What is MainWP
MainWP is the only free, fully open source, and self-hosted solution for managing multiple WordPress sites. Whether you’re maintaining your or WordPress blogs for your clients, MainWP will bring you peace of mind.
MainWP is actually a set of 2 plugins:
The MainWP Dashboard is a WordPress plugin. It utilizes a control dashboard for your managed sites. It should be installed on one of your WordPress sites, which will be used for managing all other sites that will be connected to it. The Dashboard plugin allows you to connect and control completely independent WordPress sites, even those on different hosts and servers.
The MainWP Child plugin is used to manage multiple WordPress websites from your MainWP Dashboard securely. This plugin is to be installed on every WordPress site you want to control from your Dashboard. It allows your Dashboard plugin to safely connect to your website and communicate with it while performing requested actions.
A word from the Author
It is our belief that with WordPress management solutions that are hosted on the developers servers or are self-hosted but contain encrypted code that you can never truly be sure how that information is being used or even what information about your sites is being gathered.
Since MainWP is hosted on your WordPress install and not on our private server, you can be sure we do not track or keep any information about your Child sites and because MainWP is open source and not encrypted. You are free to audit the code for yourself at anytime via GitHub.
Allowing people to host everything on their server does make coding the plugin quite a bit more difficult for our developers, but we feel that the privacy and security of the networks built using MainWP were more important than controlling things on our servers.
How it Works
The MainWP Dashboard plugin communicates with your Child sites using Port 80 on HTTP connections and Port 443 on HTTPS connections. It uses OpenSSL encryption if it is available; in case it’s not, you should contact your host support and ask them to enable the OpenSSL extension for you. It sends the following user agent:
“Mozilla/5.0 (compatible; MainWP/3.4.9; +http://mainwp.com)”
The version number in bold changes with each release.
Is it Secure
The MainWP Child Plugin only connects with a single MainWP Dashboard, so all the WordPress sites managed under your Dashboard will only respond to requests from your installation. Data tampering is almost impossible in this way.
Once the Child Plugin and Dashboard Plugin are married, someone would need access to your child sites WP-Admin to disable and re-enable the plugin, thus breaking the connection between the two.