WHMCS is compatible with most web server environments. Installing WHMCS in your web environment is usually straight forward. As well, WHMCS is continually providing updates which can seamlessly support environment updates from the upstream providers. However, as new technologies emerge and your current system's environment has access to new updates, it's important that you are aware of how they might affect your WHMCS deployment. This guide is designed help you and your system administrator prepare and manage your environment.

Overview

WHMCS is designed for a traditional LAMP (Linux, Apache, MySQL, PHP) environment. The minimum requirements and basic version compatibility related to those sub-systems are provided in our System Requirements.

The development of WHMCS is such that alternative technologies may be viable, however they are not tested and assistance from our Support Team will be limited. For example, if you wish to use NGINX instead of Apache, it may be technically possible. However, our Support will have limited knowledge about how to properly configure NGINX or debug behaviors that are specific to NGINX.

If you require the use of something other than Linux, Apache, or MySQL please consult with your system administrator to evaluate the immediate possibilities for (in)compatibility and long-term viability so that your environment management strategy accommodates for your specific requirements.

Operating System

WHMCS is designed to run in a standard Linux operating/file system. WHMCS relies on PHP for interaction with the file system. In some operating systems (such as Windows) or environments (such as jails or chroots) the file system may have restrictions or inherent behaviors which may be hard to detect or uncommon. When possible, WHMCS provides notices that indicates incompatibility. If you require a different operating/file system, please discuss with your system administrator. Our Support Team is available to provide limited assistance to your system administrator for your custom environment.

Also of note, WHMCS relies heavily on the Linux Cron sub-system to trigger background tasks and perform periodic automation tasks such as deferred provisioning, service synchronization, invoice generation, billing, and more. You may learn more at the crons documentation.

Web Server

WHMCS is designed to work with the Apache web server version 2.x. While there are no special Apache configurations required for WHMCS, there are some advantages available to you and your WHMCS deployment that you may wish to consider.

Extensions

mod_rewrite

The Apache mod_rewrite module allows Apache to inspect and modify URLs and redirects through the use of .htaccess files within your web server docroot. WHMCS can create and manage a .htaccess file, and thus generate and consume friendly URLs in various parts of the product. This feature is described in more detail at Friendly URLs.

Handler

The web server is responsible for all web applications on the server, and thus the Unix permissions granted to the php process (php handler) that operate with your web application are important. Some PHP handlers will execute all php code on the system as the same Unix user (server wide handlers like CGI & mod_php) while other handlers execute the PHP process as a specific user based on domain name (per vhost handlers like suphp, mod_ruid2). Both options are viable for WHMCS. However, as a matter of security, you need to ensure that no other applications on the server, outside your control, executes as the same Unix user. Your system administrator should be able to configure the web server so that this minimum level of security is met, or more conservatively, that the WHMCS web application process is executed by a user that is wholly unique amongst any other application on the server (even those within your control).

Directives

WHMCS uses configuration directives to alter the web server configuration on a per-directory basis. As Apache is the recommended web server software platform to run WHMCS on, these directives are included via the following .htaccess files.

~/.htaccess

This file contains the mod_rewrite directives responsible for sending routable paths through the index.php file. This in turn allows the internal routing system to function, and furnishes WHMCS with the ability to create consumer friendly URLs. More information can be found on the Friendly URLs documentation page.

~/vendor/.htaccess

This file prevents access to the ~/vendor directory. This ensures that the web server is not serving file requests directly from this location, and that WHMCS is still capable of accessing the libraries it needs to function. More information can be found on the Further Security Steps documentation page.

While other web server technologies are not officially supported, we understand that some users do wish to run WHMCS in environments other than Apache. For those that do, you must ensure that the functionality offered by the aforementioned directives has been implemented by your web server configuration.

How this is achieved depends on the web server itself. If uncertain, then you should consult with your server administrator. As an example, you can find a guide detailing how to secure the vendor directory on the NGINX web server on the Nginx Directory Access Restriction documentation page.

Database

WHMCS is designed to work with the MySQL database. Binary compatible alternatives (such as MariaDB) should be suitable, however their default configurations and optimizations are likely to be different and you should consult with your system administrator or database administrator.

Version Compatibility

Database Grant Privileges

When installing or updating WHMCS, or when activating or deactivating modules, the following grant privileges are required:

• ALTER
• CREATE
• DROP
• INDEX

For day to day use, only the following database grant privileges are required. All others may be disabled.

• DELETE
• INSERT
• SELECT
• UPDATE
• LOCK TABLES

If you choose to restrict the grant privileges for day to day use, don't forget to grant the former privileges so database schema changes and optimizations can be performed by the update process.

Database Interaction

WHMCS internals utilize the PDO database API. If the PHP environment is v5.6, both a PDO based connection and a MySQL handle will be used for compatibility with legacy code.

If you are developing code for the WHMCS platform, it is recommended that you interact with the database via the Local API, DBAL & ORM, or Models. All three methods will abstract database connection details and system compatibility for you and will be supported by WHMCS for the foreseeable future. The SQL Helper Functions are still present, although deprecated. Due to their ubiquitous usage, we anticipate supporting them as long as possible but recommend that you use one of the other methods above. You can learn more at Interacting with the Database on our developer's site.

PHP

WHMCS is written in PHP. Your environment's PHP will need to be a version supported by the version of WHMCS you are using. In general, this will be one of the PHP versions that is either under active development or is receiving security fixes from the upstream PHP maintainers.

Whenever possible, it is usually preferable to utilize a version of PHP that is under active development. Unfortunately, there can be a number of circumstances that may complicate the viability of using the latest stable release of PHP. These can range from a lack of control panel build support to incompatibility for other web applications on your server to backwards breaking behavior in PHP that inhibit ionCube support. Regardless, WHMCS always provides support for a security-monitored PHP version available from the PHP maintainers and we are continually prioritizing compatibility with their releases.

Version Compatibility

Extensions

WHMCS requires most of the default compiled extensions such as PDO, JSON, libxml, DOM, Fileinfo, etc.. It is assumed that these will not be intentionally disabled in the environment. The following additional extensions will also need to be compiled and enabled:

Required

IonCube Loader

Please see the IonCube Loader section below for more detail.

PDO_MYSQL

While the basic PDO API extension is compiled by default in PHP, you must also have the PDO MySQL driver enabled so that PDO can communicate with your MySQL database server.

cURL with SSL Support

cURL is used when interacting with APIs of external systems such as the WHMCS Licensing & Update servers, payment gateways, servers that host your products, etc. cURL's SSL support must be enabled so that verified and encrypted communication is possible.

GD2

GD2 Image Library is used when performing graphic manipulation, such as image thumbnails and PDFs.

SOAP**

**SOAP is only required by some specific, but possibly important, modules. It is used when interacting with their corresponding external services, such as EU VAT, OpenSRS, eWay Tokens, etc.

IMAP**

**IMAP is only required if you are utilizing support departments which access mailboxes.

MYSQL**

** The original MySQL extension is required if, and only if, your environment uses PHP v5.6.

Recommended

iconv

The iconv extension is for character set conversion, i.e. managing different non-latin characters. If available, this extension provides significant performance improvements and is highly recommended.

mbstring

The mbstring extension is for multi-byte character support, i.e managing non-Latin characters and glyphs. If available, this extension provides significant performance, allows for broader support of characters and glyphs common throughout digital communications, and is highly recommended.

OpenSSL

OpenSSL is for secure communications and random number generation. If available, this extension will be used and provide significant performance improvements for cryptographic routines.

GMP

The functions provided by GMP are used when available. They provide significant performance improvements for when generating cryptographic data.

BC Math

The functions provided by BC Math are used when available. They provide performance improvements for when generating cryptographic data.

Fileinfo

The functions provided by Fileinfo are used when available. They provide functionalities to aid in determining the content type and encoding of uploaded files.

PHP INI Settings

allow_url_fopen

allow_url_fopen must be enabled for the WHMCS Updater.

IonCube

IonCube is a set of encoding and decoding tools that provide obfuscation and performance for PHP software. The decoder tool is called a "loader" and is installed within the web server environment. The encoder tool, called an "Encoder," is used by the PHP developer as part of their publication process.

WHMCS is encoded with ionCube. A minimum requirement for WHMCS is to have the ionCube Loader extension installed and enabled in your web server environment. We recommend running the latest version of the ionCube Loader available for your PHP version. Our Ioncube_Installation_Tutorial provides an overview for installing this extension in your environment.

Usually, ionCube will published a complementing loader several weeks following a new PHP version. Utilizing this latest loader will afford you two benefits. First, it means that you have the potential for running previously encoded files using a new base PHP version and running unencoded (raw) PHP code that is compatible with the base PHP version. Second, it means you have the potential for running newly encoded files generated with a new ionCube Encoder (if one was published).

The ionCube Encoder, used by PHP developers, requires the developer to itemize which PHP versions should be supported. This is important to note for two reasons: First, due to the complexity of PHP internals, there is often limitations on which target PHP versions can be supported concurrently. Second, ionCube usually publishes a complementing encoder several weeks to months following a new PHP version. Given these two factors, it is common for PHP applications to not support the latest PHP version on the initial PHP release date. Furthermore, there likely will be further requirements about the oldest PHP version supported by their publication as well as which loader will be required.

Each WHMCS version has always supported at least two PHP versions. Each new version of WHMCS has always supported at least one of the PHP versions supported in the previous WHMCS publication. This perpetual overlap of PHP version support across WHMCS publications means that you always have a path to upgrade your PHP environment without having to update the WHMCS software at the same time. As well, it allows the WHMCS Updater to safely automate your updates based on your current environment. Providing this overlap is integral to enabling your environment maintenance strategy, giving you the best balance of security, stability and forward compatibility as soon as possible.

Version Compatibility