Security Blog
Security Blog

Manage multiple WP Cerber instances from one dashboard


A short introduction to remote management technology which has been built into WP Cerber Security since version 8.0.

How does it work

The technology enables you to manage the WP Cerber plugin, monitor activity, and upgrade plugins on multiple WordPress powered websites from a main WordPress website which is called a master website.

To activate this technology, you need to enable a master mode on the main website and a slave mode on each website you want to connect to the master and manage remotely.

Pre-requirements?

Remote management is supported in WP Cerber version 8.0 or newer.

Limitation?

As of now, the free version of the plugin on a slave website is limited to a read-only mode, meaning you can’t change the plugin settings remotely except the ability to install a new license key and upgrading plugins. There is no limit to the number of slave websites, though.

Getting started on the master

To configure the main, master website go to the Cerber.Hub admin page and enable master mode. Once you’ve done this you can add slave websites by using security tokens generated on slaves.

Adding slave websites on the master

To add a slave website to the master, you need to enable the slave mode on the website. Go to the Cerber.Hub admin page and enable the slave mode. During the activation of the slave mode, a unique security access token is generated and saved into the database of the slave. Keep the token secret.

Secret Access Token WordPress

Go to the master website and click the “Add” button on the “My Websites” admin page. Copy the token and paste it in the “Add a salve website” popup window.

Add Access Token WordPress

Manage websites remotely

Once you’ve added all slave websites on the master you can easily switch between them with a single click in a top navigation menu on the admin bar or by clicking the name of a slave on the “My Websites” master page. Once you’ve switched to a slave website use the plugin menu and admin links the way like you do this normally. To switch back to the master website, click a X icon on the admin bar.

Manage multiple WordPress websites

Note: when you’re managing remote website, the color of the admin bar is blue and the left admin menu on the master is dimmed.

How to limit remote management from a specific master website

If you know the IP address of your master website, enter that IP address into the “Limit access by IP address” setting field on the Cerber.Hub admin page on a slave website. If you do not know the IP address, follow these steps to find it out.

  1. Switch to a slave website on the master
  2. Go to the Tools admin page, click the Diagnostic tab
  3. The IP address of the master website is shown in the “The IP address of the master is detected as” field in the “System Info” section
  4. Enter this IP address on the slave as it is described above

A safety note

All access tokens are stored in the databases of the master and slave websites in unencrypted form (plaintext). Store a backup copy of all websites in a safe and trusted place.

Questions you may have

How many websites can be managed by a single master?

Technically there is no limit. The actual limit depends on how powerful your master website is.

Does slave mode allow the management of all site settings from a master?

No, it does not. As of now this technology supports managing only the plugin settings.

Can anyone who has my access token get access to the dashboard of my website?

No, it is absolutely not possible because neither the remote management algorithms in the plugin nor WordPress itself supports this.

What do I do if an access token is compromised?

You have to re-enable the slave mode on the website. This invalidates the compromised token and re-generates a new one. Once you have done that, delete the website from the master and add it again by using the newly generated token.

Where are access tokens stored?

All security access tokens are stored in the databases of master and slave websites and are never transmitted over the Internet in unencrypted form except at the moment that you add a token to a master website.

Can I open several different slave websites in several browser tabs?

No, you can manage only one slave site at the same time in the same browser. Use bulk actions to run tasks on several slave websites simultaneously.

Troubleshooting

If you’re unable to get it working, that may be caused by a number of reasons. Enable the diagnostic log on the master and on the slave to obtain more information. You can view the log on the Tools admin page. Here is a list of the most common causes of issues on the slave side.

  • A security plugin on the slave website is interfering with the WP Cerber plugin
  • A security directive in the .htaccess file on the slave website is blocking incoming requests as suspicious
  • A firewall or a proxy service (like Cloudflare) is blocking (filtering out) incoming requests to the slave website
  • The IP address of the master is locked out or in the Black Access List on the slave website
  • The slave mode on the remote website has been re-enabled making the security token saved on the master invalid
  • The slave mode has been disabled on the remote website
  • The IP address of the master website does not match the one set in the slave settings on the remote website
  • The WP Cerber plugin has been deactivated on the slave website
  • The remote server is redirecting incoming requests to another website
  • The domain of the slave website has been changed
  • The SSL certificate of the slave website is expired or invalid
  • There is no network connectivity between the master server and the server on which the slave website is running
  • The remote server is down

Last posts from WordPress security blog


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.