All The Latest From WHMCS

Home / Blog

WHMCS V5.3.8 Released


We are pleased to announce the release of WHMCS 5.3.8.

This update contains maintenance and stability improvements.

We are making available an incremental upgrade version containing just the changed files for those upgrading from the latest current version V5.3.7. We are also making available a full release which can be used to perform a new installation or update an existing installation regardless of previous version.

Both of these are available from the downloads page below.

As always, we have worked hard to keep template changes to a minimum. To that end, there are no changes required in this update for the "Default" template. There are however changes to the Classic, Portal and the view cart page of the order form templates. Full details of these changes can be found in the release notes here.

Posted by Matt on Wednesday, July 9th, 2014

Introducing Fast-Track Support


Today we are pleased to announce the launch of Fast-Track Support - a new option that enables you to jump right to the front of the queue.

At WHMCS, our support technicians typically respond to tickets in the order in which they are received. But we appreciate that sometimes, an issue requires more urgent attention. And that's where Fast-Track support comes in.

Purchasable as an upgrade on a per ticket basis, either at the time of opening a ticket, or at any time throughout the life of that ticket, upgrade to Fast-Track support, and your ticket gets escalated immediately to the top of the queue, with a guaranteed response time of under 60 minutes*.

Available Monday to Friday, 8am to 5pm CST, at an introductory price of just $5 for the first 30 days, we invite you to give Fast-Track support a try today. Simply open a support ticket and select the option to upgrade.

And if for any reason you aren't completely happy with the service you receive, we will provide a full refund.

Over the past 12 months, we've been working really hard to bring our customers both a more efficient and improved quality of support. We have introduced a dedicated Customer Service team, available Monday thru Friday, from 6am to 9pm BST.
And what's more, we are now proud to offer full 24x7 technical support coverage, 7 days a week.

So you can rest assured, whenever you need us, we'll be here.

* A response is not necessarily a resolution. Resolution will depend upon the nature and complexity of an issue.

Posted by Matt on Thursday, July 3rd, 2014

Upcoming .UK Launch on 10th June

On 10th June 2014, the new .UK TLD officially launches and becomes available for anyone to register.

We already added support for .UK registrations to WHMCS and so in order to begin taking orders for this new TLD in WHMCS, on the day of the launch you will need to do two things:

1. Add the TLD along with your desired pricing in Setup > Domain Pricing
2. Add a new WHOIS Server Definition to the default WHOIS Servers list shipped with WHMCS. To do this, you need to open the /includes/whoisservers.php file with a text editor and add the following line to the bottom of the file:

.uk||No match

If you need any assistance completing the above, please contact our support team and they'll be happy to assist you.

Further information can be found @

Note: Nominet have reserved the .uk domains for any existing UK domain holders who have a,,,, or equivalent, and that reservation lasts until 10 June 2019 - so those domains will return as reserved and unavailable during a whois lookup. There is no way at this time for us to be able to provide a reliable solution for those to be ordered by only the eligible persons in an automated way, and therefore orders for those will need to be processed manually by staff using the admin order process.

Additional Updates for Nominet Users

  • Last month, Nominet introduced a new data quality policy. We can confirm that WHMCS does perform formatting validation to ensure meeting the data completeness part of the requirements - that is a correctly formatted address, postcode, phone number and email address. Please note that with phone numbers there is no need for end users to enter a country code - WHMCS will automatically prefix this at the time of the registration.
  • The forthcoming data validation/verification requirements are harder to overcome in an automated way however and continue to be a topic of internal discussion.
  • We would also like to take this opportunity to confirm that we are aware of feedback from some Nominet users in our community regarding the need for additional validation of the extended attributes required to register .UK domain names and this is something that we are working to address.

Posted by Matt on Sunday, June 1st, 2014

WHMCS V5.3.7 Released


We are pleased to announce the release of WHMCS 5.3.7.

This is a maintenance release addressing over 100 cases. A full list of changes can be viewed in the changelog.

As usual, we are making available both a full release (which can be used to perform a new install or update an existing installation regardless of previous version) and an incremental version (which can be used to upgrade for anybody running V5.3.6). Both of these are available from the downloads page below. For more information please visit our Release Types documentation.

We always strive to keep required template changes to a minimum but this update has touched a larger number of template files than usual. However, several of these changes relate to optional functionality within WHMCS, so they may not be required for your use of WHMCS or custom template. Please review the template changes section of the release notes for a detailed list of changes, and to determine if you need to apply them to your custom themes.

Posted by Matt on Tuesday, May 13th, 2014

"Heartbleed Bug" OpenSSL Vulnerability Affecting Internet Community



The Heartbleed bug ( is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f.

This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL through a flaw in OpenSSL's implementation of the heartbeat extension.

OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity.

What does this mean for WHMCS installations?

SSL is an important protocol for securing web traffic, and thus securing web requests for logins, order transactions, etc.. WHMCS, like all web applications, must rely on web servers to correctly implement the SSL protocol. WHMCS as a web application cannot patch the Heartbleed vulnerability, nor can we mitigate its effects. However as a member of the internet community, we feel it's important to raise awareness of the risk and ensure that our users check that their server is protected.

How do I check if my server is protected?

Essentially, there are three ways you can verify if your server is protected:
1) You can open a support ticket with your hosting provider.

2) You can leverage a third party scanning tool via the web.

Below are three such sites that the community deems reputable and trustworthy. You simply enter your website and it will let you know:
3) You can run a scanning tool locally on your server. One such tool is:

What do I do if my server is not protected?

Contact your local system administrator or hosting provider immediately! They will have the technical expertise to update the OpenSSL libraries on your server to protect your SSL communications going forward.

Once I have patched my server, is there anything else I need to do?

Due to the nature of the vulnerability it is not possible to immediately know what information, including private keys, passwords, or session ID's, may have been compromised. Attacks that leverage the Heartbleed bug occur very early in an information exchange process, before a full connection has been made, and thus leaves no log history that an attack has occurred.

We recommend that you take precautionary action and regenerate all SSH keys as well as reissue all SSL certificates in use.

If you have purchased SSL certificates directly from WHMCS or resell SSL certificates through Enom, you can find more information on how you and the SSL provider can reissue your certificates here:

We also recommend that you take precautionary action concerning passwords used to authenticate against your WHMCS installation. This would include resetting administrative passwords as well as contacting your customers and asking them to reset their passwords. A step by step guide and sample email template are provided here:

How has WHMCS servers and my account been affected by Heartbleed?

The WHMCS website, our public servers, and the SSL certificate end point were not vulnerable to the Heartbleed bug when it was publicly disclosed on April 7th 2014.

Any secure communication with our servers, such as logging into the members area, would not be affected by any attacks following the public disclosure of the Heartbleed bug.

The Heartbleed bug has had a profound impact on the transmission of secure data throughout the Internet. It is for that reason that we are encouraging our customers to reset their member area passwords at their earliest convenience as a matter of common password maintenance. Please remember to always make your passwords unique, random, and periodically rotate them.

WHMCS is in the process of emailing all active clients to inform them of this blog post. That email also contains a direct link to the password reset function as a precautionary measure.

Posted by Matt on Friday, April 11th, 2014

« Previous Posts