EnglishWHMCS provides the option to enable Global Two-Factor Authentication (2FA) settings, which adds an extra layer of security to the entire WHMCS admin area. This ensures that all administrators are required to use 2FA for access. Here's how you can set up Global Two-Factor Authentication in WHMCS:
-
Log into WHMCS: Access your WHMCS admin panel using your username and password.
-
Navigate to Security Settings:
- Go to "Setup" > "General Settings" > "Security."
-
Enable Two-Factor Authentication (2FA):
- In the "Security" tab, find the option for "Administrator Password Security."
- Check the box labeled "Enable Two-Factor Authentication for Administrators."
-
Choose 2FA Method:
-
Select the preferred method for 2FA. WHMCS supports several options, including:
- Google Authenticator: This involves using a mobile app like Google Authenticator to generate one-time codes.
- YubiKey: This method involves using a YubiKey hardware device to provide an additional authentication factor.
-
-
Save Changes:
- Click the "Save Changes" button to apply the 2FA settings.
-
Require All Administrators to Enable 2FA:
-
If you want to enforce 2FA for all administrators, you can do so in the "Staff Management" section.
-
Go to "Setup" > "Staff Management" > "Administrators."
-
Edit each administrator account and ensure that "Two-Factor Authentication" is enabled for them.
-
If an administrator has not set up 2FA, they will be prompted to do so upon their next login.
-
-
Testing 2FA:
- Log out of your WHMCS admin panel and log in again. You should be prompted to authenticate using the selected 2FA method.
-
Authentication:
- Depending on the method you selected, follow the prompts to authenticate (e.g., enter a one-time code from Google Authenticator, insert a YubiKey, etc.).
-
Encourage Regular Use:
- Encourage all administrators to use 2FA for their accounts.
Best Practices for Global Two-Factor Authentication:
-
Regular Auditing: Periodically review and audit administrator accounts to ensure compliance with 2FA policies.
-
Education and Training: Provide training on 2FA and its benefits to all administrators.
-
Recovery Codes: Some 2FA setups provide recovery codes. Encourage administrators to store these codes securely in case they are unable to access their 2FA device.
-
Strong Passwords: Encourage administrators to use strong passwords in conjunction with 2FA.
By enabling Global Two-Factor Authentication in WHMCS, you add an extra layer of security to your admin area, helping to protect sensitive information and prevent unauthorized access.
