Leaderboard

add this line to your configuration.php it will go back to normal behavior $allow_adminarea_invoice_mutation = true;

Yes, I agree they should be an option

I have reported the following on 19th Feb 2026 : == Affected Version == WHMCS 9.0.1 == Description == When a client attempts to upgrade an existing yearly/recurring service to a one-time (lifetime) service, WHMCS throws a fatal DivisionByZeroError in includes/upgradefunctions.php inside SumUpPackageUpgradeOrder(). This happens on the latest WHMCS version running on PHP 8.3 and occurs even with all custom hooks/modules disabled, indicating a core issue. This was working fine with PHP 7.4 ex : Error: DivisionByZeroError: Division by zero in public_html/includes/upgradefunctions.php:0 Stack trace: #0 public_html/upgrade.php(0): SumUpPackageUpgradeOrder('9043', 10, 'monthly', '') #1 {main} == Steps to Reproduce == Use the latest WHMCS version on PHP 8.3. Create a recurring product (e.g., yearly billing cycle). Create a second product with pay type “One Time”. Set up an upgrade path from the yearly product to the one-time product. Log in as a client with the yearly service. Go to Client Area ? Upgrade/Downgrade and attempt to upgrade to the one-time product. The upgrade page fails with a fatal error. == Expected Result == The upgrade page should load normally == PHP Version == 8.3 == Severity == High This was confirmed to be a bug [ case WHMCS-25204 ]. Since then, two minor versions (WHMCS v9.0.2 & v9.0.3) were released, and this is not fixed yet!

Rad web hosting announces release of client-facing whmcs whois addon module! Rad Web Hosting is pleased to announce the release of client-facing WHMCS WHOIS addon module. Rad Web Hosting Announces Release of Client-Facing WHMCS WHOIS Addon Module Rad Web Hosting is pleased to announce the release of its new client-facing WHMCS WHOIS Addon Module, a powerful and flexible extension designed to provide a secure, public-facing WHOIS lookup interface for WHMCS installations. This module enables hosting providers, domain registrars, and infrastructure operators to offer fast and reliable domain WHOIS queries directly from their WHMCS platform. The module was developed to address a common need among hosting providers: offering a public WHOIS lookup tool that integrates seamlessly with WHMCS while maintaining performance, security, and administrative control. With built-in caching, CAPTCHA protection, customizable WHOIS servers, and strict domain validation, the WHMCS WHOIS Addon Module delivers a modern and abuse-resistant solution for domain lookup services. A Modern WHOIS Lookup Tool for WHMCS The new addon introduces a clean and efficient WHOIS lookup interface that can be accessed by both clients and public visitors. Hosting providers can easily add a WHOIS lookup page to their WHMCS deployment, allowing users to query domain registration information without requiring login access. Visitors can simply enter a domain in the standard format: example.com The module then performs a WHOIS query and returns the registry response directly within the WHMCS interface. The public lookup page is accessible via: https://yourdomain.com/index.php?m=client_whois This makes it easy for providers to link the tool from their homepage, domain search pages, knowledge base, or marketing landing pages. Designed for Security and Abuse Prevention Public WHOIS services can easily become targets for automated abuse. To prevent this, the Rad Web Hosting WHOIS Addon Module includes several built-in safeguards. Anonymous users are required to complete a CAPTCHA verification using WHMCS’s built-in CAPTCHA framework before performing a lookup. This allows the module to automatically support whichever CAPTCHA provider is configured within WHMCS, including: Google reCAPTCHA hCaptcha Cloudflare Turnstile WHMCS built-in CAPTCHA Logged-in clients are exempt from CAPTCHA, allowing for a smooth user experience while maintaining protection against automated queries. In addition, the module enforces strict domain validation rules, ensuring that only properly formatted domain names can be submitted. Intelligent WHOIS Server Resolution Different domain extensions use different WHOIS servers, and managing these differences can be complex. The Rad Web Hosting module solves this by implementing a flexible multi-layer WHOIS resolution system. When a lookup is performed, the module resolves the correct WHOIS server using the following priority: Administrator-defined WHOIS server overrides Built-in WHOIS server mappings Automatic IANA referral lookup This approach ensures compatibility across a wide range of domain registries while allowing administrators to customize WHOIS servers for specific TLDs when necessary. Through the module’s admin interface, operators can easily add, edit, or disable WHOIS servers for individual domain extensions. Built-In WHOIS Caching for Performance To ensure fast response times and reduce unnecessary network requests, the module includes a built-in filesystem caching system. When a WHOIS query is performed, the response is stored locally and reused for subsequent requests during the configured cache lifetime. This significantly reduces outbound WHOIS traffic while improving lookup speeds for frequently queried domains. Typical performance improvements include: Scenario Response Time Cached lookup Under 10 milliseconds Fresh WHOIS query 200–900 milliseconds By caching responses, the module also helps protect upstream WHOIS servers from excessive requests. Flexible TLD Validation The addon allows administrators to define which domain extensions are accepted by the lookup tool. This configuration is maintained in a separate file, making it easy to update without modifying the core module code. Administrators can also choose to allow any TLD if they prefer not to enforce a strict validation list. This flexibility makes the module suitable for environments ranging from small hosting providers to large-scale domain marketplaces. Seamless WHMCS Integration One of the key goals of the project was to ensure that the module integrates naturally with WHMCS. The addon follows WHMCS development best practices and relies on native platform functionality wherever possible. See also How to Install WHMCS Domain Reseller API Registrar Module Key integration features include: Native WHMCS CAPTCHA support WHMCS addon module architecture WHMCS database integration for server management Smarty-based client area templates Compatibility with WHMCS security and configuration settings This ensures that the module behaves like a natural extension of the WHMCS platform rather than a standalone add-on. Easy Installation and Deployment Deploying the module takes only a few minutes. Administrators simply upload the module directory to the WHMCS addons folder and activate it through the WHMCS admin panel. Once activated, the module automatically creates its required database tables and becomes immediately available. The lookup page can then be accessed through the WHMCS routing system and linked anywhere on the provider’s website. Ideal for Hosting Providers and Domain Services The WHMCS WHOIS Addon Module is especially useful for: Web hosting providers Domain registrars Domain marketplaces Infrastructure platforms SaaS providers managing domain portfolios By offering a built-in WHOIS lookup tool, providers can give visitors quick access to domain registration data while keeping the entire experience within their own platform. Continuing Innovation from Rad Web Hosting The release of the WHMCS WHOIS Addon Module reflects Rad Web Hosting’s ongoing commitment to building practical tools for the hosting and infrastructure community. Rad Web Hosting has long focused on delivering solutions that combine performance, security, and operational simplicity, and this module continues that tradition by providing a production-ready WHOIS lookup system designed specifically for WHMCS environments. Future enhancements may include additional performance improvements, advanced caching options, and expanded domain intelligence features. Availability The Rad Web Hosting client-facing WHMCS WHOIS Addon Module is available now. Github: https://github.com/Rad-Web-Hosting/client_whois WHMCS Marketplace: https://marketplace.whmcs.com/product/8495-client-whois-lookup For more information about Rad Web Hosting services and tools, visit: https://radwebhosting.com Find us on whmcs marketplace

Love to see it, but we've heard that so many times it's a bit hard to believe.

Yeah, 6 months minimum

We always upgrade a year later for good reason. 😉 Anyways we will probably stop with WHMCS in general and we are in the process of coding our own perfect suited solution instead. Much better. Only the things you really need, no errors, easy code and much faster as well. But. It will take time. In the meantime we will still be using WHMCS.

We waited for V 9.0.2 in the hope that it will have no issues, and had the misfortune of upgrading. And since then spent an entire day trying to get it to work and it does not work. Issue 1: When you add a product to the Cart", the Nexus Cart shows empty with this warning: "error has occured" (screenshot below) Issue 2: I renamed nexus_cart to nexuscart, and then the Cart showed the product added to it, but several warning appeared on screen: "Internal Error. Try again later". (screenshot below) Issue 3: When you try to increase the number being ordered (1 to 2), you get another error: "invalid product/item ID". (screenshot below) Issue 4: When you try to remove the product by clicking the Trash icon, the product doesn't get removed. Issue 5: When you click Checkout, you encounter the same "internal error. try again". warning. Issue(s) 6: There are so many CSS issues and white spaces problems on the Nexus template and Nexus cart, which require endless customisations to fix. And, now cron has run, and we can't revert the backup and have to figure out another way to revert to previous version. Seriously, how can we rely on whmcs to bill our customers? More issues below: (8) When you activate Nexus Template and Nexus Cart, on Small screens (mobile and tablets), the Navbar becomes Hamburger menu (which is the correct behaviour), but it leaves massive White Space in the Navbar's place. That destroys the look of the product and other pages on whmcs. (9) I activated "Standard Cart" due to the previous issues, but when you add a domain and another product to Standard Cart, the Cart only shows Product and not the domain name. I think the same issue occurs on Nexus Cart too.

A system should be designed to be functional for its paying customers, rather than being dictated by external regulations that may or may not be applicable to all users. Implementing such a feature without a proper disable option is impractical and appears to be an oversight. The current suggested workarounds are ineffective for the majority of standard web design and hosting businesses. Remember, most projects start off with two 50% (published) invoices (deposit and final) from the quote when converted and the final invoice typically gets tweaked for various reasons. This change would prevent that quick 10 second update to it. WHMCS should focus on developing efficient software that delivers value to its users, allowing us to manage legal compliance independently, rather than introducing features that hinder usability.

That likely means it's setting it into an iframe, and not copying. To test, have a read here. I'd try the javascript version first (don't forget <script tags>) and see if it still loads. Link didn't paste: https://medium.com/@kesen.somar.99/securing-your-website-how-to-disable-iframes-to-prevent-click-hijacking-attacks-98cd2004720f

Update PHP first to a version that's compatible with BOTH the existing and the new version to be installed. Make sure the existing system health page reports everything is OK. Then try updating WHMCS. Once update is successful, and you have a working WHMCS, you can attempt to update PHP again to the latest supported version, for whatever version of WHMCS you are upgrading to.

Hello Everyone, We are currently using WHMCS version 9.0.1 and after upgrading, we have noticed two issues related to invoice management and staff permissions. We would appreciate clarification from the community. Unpaid Invoice Cannot Be Edited When trying to modify an unpaid invoice, the system shows: "This is an Unpaid Invoice. You cannot modify an Invoice that is Unpaid." Previously, we were able to edit unpaid invoices in cases of pricing corrections, tax adjustments, or client-requested changes. We are unable to find any setting that allows editing unpaid invoices in version 9.0.1. Is this now the intended behavior? Is there any supported method to allow editing unpaid invoices without marking them as paid first? Cancel Invoice Permission Requires Delete Permission We assign the "Cancel Invoice" permission to specific employees so they can cancel invoices when there are billing errors or mismatches. The cancel action keeps proper logs and maintains an audit trail, which is important for internal control. However, it appears that the Cancel Invoice permission now requires the Delete Invoice permission to function. This forces us to grant both Cancel and Delete permissions. This creates a concern because if Delete permission is given, staff may delete invoices instead of cancelling them. Deleted invoices do not provide the same level of audit visibility, and it becomes difficult to track what was removed and why. Our requirement is to allow invoice cancellation with proper logging, but not allow invoice deletion. Has anyone else faced this in 9.0.1? Is this expected behavior, or is there a way to separate Cancel and Delete permissions properly? Looking forward to feedback from the community. Thanks in advance.

Thank you for the terrible WHMCS support. This is now the tenth client who has made a bulk payment and the late fee is simply not added to the invoice, and none of the outstanding invoices are automatically marked as paid. I’m not even going to mention the credit and debit issues anymore, because it seems the WHMCS developers themselves don’t even know what they’re doing. Does anyone have a suggestion for another system similar to this garbage?

Hi Still waiting on the answer, also. I guess I need to open a ticket then

As product manager, I should think he has more pressing responsibilities than this community. Busy with that job, vacation, who knows?

Yeah this is a nightmare

This new "feature" is terrible and is a fundamental change. This feature does not conform to most businesses and should be an option if there are other regulatory purposes in other countries. It severely limits the flexibility of the system and limits its function. I highly recommend a switch to disable this new "feature".

This is what one WHMCS Staff tell me You have the option to make the change to your WHMCS configuration.php file and add the line $allow_adminarea_invoice_mutation = true;, but it is your decision whether to do so. When this line is present in your configuration.php file, the system will permit most of the changes to invoices that existed before WHMCS version 9.0, notably: Line items can be changed for invoices in any status (when in the "Manage" mode and with the correct admin user permissions set). All attributes are available in the Options tab regardless of the invoice status (when in the "Manage" mode and with the correct admin user permissions set). Payments can be applied in the Add Payment tab regardless of the invoice status (with correct admin user permissions set). Please note that using this configuration line ($allow_adminarea_invoice_mutation = true;) in your WHMCS configuration.php The file is highly discouraged, as it may permit changes that are not compliant with regional/country business regulations and complicate accounting. To bring awareness of this, a Warning health check will appear in the System Health Check summary when the value is present in your WHMCS configuration.php file. Additionally, all “full administrators” will see an Admin Warning banner (which can be dismissed up to every fortnight). You may want to add it temporarily if you do need to make the changes listed above, which were changed in WHMCS version 9.0 to improve invoice management and ensure tax compliance by keeping invoice records consistent. If you do not see any warnings or have issues with editing invoices or changing their status when this line is added, please let us know. Starting with WHMCS version 9.0, non-Draft invoices are immutable. This means you cannot edit transactions (now listed under the Ledger section on the invoice), add or remove items, or modify descriptions on an invoice once it’s no longer in the "Draft" status. This change is intended to improve invoice management and ensure tax compliance by keeping invoice records consistent. For more information on invoice management in WHMCS version 9.0, please refer to the following documentation: https://docs.whmcs.com/9-0/billing-and-invoicing/invoice-management/

Already opened up a bug (ticket DVZ-331740), just creating this here as well I have a couple of really, really old WHMCS versions (some at 7.1.x), deliberately, to do testing and whatnot for clients. Since they're dev installs and locked down to me only, I'm not terribly worried about threats there. Tried to upgrade one of the 7.1.x versions to 9 and couldn't do so. 'Cannot read configuration file' the system said Rolled back backup, upgraded to 8.13, then to 9, worked like a charm Just a heads up for those that may be in the same position. Looks like some earlier versions aren't available for a direct upgrade

Key Features List Our WhatsApp Gateway: Authentication and User Management: Login, registration, and logout using CodeIgniter Shield. User group system (admin & user). User profile management. User Dashboard: Subscription overview (active plan, remaining days, message/device limits). Usage statistics (messages sent, devices connected). Alerts for expired subscriptions or reached limits. API token management for external access. WhatsApp Integration: Multi-session device management (multiple WhatsApp accounts per user). Sending of text and media messages (images, etc.). QR code scanning to connect WhatsApp devices. Message logging (delivery status, WhatsApp message ID). Message limit checks based on subscription plans. Subscription and Plan System: Various plans with device and message limits. Usage tracking (messages sent, active devices). Subscription management (active, expired). Plan upgrade/downgrade. Admin Panel: User management (create, edit, delete users). Assign groups and plans to users. RESTful API: Endpoints for sending WhatsApp messages via token. Integration with Node.js backend for WhatsApp operations. Modules: Invoices, Orders, Payments. Multi-language support (English, Indonesian, Spanish, UAE/Arabic, Chinese). Node.js Backend (whatsapp-web.js): Node.js server for running WhatsApp clients. Multi-session support with LocalAuth. Handling of QR codes, connections, and message/media sending. Logging and error handling. Security and Logging: Input validation and CSRF protection. Message and user activity logging. Environment variables for sensitive configuration (NODE_URL, etc.).

We may be able to help if you still require it.

it doesn't use an email template and that email is hard-coded internally to WHMCS... two thoughts.. if you are using PHP Mail for your email settings, I think it will show the client's IP in the header - specifically in the X-PHP-Script setting output... I can't recall if the same applies when using SMTP to send. perhaps you could add just jQuery/JS to the form to add the client's IP value to the message string before it sends to WHMCS ? all that said, there's nothing to stop a user hiding their IP by any number of methods - so there's no guarantee that any value you receive for their IP address, by any method, would be accurate.

Hey @pikerr are you sending to a department or to an email address?

@WHMCS John Thanks. It looks like the Search still does not support displaying all TLD extensions? In the screenshot, only 3 TLDs are shown with keyword suggestions. I was hoping that the new Search will finally allow users to see all available TLDs for the keyword search. Could you please confirm this?

This also doesn't work for us. In our country (Thailand) you are only not allowed to change/edit paid invoices. Any other type is no problem. We use the "Edit invoice" option a lot. It would be better if there is a configuration option where we can choose which types of invoice could be edited. Or just make some check boxes in the "admin role" page, so that we can choose which type of invoices can be edited.