All The Latest Release News, Insider Insights, Guest Posts and more from the team here at WHMCS

WHMCS Public Service Annoucement PCI v3.1


The Payment Card Industry (PCI) Security Standards Council has released a new version, v3.1 and it is mandatory that you verify your systems' compliance by June 30th 2016 to avoid service interruptions.

Why are we telling you this?
PCI v3.1 will affect all of us and there are steps that we each must take in order assure our information is secure in the coming year. Beginning June 30th 2016, any SSL version (including SSLv3) as well as TLS 1.0 will no longer meet security standards due to vulnerabilities that cannot be amended. Most merchant gateways along with other service providers will soon start disabling SSLv3 and TLS v1.0 connectivity on their servers.

How does this affect my business?
WHMCS uses SSL libraries to connect to merchant gateways and certain other service providers. If the target server disabled an outdated security protocol following PCI requirements, and your server's SSL library cannot support a newer protocol version, the connectivity may be affected.

What to do?
The first step should be to ensure your server SSL libraries support TLS 1.1 or 1.2. We also encourage you to contact your merchant gateways to determine if their servers will be affected by the upcoming changes published by PCI.

The PCI Security Standards council and WHMCS suggest making sure all applications and system patches are up to date.

What happens if I do nothing?
Most hosts will not require any changes. However, if you are running older OS versions and/or SSL libraries, you may start experiencing failures to connect to your merchant gateway and/or other TLS-enabled service providers. This may result in inability to process credit cards as well as other issues.

What we are doing to help?
WHMCS 6.2 Health and Updates will tell you if your installation supports TLS 1.1 or 1.2. If your installation does not support one of these TLS versions, you will see a warning.

For additional information we recommend the following sources:

Migrating Tactics

What to do now?

Security Standards

Posted by WHMCS Robert on Thursday, January 14th, 2016

Kayako Loginshare Security Patch

For the attention of users of the Kayako Loginshare Module

A security update has been released for all versions of the Kayako Loginshare module for WHMCS

This patch addresses an issue that affects the security and integrity of loginshare verification for users attempting to login to Kayako using their WHMCS account credentials. As a result we have assigned this issue an important security rating.

This issue only affects WHMCS installations that have enabled the Kayako Loginshare module.

Applying the Patch

Download the patch here

To apply the patch, upload the file contained within the zip archive to /modules/support/kayako/loginshare.php

No installation or upgrade process is required.

If you have any questions or concerns, please don't hesitate to contact our support team.

Posted by Matt on Friday, January 8th, 2016

Feature Spotlight: Customer Retention Time

Today we're going to be looking at the enhanced Customer Analytics available in WHMCS 6.2 and in particular, a new report designed to give you information and statistics on Customer Retention Time.

What is Customer Retention Time?
Customer Retention Time is the length of time a customer remains active with you. The number of days between the day they signup, and the day they leave.

WHMCS 6.2 introduced the storing of cancellation dates for every product, service and domain, along with a new report that calculates and displays the average customer lifetime for each of your products and billing cycles.


Why is Customer Retention Time a useful statistic?
Knowing how long your customers stay with you is an important analytic for any business. It can help identify issues sooner, allow you to calculate average customer revenue, plan marketing campaigns and more. In short, it's a very useful aid that provides you metrics to help your business succeed.

Let's take the scenario of planning for a marketing campaign. Knowing and understanding your cost per acquisition (CPA) is a key factor to measuring the success of the overall campaign. But perhaps equally as important is knowing how much you stand to make. By better understanding that, you can use it to work out what your cost per acquisition figure needs to be to make a profit. That's where the new analytics in WHMCS 6.2 come in.

A Marketing Scenario
Let's say you charge $10 per month for a shared hosting account and the new analytics tell you the average customer stays on this plan for 9 months. You have a server that costs $200 per month that you host 100 clients on, giving you a $2 per month cost for the resources the customer is using. Factor in any other costs, such as the average cost of support a customer uses and you have the profit for that plan. Let's say for our example the profit is $6 per month, for a period of 9 months, giving us a total profit of $54. This tells us we should be looking to achieve a cost per acquisition of no more than $54 for the campaign to be profitable.

These statistics coupled with the Link Tracking feature to track your conversions provide you with a powerful set of tools for running and determining the results of your marketing efforts.

How do I get started?
For all products, services and addons, you'll find a new field labelled Termination Date. This is set automatically whenever products are cancelled, but you can manually adjust it should you require. For domains, the expiry date is used. Worth noting that all products cancelled prior to 6.2 will assume the last next due date as the date of cancellation.

The new report can be found under client reports with the title "Customer Retention Time".

No one knows your business better than you and with the new Customer Retention data in WHMCS 6.2 you have more information available to analyse patterns in client behaviour and revenue, helping you make better business decisions.

Thank you for reading!

Posted by WHMCS Robert on Monday, January 4th, 2016

WHMCS Version 6.2 Released

We are pleased to announce the release of WHMCS 6.2 under General Availability.

With 2 new order forms, WHMCS Single Sign-On, An Even More Unified Experience with cPanel, Draft Invoices, Improved Client Lookup, Customer Retention Analytics and more, this is a very exciting release!

Read on to find out more or skip ahead to Get the Update Now!

New Order Forms

Continuing on from the work we began in previous 6.x releases, 6.2 comes with 2 more new order forms to showcase your products with.

  • Universal Slider - perfect for offering any type of product with a slider based selection page
  • Supreme Comparison - a matrix comparison style order form with support for up to 6 products displayed horizontally.

WHMCS Single Sign-On and cPanel Integration

Next up is WHMCS Single Sign-On, making it possible for trusted applications to authenticate users into a WHMCS installation automatically, without the user having to login. Developers, you can begin using this functionality immediately.

For cPanel web hosts, we've taken this a step further and via another new feature Application Links, coupled with the upcoming cPanel & WHM 54 release, you'll be able to provide WHMCS billing and support links within the cPanel UI (pictured above), delivering a simpler, more convenient, more unified experience for users than ever before. Find out more in last weeks feature spotlight.

OpenID Connect

OpenID Connect enables your WHMCS installation to act as an authentication provider for third party applications that support the OpenID standard. Enabling your clients to login to related products & services using the same login credentials as they use for your website - one login, your branding and easier for end users.

One of the first applications to take advantage of this is cPanel & WHM 54, currently out in EDGE. With WHMCS 6.2, your users will be able to login to their cPanel accounts using the same username and password as they use for WHMCS on your website. Upgrade today and you'll be prepared to enable it as soon as your servers upgrade to the 54 release. Find out more...

Invoice Drafts

Ever wished you could prepare an invoice without a client seeing it? Well with WHMCS 6.2, now you can. A new Draft invoice status means customers never see invoices until you're ready. Track and build invoices for projects over time, or just have that added confidence knowing a customer can't accidentally view an invoice you're still in the process of creating. Something so intuitive and natural, you'll wonder how you ever lived without it.

Improved Client Lookup

Now for something I'm personally a huge fan of. Anywhere that previously had a dropdown list of clients has been replaced with a dynamic filterable list. Simply start typing any part of a clients name, company or email address, and the list will be updated to show just the matching users. Tasks such as creating orders, adding transactions, opening tickets and more will have never been so quick and easy.

As if all that wasn't enough, there's also new & improved Customer Retention Analytics (more on this in the next spotlight blog post), WHMCS Connect 2.0, and all the usual maintenance and stability improvements.

The move to General Availability marks the end of pre-production testing and means 6.2 is now the recommended version for all new installations and upgrades. A big thanks as always to everyone who took part in the testing.

Posted by Matt on Wednesday, December 9th, 2015

Introducing WHMCS Single Sign-On

We are pleased to announce the introduction of Single Sign-On for WHMCS.

In WHMCS 6.2, WHMCS Single Sign-on will allow trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate.

The first example of this is our latest integration with cPanel 54, pictured below.


With WHMCS Single Sign-On and cPanel, your customers can access features and functions of the WHMCS client area directly from within their cPanel control panel. Clicking any link will securely authenticate the user in the background and then redirect them to the requested page.

All of the links you see above are fully customisable, with the ability to turn them on and off individually as well as customise their labels and display order.

Coupled with the cPanel Single Sign-On we launched earlier this year, this is just another step that unifies the WHMCS and cPanel products giving your customers a simpler and more convenient experience with your business and services.

OAuth 2.0

Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials.

The OAuth 2.0 implementation is also being utilised for OpenID Connect and lays the foundations for our upcoming Client API which will make it possible for even more powerful integrations with third party applications.

What's more, in cPanel 54, users will be able to login to their cPanel accounts using their WHMCS billing login credentials. Neat huh? This is thanks to the introduction of OpenID Connect, an extension of the OAuth 2.0 specification framework, and can be leveraged by any system that supports the OpenID specification. More on this to follow.

Developers, you can start leveraging WHMCS Single Sign-On with the 6.2 Release Candidate out now. Get started today.

Posted by Matt on Wednesday, December 2nd, 2015

« Previous Posts

Newer Posts »