Shahid Malla
WHMCS

How to Set Up WHMCS for a Real Hosting Business

The setup checklist for a production-ready WHMCS — past the installer, all the way to "ready for paying customers." Server spec, settings tour, branding, security, testing.

S Shahid Malla
· Feb 1, 2026 · 6 min read · 83 views
shahidmalla.com/blog/how-to-set-up-whmcs-for-a-real-hosting-business
How to Set Up WHMCS for a Real Hosting Business
On this page (24 sections)

"How to set up WHMCS" guides typically stop at "you've logged in for the first time." That's the easy part. Setting WHMCS up so it's actually ready for a real hosting business — billing automation, security, branding, integrations — is the work this guide covers.

This is the checklist I run through on every fresh WHMCS deployment.

Step 1 — Provision the right server

Covered in my system requirements guide. Summary:

  • 2 vCPU / 4 GB RAM / 40 GB SSD minimum.
  • PHP 8.2 + ionCube Loader.
  • MariaDB 10.6+ or MySQL 8.
  • OPcache enabled.
  • Real TLS certificate (Let's Encrypt or paid).

Don't run WHMCS on shared hosting beyond your first 50 customers. The economics work out.

Step 2 — Install WHMCS

  1. Download from members.whmcs.com — you need an active license.
  2. Upload to your server: /path/to/whmcs/ or your web root.
  3. Create a MySQL database + user with full privileges on that DB.
  4. Visit https://yourdomain.com/install/ in a browser.
  5. Follow the installer: enter license key, DB credentials, admin account.
  6. Set a strong admin password. Use a password manager.
  7. After install: delete the /install/ folder. Standard security step.

Step 3 — General settings tour

Admin → Setup → General Settings. Work through every tab:

General tab

  • Company Name, Logo URL, Pay To Text, Domain — all critical for invoice generation.
  • Email — your "from" address for transactional emails.
  • Help Desk Email — the inbox WHMCS pulls tickets from (if using email piping).
  • Template — your active client-area theme.
  • Admin Theme — your admin theme. blend is the modern default.

Localisation

  • Language — default for new clients.
  • Date Format — match your business's region.
  • Default Country.

Ordering

  • Order Days Grace — how long pending orders stay before auto-cancel.
  • Order Number Format — set a recognizable pattern.
  • Required Client Profile Fields — minimize friction at signup.

Domains

  • Set default registration price + renewal period.
  • Enable / disable transfer-in, registrar lock options.

Mail

  • Mail Type — SMTP (not PHP Mail; deliverability is worse).
  • SMTP credentials — use a real SMTP provider (SendGrid, Mailgun, Postmark, AWS SES).
  • Mass Mail per Hour Limit — protects your sending reputation.
  • Enable Mail Queue — non-blocking sends.

Invoices

  • Sequential Paid Invoice Numbering — enable. Tax compliance.
  • Invoice Number Format.
  • Late Fee Type / Amount — if you charge them.
  • Tax — configure VAT/GST if applicable.

Credit / Payment Gateways

  • Default currency.
  • Enable / configure each gateway (Stripe, PayPal, etc.). See my Stripe guide.

Support

  • Department setup.
  • Response time SLAs.
  • Ticket priorities.

Affiliates

  • If running an affiliate program, configure commissions + payout thresholds.

Security

  • Enable Force SSL.
  • Enable Data Protection Logging.
  • Enable 2FA for staff.
  • Configure password policy (length, complexity).

Other

  • Display Errors — OFF in production. ON in staging.
  • Auto-Logout Idle Time — 30-60 minutes for staff.

Step 4 — Configure the cron job

Covered in my cron guide. Quick:

*/5 * * * * /usr/bin/flock -n /tmp/whmcs.cron.lock /usr/bin/php -q /path/to/whmcs/crons/cron.php >/dev/null 2>&1

Step 5 — Set up your products

  1. Setup → Products/Services → Product Groups → Create — group your offerings (e.g., "Shared Hosting", "VPS", "Domains").
  2. Setup → Products/Services → Products → Create for each plan:
    • Type: Shared Hosting / VPS / Other.
    • Pricing tiers, billing cycles, free domain bundles.
    • Module Settings: link to the provisioning module (cPanel, Virtualizor, etc.).
    • Welcome email template.
  3. Setup → Products/Services → Configurable Options → Create for per-product options (extra IPs, OS choices, etc.).
  4. Setup → Products/Services → Servers — add your provisioning servers. See my cPanel guide or my VPS guide.

Step 6 — Automation settings

Setup → Automation Settings. Configure:

  • Invoice generation: 14 days in advance.
  • Reminders: 3 days before due, on due, 1 / 3 / 7 days overdue.
  • Suspension: 7 days overdue.
  • Termination: 30 days overdue.
  • Domain renewal reminders: 30 / 14 / 7 days before expiry.

Adjust per your business. Aggressive vs. lenient policies have customer-retention implications.

Step 7 — Branding

  • Upload your logo (Setup → General Settings → General → Logo URL).
  • Customize email templates (Setup → Email Templates — work through each, especially the welcome, invoice, and support templates).
  • Customize invoice PDF — see my invoice customization guide.
  • Build / install a custom theme — see my theme structure guide.
  • Update the system favicon, login screen styling, etc.

Step 8 — Lock down security

  • Move the admin folder to a non-default name (Setup → General Settings → Security → Custom Admin Folder).
  • IP-restrict admin access (Setup → Staff Management → IP Restriction).
  • Enable 2FA for all staff (Setup → Two-Factor Authentication).
  • Set up the WHMCS API with proper credentials, IP-restricted (see my API guide).
  • Configure firewall (CSF or equivalent).
  • Schedule daily backups + verify they restore (don't trust untested backups).

Step 9 — Test end-to-end before launch

Run a full dry-run:

  1. Place a test order through the public order form.
  2. Pay with a real card (you'll refund yourself).
  3. Confirm provisioning succeeds.
  4. Customer receives welcome email.
  5. Customer can log in to client area.
  6. Customer can SSO to control panel.
  7. Open a support ticket. Reply. Resolve.
  8. Fast-forward the service due date and run cron to confirm renewal invoice generates.
  9. Refund yourself.

Every step working = ready for real customers.

Step 10 — Set up monitoring before going live

  • Uptime check on your domain (UptimeRobot, Better Uptime, etc.).
  • Cron healthcheck (Healthchecks.io).
  • Database backup verification (Cron job that mysqldumps + uploads to off-server storage).
  • Server resource monitoring (CPU, RAM, disk, network).
  • Application errors (review WHMCS Activity Log weekly).

Common pitfalls

"Skipped install folder deletion." Anyone who finds /install/upgrade.php can reinstall WHMCS. Delete it.

"Display Errors left on in production." Leaks paths and config. Turn off after debugging.

"Default admin URL /admin/." Easy attack target. Rename it (Security tab).

"No backups." When (not if) something fails, you'll wish you had nightly off-server backups.

"License not yet activated for the production domain." WHMCS license is tied to a domain/IP. Update at members.whmcs.com when you point production DNS.

My take — set up once, document forever

The work above takes a focused day. After that, WHMCS runs itself. The discipline that matters: write down your setup choices. Six months later you'll need to know which gateway you configured, which SMTP, which paths, which env vars. Maintain a setup runbook for every WHMCS install you operate.

Going further

I do full WHMCS deployments for hosting businesses — server, install, configuration, branding, security, integrations. If you want this done properly without spending a week figuring it out, tell me about your business and I'll send a quote in 24 hours.

Share this article

Twitter LinkedIn WhatsApp
S

Written by

Shahid Malla

WHMCS expert, full-stack developer, technical lead at Fada.cloud. 10+ years building hosting platforms, custom modules, and automation that ships.

More about Shahid → Start a project

Trusted platforms

Prefer to hire through a platform?

Not sure about working directly? Hire me through Fiverr or Upwork instead - same me, same work, with the platform's buyer protection and escrow.

Fiverr Top Rated Seller Hire Upwork Top Rated Hire

Keep reading

More from the blog.

All articles →
WHMCS

WHMCS Live Chat Integration: The Complete Guide (2026)

A practical, no-fluff guide to WHMCS live chat integration: which tool to pick, the upgrade-safe hook method (with code), passing client context, and turning chat into real automation.
WHMCS

How to Add Live Chat to WHMCS (And Why It's the Best Thing You'll Do for Your Hosting Business This Year)

By Shahid Malla WHMCS Module Developer · Top Rated on Upwork & Fiverr · 200+ Custom WHMCS Modules Built
WHMCS

Building Custom WHMCS Reports: Admin Dashboard Analytics

WHMCS built-in reports cover basics. For MRR by product, cohort retention, churn, SLA tracking — you write custom reports. The easiest WHMCS module type to ship.

Got a project like this?

Tell me what you need - I'll send a real quote within 24 hours.

Start a project Contact