All The Latest Release News, Insider Insights, Guest Posts and more from the team here at WHMCS

Enable Application Linking with cPanel Today

Application Linking removes the separation between control panel and billing.

What is Application Linking?

Today users have two distinct control panels, one for their website, and one for billing & support. We want to change that and provide a more integrated experience for web hosting consumers. That's where Application Links comes in.

Thanks to Application Links and WHMCS Single Sign-On, with WHMCS 6.2, your customers can now transition seamlessly from cPanel to WHMCS providing:

  • Easier access to billing and support resources
  • A streamlined web hosting and billing/support experience
  • Greater up-sell opportunities with links to order upgrades and buy domains inside of cPanel
  • Seamless transition between cPanel and WHMCS without re-authentication thanks to Single Sign-On technology
  • Quicker and more convenient access to your brand directly from cPanel
This functionality is available for module developers to integrate into their own modules too.

What version of cPanel do I need?

To use Application Links with cPanel you'll need cPanel & WHM 54 which is available now. If you have automatic updates enabled, you've probably already been updated to it.

How do I get started?

Enabling Application Linking is super quick & easy. In most cases it shouldn't take more than a couple of minutes.

Posted by Matt on Thursday, February 4th, 2016

WHMCS Version 6.2.2 Released


We are pleased to announce the release of WHMCS 6.2.2.

This is a maintenance release for the 6.2 series of WHMCS that includes bug fixes and improvements.

Both a full release and incremental patch set upgrade are being made available. If you are running the immediate previous release 6.2.1, you can use the incremental patch set to upgrade.

Posted by Matt on Tuesday, February 2nd, 2016

WHMCS Security Advisory TSR-2016-0001

WHMCS has released new updates for all supported versions of WHMCS. These updates include changes that address security concerns within the WHMCS product.

WHMCS has rated these updates as having a Trivial to Important security impact. Information on security ratings can be found at

Please update your installation to the latest version.

v6.2 - 6.2.1
v6.1 - 6.1.2 LTS
v6.0 - 6.0.4 LTS

Patches - What is a Patch?

Incremental patches can be downloaded by following the links below.

These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number.

6.2.0 --> 6.2.1
MD5 Checksum: c8cc808c0d0718b13a486ca3dabd4125
6.1.1 --> 6.1.2
MD5 Checksum: c6fa1354f9523054d0107866f2e9550e
6.0.3 --> 6.0.4
MD5 Checksum: 7d86bb2ca32767f591a8a5c21c81fe6b
Hotfix for 5.3.14*
MD5 Checksum: bb5756fe02dc0b99d1a49783afd41dbb

Need a patch for an older version? Visit our downloads page:

To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a "Patch Set" which can be found at

* Some installations have yet to upgrade to v6. As a result, we are providing a backport patch for v5.3.14. It is important to remember that v5 is no longer supported. Future security and important maintenance issues will not be patched. We strongly encourage anyone running a version outside of Long Term Support to upgrade as soon as possible to ensure the performance, accuracy, and security of your business.

Full Release - What is a Full Release?

A full release distribution contains all the files of a WHMCS product installation. It can be used to both perform a new installation or update an existing one (regardless of previous version).
6.2.1 Full Version - Download Now
MD5 Checksum: ff5c9b13a86f9041d52d94ada7e7cac9
6.1.2 Full Version LTS - Download Now
MD5 Checksum: 91522bf1d33b20793f1aeb411a588118
6.0.4 Full Version LTS - Download Now
MD5 Checksum: ae7695aae719aad249f82a8d86bdbd9c

To apply a full release, download the release from the URL above. Then follow the upgrade instructions for a "Full Release Version" which can be found at

Security Issue Information

The security changes for the v6.2 release address 2 issues, both of which were reported via the Security Bounty Program.

The security changes for all other releases address 1 issue, which was reported via the Security Bounty Program.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issues.

Maintenance Issue Information

The v6.2 release also provides resolution for 1 maintenance issue that affected upgrades of EOL versions of the product.

All versioned releases also contain the previously released update for the Kayako Loginshare and is provided for completeness.

For full details please refer to the changelog:
All published and supported versions of WHMCS are affected by one or more of these maintenance and security issues.

Posted by WHMCS David on Tuesday, January 26th, 2016

Feature Spotlight: PayPal Subscriptions

Today's Feature Spotlight focuses on functionality that was added in WHMCS Version 6.0, PayPal Subscription Automation. Have you ever had a situation where a customer has cancelled only to find next month they have a PayPal Subscription which continues to pay you? At best it's extra time and effort for you to have to deal with and refund it, at worst it can lead to a very upset customer.

Lot's of you told us this was a problem you faced, and so in WHMCS 6.0 we introduced automated PayPal Subscription Cancellation, saving you time, money, and keeping customers happier. In addition, It also helps with upgrades ensuring that if a user changes their package, any previous subscriptions are cancelled automatically to avoid double payment.

Getting Started
A new option has been added under Setup > General Settings > Invoices tab called Automatic Subscription Management. Once enabled, WHMCS will automatically cancel the PayPal Subscription ID associated with a service at service cancellation and upgrade time.

The great news is that if you started using PayPal Subscriptions after 2009, ticking the Automatic Subscription Management is all the setup that's needed. Right away you will see a Cancel Subscription button under the client's products/services tab to manually cancel a subscription at any time.


Converting Old PayPal Accounts
If your first subscription was created before 2009 this will mean that Subscription IDs start with the prefix "S" and unfortunately these cannot be remotely managed via the API. It is, however, easy to convert your PayPal account to start creating new style subscriptions to fully take advantage of this new feature.

The PayPal Merchant Technical Support team have the ability in their admin console to update merchant settings, after updating, merchants will get "I" prefix subscription IDs for newly generated subscriptions. They can be contacted through the PayPal help desk.

Sit Back and Relax
With the setup complete, you no longer have to worry about PayPal Subscription management. WHMCS will automatically cancel them in the following situations:
  • A cancellation request is submitted
  • The order is cancelled or set to fraud via the admin interface of WHMCS
  • The API is used to cancel or fraud an order with "cancelsub=true" passed
  • An upgrade order is placed for the product/service

We are using this feature ourselves and find it a great time-saver already, and we hope you find it just as beneficial. Thank you to everyone who voted for this idea on the feature request board - keep the great suggestions coming!

Posted by WHMCS Robert on Tuesday, January 19th, 2016

WHMCS Public Service Annoucement PCI v3.1


The Payment Card Industry (PCI) Security Standards Council has released a new version, v3.1 and it is mandatory that you verify your systems' compliance by June 30th 2016 to avoid service interruptions.

Why are we telling you this?
PCI v3.1 will affect all of us and there are steps that we each must take in order assure our information is secure in the coming year. Beginning June 30th 2016, any SSL version (including SSLv3) as well as TLS 1.0 will no longer meet security standards due to vulnerabilities that cannot be amended. Most merchant gateways along with other service providers will soon start disabling SSLv3 and TLS v1.0 connectivity on their servers.

How does this affect my business?
WHMCS uses SSL libraries to connect to merchant gateways and certain other service providers. If the target server disabled an outdated security protocol following PCI requirements, and your server's SSL library cannot support a newer protocol version, the connectivity may be affected.

What to do?
The first step should be to ensure your server SSL libraries support TLS 1.1 or 1.2. We also encourage you to contact your merchant gateways to determine if their servers will be affected by the upcoming changes published by PCI.

The PCI Security Standards council and WHMCS suggest making sure all applications and system patches are up to date.

What happens if I do nothing?
Most hosts will not require any changes. However, if you are running older OS versions and/or SSL libraries, you may start experiencing failures to connect to your merchant gateway and/or other TLS-enabled service providers. This may result in inability to process credit cards as well as other issues.

What we are doing to help?
WHMCS 6.2 Health and Updates will tell you if your installation supports TLS 1.1 or 1.2. If your installation does not support one of these TLS versions, you will see a warning.

For additional information we recommend the following sources:

Migrating Tactics

What to do now?

Security Standards

Posted by WHMCS Robert on Thursday, January 14th, 2016

« Previous Posts