All The Latest Release News, Insider Insights, Guest Posts and more from the team here at WHMCS

WHMCS V5.3.3 Released


We are pleased to announce the public release of WHMCS 5.3.

The release today is the culmination of months of hard work by both our development team and all those who signed up and participated in our beta testing program.

In WHMCS 5.3, our focus has been on improving the stability, reliability and performance of WHMCS, which includes fixing over 250 reported bugs, as well as some fundamental redesigns of the core logic which provides us a fantastic platform upon which to build and develop WHMCS going forward.

Security has also been a real focus in 5.3. Following the successful launch of our Security Bounty program towards the end of last year, we've seen a real positive engagement from security researchers and analysts, and the recent planned and targeted security release addressing privately reported issues were the first results from that.

5.3 is also our first major release since introducing a dedicated Quality Assurance team, whose efforts are helping ensure that releases are now better exercised and vetted than ever before prior to public releases. We're making a significant investment in this area, and we re-iterate our commitment to providing the industry leading billing and support solution for web hosts.

This is our first major release of 2014 and sets the foundations for some very ambitious and exciting plans that we have to deliver many more improvements and features throughout the year.

So go ahead, download the latest WHMCS release from our Members Area and upgrade today.

Release Notes:

As always, thank you for choosing WHMCS.


Posted by Matt on Wednesday, February 5th, 2014

WHMCS V5.3.3 RC2 Released

Today, WHMCS 5.3 Release Candidate 2 has been made available to our beta user group.

If you enrolled in the beta testing program, you will be able to download this latest pre-release version from our Members Area.

If you are not yet part of our beta testing user group and would like to get involved, please visit to find out how.

What is a Release Candidate?

A release candidate (RC) is a pre-release version of our software that has completed the Beta phase of testing, and is now ready for the final testing prior to general release. All feature and maintenance development is complete, and it has the potential to be a final product. If no major bugs are found, the release will be made public.

We would appreciate if you could take the time to install the RC on your development server and test any and all functionality you find important. Such real-life tests are the most valuable we can get as it allows us to know more precisely how you're utilizing the product, and ultimately provide a level of Quality Control and Assurance that goes beyond what we can simulate in the lab.

As always, please remember that this release is not officially supported and we do not recommend running pre-release software in a production environment.

Posted by Matt on Tuesday, January 28th, 2014

From VPS to Virtual Service Provider - the new OnApp-WHMCS integration

On the launch of the new integration between WHMCS and OnApp, OnApp's Chief Visionary Officer Carlos Rego tells the story behind the integration and just what it means for the hosting market.

When we decided to build OnApp, almost 5 years ago, one of the decisions we made was to focus on the management and metering of the infrastructure layer, and leave the accounting to existing billing packages.

Why was that? Pretty simple, really: OnApp was designed for the hosting market, and most of our clients already had billing software they used for their existing services.

We didn't want to force them, or their customers, to use yet another system just for cloud: it would complicate their accounting and increase their overheads. But more than that, we wanted to deliver the promise of a single pane of glass for all services. By tying OnApp into their existing system, a hosting provider can give customers access to everything they offer, all in one place.

We knew from the beginning that it was paramount for us to have a tight integration with WHMCS - not just because we're big fans of the software and the company behind it, but because WHMCS is the largest provider of recurring billing software for the hosting industry.

So, towards the end of 2010, we released our first two integration modules for the WHMCS platform. The main module allowed providers to sell and manage VMs from within WHMCS itself, while a supporting User Module allowed WHMCS to create and bill clients with direct access to OnApp.

The modules were very successful, but they were not perfect. The first versions were created based on our own internal requirements, without the help of longtime WHMCS users: we just needed to get the first version of the integration into the marketplace so customers could start using WHMCS and OnApp together.

As a result the main module in particular lacked some features, and while we improved the integration over the next couple of years the module was still not all it could and should be. That isn't the true OnApp way, so in 2012 we made the decision to scrap the main module and start over, with the help and feedback of the WHMCS community and WHMCS itself.

The new OnApp-WHMCS integration
The results of this effort are what we announced today, with the launch of a brand new OnApp-WHMCS integration based on a stack of 5 modules: VPS, Cloud, CDN, DNS and Reseller.

The VPS module is a replacement for the previous main module. It allows providers to create either fixed-resource VPS packages, or dynamic VPS services where clients customize their VM using sliders or drop-down options. All management of the VM is handled inside WHMCS with no need for clients to log to OnApp directly. Your VPS packages use the WHMCS billing features and cycles for pricing, and invoicing clients.



The Cloud module lets you create a Virtual Datacenter type service in WHMCS. Instead of selling packages a provider can sell CPU, RAM and storage resources for end customers to use as they wish for their VMs. They can move resources from one VM to another if they choose. We also created a billing plugin to allow for hourly billing of these resources by WHMCS. It's easy for a provider to enable hourly billing metrics and invoice the client, on the billing cycle of choice.



The CDN module ties into our federated CDN platform, and allows any provider to use WHMCS to offer CDN services - a very valuable add-on to your cloud or VPS. You can set prices for traffic from your own CDN locations and locations on the OnApp federation, and allow your clients to tailor their CDN service to fit their needs. What do we mean by this? Well, instead of a one-size-fits-all methodology, we now allow WHMCS to manage different prices for groups of CDN PoPs, so that - for example content delivered from USA locations can be at a different price point that those in Asia. That way, it's up to the end customer to decide which locations they want and what price they're willing to pay.


The DNS module ties into our Anycast DNS system to create another value-added upsell for hosting providers. This is totally white-labelled and based on a global system that would otherwise cost a few million to deploy. It's now accessible to any provider, so you can manage your customers' DNS (and DNS for your own sites) with a few clicks.


The LoadBalancer Module allows clients to quickly deploy a load balancer appliance and tie multiple servers as targets for the traffic, does not get any easier than this to create a redundant or horizontally scalable system.


The reseller module is last, but certainly not least! As it gets easier to access infrastructure from remote locations - such as the locations on the OnApp federation - it becomes easier for hosts to offer global coverage to their clients without maintaining their own global network of datacenters, or even if they have no infrastructure of their own. This new breed of hoster, which we call Virtual Service Providers, are hosts who focus on serving and supporting niche markets and assembling the perfect cloud package for their customers using virtualized infrastructure from any location available.

It's this market that the new reseller module is designed to support. It allows anyone with a regular OnApp account to become a cloud provider: effectively enabling an OnApp-powered host to sub-let part of their cloud to another host - the Virtual Service Provider, or VSP. It's all handled entirely through the WHMCS user management and billing workflow.

Imagine the possibilities: you can buy accounts from multiple providers and offer a global cloud footprint for your customers today, or tie into our compute federation coming later this year and have a reach larger than AWS itself ... really cool stuff!

Get cracking!
We're really excited to see what the OnApp and WHMCS communities can do with the new integration. These modules were developed through a close collaboration between the OnApp and WHMCS dev teams and more than 50 WHMCS users, who took part in a closed development beta that lasted more than 4 months.

Thanks to all of this hard work and dedicated, and some incredible feedback and bug tracking from the community, we OnApp now have a range of WHMCS modules we can truly be proud of.

I hope that's whetted your appetite for some OnApp-WHMCS action ... if you'd like to know more, or you'd like a demo, head over to or drop me a line.

Carlos Rego, CVO, OnApp
@nullmind | [email protected]

Posted by WHMCS Aaron on Thursday, January 23rd, 2014

WHMCS Security Advisory TSR-2014-0001

WHMCS has released a new update for all supported versions of WHMCS. These updates contain changes that address security concerns within the WHMCS product.

We recommend you update your WHMCS installation(s) as soon as possible.

WHMCS has rated this update as having an important security impact. Information on security ratings can be found at

Please update your installation to the one of the following versions:

Patches - What is a Patch?

Incremental patches can be downloaded by following the provided links below. These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number.

The following incremental patches are available for direct download:

5.2.15 --> 5.2.16
MD5 Checksum: 706e352796e91c4f27a40470c83125b8

To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a "Patch Set" which can be found at

Full Release - What is a Full Release?

A full release distribution contains all the files of a WHMCS product installation. It can be used to perform a new install or update an existing installation (regardless of previous version).
5.2.16 - Downloadable from the WHMCS Members Area
MD5 Checksum: fe2a804ade2bfd69d4107ff8aa1b718b

To apply a full release, download the files as indicated above. Then follow the upgrade instructions for a "Full Release Version" which can be found at

Important Maintenance Issue Information

This Advisory provides resolution for the following important maintenance issues:
Case #2557 - 2Checkout Gateway: Update to currency variable
Case #2623 - Fix calculations of promotions when more than 50% off
Case #2739 - Add TLD Specific Fields required for .CN domain registrations
Case #2874 - Echeck: Fix capture function behaving incorrectly
Case #3019 - Refine internal criteria for bulk domain lookup
Case #3030 - Resolve SQL error in Income by Product Report
Case #3086 - Nominet Registrar: Update to Contact Registration Logic for Individuals
Case #3116 - Required Custom Fields not validating correctly when using API
Case #3360 - Resolved issue where one time promotions could be treated as recurring
Case #3360 - Disable Recur For input box when Recurring is disabled
Case #3361 - Fix time limited recurring promotions calculating incorrectly
Case #3388 - Fix Invalid Token Error when applying credit in Original and Portal Client Templates
Case #3414 - Payflow Pro: Update to store PayFlow Reference in PayFlow Mode
Case #3617 - Do not CC password reset emails to sub-accounts
Case #3740 - ProtX VSP Form: Pass correct callback values to debug log
Case #3801 - Resolved PDF Quotes missing clients name/address
Case #3802 - Make a quantity of zero remove item from the cart
Case #3809 - Regular Expression Custom Field Validation failing on single quotes
Case #3811 - Resolve Invalid Token error when deleting recurring calendar entry
Case #3814 - Improvements to IPv6 detection and validation logic
Case #3862 - NameCheap Registrar: Fix incorrect function name call
Case #3864 - Echeck: Fix storage of bank account details
Case #3893 - Enom SSL Module: Fix Province is Required Error Message
Case #3922 - PayPal Express: Remove auto-login from Express Checkout Module

Security Issue Information

This Advisory provides resolution for several security issues, all of which were either reported privately via the Security Bounty Program or found internally by the WHMCS Development team as part of the regular on-going internal security audits.

There is no reason to believe that any of these vulnerabilities are known to the public. As such, WHMCS will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, WHMCS will release additional information about the nature of the security issues.
Case #3637 - Improve Access Controls in Project Management Addon
Case #3782 - Improve Access Controls in Tickets
Case #3783 - Improve Access Controls in Invoices
Case #3784 - Resolve Admin Area SQL Injection Vulnerability
Case #3839 - Resolve Potential XSS Vulnerability
Case #3841 - Resolve Potential XSS Vulnerability
Case #3842 - Resolve Potential XSS Vulnerability
Case #3843 - Resolve Potential XSS Vulnerability
Case #3846 - Improve Access Controls in Tickets
Case #3922 - PayPal Express Checkout Improve Validation
Case #3931 - Potential header injection via whois lookups
Case #3932 - Improve sanitization for whois query

All supported versions of WHMCS are affected by one or more of these maintenance and security issues.

For information regarding our Long Term Support Policy, read our documentation here:

Posted by Matt on Tuesday, January 21st, 2014

WHMCS V5.3.3 RC1 Released

Release Candidate 1 of the upcoming WHMCS V5.3 release has now been made available to our beta testers.

If you enrolled as a beta tester, you will be able to download this latest pre-release version from our Members Area.

If you are not yet part of our beta testing usergroup but would like to get involved, please visit to find out how.

What is a Release Candidate?

A release candidate (RC) is a beta version with potential to be a final product, which is ready to release unless significant bugs emerge. At this stage, functionality development is completed and tested through at least one or more beta cycles.

If no major bugs are found, a public release will be made. If however bugs are found that are considered sufficiently important to delay the release, we will make a second release candidate. This process continues until no significant bugs are discovered during the testing period for the latest release candidate.

As always, please remember that this release is not officially supported and we do not recommend running pre-release software in a production environment.

Posted by Matt on Wednesday, January 15th, 2014

« Previous Posts

Newer Posts »