WordPress Security
WordPress Security

Manage multiple WP Cerber instances from one dashboard


A short introduction to a remote management technology which has been built into WP Cerber Security since version 8.0.

How does it work

The technology enables you to manage the WP Cerber plugin, monitor activity, and upgrade plugins on multiple WordPress powered websites from a main WordPress website which is called a main website.

To activate this technology, you need to enable a main mode on any website you are going to use as a main, central website and a managed mode on all websites you want to connect to the main website and manage them remotely.

Requirements

Remote management is supported in WP Cerber version 8.0 or newer.

Limitation

As of now, the free version of the plugin on a managed website is limited to a read-only mode, meaning you can’t change the plugin settings remotely except the ability to install a new license key and upgrading plugins. There is no limit to the number of managed websites, though.

Getting started on the main website

To configure the main website go to the Cerber.Hub admin page and enable main website mode. Once you’ve done this you can add managed websites by using a secret access token generated on managed websites.

Adding managed websites

To add a new managed website on the main website, you need to enable the managed mode on the remote website. Go to the Cerber.Hub admin page and enable the managed mode. During the activation of the managed mode, a unique secret access token is generated and saved into the database of the managed website. Keep the token secret.

Secret Access Token WordPress

Go to the main website, open the Cerber.Hub admin page and click the “Add” button on the “My Websites” admin page. Copy the token and paste it in the “Add a remote website” popup window.

Add Access Token WordPress

Manage websites remotely

Once you’ve added all managed websites on the main website, you can easily switch between them with a single click in a top navigation menu on the admin bar or by clicking the name of the managed website on the “My Websites” admin page. Once you’ve switched to a managed website, use the plugin menu and admin links. To switch back to the main website, click a X icon on the admin bar.

Manage multiple WordPress websites

Note: when you are managing remote website, the color of the admin bar is blue and the vertical WordPress admin menu on the main website is dimmed.

How to limit remote management from a specific main website

If you know the IP address of your main website and the address is static, you can enter that IP address into the “Limit access by IP address” setting field on the Cerber.Hub admin page on a managed website. If you do not know the IP address, follow these steps to find it out.

  1. Switch to a managed website on the main website
  2. Go to the Tools admin page, click the Diagnostic tab
  3. The IP address of the main website is shown in the “The IP address of the main website is detected as” field in the “System Info” section
  4. Enter this IP address on the managed website as described above

A safety note

All access tokens are stored in the databases of the main website and managed websites in unencrypted form (plaintext). Store a backup copy of all websites in a safe and trusted place.

Questions you may have

How many websites can be managed by a main website?

Technically, there is no limit. The actual limit depends on how powerful the server on which your main website is hosted.

Does managed mode allow managing of all site settings from a main website?

No, it does not. As of now, Cerber.Hub supports managing only WP Cerber settings.

Can anyone who has my access token get access to the dashboard of my WordPress?

No, it is absolutely not possible because neither the Cerber.Hub remote management algorithms nor WordPress itself supports this.

What do I do if an access token is compromised?

You have to re-enable the managed mode on the website. This invalidates the compromised token and re-generates a new one. Once you have done that, delete the website from the main website and add it again by using the newly generated token.

Where are access tokens stored?

All security access tokens are stored in the databases of main and managed websites and never transmitted over the Internet in unencrypted form, except at the moment that you add a token to a main website.

Can I open several different managed websites in several browser tabs?

No, you can manage only one managed website at the same time in the same browser. Use bulk actions to run a task on several managed websites simultaneously.

Troubleshooting

If you’re unable to get it working, that may be caused by several reasons. Enable the Diagnostic log on the main website and on the managed one to get more information. You can view the Diagnostic log on the Tools admin page. Here is a list of the most common causes of issues on the managed side.

  • A security plugin on the managed website is interfering with the WP Cerber plugin
  • A security directive in the .htaccess file on the managed website is blocking incoming requests as suspicious
  • A firewall or a proxy service (like Cloudflare) is filtering out requests from the main website to the managed website
  • The IP address of the main website is locked out or in the Black Access List on the managed website
  • The managed mode on the remote website has been re-enabled making the security access token saved on the main website invalid
  • The managed mode has been disabled on the remote website
  • The IP address of the main website does not match the one set in the managed website settings
  • The WP Cerber plugin has been deactivated on the managed website
  • The remote server that hosts managed website is redirecting incoming requests to another website
  • The domain name of the managed website has been changed
  • The SSL certificate of the managed website is expired or invalid
  • There is no network connectivity between the main website server and the server on which the managed website is hosted
  • The remote server is down

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments