detection across 15 dimensions Velocity-based rate limiting Platform features: Pre-checkout fraud blocking (stops orders before payment) 10-tab admin dashboard with full theme customization + dark mode 3D threat map visualization (Globe.gl) Client area integration pages REST API with four tiers (Free → Premium at $99/mo) — auto-provisioned on activation CSRF protection, parameterized queries, GDPR data removal Requirements: WHMCS 8.0+, PHP 8.2+, MySQL 5.7+ GitHub: https://github.com/CyberNinja7420/whmcs-fraud-prevention-suite Docs: GitHub Wiki (14+ guides) Support: support@enterprisevpssolutions.com Happy to answer questions or take feedback — this is actively maintained and we're still adding features. Drop a reply or open an issue on GitHub.

Nice. Thanks for sharing!

Hello everyone, I wanted to share a simple but effective security approach I implemented in WHMCS to reduce spam registrations and fake account abuse. The idea is straightforward: users must verify their email before they can access any part of the client area or place orders. Overview If a user has not verified their email address, they are completely restricted from using the client area. This includes blocking access to: $blockedPages = [ "clientarea", "services", "invoices", "domains", "tickets", "productdetails", "upgrade", "addons", "downloads", "supporttickets", "serverstatus" ]; Access control behavior When a user is not verified: They cannot access the dashboard They cannot view services They cannot access billing or invoices They cannot open or view support tickets They cannot use upgrades or addons The only allowed access is the email verification flow. Allowed page for unverified users Unverified users are only allowed to access: /user/profile From this page they can: Resend the verification email Update their email address if needed Complete the verification process User flow User registers an account Verification email is sent automatically User logs in System checks verification status If not verified, all client area access is blocked User is redirected to the profile page After verification, full access is restored automatically Purpose The main goal of this system is to reduce spam accounts, fake registrations, and abuse of hosting resources. It ensures that only verified users can interact with services, which significantly improves account quality and reduces unwanted usage. Result This approach helps: Reduce bot registrations Prevent disposable email abuse Improve security of client accounts Keep hosting resources clean Ensure only real users access services EXAMPLE BELOW THIS IS HOW IT LOOKS, If anyone is interested, I can share the hook code for this implementation.

Version 5.8.2 Updated: Custom variables: Group name, Product name, Price, Description, billing cycle Updated: Support WHMCS 9.0.x Updated: the License System Updated: Remove Support for PHP 8.1 Updated: Help Page Fixed: Compatibility issues with the WHMCS in-built X-sell feature

AI wont kill WHMCS right now and any near future. The logic behind a system like WHMCS its too huge to replicate easily, domain renewals is one thing, but making it all work together with invoices, dns, hosting, etc etc etc. You need to spend alooooooot of tokens for doing that. So no, right now AI wont kill WHMCS, but give it 2-3 years surely yes WHMCS will be replaced by other systems.

Hi all! We're Enterprise VPS Solutions, an MSP and managed hosting provider that's been running WHMCS for years. Over that time we've built out a pretty deep stack of custom addon modules to handle fraud prevention, billing automation, AI-assisted support, and more. We finally decided to stop sitting on our tooling and start sharing it, our Fraud Prevention Suite just hit v4.2.3 on GitHub and we've been actively working to make it production-ready for other hosts to use. We'll drop a proper post about it in the right section. Happy to trade notes with anyone building on WHMCS, especially around fraud/security, API integrations, or custom module architecture. Cheers! ing from everyone here and sharing what we've built. Feel free to say hi!

Try this: @media (max-width: 768px) { .sidebar { display: none; } }

The pricing is simply unrealistic, unworkable and anti-partner/customer. And then there are additional costs and friction like monthly subscription. There's no way one can sell anything with their pricing.

WHMCS 8.13.2 is now available as a maintenance release for the 8.13 series. Version 8.13.2 provides maintenance updates and improvements to support the continued operation of the platform. Maintenance Updates This release includes important fixes, including security-related updates. To protect users who may not yet have upgraded, we are limiting the level of technical detail shared about these changes. At this time, no further information will be provided. Keeping Your Installation Up to...View the full blog post

Hey All, I'm trying to set up the imap importing on my emails... I set up the hostname, port, email address and password. When I test I get - If I use port 993 The Mail Import test failed: cannot select INBOX, is this a valid transport? if I use port 143 The Mail Import test failed: cannot select INBOX, is this a valid transport? if I use port 995 The Mail Import test failed: last request failed: [AUTH] Authentication failed. I can access the webmail for these boxes, and I've connected it to outlook using 993 and its working perfectly - using the details, I've double checked the password etc... Any ideas why its not working?

Do NOT use CentralNic Reseller as your domain provider. Here's why. Since CentralNic merged with Hexonet and absorbed all their customers, the service has gone completely downhill. First, they hit us with a 5x price increase during the migration — no notice, no warning, just 5x overnight. But the pricing is the least of the problems. What I'm about to describe is either gross incompetence or a deliberate *. After dealing with this for months, I'm leaning towards the latter. The pattern: domains that "magically" don't get renewed We manage a large portfolio of .PL and .DK domains through CentralNic Reseller. Over time, we've noticed a pattern: domains that should be renewed in time — where the client has paid, where the funds are there — somehow end up expiring and landing in "former domains." Not once. Not twice. Repeatedly, across multiple .PL domains. And that's where CentralNic makes their real money. Because once a domain expires and needs to be "restored," they charge ~$50 USD — on a domain that costs a fraction of that at the registry. It's a hell of a business model: let domains slip through, then charge a premium to fix it. The .PL restore * — how it actually works .PL domains are operated by NASK, the Polish registry. At the registry level, a domain restore is a single atomic command: domain:renew with an <extdom:reactivate/> extension. One command. It restores the domain and renews it for 1 year. One operation, one fee at the registry. This is defined in NASK's EPP 2.1 specification — it's not my interpretation, it's how the protocol works. But CentralNic Reseller treats it as two separate billable operations: a restore, then a renewal on top. According to their own support agent, "our system runs restore and renewal separately, one after another." This means: 1. They charge you a $50 restore fee — which at the registry already includes the renewal. 2. They then charge you a separate renewal fee — for a renewal that the registry already performed in step 1. 3. If you don't have enough funds to cover both (because you rightfully only budgeted for the restore, which should be enough), they delete the domain again and ask you to pay the full $50 restore fee a second time. Let me say that again: they charge you to restore a domain, the restore succeeds at the registry, their own system fails to process it, and then they ask you to pay the restore fee again. For their mistake. Proof — here's the actual support chat: We had a .PL domain — let's call it XXXXXX.pl — show up under "former domains" even though WHOIS showed it active with an expiry date of 2027.03.19. Here's what happened when I contacted support: Me: XXXXXX.pl - It's under "former domains" but renewal date is 2027.03.19, so there is no reason for it to be under former domains. Support: Sorry for the wait, I checked the logs and found the restore succeeded but there weren't enough funds to cover the renewal afterwards, which made the domain get deleted again. Please make sure there's sufficient funds available for both operations + VAT to restore the domain. Me: But WHOIS says renewal date 2027.03.19 — so the domain is already renewed? Support: WHOIS shows the dates from the registry, where a restore was completed, but it wasn't actually completed fully. Please try again. Me: I already paid the restore fee. You want me to pay $50 again? Support: VAT needs to be accounted for as well. Me: VAT? I'm a VAT-enabled DK company. I shouldn't be charged VAT. Support: My bad, double checked, no VAT should be charged on your account. Me: I just checked the NASK documentation. A restore includes the renewal. There is no secondary renewal on top of a restore. Support: The implementation of our system runs restore and renewal separately, one after another. Me: Your implementation is wrong. The official NASK documentation states that a restore does both things in one go. If you auto-renew after the restore, the domain is paid twice and should be renewed for 2 years, not 1. After that — silence. No escalation, no resolution, no refund. I warned them multiple times that I would go public with this. They didn't care to respond. It's not just .PL We suspect the same thing is happening with .DK domains. CentralNic charges a restore fee, but the client then has to go directly to Punktum.dk (the Danish registry) to actually get the domain restored. So what exactly is the restore fee paying for? The bottom line Let's break down what CentralNic Reseller is doing: - Domains "magically" expire even when clients have paid for renewal on time - They charge a ~$50 restore fee that is massively inflated compared to registry cost - For .PL domains, the restore already includes the renewal at the registry — but they charge a separate renewal fee on top, double-dipping - When their own system fails to process the restore they already charged you for, they delete the domain and ask you to pay the full restore fee again - For .DK domains, they charge a restore fee but the client has to deal with the registry directly anyway - When confronted with evidence from the official registry documentation, they go silent This isn't one bad support experience. This is a pattern across multiple domains, multiple TLDs, over months. Whether it's incompetence or by design, the result is the same: you pay more, you lose domains, and when you push back with proof, they stop responding. Stay far away from CentralNic Reseller.