Troubleshooting Authentication
If you encounter errors or issues while authenticating with WHMCS, see the sections below to start troubleshooting and resolve the issue.
- For general steps to troubleshoot problems in WHMCS, see Start Troubleshooting.
- For more information about authenticating, see Authentication.
Authenticating with WHMCS
You may encounter the following common issues:
| Error or Issue | Cause | Next Steps |
WHMCS is running behind a CloudFlare proxy, but you have not configured proxy settings. This may cause login sessions to end prematurely. Click here to automatically reconfigure your CloudFlare proxy settings. (WHMCS 8.11 and later) or WHMCS may be operating behind a proxy or CDN, but you have not configured trusted proxy settings using CloudFlare IP addresses. This may cause login sessions to end prematurely. Apply settings now to correct this issue. (WHMCS 8.10 and earlier) | There is a problem with your CloudFlare® trusted proxies configuration. | CloudFlare Proxy Check Errors |
You see errors or experience problems while attempting to use Duo® Security for two-factor authentication. For example: Client Duo® Security Login Failed: invalid_client: Integration type does not support frameless access. | You need to update your Duo Security credentials to use Duo’s Universal Prompt system. | Duo Security Login Failures |
| Admins or users report that the system frequently logged them out. | You have misconfigured PHP, a proxy, or CDN on the server that hosts WHMCS, there is insufficient disk space, or there is a problem with the visitor’s IP address. | Frequent Logouts |
Login Details Incorrect. Please try again. | The URL that you are using to log in does not match the WHMCS System URL setting. | Login Details Errors |
The system redirects you back to the login page without an error, or you see an Invalid csrf protection token error. | There is a problem with PHP sessions on your server. | Login Redirect Loops |
Oops! Access Denied - Forbidden | There is a problem with your administrator role or, if an admin is logging in as a client, there is a problem with the client’s password. | Oops! Access Denied Errors |
| The system is not removing sessions from the location in your session configuration. | There is a problem in your PHP configuration. | Sessions Are Not Removed |
Password Resets
You may encounter the following common issues:
| Error or Issue | Cause | Next Steps |
The reset link you have followed is invalid. Please try again. | The WHMCS System URL does not match the URL that the user used to access the password reset page. | Invalid Reset Link Errors |
Two-Factor Authentication
You may encounter the following common issues:
Last modified: January 15, 2025