You can protect your WHMCS installation from hackers by doing the following 3 things:
- Change the name of the admin folder to something less obvious
- htaccess password the administration folder so you have to pass htaccess before entering whmcs admin username and password
- choose an obscure password/username
Oh and use Maxmind with manaul acceptance on all orders of value - in the long run you will be pleased you did!
If anyone has any bad experiences of WHMCS hacking or other methods of preventing this valuable data please post!