diff --git a/apps/bff/src/common/config/env.validation.ts b/apps/bff/src/common/config/env.validation.ts
index 91ffaa24..69801dd9 100644
--- a/apps/bff/src/common/config/env.validation.ts
+++ b/apps/bff/src/common/config/env.validation.ts
@@ -35,6 +35,11 @@ export const envSchema = z.object({
   WHMCS_API_SECRET: z.string().optional(),
   WHMCS_API_ACCESS_KEY: z.string().optional(),
   WHMCS_WEBHOOK_SECRET: z.string().optional(),
+  // Optional elevated admin credentials for privileged WHMCS actions (eg. AcceptOrder)
+  WHMCS_ADMIN_USERNAME: z.string().optional(),
+  // Expect MD5 hash of the admin password (preferred). Alias supported for compatibility.
+  WHMCS_ADMIN_PASSWORD_MD5: z.string().optional(),
+  WHMCS_ADMIN_PASSWORD_HASH: z.string().optional(),
 
   // Salesforce Configuration
   SF_LOGIN_URL: z.string().url().optional(),
diff --git a/apps/bff/src/orders/services/order-fulfillment-orchestrator.service.ts b/apps/bff/src/orders/services/order-fulfillment-orchestrator.service.ts
index 6c50a02f..cc7f5359 100644
--- a/apps/bff/src/orders/services/order-fulfillment-orchestrator.service.ts
+++ b/apps/bff/src/orders/services/order-fulfillment-orchestrator.service.ts
@@ -306,18 +306,20 @@ export class OrderFulfillmentOrchestrator {
 
     // Try to update Salesforce with failure status
     try {
-      await this.salesforceService.updateOrder({
+      const updates: Record<string, unknown> = {
         Id: context.sfOrderId,
+        // Set overall Order.Status to Pending Review for manual attention
+        Status: "Pending Review",
         [fields.order.activationStatus]: "Failed",
-        // Optional diagnostics fields if present in org
-        ...(fields.order.lastErrorCode && {
-          [fields.order.lastErrorCode]:
-            this.orderFulfillmentErrorService.getShortCode(error) || String(errorCode),
-        }),
-        ...(fields.order.lastErrorMessage && {
-          [fields.order.lastErrorMessage]: userMessage?.substring(0, 255),
-        }),
-      });
+      };
+      updates[fields.order.lastErrorCode as string] = (
+        this.orderFulfillmentErrorService.getShortCode(error) || String(errorCode)
+      )
+        .toString()
+        .substring(0, 60);
+      updates[fields.order.lastErrorMessage as string] = userMessage?.substring(0, 255);
+
+      await this.salesforceService.updateOrder(updates as { Id: string; [key: string]: unknown });
 
       this.logger.log("Salesforce updated with failure status", {
         sfOrderId: context.sfOrderId,
diff --git a/env/portal-backend.env.sample b/env/portal-backend.env.sample
index 2c315a1a..3883d3fc 100644
--- a/env/portal-backend.env.sample
+++ b/env/portal-backend.env.sample
@@ -26,6 +26,11 @@ TRUST_PROXY=true
 WHMCS_BASE_URL=https://accounts.asolutions.co.jp
 WHMCS_API_IDENTIFIER=
 WHMCS_API_SECRET=
+# Optional elevated admin credentials for privileged actions (eg. AcceptOrder)
+# Provide the admin username and MD5 hash of the admin password.
+# When set, the backend will use these ONLY for the AcceptOrder action.
+WHMCS_ADMIN_USERNAME=
+WHMCS_ADMIN_PASSWORD_MD5=
 
 # Salesforce Credentials
 SF_LOGIN_URL=https://asolutions.my.salesforce.com