Manage multiple WP Cerber instances from one dashboard
A short introduction to remote management technology which has been built into WP Cerber since version 8.0.
How does it work
The technology enables you to manage the WP Cerber plugin and monitor activity on a remote website which is called a slave website from the main website which is called a master website.
To activate this technology, you need to enable a master mode on the main website and a slave mode on each website you want to connect to the master and manage remotely.
Remote management is supported in WP Cerber version 7.9.9 or newer.
As of now, the free version of the plugin on a slave is limited to a read-only mode, meaning you can’t update the plugin settings remotely except the ability to install a new license key.
Getting started on the master
To configure the main, master website go to the Cerber.Hub admin page and enable master mode. Once you’ve done this you can add slave websites by using security tokens generated on slaves.
Adding slave websites
To add a slave website to the master, you need to enable the slave mode on the website. Go to the Cerber.Hub admin page and enable the slave mode. During the activation of the slave mode, a unique security access token is generated and saved into the database of the slave. Keep the token secret.
Go to the master website and click the “Add” button on the “My Websites” admin page. Copy the token and paste it in the “Add a salve website” popup window.
Manage them remotely
Once you’ve added all slave websites on the master you can easily switch between them with a single click in a top navigation menu on the admin bar or by clicking the name of a slave on the “My Websites” master page. Once you’ve switched to a slave website use the plugin menu and admin links the way like you do this normally. To switch back to the master website, click a X icon on the admin bar.
Note: when you’re managing remote website, the color of the admin bar is blue and the left admin menu on the master is dimmed.
How to limit remote management from a specific master website
If you know the IP address of your master website, enter that IP address into the “Limit access by IP address” setting field on the Cerber.Hub admin page on a slave website. If you do not know the IP address, follow these steps to find it out.
- Switch to a slave website on the master
- Go to the Tools admin page, click the Diagnostic tab
- The IP address of the master website is shown in the “The IP address of the master is detected as” field in the “System Info” section
- Enter this IP address on the slave as it is described above
A safety note
All access tokens are stored in the databases of the master and slave websites in unencrypted form (plaintext). Store a backup copy of all websites in a safe and trusted place.
Questions you may have
Does slave mode allow the management of all site settings from a master?
No, it does not. As of now this technology supports managing only the plugin settings.
Can anyone who has my access token get access to the dashboard of my website?
No, it is absolutely not possible because neither the remote management algorithms in the plugin nor WordPress itself supports this.
What do I do if an access token is compromised?
You have to re-enable the slave mode on the website. This invalidates the compromised token and re-generates a new one. Once you have done that, delete the website from the master and add it again by using the newly generated token.
Where are access tokens stored?
All security access tokens are stored in the databases of master and slave websites and are never transmitted over the Internet in unencrypted form except at the moment that you add a token to a master website.
If you’re unable to get it working, that may be caused by a number of reasons. Enable the diagnostic log on the master and on the slave to obtain more information. You can view the log on the Tools admin page. Here is a list of the most common causes of issues on the slave side.
- A security plugin on the slave website is interfering with the WP Cerber plugin
- A security directive in the .htaccess file on the slave website is blocking incoming requests as suspicious
- A firewall or a proxy service (like Cloudflare) is blocking (filtering out) incoming requests to the slave website
- The IP address of the master is locked out or in the Black Access List on the slave website
- The slave mode on the remote website has been re-enabled making the security token saved on the master invalid
- The slave mode has been disabled on the remote website
- The IP address of the master website does not match the one set in the slave settings on the remote website
- The WP Cerber plugin has been deactivated on the slave website
- The remote server is redirecting incoming requests to another website
- The domain of the slave website has been changed
- The SSL certificate of the slave website is expired or invalid
- There is no network connectivity between the master server and the server on which the slave website is running
- The remote server is down
Last posts from WordPress security blog
- Development version 7.9.9 February 10, 2019
- Manage multiple WP Cerber instances from one dashboard February 4, 2019
- WP Cerber Security 7.9.7 January 11, 2019
- Registered users only mode January 8, 2019
- Development version 7.9.5 December 20, 2018