WordPress Security
WordPress Security
Posted By Gregory

Manage multiple WP Cerber instances from one dashboard

A short introduction to a remote website management technology which is available since WP Cerber Security 8.0.

How does it work

The Cerber.Hub technology enables you to manage WP Cerber plugins, monitor activity, and upgrade installed plugins on multiple WordPress-powered websites from one, central WordPress website which is called a main website.

To activate this technology, you need to enable a main website mode on a website you are going to use as a central management console, and a managed mode on all websites you want to connect to the main website to manage them remotely.

Getting started on the main website

To start using Cerber.Hub, go to the Cerber.Hub admin page on the main website and click Enable main website mode. Once you have done this, you can add managed websites by using a secret access token generated on managed websites.

Enabling Cerber.Hub for WordPress

Enabling Cerber.Hub for WordPress


Adding managed websites

To connect a website you want to manage remotely to the main website, you need to enable the managed mode on such a website. On the managed website go to the Cerber.Hub admin page and click Enable managed mode. During the activation of the managed mode, a unique secret access token is generated and saved into the database of the managed website. Keep this token secret.

Secret Access Token Cerber.Hub for WordPress

Secret access token is used to for connecting a managed website to a main website

Once the token is generated, copy it to the clipboard, go to the main website, open the Cerber.Hub admin page, and click the Add button on the My Websites admin page. Paste the token into the Add a remote website popup window.

Adding a managed website on WordPress

Adding a managed WordPress-powered website on the main Cerber.Hub website

Manage websites remotely

When you finish connecting your managed websites to the main website, you can easily switch between them with a single click in a top navigation menu on the admin bar or by clicking the name of the managed website on the My Websites admin page. After switching to a managed website, use the WP Cerber menu and admin links. To switch back to the main website, click a X icon on the right-hand side of the admin bar.

Switching between managed websites on Cerber.Hub

Switching between managed websites on Cerber.Hub

Note: when you are managing a remote website, the color of the admin bar is blue and the vertical WordPress admin menu on the main website is dimmed.

How to restrict remote management by an IP address

If you know the IP address of your main website and this IP address is static, you can enter the IP address into the Limit access by IP address setting field on the Cerber.Hub admin page on a managed website. If you do not know the IP address, follow these steps to find it out.

  1. Switch to a managed website on the main website
  2. Go to the Tools admin page, click the Diagnostic tab
  3. The IP address of the main website is shown in the “The IP address of the main website is detected as” field in the System Info section
  4. Enter this IP address on the managed website as described above

A safety note

All secret access tokens are stored in the databases of the main website and managed websites in unencrypted form (as plain text). Store a backup copy of your websites in a safe and trusted place.


As of now, the free version of the plugin on a managed website is limited to a read-only mode, meaning you cannot change the plugin settings remotely except upgrading plugins and the ability to install licenses key for WP Cerber Professional. There is no limit to the number of managed websites, though.

Questions you may have

How many websites can be managed from one main website?

Technically, there is no limit. The actual limit depends on how powerful the server on which your main website is hosted.

Does the managed mode allow managing of all the site settings?

No, it does not. As of now, Cerber.Hub supports managing WP Cerber settings only.

Can anyone who has my access token get access to the dashboard of my WordPress?

No, it is absolutely not possible because neither the Cerber.Hub remote management algorithms nor WordPress itself supports this.

What do I do if an access token is compromised?

You must re-enable the managed mode on the website. This invalidates the compromised token and re-generates a new one. Once you have done that, delete the website with compromised toke from the main website and add it again by using the newly generated secret access token.

Where are access tokens stored?

All security access tokens are stored in the databases of main and managed websites and never transmitted over the Internet in unencrypted form, except at the moment that you add a token to a main website.

Can I open several different managed websites in several browser tabs?

No, you can manage only one managed website at the same time in the same browser. Use bulk actions to run a task on several managed websites simultaneously.


If an attempt to switch to a managed website produces an error, this may be caused by several reasons. Enable the Diagnostic log on the main website and on the managed one to obtain more information. You can view the Diagnostic log on the Tools admin page. Here is a list of the most common connectivity issues.

  • A security plugin on the managed website is interfering with the WP Cerber plugin
  • A security directive in the .htaccess file on the managed website is blocking incoming requests
  • A firewall or a proxy service (like Cloudflare) is filtering out requests from the main website to the managed one
  • The IP address of the main website is locked out or in the Black Access List on the managed website
  • The managed mode on the remote website has been re-enabled making the security access token saved on the main website invalid
  • The managed mode has been disabled on the remote website
  • The IP address of the main website does not match the one set in the managed website settings
  • The WP Cerber plugin has been deactivated on the managed website
  • The remote server that hosts managed website is redirecting incoming requests to another website
  • The domain name of the managed website has been changed
  • The SSL certificate of the managed website is expired or invalid
  • There is no network connectivity between the main website server and the server on which the managed website is hosted
  • The remote server is down

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments