How can we improve WHMCS?

I just received this reply to a ticket. Not exactly a bulk delete, but still something similar..

Whilst there isn't an interface for admins to mass-delete Client Accounts, the system will automatically mark Inactive any Client Accounts with no active services, addons or domains, based on your Automation Settings.

Please review the Client Status Update documentation for more information: https://docs.whmcs.com/system/automation/automation-settings/#miscellaneous

Inactive Client Accounts can then be deleted in bulk via the Data Retention Settings: https://docs.whmcs.com/clients/client-management-tutorials/delete-inactive-clients/

Alternatively Client Accounts can be deleted individually via the client's Summary Tab: https://docs.whmcs.com/clients/client-profile/summary-tab/#delete-clients-account

Same problem here.
I've started receiving tons of fake purchases a couple of days ago.
The only way to stop this is to deactivate paypal (that I've been considering for years...), so that no one could create a purchase without actual payment, but I'd also like to be free to run my business without too many limitations.

I've just setup FraudLabs Pro, that automatically deletes the fake purchases but does not delete user and client accounts, so I have to delete them one by one.

If I ask chatgpt to make a script to delete users and clients it creates it immediately, but I prefer to have something from you, as you know.. chatgtp doesn't take much responsibility...

@WHMCS Please review this feature request again!
In recent months, we’ve seen many WHMCS installations targeted by spam bots creating fake accounts. Manually deleting these spam accounts one by one is extremely tedious and time-consuming.

We already use the Data Retention Policy to automatically purge old client accounts after a set number of years, but we don’t want to keep spam accounts open for any longer than necessary.

Even if there was a web form where every WHMCS admin had to enter their password three times, it would still be an improvement over the current situation, where an employee must waste hours manually deleting accounts.

Most importantly, under GDPR, organisations are required to collect and store only necessary data for legitimate purposes. If spam bots create fake accounts using real names and addresses, this data is not collected for a legitimate reason and should not be retained. GDPR mandates that personal data must be processed lawfully, and retaining data without consent or legitimate purpose could be considered unlawful processing. If the WHMCS database holds personal data from real individuals as part of these spam accounts, there is an obligation to delete it, even if no one has requested it.

Such a dumb response from WHMCS - my site suffers from spam registrations and it takes a lot of effort to delete them one by one.

we have hundereds of spam bots created accounts. I'm able to effectively find it but not bulk delete it. There is simply no solution to this unless whmcs decides to allow mass deletetion - this has to be implemented even if I will have to tripple check that I really want to perform this action

> We don't offer a mass delete function intentionally so as to prevent irrevocable and permanent deletion of data; malicious or accidental.

Did you heard about backups?

> I'd like to be able to be able check off tick marks next to these accounts in the "View/Search Clients" screen and choose to bulk purge them from my WHMCS. At present they need to be deleted one at a time.

This is a STANDARD solution in many webapps, but not here.

This is common sense to expect such a feature to be present.