Keeping tabs on WordPress security is super important. But what if you have 10s or even 100s of sites? How would you do that?
Here is our December 2023 short list of security software for multiple WordPress installations (centralized):
- WHM/cPanel’s WP Toolkit
- https://managewp.com
- https://mainwp.com
- https://www.wordfence.com/products/wordfence-central/
Benefits drawbacks of each?
- WP Toolkit.
- Only works with WHM installations
- Will allow plugin and core updates even if you don’t have the password
- Good notifications
- Can mitigate xmlrpc attacks
- ManageWP.com
- Has free tier
- Unsure if it can attach to sites without a password
- Not sure if it can mitigate xmlrpc attacks
- MainWP.com
- Has a free tier
- Unsure if can attach to sites without a password
- Not sure if it can mitigate xmlrpc attacks
- WordFence Central
- Doesn’t look like you can update sites centrally
- Not sure if it can mitigate and report on xmlrpc attacks
If you have any comments or suggestions on which tools to use when administering 100s of 1000s of sites, please let us know in the comments.
In our opinion this would be the perfect tool for multisite WordPress security auditing:
- Is not over-engineered
- Most of the software above is over engineered. In fact, after having done WordPress updates there really is only a few other things to attend to. Software creators just keep on adding features because their sales start running out – this pollutes the software for future users.
- Allow to enter site without password
- Scan site for plugin problems without having a password
- Update core and plugins and themes without a password
- Determine incorrect themes and the main child theme and disable themes not used
- Mitigate xmlrpc attacks
- Breakpoints, after updating, if site broke