{"id":10925,"date":"2025-01-17T07:42:15","date_gmt":"2025-01-17T07:42:15","guid":{"rendered":"https:\/\/www.trustedhosting.in\/blog\/?p=10925"},"modified":"2025-01-17T07:42:15","modified_gmt":"2025-01-17T07:42:15","slug":"how-to-secure-writeable-directories","status":"publish","type":"post","link":"https:\/\/www.webystrata.com\/blog\/how-to-secure-writeable-directories\/","title":{"rendered":"How to Secure  Writeable Directories"},"content":{"rendered":"<h1><a href=\"https:\/\/www.trustedhosting.in\/cpanel-hosting.html\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-10932 size-full\" title=\"How to Secure  Writeable Directories \" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1.jpg\" alt=\"How to Secure  Writeable Directories \" width=\"2000\" height=\"2000\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1.jpg 2000w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1-300x300.jpg 300w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1-1024x1024.jpg 1024w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1-150x150.jpg 150w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1-768x768.jpg 768w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/21743424_6500528-1-1536x1536.jpg 1536w\" sizes=\"auto, (max-width: 2000px) 100vw, 2000px\" \/><\/a><\/h1>\n<h1>How to Secure Writeable Directories<\/h1>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_9b895d1c-c1ee-4efa-9454-bf0c8b17f34e\" class=\"text-block-content\">\n<p>We recommend moving all writeable directories to a private location in order to prevent web-based access. When you move them, you must also update their locations in your installation&#8217;s file storage and the templates cache.<\/p>\n<\/div>\n<\/div>\n<div class=\"instructions screensteps-textblock screensteps-wrapper--info screensteps-wrapper\" tabindex=\"0\" role=\"status\" aria-label=\"info\">\n<div id=\"text-content_be29b196-3d68-454b-8434-44cd116bb9f5\" class=\"text-block-content\">\n<blockquote><p>We recommend performing this task and other security measures immediately after installing WHMCS. For a full list, see\u00a0<a href=\"https:\/\/help.whmcs.com\/a\/1075203\" target=\"_blank\" rel=\"noopener\" data-internal-link-id=\"1075203\" data-internal-link=\"article\">More Ways to Secure Your WHMCS Installation<\/a>.<\/p><\/blockquote>\n<\/div>\n<\/div>\n<div class=\"instructions screensteps-textblock screensteps-wrapper--tip screensteps-wrapper\" tabindex=\"0\" role=\"status\" aria-label=\"tip\">\n<div id=\"text-content_7210df00-308b-48eb-9fe4-41d4bd7977d5\" class=\"text-block-content\">\n<blockquote><p>If you are running suPHP or PHP suEXEC,\u00a0<code>chmod 755<\/code>\u00a0will make the directories writeable. This is the highest permission available for both folders and files when running in that condition.<\/p><\/blockquote>\n<\/div>\n<\/div>\n<div class=\"step step-depth-1\" data-step-uuid=\"7da9488e-e7ad-4616-bd17-28e30ad54c4d\">\n<h2 id=\"writeable-directories\" tabindex=\"0\">Writeable Directories<\/h2>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_b1b3248b-8c0b-4253-84a3-875e7dc6b970\" class=\"text-block-content\">\n<p>WHMCS requires three writeable directories:<\/p>\n<ul>\n<li><code>attachments<\/code><\/li>\n<li><code>downloads<\/code><\/li>\n<li><code>templates_c<\/code><\/li>\n<\/ul>\n<p>The\u00a0<code>attachments<\/code>\u00a0and\u00a0<code>downloads<\/code>\u00a0directories include the files that you or your customers attach to support tickets and any files that you offer for download. You can either move the\u00a0<code>attachments<\/code><em>\u00a0<\/em>and\u00a0<code>downloads<\/code><em>\u00a0<\/em>storage directories to a local location or store them remotely on an Amazon \u00a0S3\u2122-compatible service.<\/p>\n<p>The templates cache (<code>templates_c<\/code>) improves the performance of templated pages and emails. You can move the\u00a0<code>templates_c<\/code>\u00a0directory to a local location.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"step step-depth-1\" data-step-uuid=\"1950d94b-1faf-48ca-b730-1682673e9763\">\n<h2 id=\"moving-the-directories\" tabindex=\"0\">Moving the Directories<\/h2>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_9a49725f-ab92-4fc2-953d-bc2aa8ef6b82\" class=\"text-block-content\">\n<p>How you move the directories depends on your hosting control panel and the methods you prefer.<\/p>\n<p>To do this in cPanel:<\/p>\n<p>1. In your cPanel account, go to\u00a0<strong>Files &gt;&gt; File Manager<\/strong>.<\/p>\n<p>2. Navigate to your WHMCS installation directory.<\/p>\n<p>3. For\u00a0<strong>each<\/strong>\u00a0of the three folders:<\/p>\n<p>a. Right-click on the folder and choose\u00a0<strong>Move<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10926\" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/6b4d77c4-9401-4a22-bf55-c35f9960112d.png\" alt=\"\" width=\"336\" height=\"245\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/6b4d77c4-9401-4a22-bf55-c35f9960112d.png 336w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/6b4d77c4-9401-4a22-bf55-c35f9960112d-300x219.png 300w\" sizes=\"auto, (max-width: 336px) 100vw, 336px\" \/><\/p>\n<p>b. Enter the new path for the directory. This path must be above the\u00a0<code>public_html<\/code>\u00a0directory.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10927\" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/ff861464-4c98-4524-ae88-c619ab2e5c42.png\" alt=\"\" width=\"438\" height=\"220\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/ff861464-4c98-4524-ae88-c619ab2e5c42.png 438w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/ff861464-4c98-4524-ae88-c619ab2e5c42-300x151.png 300w\" sizes=\"auto, (max-width: 438px) 100vw, 438px\" \/><\/p>\n<p>c. Click\u00a0<strong>Move File(s)<\/strong>. As you move each folder, they will appear in the left-side navigation pane.<\/p>\n<div class=\"instructions screensteps-textblock screensteps-wrapper--tip screensteps-wrapper\" tabindex=\"0\" role=\"status\" aria-label=\"tip\">\n<div id=\"text-content_0aaa5669-245d-4dc7-b134-836c576c5f28\" class=\"text-block-content\">\n<blockquote><p>Make certain that you note the new directory paths. You will need them in later steps.<\/p><\/blockquote>\n<\/div>\n<\/div>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_72741230-cb97-4204-ad20-1074c7ae8c50\" class=\"text-block-content\">\n<p>4. Still in cPanel at\u00a0<strong>Files &gt;&gt; File Manager<\/strong>, navigate back to the WHMCS installation path.<\/p>\n<p>5. Right-click on the\u00a0<code>configuration.php<\/code>\u00a0file and choose\u00a0<strong>Edit<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10928\" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/eeef0e24-60fb-4794-9d53-fc98e106338c.png\" alt=\"\" width=\"365\" height=\"209\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/eeef0e24-60fb-4794-9d53-fc98e106338c.png 365w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/eeef0e24-60fb-4794-9d53-fc98e106338c-300x172.png 300w\" sizes=\"auto, (max-width: 365px) 100vw, 365px\" \/><\/p>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_90af8fb9-ecd5-4dac-8c98-316afceccedf\" class=\"text-block-content\">\n<p>6. Update the\u00a0<code>$templates_compiledir<\/code>\u00a0setting to use the new path to the\u00a0<code>templates_c<\/code>\u00a0directory. For example:<\/p>\n<\/div>\n<\/div>\n<div class=\"code-block copy-clipboard--parent\">\n<pre id=\"code-content_4f19aa34-55be-4fd1-82fe-0dfa2197c83e\" tabindex=\"0\"><code>$templates_compiledir = \"\/home\/username\/templates_c\/\";<\/code><\/pre>\n<div class=\"copy-clipboard copy-clipboard--tt-right\"><\/div>\n<\/div>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_0d985bbe-d59e-4ad8-bbc7-b0d596f4afd6\" class=\"text-block-content\">\n<p>7. Click\u00a0<strong>Save Changes<\/strong>.<\/p>\n<p>8. In the WHMCS Admin Area, go to\u00a0<strong>Configuration &gt; System Settings &gt; Storage Settings<\/strong>.<\/p>\n<p>9. In the\u00a0<strong>Configurations\u00a0<\/strong>tab, select\u00a0<em>Local Storage<\/em>\u00a0for\u00a0<strong>Add New Configuration<\/strong>\u00a0and click\u00a0<strong>+<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10929\" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/d6b4128e-9b6c-42d3-aaca-c3dc2776f5ed.png\" alt=\"\" width=\"309\" height=\"140\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/d6b4128e-9b6c-42d3-aaca-c3dc2776f5ed.png 309w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/d6b4128e-9b6c-42d3-aaca-c3dc2776f5ed-300x136.png 300w\" sizes=\"auto, (max-width: 309px) 100vw, 309px\" \/><\/p>\n<p>10. Enter the new path to the\u00a0<code>attachments<\/code>\u00a0directory and click\u00a0<strong>Save Changes<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10930\" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/762d41dd-6c42-42cf-85c0-cb523087d40b.png\" alt=\"\" width=\"381\" height=\"166\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/762d41dd-6c42-42cf-85c0-cb523087d40b.png 381w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/762d41dd-6c42-42cf-85c0-cb523087d40b-300x131.png 300w\" sizes=\"auto, (max-width: 381px) 100vw, 381px\" \/><\/p>\n<p>11. Repeat steps 9-10 for the\u00a0<code>downloads<\/code>\u00a0directory.<\/p>\n<p>12. In the\u00a0<strong>Settings<\/strong>\u00a0tab, choose the new directory locations in each menu.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10931\" src=\"https:\/\/www.trustedhosting.in\/blog\/wp-content\/uploads\/2025\/01\/944e1440-ac7e-4102-b43e-53710e9b9a86.png\" alt=\"\" width=\"468\" height=\"163\" srcset=\"https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/944e1440-ac7e-4102-b43e-53710e9b9a86.png 468w, https:\/\/www.webystrata.com\/blog\/wp-content\/uploads\/2025\/01\/944e1440-ac7e-4102-b43e-53710e9b9a86-300x104.png 300w\" sizes=\"auto, (max-width: 468px) 100vw, 468px\" \/><\/p>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_6e0bf3e4-56fe-48dc-af29-f011d2a83ae6\" class=\"text-block-content\">\n<p>13. Click\u00a0<strong>Switch<\/strong>.<\/p>\n<\/div>\n<\/div>\n<div class=\"instructions screensteps-textblock screensteps-wrapper--warning screensteps-wrapper\" tabindex=\"0\" role=\"status\" aria-label=\"warning\">\n<div id=\"text-content_d283e15c-7d04-4f08-ac10-d9fa26b35875\" class=\"text-block-content\">\n<p>Only click\u00a0<strong>Switch<\/strong>\u00a0if you moved the directories. If you created new directories instead, use\u00a0<strong>Migrate\u00a0<\/strong>instead to copy the files from the old directory to the new directory.<\/p>\n<\/div>\n<\/div>\n<div class=\"instructions screensteps-textblock\" tabindex=\"0\">\n<div id=\"text-content_646120a1-ea06-4c47-b376-77e418bf0077\" class=\"text-block-content\">\n<p>For more information on setting up storage locations, see\u00a0<a href=\"https:\/\/docs.whmcs.com\/Storage_Settings\" target=\"_blank\" rel=\"noopener\">Storage Settings<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>How to Secure Writeable Directories We recommend moving all writeable directories to a private location in order to prevent web-based&hellip;<\/p>\n","protected":false},"author":1,"featured_media":10932,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-10925","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-whmcs"],"_links":{"self":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/10925","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/comments?post=10925"}],"version-history":[{"count":1,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/10925\/revisions"}],"predecessor-version":[{"id":10933,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/10925\/revisions\/10933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/media\/10932"}],"wp:attachment":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/media?parent=10925"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/categories?post=10925"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/tags?post=10925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}