Here is some update instructions for securing folders

[spirog 0]

Hi,

I was stumped until I received a support reply about what we need to do to to secure folders under public_html 

Downloads , attachments, template_c folders. 

Still waiting on reply about crons folder if we still follow the old directions for that 

So here is the update to secure those 3 folders if someone has an issue with seeing insecure warnings 

As of WHMCS 7.7, these settings are now configured under Setup > Storage Settings and the old variables for the configuration.php file are not used. We will be updating the documentation to reflect that.

Hope this helps someone else in tye mean while as they update there documentation for how to get rid of the warnings and proper setup of moving those folders to a secure location under public_hrml folder. 

Just move the folders as you normally would under the public_html folder

Create a secure path for these folders to move them too

something like below. 

/home/username/whmcs/downloads

/home/username/whmcs/attachments

/home/username/whmcs/template_c

And then go to setup> Storage settings > configuration and change the path to where you have placed these folders

After in storage settings you can add the path to template_c and configure each folder path. 

Then you can delete the old paths from storage settings being careful to delete the correct ones. 🙂

 

[spirog 0]

Just got another update. The storage is only for download and attachment folder 

 

So we still need to add to configuration.php 

This line if you move your templates_c to a secure path. Sorry but first support told me.to use storage then they said it's the old way for templates_c and for securing crons folder 

So we don't need the download and attachment folder snippets in configuration.php we need to use the storage settings for those folders. And change the drop-downs to the correct path. 

We only need to follow directions to secure templates_c folder if we move it and crons folder as we did prior. 

 

 

$templates_compiledir = "/home/username/templates_c/";

Sorry for all the writing maybe you can change my posts to refoect the.priper settings to secure download folder attachment folder templates_c folder and crons folder

So now I finally have it correct. Though 🙂

[bear 39]

Ugh. If you're moving some of this, WHMCS, why not move it all? Having configs in more than one place for somewhat related items (security settings/changes) is frustrating and prone to folks missing things. 🙈

[steven99 23]

Do you know if updating to 7.7 sets those settings in the new location? 

[spirog 0]

On 2/1/2019 at 9:48 AM, steven99 said:

Do you know if updating to 7.7 sets those settings in the new location? 

No. You have to set the path where you location is. Of those 2 folders attachments and download 

[pRieStaKos 13]

On 2/1/2019 at 5:48 PM, steven99 said:

Do you know if updating to 7.7 sets those settings in the new location? 

They are stored in the database, so Auto Update is OK.

[steven99 23]

On 2/4/2019 at 3:14 AM, pRieStaKos said:

They are stored in the database, so Auto Update is OK.

Right but I meant like going from 7.6 to 7.7.  Does the updater (either auto or the manual updater) update those values.

[WHMCS John 207]

Hi @steven99,

When updated to 7.7, the auto-updater will read the file locations from the configuration.php file and create the appropriate records in Storage Settings, yes.

It does not make changes to the configuration.php file.