Jump to content
  • 0

Is WHMCS enough secure to be used in a shared hosting environment?

EEssam

Asked by EEssam,

 Share

Question

EEssam Member

EEssam

Posted
Posted

Hello,

 

The title says it. I'm wondering if whether WHMCS is enough secure to be used in a shared hosting environment or not?

 

You know servers root passwords, clients cPanel passwords, will be supplied and saved, are these sensitive data well encrypted, etc?

 

Or it's much better to get a VPS/dedicated for it.

 

Please advise. Thanks.

0
Link to comment
Share on other sites

19 answers to this question

Recommended Posts

  • 0
uberhost Senior Member

uberhost

Posted
Posted
Or it's much better to get a VPS/dedicated for it.

 

If WHMCS wasn't secure enough for a "shared environment" I certainly wouldn't be running it on dedicated servers. Think a moment, even if you secluded it to a VPS/dedi box, it would still be making automated calls to shared servers.

0
Link to comment
Share on other sites
  • 0
bear Senior Member

bear

Posted
Posted
If WHMCS wasn't secure enough for a "shared environment" I certainly wouldn't be running it on dedicated servers. Think a moment, even if you secluded it to a VPS/dedi box, it would still be making automated calls to shared servers.

 

I think it's more of a concern that other users on the box may try and access it because they have an account on the same server, or a user account gets hacked because of some outdated forum script or something. You can avoid a lot of potential issues by segregating the script from users accounts on a VPS or Dedicated all by itself...though a dedicated to run this would be a bit much.

0
Link to comment
Share on other sites
  • 0
  • WHMCS CEO
Matt Senior Member

Matt

Posted
  • WHMCS CEO
Posted
No one answered the most important questions......

 

Does WHMCS encrypt Credit Card numbers? Password? Etc?

Of course it does. The question is not "is WHMCS secure enough", the question is "is your server secure enough". In most cases the answer is no and by running it on a shared hosting environment it could be possible for another user on the server to access your files like bear has mentioned. Therefore a dedicated environment could be preferred. However, thousands of web hosts use WHMCS in a shared hosting environment without a problem.

 

Matt

0
Link to comment
Share on other sites
  • 0
georgew Junior Member

georgew

Posted
Posted
It is dependent on the gateway. It doesn't store CC numbers for gateways like Worldpay and Paypal.

 

I'm new to WHMCS... but this is a post-sale question...

 

I would like to use a payment gateway that does not require me to store credit card numbers at all.

 

No matter how secure the web server is, or how well you guard credit cartd numbers, if you are storing them at all, you have a potential target.

 

We used to do all credit card transactions on a isolated machine, without Internet access, etc... One day someone stole the entire machine. We notified our merchant bank, and they assured us it would be handled decretely, and our clients would not know we did this to them. They told us they would contact all of our client's issuing banks, and have new cards issued to them.

 

But what really happened was different, and it was totally not descrete. We ended up spending hours on the phone calming down angry customers that were told we let their credit card numbers out. In actuality, the credit card numbers were not stolen, the reason the thieves took the computer was because it was the only one not bolted into a rack... It was easier to steal.

Most likely they never found the credit card numbers on the machine... Our merchant never saw any attempts to use the software on the system. However rather than telling the clients it was a precaution, and that the numbers may not be compromised, the merchant banks told the clients a made up story about how we let hackers steal the credit card numbers.

 

The point is I would rather not store cc numbers at all.

 

 

So the questions are:

 

1. Is worldpay the only merchant supported (other than paypal) that does not require us to store cc numbers?

 

2. Does worldpay (or any other merchants other than paypal) handle recurring automatic charges for us? If so, how does it work?

 

 

Thanks!

George

0
Link to comment
Share on other sites
  • 0
  • WHMCS CEO
Matt Senior Member

Matt

Posted
  • WHMCS CEO
Posted
Is worldpay the only merchant supported (other than paypal) that does not require us to store cc numbers?

 

Nope, it's any third party gateway module. Looking at the homepage list right now, that includes PayPal, 2CheckOut, ChronoPay, ProtX (VSPForm), Google CheckOut, CyberBit, NoChex, AlertPay, etc... There's quite a range to choose from.

 

Matt

0
Link to comment
Share on other sites
  • 0
georgew Junior Member

georgew

Posted
Posted

So how do recurring cc payments work? Does the merchant store info on our customers, and we access that info when the customer has a subscription payment due or buys something new?

 

Are they all like paypal? I understand the paypal model, but the problem there is the customer must have a paypal account. Paypal requires a membership. that model is fine for the customers that have a paypal account. But what about non-membership based processors?

 

The reason I am asking so many questions is this... We have a paypal relationship, so that part is covered. However I am also needing to take credit cards directly. So I am looking for a payment gateway to do that processing, without having to handle the cards myself, and still being able to process recurring subscriptions using some sort of automatic mechanism.

 

You may have already answered this question, but I'm not sure since I don't really understand how a non-membership processor might work, or if you were listing only the membership based processors that were like paypal.

 

Sorry if I am being dense, perhaps I just need to go read the documentation.

 

 

George

0
Link to comment
Share on other sites
  • 0
Zorro67 Senior Member

Zorro67

Posted
Posted

Hi George,

 

we direct users to the paypal gateway, but in AU, there page is divided into 2 options, pay by credit card, or pay by paypal account.

 

i don't ever want a customer to give me his credit card details.

 

have attached a screen shot for your review.

 

hope this is the answer you are looking for

paypal_payment_screenshot.jpg

0
Link to comment
Share on other sites
  • 0
serverfreak Junior Member

serverfreak

Posted
Posted

Worldpay has FUTUREPAY which support recurring payment. Your system will not store any CC info. All info are take care by Worldpay. Each successful transaction will call back by worldpay to WHMCs. We are using worldpay now. So far so good. :)

 

So how do recurring cc payments work? Does the merchant store info on our customers, and we access that info when the customer has a subscription payment due or buys something new?

 

Are they all like paypal? I understand the paypal model, but the problem there is the customer must have a paypal account. Paypal requires a membership. that model is fine for the customers that have a paypal account. But what about non-membership based processors?

 

The reason I am asking so many questions is this... We have a paypal relationship, so that part is covered. However I am also needing to take credit cards directly. So I am looking for a payment gateway to do that processing, without having to handle the cards myself, and still being able to process recurring subscriptions using some sort of automatic mechanism.

 

You may have already answered this question, but I'm not sure since I don't really understand how a non-membership processor might work, or if you were listing only the membership based processors that were like paypal.

 

Sorry if I am being dense, perhaps I just need to go read the documentation.

 

 

George

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept