MFA Reminder for WHMCS Afdrukken

What It Does

Reminds customers to enable Multi-Factor Authentication (MFA). Dashboard alerts for users without MFA. Optional email reminders. Admin dashboard shows MFA adoption statistics.

Features

Client Reminders:

• Alert on dashboard for users without MFA
• Customizable alert style (danger/warning/info)
• Links to security page for MFA setup
• Dismissible but reappears on next login

Email Reminders:

• Scheduled periodic reminders
• Configurable frequency (days)
• Custom email template
• Automatic via WHMCS cron

Admin Dashboard:

• MFA adoption statistics
• User list without MFA
• Manual reminder sending
• Bulk reminder actions

Multi-User Support:

• Checks logged-in user, not just account owner
• Sub-users get reminders independently
• Per-user MFA tracking

Installation

1. Purchase from ArkHost Store
2. Upload to `/modules/addons/mfa_reminder/`
3. Activate in Setup → Addon Modules
4. Enter license key
5. Configure settings
6. Done

Configuration

Setup → Addon Modules → MFA Reminder

License Key:

Enter your ArkHost license key.

Enable Reminder:

• Yes: Shows dashboard alert to clients without MFA
• No: Disables dashboard alerts

Reminder Type:

Alert style in client area:

• Danger (red) - Most urgent
• Warning (yellow) - Moderate urgency
• Info (blue) - Informational

Security Page URL:

URL where users enable MFA.

Default: /clientarea.php?action=security

Enable Cron Email Reminders:

• Yes: Sends periodic email reminders
• No: Dashboard alerts only

Cron Reminder Frequency:

Days between reminder emails.

Example: 30 = monthly reminders

Usage

Client Experience

User without MFA:

1. Logs into WHMCS
2. Sees alert on dashboard:

"For your security, please enable Two-Factor Authentication"

1. Clicks link
2. Redirected to security page
3. Enables MFA
4. Alert disappears on next login

Alert stays visible until MFA enabled.

Admin: Statistics Dashboard

View adoption rates:

1. Addons → MFA Reminder
2. Dashboard shows:

• Total clients
• Clients with MFA enabled
• Clients without MFA
• Adoption percentage
• Visual chart

Identify non-adopters:

• List of users without MFA
• Email addresses
• Account details
• Last login date

Admin: Send Reminders

Manual reminder (single user):

1. Addons → MFA Reminder
2. User list tab
3. Find user without MFA
4. Click "Send Reminder"
5. Email sent immediately

Bulk reminders:

1. Select multiple users (checkboxes)
2. Click "Send Bulk Reminder"
3. Emails sent to all selected
4. Confirmation shown

Automatic reminders:

• WHMCS cron runs daily
• Module checks last reminder sent
• Sends if frequency period passed
• Example: Frequency 30 days = monthly automatic reminders

Email Template

Customize reminder email:

1. Setup → Email Templates
2. Find "MFA Reminder" (General category)
3. Edit subject and body
4. Available merge fields:

• {$client_name}
• {$client_email}
• {$security_url}

1. Save

Default template:

Subject: Secure Your Account with Two-Factor Authentication

Dear {$client_name},

We noticed you haven't enabled Two-Factor Authentication (MFA) 
for your account yet. MFA adds an extra layer of security 
to protect your account from unauthorized access.

Enable MFA here: {$security_url}

This takes just a few minutes and significantly increases 
your account security.

Thank you,
Support Team

Multi-User Accounts

How it works:

Owner account:

• Has MFA enabled
• No alert shown to owner

Sub-user account:

• Doesn't have MFA enabled
• Sub-user logs in
• Alert shown to sub-user
• Reminder sent to sub-user's email

Module checks logged-in user, not account owner.

Example:

• Company account owned by john@example.com (MFA enabled)
• Sub-user jane@example.com (no MFA)
• Jane sees alert when she logs in
• John doesn't see alert
• Reminders sent to jane@example.com only

Cron Integration

How automatic reminders work:

WHMCS daily cron:

1. Runs once per day
2. Module checks all users without MFA
3. Checks last reminder sent date
4. If frequency period passed (e.g., 30 days):

• Sends reminder email
• Updates last sent timestamp

1. Skips users reminded recently

No separate cron needed. Uses WHMCS cron automatically.

Verify cron working:

1. Setup → Automation Settings
2. Check cron last run time
3. Should run daily

Adoption Statistics

What's tracked:

Total clients:

All active client accounts.

Clients with MFA:

Users who have any MFA method enabled:

• Time-based (TOTP apps like Google Authenticator)
• Backup codes
• Other WHMCS-supported methods

Clients without MFA:

Users with no MFA methods enabled.

Adoption rate:

Percentage with MFA enabled.

Example: 150/200 = 75% adoption

Visual chart:

Pie chart or bar graph showing adoption breakdown.

Customization

Alert styling:

Module uses WHMCS alert classes:

• `alert-danger` (red)
• `alert-warning` (yellow)
• `alert-info` (blue)

Compatible with all WHMCS themes.

Custom CSS:

Add to client area theme if needed:

.mfa-reminder-alert {
    /* Custom styles */
}

Security page URL:

Change if you use custom security page or third-party MFA.

Language Support

Supports WHMCS multi-language:

• Alert text translatable
• Email template per language
• Admin interface in English

Add translations:

Module uses WHMCS language system.

Create language file in module directory.

Troubleshooting

Alert not showing:

• Check module activated
• Verify "Enable Reminder" is Yes
• Clear browser cache
• Check user doesn't have MFA enabled
• Try different WHMCS theme

Emails not sending:

• Verify WHMCS cron running
• Check "Enable Cron Email Reminders" is Yes
• Review WHMCS email log
• Test WHMCS email settings (Setup → General Settings → Mail)
• Check spam folder

License validation failing:

• Verify license key correct
• Check domain authorized
• Contact ArkHost support with domain

Statistics not accurate:

• WHMCS caches data
• Wait for cron to update
• Check database connection
• Review WHMCS activity log

Multi-user not working:

• Update to v1.3+
• Check sub-user logged in (not owner)
• Verify sub-user has no MFA
• Clear WHMCS cache

Use Cases

Security compliance:

• Company policy requires MFA
• Need audit trail of MFA adoption
• Meet insurance requirements
• Demonstrate security measures

Customer education:

• Many customers don't know about MFA
• Reminders increase awareness
• Links to setup make it easy
• Periodic emails reinforce message

Support reduction:

• Fewer account compromise tickets
• Less password reset requests
• Reduced fraud incidents
• Better account security overall

Hosting provider:

• Improve customer security
• Reduce abuse complaints
• Show security commitment
• Competitive differentiator

When You Need This

Required if:

• Want higher MFA adoption
• Security compliance needed
• High account compromise rate
• Customer education important

Not required if:

• MFA adoption already high (>90%)
• Small customer base (manual reminders OK)
• Don't offer MFA
• Security not priority

Technical Specifications

Requirements:

• WHMCS 8.9+
• PHP 7.4+
• MySQL 5.7+
• WHMCS cron configured

File Structure:

modules/addons/mfa_reminder/
├── mfa_reminder.php       Main module
├── hooks.php              Client area hook
├── license.php            License validation
└── lang/                  Language files

Database:

• Uses WHMCS user tables
• Tracks reminder sent dates
• No additional tables

Hooks:

• ClientAreaHomepage: Displays alert
• DailyCronJob: Sends reminders

Email Template:

• Name: "MFA Reminder"
• Type: General
• Customizable per language

Performance:

• Minimal overhead
• Only loads on client dashboard
• Cron runs once daily
• No real-time checks

Support

Purchase: ArkHost Store

Before contacting support:

1. Check WHMCS cron running
2. Verify module activated
3. Review WHMCS activity log
4. Test with user without MFA

When reporting issues:

• WHMCS version
• PHP version
• Module version
• Error from activity log
• Steps to reproduce