Wouldn't it better to have option to make every pages in WHMCS cover by SSL?
We're happy to announce that this will be possible with Version 7.0. Introduced in our latest beta build. The System URL and System SSL URL fields have been combined in WHMCS 7.0 to a single field. It is recommended that an SSL enabled URL be provided for the System URL at all times. When SSL is available, it will now be used for all requests, both admin and client side. If a System SSL URL was defined prior to upgrade, this value will be preserved and used for the System URL. To read more about this feature along with instructions on how to try out the beta, please visit http://docs.whmcs.com/Version_7.0_Release_Notes.
What's the point of enforcing it on every page if it's not needed?
that can be done better with .htaccess
This already exists, set the default url to https and dont use secure box underneath, then force clients to use https via htaccess..
It would be much easier if the htaccess and code in it would be automatically inserted with a checkbox in admin area for "Enforce SSL on all pages".
I'm up for this option!
This is an important feature for WHMCS to support HSTS SSL - The current config will result in a redirect loop if utilising HSTS.
The current fix is to enter your full https address in the default non SSL URL config in WHMCS
This is possible right now.
define( 'FORCESSL', true );
To your configuration.php file, setup apache / nginx to redirect all traffic to the https counterpart (use HSTS if you like), and setup your WHMCS urls in General Settings properly.
Internet users and your would be customers have become web-savvy. They understand the importance of data security.
Here is a billing system which may or may not store their credit card info.
Many will not trust a website that doesn't run under "https" which at this point, is even a big factor in Google algorithm consideration.
Apart from increasing network traffic and reducing the speed of response of the runtime server which can be mitigated with a properly deployed/configured server, there is simply no reason why WHMCS shouldn't run under "https" by default.
First impression is important and building trust starts with their first contact with your WHMCS landing page.
This ... is a must-have.
Considering what the system has been designed for i agree that it should at least have this feature.
BUT why include a feature into a system when your website can easily be configured to use Https protocol on all pages by adding 3 lines to your root .htaccess file ???
I am quite sure that the development team behind WHMCS are extremely busy so let’s leave them be to develop actual needed features. eg. The monthly statements is a need! https://requests.whmcs.com/topic/monthly-emailed-pdf-statement
For those whom are not sure how to enable your entire website to pull https across all pages follow these steps:
# Insert the below code into your .htaccess file and be sure to replace https://www.example.com/ with your actual domain name !
NB: lines 2 & 3 needs to be placed right below "RewriteEngine On" should your .htaccess file already contain data.
The full SSL is needed to get a proper HSTS setup done and the answer from WHMCS " use non-SSL for pages where there is not to save resources" is a most lame excuse for safe worktime since a long time. The times where SSL was eating up your server ressources where years ago.
The workaround to enter the full https address in the default non SSL URL config in WHMCS is not acceptable as entering the domain manual in your browser without SSL or reaching it via a non SSL link results in permanent non SSL for the visitor.
So WHMCS get your shit together and do WHMCS full SSL.
You may have heard about such magic things like .htaccess. There is no need for a script to take care about that.
I would like a fix for the 6.x version of WHMCS because after speaking with several of my suppliers (e.g. domains and ssl) it will take a few months after WHMCS 7.0 launched before their new plugins are ready. One of them hasnt even started on developing a new plugin.
They're now forcing all pages to SSL instead of put it as an option! All or nothing, WHMCS only need to use SSL on pages with sensitive data. Please put it as an option instead.
i need partial, not all. Some country/region are using transparent proxy and SSL traffic would be very slow.
Comments have been locked on this page!