From HEXONET Wiki
(→How to secure your WHMCS installation) |
|||
Line 2: | Line 2: | ||
=How to secure your WHMCS installation= | =How to secure your WHMCS installation= | ||
− | In order to secure your WHMCS installation we recommend creating a role user only dedicated for WHMCS.<br> | + | In order to secure your WHMCS installation, we recommend creating a role user only dedicated for WHMCS.<br> |
This role user will only be able to execute the WHMCS needed commands.<br><br> | This role user will only be able to execute the WHMCS needed commands.<br><br> | ||
Line 8: | Line 8: | ||
<ul> | <ul> | ||
<li>Login to the Hexonet Control Panel</li> | <li>Login to the Hexonet Control Panel</li> | ||
− | <li> | + | <li>Click on your username</li> |
+ | <li>Click on 'Settings', click on 'Share Access' from the dropdown menu</li> | ||
<li>Create a new role user by clicking on "New Role User"</li> | <li>Create a new role user by clicking on "New Role User"</li> | ||
<li>Fill in the necessary input fields: | <li>Fill in the necessary input fields: |
Revision as of 08:35, 26 April 2019
How to secure your WHMCS installation
In order to secure your WHMCS installation, we recommend creating a role user only dedicated for WHMCS.
This role user will only be able to execute the WHMCS needed commands.
Let's create this role user:
- Login to the Hexonet Control Panel
- Click on your username
- Click on 'Settings', click on 'Share Access' from the dropdown menu
- Create a new role user by clicking on "New Role User"
- Fill in the necessary input fields:
- Role ID: whmcs
- Password: **********
- Default Access: Deny
- Status: Active
- Copy and paste the following block of commands in the "Access Control" section:
Please remove any default commands listed in the Control Panel input field. We recommend using only the following commands.CheckDomain():ALLOW CheckDomains():ALLOW CheckAuthentication():ALLOW QueryDomainSuggestionList():ALLOW AddDomain():ALLOW TransferDomain():ALLOW StatusDomain():ALLOW TradeDomain():ALLOW ModifyDomain():ALLOW PushDomain():ALLOW DeleteDomain():ALLOW RenewDomain():ALLOW PayDomainRenewal():ALLOW StatusDomainTransfer():ALLOW StatusContact():ALLOW ModifyContact():ALLOW DENIC_CreateAuthInfo1():ALLOW QueryDNSZoneRRList():ALLOW UpdateDNSZone():ALLOW AddNameserver():ALLOW ModifyNameserver():ALLOW DeleteNameserver():ALLOW QueryObjectLogList():ALLOW StatusObjectLog():ALLOW ConvertIDN():ALLOW AddDomainApplication():ALLOW StatusDomainApplication():ALLOW RequestDomainAuthInfo():ALLOW StatusUser():ALLOW StatusAccount():ALLOW SetEnvironment():ALLOW
- Continue to the "IP Restriction" step and enter the IP of your server (which contains your WHMCS installation)
- Login to your WHMCS Backend and replace your Hexonet username with your role user.
(If your Hexonet username is "customer1" and your role user is "whmcs" you have to use the login like this: customer1!whmcs)