Jump to content

Feedback after using WHMCS for 4 years (along with some solutions)


Recommended Posts

Hello everyone,


I want to post some feedback and opinions I have about WHMCS.


I've been using it for 4 years, the features and great and the price is significantly low for the value it provides my business on a daily basis. Personally I would like to see WHMCS increase pricing slightly if it's used to improve support.


Features VS security


Personally I would rather see new features scrapped for a couple of versions (or as long as it takes) and the full focus be on auditing the code and making enhancements to security. For example:


- don't include all of the modules with new WHMCS installations (gateways, servers etc). Instead only download the files of a module to WHMCS when it's activated by the user. This reduces the security risk if a module is found to have security issues as it would only put the installations of those who have it installed at risk. Personally I delete un-used modules but every WHMCS user should benefit from this by default. There's also obvious bandwidth advantages for everyone as you only download/backup what you're using, instead of every module that WHMCS supports. This can also be extended to custom modules, there's no reason why WHMCS should ship with the files for the project manager etc when most WHMCS users don't use them


This of course opens up risks if WHMCS's systems are compromised but if done correctly would be a good enhancement.


- Add the option (I say option because not everyone would like this feature) to automatically install security patches as they are released if one is available. We all know that patches can break features but I'd rather see a temporary loss of functionality while I'm asleep rather than my installation being at risk of being hacked


Adding support for automatic upgrades could also be done but it has a higher change of breaking things and doesn't relate to security so it's not as important.


- the announcement of patches and security advice really needs to be looked into. If a new patch is available a bold notification should be displayed on the admin panel of every WHMCS installation instantly as emails take a long time to receive and not everyone checks Facebook/RSS feeds all of the time - I understand a new banner appears but recent advice such as turning off the ability to edit account details and the mass payment option should be notified in a similar way


Mobile support


Currently we have:


- WHMCS mobile version

- WHMCS iPhone app

- WHMCS android app

- Just noticed there's also a Windows 8 app on the way


I personally have the mobile and iphone app and both of them have serious problems. Most of the features on the iPhone app don't work and it's very buggy. The mobile version is even worse, from what I've seen 50% of the features don't work. Not to mention the new responsive design isn't completely responsive.


I can see why WHMCS has 2 apps and a browser version from a business standpoint but it appears to be that WHMCS have bitten off more than they can chew as each option doesn't completely work.


It would be better in my opinion to completely scrap the iPhone and Android apps and focus on the mobile version (I understand this won't happen as people have purchased these). The reason being:


- it doesn't use Apple/Android APIs so WHMCS have full control of it

- there's no risk of the mobile version not working completely where as the iWHMCS app for example stopped working when upgrading to IOS 7

- as it's browser based it'll support all modern mobile devices

- focusing on this 1 solution will allow WHMCS to create a solid mobile solution rather than trying to maintain 3 buggy solutions


This doesn't just relate to mobile, the less time spent on maintaining all of these mobile options the more time is available to focus on more important things.


In my opinion releasing a app for Android and the iPhone was a complete waist of time when the time could have been spent on the mobile version which everyone can benefit from no matter which device they're using.




Just wanted to share my opinions. Would be interested to hear from anyone who agrees/disagrees with any of these points. Everything in this thread is just my personal opinion.


PS: WHMCS support - I'm still waiting for someone to look into a serious problem I'm having. Although I've had replies and promises the ticket I post 5 days ago had not been looked into. It's a critical problem and I'm disappointed at the lack of assistance.




Edited by zomex
Link to comment
Share on other sites

Great post.


I agree with holding off on new features and working on the core security and auditing the software. Things need a good shake up, if it means lifting the price a little bit more to get a quality product, then go for it!


I like the idea of not including all the module gateways etc with WHMCS, only a few need to be included for example PayPal which is widely used in the WHMCS community. Less bloat is better!


Having the option for automated security update patches is a must! This will save lots of time, and will cut down needing to rely on update emails/feeds and social updates for WHMCS updates. Have some options to enable different automated updates, for example security patches or core, or both core and security updates.


Maybe have a SMS service for security issues?


As for mobile support, I agree the mobile Apps are a waste of time. I have the Android app and while it does come in handy and works pretty good nothing beats logging directly into WHMCS. I think a responsive WHMCS Dashboard would be the best solution for mobile users that way no functionality is lost! We have responsive templates for the front end, maybe it's time for the admin section to get responsive!


That's my piece :)

Link to comment
Share on other sites

Totally agreed on this for both security and Mobile support and I've been using WHMCS since v3.


Proper mobile browser support is infinitely preferable to iOS/Android apps as a lot of techies use more advanced smartphones. :)


It also means we can extend the mobile support ourselves with support for modules that the app does not support.


I'd love to see a responsive first redesign of both the front end AND the admin using twitter bootstrap 3.x. The current templates for the front end are a bit of a mess and still using a very old version of bootstrap 2.x.


There's a good start at cleaning up the default templates at https://github.com/ShaunR/template-bootstrap for Bootstrap 2.x, removing a lot of the needless css that whmcs.css includes and using the correct bootstrap component classes. You can discard whmcs.css entirely. It needs updating for 3.x but going from there would be a better start than those included in WHMCS.


I would suggest approaching ShaunR on github and picking up his work or supporting it and encouraging others to contribute.


The admin needs a lot more work as it's more opaque as to what features are available. It doesn't use bootstrap yet. There's some great non-whmcs bootstrap admin templates out there that I'm sure could be adapted with some great charting addons too. eg. https://wrapbootstrap.com/themes/admin


One of the issues we have with the templates is that they're god awful so we spend some time on each release updating them to modern standards and integrating them with our site. I could scream if I ever see another center tag or tables used for layout.


The harder that is to do, the longer it can take for us to apply an update and subsequently a security patch.


What would also help is a ROADMAP for releases so we can plan when we're going to have to spend time running through a template update. It doesn't have to be nailed down to the minute. A month's accuracy might be good.


I'd also like to see LESS encoded code. Over time, some of the code that used to be open has been encoded. eg. the server status addon and I seem to remember more. I'd love to see WHMCS use less encoding, a well documented secure core API and the source code for modules opened up to scrutiny, perhaps even forked onto github so the community can improve them. How about opening up the reports and graphs code for example so we can add back in some of the reports that went missing in 5.1?


WHMCS surely has a lot of technically experienced users just champing at the bit to make it better.

Link to comment
Share on other sites

Hello everyone,


Thanks for your replies, it's great to hear everyone's feedback.


I think the latest post from WHMCS is positive, I do think the rewards for reporting security vulnerabilities will temp some of these people to report them to WHMCS rather than hacking forums.


In terms of mobile I'm really passionate my view. I would love to see a single, solid mobile solution that works for everyone and is updated as regularly as WHMCS itself.




Link to comment
Share on other sites

I am soo disappointed in the support and lack of updates with the iPhone app. WHMCS is giving rewards of up to $5000 for security related issues, why not spend part of that on fixing these apps. Hire someone and get them fixed!

I have been using WHMCS since 2006, and over all I cant complain, I do love the billing system.


A security audit should have been preformed long before now! its well over due! Its sad it had to come to this and all these security issues have risen over the past month or so, but im glad it has been brought to the users attention, and its good to see that WHMCS is going to do something about it!

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated