ANTI RIGHT CLICKING

[VoiceOverTV]

Hi guys im new to WHCMS and im a little bit worried and i will like to add another layer of security by adding an ANTI RIGHT CLICKING on the client area is this possible and how complicated is this?

[bear]

Though you could probably add it, there's little point, as it can be bypassed very easily, regardless of how you do it. 
What are you trying to protect with it?

[VoiceOverTV]

Well to be honest i just want to add that layer of protection and also hide plugins addons and theme information

[Kian]

Disabling right-clicking serves no use and has nothing to do with security.

First thing first, when I browse your website I already own a copy of your theme information (HTML, CSS, javascript, libraries, assets...). I don't need right-click to get eveything my computer "sees". I just need to press File > Save Page As. This way I'll have a folder that runs on my computer with an exact copy of your website. Alternaivelly I can use source view, dev console or any other tool that every browser has.

Secondly anyone with a bit of sense can re-enable right-click with few lines of javascript via console. It takes seconds. Not to mention there are tens of plugins that allow to re-enable the possibility to use right-click (sorry for the pun) in one click.

Third. Did you know that anyone can download/view every file of your Smarty template by simply visiting it? Try opening /templates/{YOUR_TEMPLATE}/clientareahome.tpl. Most people don't know that and it's funny 😛 Sometimes you can spot things that should stay reserved. For example in invoicepdf.tpl I often see insults towards WHMCS developers, swear words and so on. Many belive that comments in tpl files are hidden from public view.

Given that you can't prevent people from downloading your code, don't waste time fighting right-click. The only outcome is frustration for your customers.

[bear]

9 hours ago, Kian said:

Did you know that anyone can download/view every file of your Smarty template by simply visiting it? Try opening /templates/{YOUR_TEMPLATE}/clientareahome.tpl.

Unless you prevent that via .htaccess. 🙂

[VoiceOverTV]

Whattttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt OMG how can i avoid this?

[bear]

Fun, right?
In the document root of your entire site should be a file named .htaccess (if you don't see it, "dot" files may be hidden). 
In that, the following should block it:

<FilesMatch "\.(tpl|bak)$">
#Order Allow,Deny
#Deny from all
Require all denied 
</FilesMatch>

 

[VoiceOverTV]

Thanks you so much you are a genious that code can i place it after the message End of xxxxxxxxx of any plugin on the site and please tell me is there a way to change the default  domain whmcs admin login page?

[bear]

That isn't code to use within plugins, it's to be used in the .htaccess file specifically.
https://httpd.apache.org/docs/2.4/howto/htaccess.html

[Damo]

Also check this li L and the security advice steps in the documentation. 

https://docs.whmcs.com/Customising_the_Admin_Directory

[VoiceOverTV]

Thank you so much for your help!