Best place to install WHMCS for security

[UXmedia]

Hi, I am new to WHMCS and have it installed in a subdirectory "billing" on my wordpress install.  Is this ok in terms of security?  I plan to also add the Sucuri CDN/Firewall to the whole site.  We are setting this whole thing up now, so if I need to put it in a subdomain, now is the time.

Thanks!

[Kian]

You should keep them on two separate hosting accounts otherwise cracking WordPress with a backdoor will automatically grant access to WHMCS.

WordPress is a popular target for crackers since it's widely used. Moreover there are a lot of third-party plugins that provide further flaws to exploit.

You can live with a cracked WordPress but it's not the same with WHMCS. Crackers could compromise all your servers, steal sensitive details about your customers and eventually try to transfer domains.

In conclusion keep them on two separate hosting packages.

[WHMCS ChrisD]

@UXmedia I would also suggest running WHMCS on a separate hosting account if you can, especially when your main site runs WordPress, there are a number of things that can cause conflicts with WHMCS & Wordpress

[UXmedia]

Thanks everyone! 

I installed it on a separate package/cpanel completely. Its in a subdomain of the main site (but again, in a separate package/environment).  That was quite a migration, but everything is working.

 

[WHMCS ChrisD]

Glad to hear its all working @UXmedia!