All The Latest From WHMCS

Home / Blog

WHMCS Security Advisory TSR-2014-0003

WHMCS has released new updates for all supported versions of WHMCS. These updates include changes that address security concerns within the WHMCS product.

WHMCS has rated these updates as having a moderate to important security impact. Information on security ratings can be found at

Please update your installation to the latest version 5.3.9.

This update includes significant changes to IP detection logic in conjunction with the use of proxies. If using services such as CloudFlare, or any other similar public or private proxy service, to proxy traffic to your WHMCS installation, you will need to perform additional steps post upgrading in order to keep IP detection functioning correctly. If in any doubt, we urge you to read the Release Notes here or contact our support team for further information prior to updating.

The update includes a significant update to the low-level cryptographic routines used for admin authentication. These changes will affect any 3rd-party integration which directly accesses the admin user database table; they should not have an observable impact on installations otherwise. Further details can be found in the Release Notes here.

The update brings End Of Life for the Ensim server module as well as the E-Gold and PayOffline gateway modules. Please read the Release Noes here if you are actively using those modules.

UPDATE 5:15pm
Post release of 5.3.9 an issue was identified related to admins who had Two-Factor Authentication enabled prior to upgrading to 5.3.9. We apologize for the inconvenience this has caused and have provided a Hot-Fix here that should be applied after applying the 5.3.9 core update.

Patches - What is a Patch?

Incremental patches can be downloaded by following the links below.

These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number.

5.3.8 --> 5.3.9
MD5 Checksum: a019f6e67c81ecb9087cfba22a0a6d84

Need a patch for an older version? Visit our downloads page:

To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a "Patch Set" which can be found at

Full Release - What is a Full Release?

A full release distribution contains all the files of a WHMCS product installation. It can be used to both perform a new installation or update an existing one (regardless of previous version).
5.3.9 Full Version - Download Now
MD5 Checksum: ba03da59cc51fbedc6c62d993baa7617

To apply a full release, download the release from the URL above. Then follow the upgrade instructions for a "Full Release Version" which can be found at

Security Issue Information

The security changes in these releases address 15 issues, all of which were reported via the security bounty program, or discovered internally by the WHMCS Development Team. The issues addressed are rated as having Moderate to Important security impacts.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issues.

Maintenance Issue Information

This release also provides resolution for a number of maintenance issues. For full details please refer to the changelog:
All published and supported versions of WHMCS prior to 5.3.8 are affected by one or more of these maintenance and security issues.

Posted by Matt on Tuesday, August 26th, 2014

Upcoming Minimum PHP Requirement Changes

As we continue to develop and evolve WHMCS, it is important that we are able to take advantage of the new advances and functionalities available in more recent versions of PHP and other associated softwares.

So to that end, for our next major release we will be making the following changes:

  • Minimum PHP Version: PHP 5.3.7 (Currently 5.2)
  • Minimum MySQL Version: 5.1 (Currently 4.1)
  • PHP Database Extension: PDO (No current requirement)
  • Minimum ionCube Loader: 4.6.1 (No current requirement)
While these are the minimum requirements, we strongly recommend using the latest available, stable releases of all software and extensions.

With this change, we will also be providing support for PHP 5.5. This is another key benefit afforded by increasing the minimum PHP version since it will allow us to continue providing a single encoded distribution of WHMCS.

These new requirements will not come into effect until our next upcoming major release, the beta testing for which will begin next month, and which we anticipate will reach general release status within the next 2-3 months.

In closing, just a quick word for all those hosts out there still running PHP 5.2 in production: PHP 5.2 reached End of Life over 3 years ago; it has not received any updates since January 2011. It is insecure and poses a risk to your business & customers. Please, please, please, upgrade to your PHP!

Posted by Matt on Friday, August 15th, 2014

Announcing the Claim Your .UK Addon

Today we are pleased to announce the release of an addon that enables domain registrars running WHMCS to take orders for reserved .uk domain names.


What is a reserved domain name?

On 10th June, Nominet launched a new shorter TLD, .uk. With it they are offering existing domain holders the opportunity to "claim" the equivalent domain which has been reserved for them for a period of five years.

What does the addon do?

Through a simple yet informative process, "Claim Your .UK" enables your customers to order their reserved .uk domain names through you. Introducing a page dedicated to the new .UK TLD, the module is designed to educate and provide information about how the reservation process works, allowing users to check if their domain name is reserved and available to claim, as well as confirming who has the right to register it, and informing the end user of the very specific requirements needed to get a successful registration.

Give it a try for yourself @

How can I use it?

We are providing a fully functional ready to go solution, where all you need to do is install the addon, configure your pricing for the .UK TLD, and then link to it from any website, blog, social media or email marketing campaign.

How do I get it?

The module is free and easy to install. To get the addon and for installation instructions, please refer to


If you have any questions, feel free to let us know. Our technical support team is available to answer your questions 24 hours a day.


Already a WHMCS eNom Domains Reseller? Your pricing has already been reduced to $6.75 for 1 year registrations, and a massive 30% reduction for registrations of 2 years or more reduced from $6.95 to just $5.00/yr.
Promotional pricing applies to new registrations only, and is valid until the end of September.

Not yet a WHMCS eNom Domains Reseller? Click here to find out how to become one...

Posted by Matt on Tuesday, August 5th, 2014

WHMCS V5.3.8 Released


We are pleased to announce the release of WHMCS 5.3.8.

This update contains maintenance and stability improvements.

We are making available an incremental upgrade version containing just the changed files for those upgrading from the latest current version V5.3.7. We are also making available a full release which can be used to perform a new installation or update an existing installation regardless of previous version.

Both of these are available from the downloads page below.

As always, we have worked hard to keep template changes to a minimum. To that end, there are no changes required in this update for the "Default" template. There are however changes to the Classic, Portal and the view cart page of the order form templates. Full details of these changes can be found in the release notes here.

Posted by Matt on Wednesday, July 9th, 2014

Introducing Fast-Track Support


Today we are pleased to announce the launch of Fast-Track Support - a new option that enables you to jump right to the front of the queue.

At WHMCS, our support technicians typically respond to tickets in the order in which they are received. But we appreciate that sometimes, an issue requires more urgent attention. And that's where Fast-Track support comes in.

Purchasable as an upgrade on a per ticket basis, either at the time of opening a ticket, or at any time throughout the life of that ticket, upgrade to Fast-Track support, and your ticket gets escalated immediately to the top of the queue, with a guaranteed response time of under 60 minutes*.

Available Monday to Friday, 8am to 5pm CST, at an introductory price of just $5 for the first 30 days, we invite you to give Fast-Track support a try today. Simply open a support ticket and select the option to upgrade.

And if for any reason you aren't completely happy with the service you receive, we will provide a full refund.

Over the past 12 months, we've been working really hard to bring our customers both a more efficient and improved quality of support. We have introduced a dedicated Customer Service team, available Monday thru Friday, from 6am to 9pm BST.
And what's more, we are now proud to offer full 24x7 technical support coverage, 7 days a week.

So you can rest assured, whenever you need us, we'll be here.

* A response is not necessarily a resolution. Resolution will depend upon the nature and complexity of an issue.

Posted by Matt on Thursday, July 3rd, 2014

« Previous Posts