No external scripts were used. Access logs say a few breach attempts at brute entry. The IPs keep getting banned. There is no secure URL. As I have never needed one. None of the information is touched. :/ It seems someone just breaks in to change settings in the backend.Well, how are they breaking in? Are they using a password or a script exploit. Check the access logs for the site to see what they are doing. Sounds like it may be password sniffing or malware - do you always access with a secure URL?
I will try to secure it again. But, I'm not sure what else to do. If all else fails, I may have to contact WHMCS directly. Also, I keep it up-to-date, so that should not be a problem. I try to keep on top of the situation. But, I guess since I've been away and without full contact to a computer daily, I probably need a better way of staying on top of security.WHMCS is a well built billing system which has a very good security compared to other billing scripts. So I can't recommend you another beyond WHMCS.
I am wondering how these hackers get in?
Probably you haven't tweaked WHMCS to avoid hackers. Also this may happen if you have an outdated version of WHMCS.
If neither of my suggestions are working for you, contact WHMCS support and describe your situation. Maybe they can help you.
There is one another billing system which can be compared to WHMCS. It's name is ClientExec. You can give it a try if you decided not to be with WHMCS anymore.