Better account security
I would like to see some additions in terms of security measures to protect customer accounts from getting hacked/abused. These measures could be optional (e.g. each WHMCS client can decide whether they want to use it or not). Some suggestions:
- More elaborate brute force protection.
In the current situation, if a single IP submits 3 incorrect login attempts, the IP would be temporarily banned. But what if a hacker would use a botnet with many different IPs? This should be simple to overcome. If any account receives X incorrect login attempts within X minutes (regardless of where those attempts came from), access to that account could be disabled for X amount of time (and a notification to the client would be sent).
- Multi-factor authentication
For example; customer wants to login: enters email/password. Upon correct submission of login details, SMS gets sent with authentication code, which would need to be entered before proceeding to the client area. This could also be enabled/disabled per client, to satisfy the preferences per user (some care more about security, some care more about being able to login real quick). Note: the SMS authentication method is just an example, there are also other possibilities.
- Confirmation before removal of services
When a customer wants to cancel any service, there should be a mechanism that puts the request on hold until the an admin confirms that the service should actually be removed. The intention would be to make sure that if a customer's account gets hacked, the hacker cannot destroy data, cancel domains, and things like that. By first requiring admin approval, the admin could first call (or contact in some other way) the customer to make sure he/she actually wants the service to be terminated.
- Allowing client logins only from specific IPs
It would be nice if it were possible to restrict logins to specific client accounts to specific IPs. This already exists for the API but not for the client area. Additionally, just like the manage2 cPanel interface, when a customer tries to login from a non-whitelisted IP, an alternative procedure (like answering security questions, or SMS authentication, ...) could be used to obtain access.