WHMCS is encouraging all users to update their WHMCS installation to the latest version 5.3.9 as part of an important security patch.
According to a WHMCS security blog post on Tuesday, the update includes changes to IP detection logic in conjunction with the use of proxies.
“If using services such as CloudFlare, or any other similar public or private proxy service, to proxy traffic to your WHMCS installation, you will need to perform additional steps post upgrading in order to keep IP detection functioning correctly,” WHMCS said.
The update also includes an update to the low-level cryptographic routines used for admin authentication, according to WHMCS. After the release of 5.3.9 an issue was discovered related to admins with Two-Factor Authentication enabled prior to upgrading to the latest version. WHMCS provided a Hot-Fix for these users to apply after doing the 5.3.9 core update.
WHMCS said the update brings end of life for the Ensim server module (which hasn’t been supported since December 2007) as well as the E-Gold and PayOffline gateway modules. Customers actively using these modules should refer to the release notes.