Unable to access WHMCS from mobile device
In testing WHMCS to see what my clients would see when they logged in I found I was unable to log in via my cell phone's browser though it worked fine from my laptop. Neither the admin account nor the dummy client account would work. After typing username and password I would just be returned to the login page with no error message. After searching the web I found this in General Settings/Security:
Disable Session IP Check - This is used to protect against cookie/session hijacking but can cause problems for users with dynamic IPs
By default it was checked and unchecking it allowed logins from my mobile device.
I doubt that my users will be logging in from mobile devices and decided to leave it checked but my question is how much of a security risk does unchecking it pose to leave it unchecked? What is InMotion's recommendation on this?
Disable Session IP Check - This is used to protect against cookie/session hijacking but can cause problems for users with dynamic IPs
By default it was checked and unchecking it allowed logins from my mobile device.
I doubt that my users will be logging in from mobile devices and decided to leave it checked but my question is how much of a security risk does unchecking it pose to leave it unchecked? What is InMotion's recommendation on this?
Thank you for your question about WHMCS security. If your customers are not going to be using mobile devices often then I would recommend leaving this parameter in place. Any extra security is a good thing. However, I understand you may want to offer mobile access to your customers. In that case, you will have to make the final determination as far as how much security you require. We have no official position other than recommending the most security possible.
Best,
Christopher M.