Jump to content
spirog

Here is some update instructions for securing folders

Recommended Posts

Hi,

I was stumped until I received a support reply about what we need to do to to secure folders under public_html 

Downloads , attachments, template_c folders. 

Still waiting on reply about crons folder if we still follow the old directions for that 

So here is the update to secure those 3 folders if someone has an issue with seeing insecure warnings 

As of WHMCS 7.7, these settings are now configured under Setup > Storage Settings and the old variables for the configuration.php file are not used. We will be updating the documentation to reflect that.

Hope this helps someone else in tye mean while as they update there documentation for how to get rid of the warnings and proper setup of moving those folders to a secure location under public_hrml folder. 

Just move the folders as you normally would under the public_html folder

Create a secure path for these folders to move them too

something like below. 

/home/username/whmcs/downloads

/home/username/whmcs/attachments

/home/username/whmcs/template_c

And then go to setup> Storage settings > configuration and change the path to where you have placed these folders

After in storage settings you can add the path to template_c and configure each folder path. 

Then you can delete the old paths from storage settings being careful to delete the correct ones. 🙂

 

Share this post


Link to post
Share on other sites

Just got another update. The storage is only for download and attachment folder 

 

So we still need to add to configuration.php 

This line if you move your templates_c to a secure path. Sorry but first support told me.to use storage then they said it's the old way for templates_c and for securing crons folder 

So we don't need the download and attachment folder snippets in configuration.php we need to use the storage settings for those folders. And change the drop-downs to the correct path. 

We only need to follow directions to secure templates_c folder if we move it and crons folder as we did prior. 

 

 

$templates_compiledir = "/home/username/templates_c/";

Sorry for all the writing maybe you can change my posts to refoect the.priper settings to secure download folder attachment folder templates_c folder and crons folder

So now I finally have it correct. Though 🙂

Share this post


Link to post
Share on other sites

Ugh. If you're moving some of this, WHMCS, why not move it all? Having configs in more than one place for somewhat related items (security settings/changes) is frustrating and prone to folks missing things. 🙈

Share this post


Link to post
Share on other sites

Do you know if updating to 7.7 sets those settings in the new location? 

Share this post


Link to post
Share on other sites
On 2/1/2019 at 9:48 AM, steven99 said:

Do you know if updating to 7.7 sets those settings in the new location? 

No. You have to set the path where you location is. Of those 2 folders attachments and download 

Share this post


Link to post
Share on other sites
On 2/1/2019 at 5:48 PM, steven99 said:

Do you know if updating to 7.7 sets those settings in the new location? 

They are stored in the database, so Auto Update is OK.

Share this post


Link to post
Share on other sites
On 2/4/2019 at 3:14 AM, pRieStaKos said:

They are stored in the database, so Auto Update is OK.

Right but I meant like going from 7.6 to 7.7.  Does the updater (either auto or the manual updater) update those values.

Share this post


Link to post
Share on other sites

Hi @steven99,

When updated to 7.7, the auto-updater will read the file locations from the configuration.php file and create the appropriate records in Storage Settings, yes.

It does not make changes to the configuration.php file.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines