What is MainWP
MainWP is the only free, fully open-source, and self-hosted solution for managing multiple WordPress sites. Whether you’re maintaining your own or WordPress blogs for your clients, MainWP will bring you peace of mind.
MainWP is comprised of two plugins:
The MainWP Dashboard is a WordPress plugin. It utilizes a control dashboard for your managed sites. It should be installed on one of your WordPress sites, which will be used to manage all other sites connected to it. The Dashboard plugin allows you to connect and control completely independent WordPress sites, even those on different hosts and servers.
The MainWP Child plugin is used to manage multiple WordPress websites from your MainWP Dashboard securely. This plugin must be installed on every WordPress site you want to control from your Dashboard. It allows your Dashboard plugin to connect to your website safely and communicate with it while performing requested actions.
Is it Secure
The MainWP Child Plugin only connects with a single MainWP Dashboard, so all the WordPress sites managed under your Dashboard will only respond to requests from your installation.
All communication between MainWP Dashboard and the managed Child Sites is performed over the OpenSSL encrypted connection. Data tampering is almost impossible in this way.
When MainWP Dashboard connects to a child site for the first time, it generates Public and Private key pairs (2048 bits length) by using the
openssl_pkey_new() OpenSSL function. The public key is saved on the child site, and the Private key is saved on MainWP Dashboard.
Once the Child Plugin and Dashboard Plugin are married, and the Public and Private key pair are created, someone would need access to your child sites WP-Admin to disable and re-enable the plugin, thus breaking the connection between the two.
Learn more about Connection Security in our help document.
How it Works
The MainWP Dashboard plugin communicates with your Child sites using Port 80 on HTTP connections and Port 443 on HTTPS connections. It uses OpenSSL encryption if it is available; in case it’s not, you should contact your host support and ask them to enable the OpenSSL extension for you. It sends the following user-agent:
“Mozilla/5.0 (compatible; MainWP/4.2.4; +https://mainwp.com)”
The version number in bold changes with each release.
A word from Dennis
It is our belief that with WordPress management solutions that are hosted on the developers servers or are self-hosted but contain encrypted code that you can never truly be sure how that information is being used or even what information about your sites is being gathered.
Since MainWP is hosted on your WordPress install and not on our private server, you can be sure we do not track or keep any information about your Child sites and because MainWP is open source and not encrypted. You are free to audit the code for yourself at anytime via GitHub.
Allowing people to host everything on their server does make coding the plugin quite a bit more difficult for our developers, but we feel that the privacy and security of the networks built using MainWP were more important than controlling things on our servers.