Way too many files in the WHMCS root. Needs restructurring.

[NadalKumar]

With so many files in the root folder, a hacker can blend in any arbitrary file and one would not realize it. It just appears chaotic.

The file structure needs to be reorganized and reduce the root to just an index and those that serve search engines and server instructions.

These structuring practices are preferred

Joomla

 

Drupal

 

WordPress

 

This structure is archaic and chaotic

It's time to change for better!

[yggdrasil]

I fail to see how this has anything to do with a hacker putting a file in your installation. Nested folders in a different organized structure does not change the amount of files, you are just going deeper (personally this is bad in data organization as it requires more clicks or more path typing...). It might be better for you visually on your eyes but security wise it does nothing at all. I actually prefer less folders and less nesting, people prefer to scroll on computer screens and pages not click deeper and deeper.

[steven99]

34 minutes ago, yggdrasil said:

It might be better for you visually on your eyes but security wise it does nothing at all.

Exactly.  There is no difference between a file in the root and a file in includes/vendors/somepackage/libs/something.php beyond the hacker needing to know the path to it.  And if you are having random files placed any where within WHMCS, there are more issues.  Also, it would be quite easy to just add PHP code at the top of the index.php file and you would not know.   I have seen this many times in Wordpress, joomla, and Drupal. 

The best option is to use a md5 comparison of all files and folders and have a report of new files and files no longer matching their previous known md5 signatures. 

[NadalKumar]

You both placed emphasis on hacking but the post is about file organization.

1 hour ago, yggdrasil said:

It might be better for you visually on your eyes

Yes, that's what matters. The clutter method is way outdated.

[wp4all]

Hi @NadalKumar,

unfortunately, you have formulated your initial post towards hacking.

8 hours ago, NadalKumar said:

With so many files in the root folder, a hacker can blend in any arbitrary file and one would not realize it. It just appears chaotic.

I agree with you it would be nicer to have everything wrapped up in folders, especially if you look at some templates that create 20-30 pages in the root directory as well.

But as my previous posters have already argued this lays in the eye of the observer and represents less a safety relevant aspect.

Greetings Christian

[NadalKumar]

On 5/15/2019 at 1:11 AM, wp4all said:

unfortunately, you have formulated your initial post towards hacking.

There are so many other words in the initial post yet it seems "hacking" is the only word seen. Das juss ridiculous!

The gist of the post is clearly about structure and order and the visual examples clarify that matter. However if it satisfies one to focus on a single word and make that a point of dispute, have at it. the point has been made.

[yggdrasil]

16 hours ago, NadalKumar said:

There are so many other words in the initial post yet it seems "hacking" is the only word seen. Das juss ridiculous!

The gist of the post is clearly about structure and order and the visual examples clarify that matter. However if it satisfies one to focus on a single word and make that a point of dispute, have at it. the point has been made.

Data organization is more art than science. Different people will take different approaches, some prefer to use categories with folders, others prefer more files per folder. You might for example say that you prefer more folders and others will say its annoying having to go deeper and deeper every time you need to find a file, it also makes coding more a hassle as now you have extremely long paths and routes (more folders, longer path):

/home/folder/folder/folder/folder/files

Some might prefer that approach as they don't like an extremely long list of files they need to hunt down. For me this is not a problem because I just type or search files. I'm not trying to pick files manually one by one or visually. That is ok for some folders with a few documents, not a software with thousands or hundreds of thousands of files. Either way, it does not affect the software at all how files are organized, not in security and not stability. As for people picking on the "hacking" part only, you are lucky they did not pick on the SEO search engine part because that also has absolutely nothing to do with file structure. I can name my files and folders what ever I like and present something completely different to search engines, that is actually what the PHP code already does together with server rules like .htaccess

[NadalKumar]

17 hours ago, yggdrasil said:

you are lucky they did not pick on

Ahh lucky me. Now I should follow that rainbow to get to me pot o' gold.

The point of clutter has been made but apparently you're the guys who enjoy a good dispute so you'll seek any part of a post to gripe.

[Kian]

I don't get what's the problem 😟 You opened the thread to discuss about the following matters regarding file/folder structure:

• Hacking (file structure makes no difference)
• SEO (file structure makes no difference)
• Ease of use (is subjective)

The fact that CMS X uses Y files and Z folders doesn't automatically mean this is the right approach to use and that WHMCS is wrong. Not to mention that if you look at /modules & /vendor directories you'll find tens of different approaches since file structure also depends on the architecture of the software. For example in Object-Oriented and Procedural you'll use different formats. If you need to extend classes on a regular basis then you'll need to use namespaces with core files in folder X and extensions in Y. Then there are autoloaders...

I'm not saying that framework must dictate directory structure but in the same time you can't ignore it and decide your structure based on your personal taste.

p.s. Speaking about structure... I hated Magento 🤬 Conceived by the Devil in person. You needed to create 10² files (XML, phtml, php, json... oh God!) in 10² folders to create ONE PAGE but that's another story.

Edited May 18, 2019 by Kian

[NadalKumar]

1 hour ago, Kian said:

You opened the thread to discuss about the following matters regarding file/folder structure

No. I opened a thread in the Feedback category which I figured the WHMCS crew view for user suggestions. There was no desire or intent to discus or dispute with anyone who has absolutely no control over the WHMCS core application.

However as stated multiple times before, the point has been made and the images make clear what the focus of the feedback is. If it pleases others to focus on specific words just to be confrontational, have at it. It only matters to me what WHMCS response is.

[yggdrasil]

6 minutes ago, NadalKumar said:

No. I opened a thread in the Feedback category which I figured the WHMCS crew view for user suggestions. There was no desire or intent to discus or dispute with anyone who has absolutely no control over the WHMCS core application.

However as stated multiple times before, the point has been made and the images make clear what the focus of the feedback is. If it pleases others to focus on specific words just to be confrontational, have at it. It only matters to me what WHMCS response is.

Why does this affect you that much? Its not personal and nobody is taking this in a confrontational approach. It's a community, so people post their opinions. Everyone here might be right or wrong on multiple subjects. No need to get pissed about it. You just accept it and move on. You don't need to prove everyone right all the time and if someone tries to correct you on something, instead of taking it as some personal attack you should take it as a learning curve and be grateful that other people bothered to reply. Would you prefer a community on which nobody replies at all? Every person here took a few minutes of their lives to reply here, for free. And it added value to the conversation. Instead of taking it personal, just see it as other opinions and nothing more.

Your feedback was received, but don't expect WHMCS to change anything. I and many other people have suggested far more important things, like real issues and bugs in the past and in reality they don't take this community as feedback at all. Someone from WHMCS might read and reply from time to time but in the end they do what they want with the software without little to no user input. In that regard, just consider this community as WHMCS customers talking between them.

[NadalKumar]

7 hours ago, yggdrasil said:

It's a community, so people post their opinions

Exactly my point. I posted the thread based on my opinion yet 3 oldies here seem to be focused on a single factor in an entire statement. Dat makes no sense. The images clearly indicate the primary concern is clutter.

Believe me, none of your arguments bother me, only a response from WHMS matters to me. I simply reply to stand my ground. The fact that you guys gave me a negative rating shows that you are all taking this personal and das juss ludicrous!

7 hours ago, yggdrasil said:

Your feedback was received, but don't expect WHMCS to change anything.

That decision is certainly not up to you as a mere user of the application.