Jump to content

Recommended Posts

An unfortunate trait of the internet is spam and automated bots disseminating that spam. As a business operator on the internet, you may also receive orders submitted in bulk by automated bots. There can be situations where you need to delete lots of clients with the same first name.

This small script leverages the local API to cleanly delete all clients who match the specified term.



This script is provided as-is, without warranty, and in the understanding for the potential to permanently and irreversibly delete data. Before running this script, please make a database backup:

 * Delete spam clients where the firstname contains 5666Q.COM
 * using advanced database interaction and the DeleteClient API
 * @link https://developers.whmcs.com/advanced/db-interaction/
 * @link https://developers.whmcs.com/api-reference/deleteclient/
 * @author     WHMCS Limited <development@whmcs.com>
 * @copyright  Copyright (c) WHMCS Limited 2005-2018
 * @license    https://www.whmcs.com/eula/ WHMCS Eula

require 'init.php';

use WHMCS\Database\Capsule;

// Replace ADMIN_USERNAME with your admin username
$adminUsername = 'ADMIN_USERNAME';

echo '<pre>';

// Loop through all clients where firstname contains 5666Q.COM
foreach (Capsule::table('tblclients')->where('firstname', 'like', '%5666Q.COM%')->get() as $client) {

    // Delete the client with DeleteClient API
    $results = localAPI('DeleteClient', ['clientid' => $client->id], $adminUsername);

    // Check for errors
    if ($results['result'] == 'success') {
        echo "Deleted Client ID: " . $client->id;
    } else {
        echo "Error deleting Client ID: " . $client->id;

echo '</pre>';


Begin by entering your adminstrator's username on line 19:

$adminUsername = 'ADMIN_USERNAME';

Upload the script to your WHMCS directory, and visit in your browser.

The script will search through all the clients matching the criteria specified in this line:

'firstname', 'like', '%5666Q.COM%'

It will then properly and permanently delete matching clients and associated records.

The last step is to show which clients are deleted, and if a problem was occurred.


The file should then be deleted from your server.


At the time of writing this post, this script was tested on the latest stable release of WHMCS 7.5.1 and should work with any that fall under Active Support as per the LTS schedule here: https://docs.whmcs.com/Long_Term_Support#WHMCS_Version_.26_LTS_Schedule

If you have any feedback, questions, or concerns that I did not cover in this post, please feel free to reach out!


  • Thanks 2

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By cdeese8
      Might you know of any sneaky ways, or creative things I can do to stop this?
      Can you please tell me how to prevent, block and disable any non-English letters? Specifically, I think it would be great to prevent letters from the Cyrillic script (Russian Alphabet). Literally, every spam ticket I get is from Mother Russia.
      I know there is form captcha, but I don't want to use any services related to google or even the baked in WHMCS. The less steps a visitor has to do to get support the better.
      Thanks for your time,
      https://en.wikipedia.org/wiki/Russian_alphabet https://docs.whmcs.com/Spam_Control don't see anything here don't see anything for search query: site:whmcs.community block russian letters still doing R&D for search operator: bootstrap 3 input field validation block russian letters
    • By HarryAdney
      I see this in Setup > Addon Modules. I use MailChimp; is it safe to delete the legacy module and am I correct in thinking it's the one shown in module/addons/admin?
    • By bluesteam
      So I have just signed up with crisp.  My business email address is info@bluesteam.net.  Crisp asks for an email address when signing up and sends you the chat transcripts after the conversation is complete.
      The problem is that Crisp sends these transcripts from some-random-sequence@bluesteam.on.crisp.email
      Now I have piping enabled for info@bluesteam.net for my General Queries Department so I keep getting the transcript opening tickets on the support system.
      NOW I have to go and delete every support ticket that gets opened because blacklisting each email address is pointless because the sequence will always change and never be the same so its useles to blacklist it.
      I want to add a wildcard in the Spam Control System *@bluesteam.on.crisp.email so that NO transcripts can open a ticket but lo and behold, there is no such thing as a wildcard on the Spam Control.
      How can this be?  It's such a simple feature that should be enabled with every spam control system.
      Has anyone got a solution to this?
    • By postcd
      Hello, in WHMCS 6.3 in last days i started receiving significantly higher amount of SPAM support tickets than before. (bot spam not real people)
      So i tried to switch "Captcha Type" from "Default (5 Character Verification Code)" to "reCAPTCHA (Google's reCAPTCHA system)"
      I seen i already had prefilled public and private key there and i verified it is correct/same with keys in my google account where i added my site already.
      But when i open contact form as a non logged in user in Firefox and Tor browser, it does not show up the recaptcha, it shows only:
      When submitting, it says "The characters you entered didn't match the image shown. Please try again."
      Is there any work around/hack (by editting some files) so i can prevent support ticket SPAM?
      The default WHMCS 5 chars. captcha show up, but SPAM bots started going over it.
      In recaptcha account, server side integration URL is: https://www.google.com/recaptcha/api/siteverify
      <script src='https://www.google.com/recaptcha/api.js'></script>
      <div class="g-recaptcha" data-sitekey="PubKeyHere"></div>
      I see my recaptcha is "v2" type\
      Update: The cause of this issue was Content-Security-Policy in .htaccess file that denied google domain.
    • By Subwayhost
      Is it working automatically !
  • Recently Browsing   0 members

    No registered users viewing this page.


Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated