Are you using a utility that requires Zip Archive Enabled in WordPress? For me, this was the backup utility Duplicator.
And there’s the pain point. This took quite a bit longer to find than I expected! Here’s the journey to success.
1. The Issue
The issue arose because I wanted to backup my site using Duplicator with Zip archive.
Most of the documents mention changing this in WHM. This was not the case for me.
Of note: What you are about to do has the capability of totally crashing your WordPress site. Be sure to document any changes you make, and test the changes regularly in an incognito window or another computer.
2. The Fix
Log into your hosting company
Access WHM
Go to List Accounts in the left hand menu
Access the cPanel for the site in question
Click Select PHP Version
Select Extensions
Scroll down to activate Zip
Test your site in Incognito window
Go back to Duplicator to confirm it is working!
Zip backups selected, and no errors! We’ve fixed the issue.
Now you can create a Zip archive.
3. But now the question, should you?
Up until now, I’ve used Zip archives because I’ve had issues with Daf archives where the entire site would not be handled. I’m reading this shouldn’t be the case… but it just has been.
Diving into the world of web hosting can feel like navigating a complex network, a bit like the physical landscapes of wilderness paths and waterfalls I often hike. I’m searching for that stable, secure hosting company that not only keeps my online presence running smoothly and sets up a reliable foundation for sharing my experiences with you.
Speaking from my perspective, both stability and security are paramount. I don’t want to hear about compromised hosting, defaced web sites, exploited accounts, and downtime. In this case, when it comes to hosting with HostMantis, the deafening silence has been golden. No alarms, no breaches, no unexpected outages, just consistent uptime and reliable service. For someone involved in computer network operations and vigilantly aware of potential vulnerabilities, this “no news” scenario is the ultimate reassurance. It means HostMantis is doing its job, allowing me to focus on other priorities. In the case of a business owner, it is to get sales from my site; in the case of a newspaper, it is to share newsworthy articles with readers. In my case those priorities are wanting my website to work flawlessly so I can tend to the issues of sharing life and my experiences with valuable readers like you.
For the past four years, I’ve relied on HostMantis to provide hosting services. Their service has consistently exceeded, my expectations. In this review, I’ll share my experience, outlining why HostMantis has been a solid hosting provider and why it might be the stable, dependable, and effective solution you’ve been searching for. From my viewpoint.
A few notes on my baseline site hosting and configuration, including a background on URL and Domains vs Hosting.
My domains are registered somewhere else, I keep the domain registration separate from hosting. Here are a few reasons:
Pro: Avoid vendor lock-in, increased portability: Domain registration is a somewhat static task that is very well defined, and costs are generally constant. Hosting on the other hand is a bit more messy. There are plenty of bad hosting providers. Keeping my domains separate, with a separate billing account, reduces the opportunity for cross issues.
Pro: Security: Separating services can reduce the risk of losing both the domain and hosting if one provider has issues.
Pro: Email control: I maintain a separate Domain Name System (DNS) in order to route mail most definitively. If integrated correctly, mail can be routed directly to a public high availability mail service like Microsoft, Google, or even Yahoo instead of through a web host who then forwards the mail. This avoids any issues with hosting downtime.
Con: Additional costs. Separate renewal fees, and often the host provider will “give” a domain registration with the cost of hosting
Con: Complex management: Yes, it is true, this increases complexity (an enemy of security), but in my experience this is worth the lift.
2. HostMantis Account Configuration
HostMantis provides two factor authentication with any 2FA app. I’ve tried it with Microsoft Authenticator, Twilio Authy, and Google Authenticator. All three worked flawlessly.
Account security appears to be an area that HostMantis takes seriously.
I have not validated their “break glass” system; that is, if I’ve lost access to my account due to hijacking or lost authenticator token (for example, if your phone blows up), I’m unclear what the break glass back door is. I expect calling them would allow them to unlock my account. But, again it has not been tested.
For the package I own, login starts as a Reseller account into a general HostMantis page.
From there, enter the WHM (WebHost Manager) console. WHM is an industry standard from the makers of cPanel and is adopted by every hosting company I’ve used that use cPanel. WHM is where creation and management of individual web pages happens. Creating sites is straightforward.
Migrating Sites Into HostMantis
Migrating active sites into HostMantis proved flawless. I used Duplicator in my old hosting company, downloaded my zip files, and uploaded and ran the php installer. Everything was more than perfect.
SSL Certificates
HostMantis makes HTTPS is available on all sites through the free service Let’s Encrypt, a platform I’ve been using since its official launch in 2016. As a background, in the early days of Let’s Encrypt, securing sites with ssl/tls required cron jobs and other manually configured automation. HostMantis’ solution is integrated in a button.
I would strongly recommend avoiding any hosting providers that do not provide free SSL.
3. Performance and Reliability
PageSpeed Insights
PageSpeed has remained exceptional throughout my tenure with HostMantis. Seeing a 97 on a site makes there not much else to report!
Uptime has been excellent. I test uptime with a test of whether the opening page opens, tested every five minutes. Over the course of two years, according to Uptime Robot, my primary site has experienced four incidents of downtime totaling 8 hours.
Downtime incidents
However, I was not able to corroborate this data point. At each of the downtime reports, by the time I tried to manually test the sites, they were all active again. It may have been an issue with Uptime Robot, not saying it was, but I am not able to assign “real” downtime to HostMantis.
Response times
The UpTime Robot response times are not nearly as stellar as the PageSpeed Insights. I’ll have to defer here to others who may be able to “make this make sense”. If you happen to understand where the discrepancy between the two exists please get in touch with me.
4. Customer Support: Always There When You Need Them
Every one of the minimal tickets that I’ve created has been answered in timely fashion, definitely nothing but admiration for the team.
Pricing and Value
HostMantis does not come cheap, but the uptime and reliability value is baked into the cost.
5. Overall Experience: A Highly Recommended Hosting Company
Considering the excellent performance I’ve experienced from this company, based on my experience over the last few years, I would fully recommend HostMantis as a web hosting company.
HostMantis is a web hosting company that has been providing reliable and affordable hosting services since 2014. They offer a range of hosting solutions, including shared hosting, reseller hosting, VPS hosting, and dedicated servers.
One of the standout features of HostMantis is their excellent uptime guarantee. They promise 99.9% uptime, and many users report that their sites are up and running smoothly without any issues.
HostMantis also offers fast and responsive customer support. They have a support team available 24/7, and users can contact them via live chat, phone, or support ticket. Many users report that the support team is knowledgeable and helpful, and they always go the extra mile to solve any issues that arise.
Another great thing about HostMantis is their user-friendly control panel. The cPanel interface makes it easy to manage your website, set up email accounts, and install popular applications like WordPress.
HostMantis also provides a range of security features to keep your site safe from cyber threats. They offer free SSL certificates, daily backups, and malware scanning and removal.
Configuring a new host is meaningfully time consuming. Do the right thing today, and there should be smooth sailing tomorrow.
HostMantis proved extremely efficient at setup and installation. Website installation through ftp was flawless, and there was sufficient compute site services to perform the unpacking and installation of WordPress zip files.
I did not use the service, but HostMantis offers free website migration services for customers who want to transfer their website from another hosting provider. Their migration team handles the entire process, including transferring files, databases, and DNS settings, making it easy for website owners to switch to HostMantis without any hassle.
Uptime testing
Uptime guarantees are a contractual Service Level Agreement. In these agreements, the vendor will promise to compensate the buyer if uptimes are not adequately provided. The problem is, you as a consumer usually aren’t interested in uptime guarantees, you are interested in uptime for your customers.
Say you own a restaurant. You’ve contracted with a company to provide “99% uptime guarantee, or we will refund your entire month of service!” Well, that sounds good, if they experience less than 99% uptime, you will be refunded the $100/month service fee they charged you. But how is this going to affect your company? 99% uptime is 8 hours downtime per month. This means your restaurant could experience two four hour downtimes during the most busy days you have, and they’ve met their contractual obligation. How is that going to work out for you? What are your business continuity plans for the eight hours of downtime? Even worse, if they exceed the 8 hours, their only obligation is going to be the $100 fee they’ve charged you.
Testing process
We will be testing HostMantis uptime over the next two years, and report back to you on findings.
Testing the uptime guarantee of a web hosting service can be a tricky and time-consuming task, but it is an essential aspect to consider before choosing a hosting provider. The uptime guarantee is the percentage of time that a web hosting service promises to keep your website up and running without any interruptions. Most reputable web hosting providers offer an uptime guarantee of at least 99.9%.
To test the uptime guarantee, you need to monitor your website’s uptime continuously over a period of time using a reliable monitoring tool. These tools check your website’s availability at regular intervals and alert you if it goes down. Some popular monitoring tools include Pingdom, Uptime Robot, and StatusCake.
When monitoring your website’s uptime, you should set up alerts for downtime and track the uptime percentage over time. This will give you an idea of how often your website experiences downtime and whether it meets the uptime guarantee promised by your hosting provider.
It’s important to keep in mind that downtime can be caused by factors outside the hosting provider’s control, such as internet outages or server maintenance. However, if your website experiences downtime frequently or for extended periods, it may be a sign of poor server performance or inadequate resources, and you may need to consider switching to a more reliable hosting provider.
HostMantis uptime results
Testing after two years was unexpected and impressive. Two different uptime monitors were used through the two years of hosting through HostMantis.
The results were that HostMantis provided 100% uptime through the terms of service.
Security is critical to success
Web site security is critical to success. Whether you are running a multinational corporation, or a home based business, web security is going to be reviewed by your customers.
TLS/SSL (Secure Sockets Layer) is an essential technology for securing online communications and protecting sensitive information on the internet. SSL is a protocol that establishes a secure, encrypted connection between a website and a user’s browser. This encryption ensures that any data transmitted between the user’s browser and the website is protected from being intercepted by hackers or other malicious actors.
The importance of SSL cannot be overstated, especially in today’s digital age, where online security threats are becoming more prevalent and sophisticated. Without SSL, sensitive information such as login credentials, credit card numbers, and personal data are vulnerable to interception, which can lead to identity theft, fraud, and other security breaches.
In addition to protecting sensitive information, SSL also provides website visitors with assurance that the website they are visiting is legitimate and trustworthy. SSL certificates are issued by trusted Certificate Authorities (CAs), who verify the identity of the website owner and ensure that the SSL certificate is legitimate. This verification process gives website visitors confidence that the website they are visiting is not a phishing site or a fraudulent site impersonating a legitimate website.
Having an SSL certificate is also important for search engine optimization (SEO). In 2014, Google announced that SSL was a ranking factor in their search algorithm. This means that websites with SSL certificates are more likely to rank higher in search engine results pages (SERPs) than websites without SSL certificates.
HostMantis SSL included
HostMantis provides an excellent SSL (Secure Sockets Layer) certificate service that offers reliable and secure encryption for websites. SSL certificates are essential for protecting sensitive information such as login credentials, credit card numbers, and personal data from being intercepted by hackers or other malicious actors.
HostMantis offers free SSL certificates for all of their hosting plans, which is a significant benefit for website owners who want to secure their website without incurring additional costs. Their SSL certificates are issued by Let’s Encrypt, a well-known and respected certificate authority, which ensures that your website’s encryption is both secure and reliable.
HostMantis SSL certificates are easy to install and integrate with your website. They offer a range of SSL certificate types, including Domain Validated (DV), Extended Validation (EV), and Wildcard certificates, depending on your website’s needs.
Stress testing
Stress testing is an essential part of web development and website maintenance. It involves simulating heavy traffic and high user loads on a website to evaluate its performance under extreme conditions. The purpose of stress testing is to identify potential bottlenecks and weaknesses in the website’s infrastructure before it goes live.
To perform a stress test, a testing tool or software is used to simulate large volumes of traffic to a website. The tool sends multiple requests to the website, emulating the behavior of a large number of users accessing the website simultaneously. The requests are designed to simulate a range of user actions, such as loading pages, submitting forms, and downloading files.
During the stress test, website performance metrics such as response time, CPU usage, memory usage, and server load are monitored and measured. These metrics help identify any potential bottlenecks or performance issues that may arise under heavy user loads.
Once the stress test is complete, the data collected is analyzed to identify any areas of weakness or performance issues. These issues can then be addressed through optimization and performance tuning to ensure that the website can handle high traffic loads without experiencing downtime or slow performance.
Stress testing is particularly important for websites that experience high volumes of traffic or that are critical to business operations. By identifying and addressing performance issues before they occur, website owners can ensure that their website remains available and responsive even under extreme conditions.
HostMantis stress testing
HostMantis is an exceptional web hosting provider that delivers reliable and efficient web hosting services. Their commitment to performance and stability is evident in their ability to handle stress testing for up to 1000 users.
A recent stress test on a website hosted by HostMantis demonstrated exceptional performance under extreme traffic loads. Throughout the test, the website remained stable and responsive with minimal slowdowns or errors.
HostMantis’ proactive approach to performance optimization was noteworthy. They provided detailed performance metrics and optimization recommendations that helped fine-tune the website for optimal performance under heavy user loads.
Customer support
Customer support cannot be overstated. You don’t need them… until you need them. It is like the fire department. Do you think about the fire department when you are driving to work or having dinner with your family? Probably not. You only think about them… when you need them.
No different than customer support in web hosting. Customer support is a critical aspect of any web hosting provider, and HostMantis sets a high standard in this area. Their commitment to customer satisfaction is evident in their comprehensive and responsive customer support. The support team is available 24/7 via live chat, phone, or ticketing system and is highly knowledgeable and professional. Their technical expertise and willingness to go the extra mile to resolve customer issues promptly are impressive.
As a customer, it is reassuring to know that any issues or questions can be addressed promptly and efficiently. HostMantis’ customer support provides a seamless and stress-free hosting experience, ensuring that any concerns or problems are resolved quickly and effectively.
The importance of customer support cannot be overstated, and HostMantis delivered exceptional customer support that prioritizes customer satisfaction. Their commitment to providing a reliable and stress-free web hosting experience is evident in their comprehensive and responsive customer support.
Concluding remarks
So far, HostMantis has proven to be an effective and efficient web hosting company. Continued monitoring and testing over the next months and years will be reported. If you have any particular concerns or questions about HostMantis, feel free to send me a note. Otherwise, stay tuned to this channel for more information as it evolves!
Searching for a photo of the Empire State Building from a plane? A whale breaching the surface of the ocean? It is often difficult to take your own “perfect” photo for your posts. And you can’t just “take” an image from someone else’s web site — or you’ll potentially face a DMCA takedown notice and demand letter.
So what do you do?
Well, for starters, always document where you find your images! And second, whenever reasonably possible (which is almost always!), find images that are identified as sharable, public domain, and no attribution required. Why no attribution? For sure, you should provide attribution! But when attribution is required, there are potentially difficult ways in which the documentation has to be referenced. I’m all for attribution, but don’t make it difficult.
Here’s a collection of web sites that provide free photos, videos, images, and other media. But be careful! Some of the sites also have “paid” offerings that are mixed with the free ones.
Be careful with Pixabay though. There are “sponsored links” and otherwise non allowed photos. Follow the download rules and you’ll be fine, but make sure the photos that you are downloading are actually the “free” photos promised.
Pixabay “sponsored link” photos — be careful about the downloads!
Pros and cons
+ Great free photos
– There are “sponsored links”. Make certain that you are downloading an official “free” image.
The photos are of excellent quality, beautiful images and are free for any purpose. You just should not appropriate the authorship of the photo. They have an open license, that is, they are for public use. That is, for personal, commercial use, modify and distribute without permission. Totally recommendable. Your email will not be required.
They have a universal license, that is, an open license to copy, distribute, modify, work commercially without having to ask for permission to do so. The logical thing is that you do not credit yourself because this would be wrong, I say very wrong. His gallery is small but what you will find there is of very good quality and very beautiful.
The photos are of excellent quality, beautiful images and are free for any purpose. You just should not appropriate the authorship of the photo. Recommended although its gallery is quite limited. To download an image you must accept the terms and conditions agreement which is extremely short and easy to understand.
This portal is very, very good. Photos of excellent quality, very beautiful. You download the photo without giving data or anything for the summer. It also has a lovely premium section. It is in a word great. I loved this portal. They do not have a CC0 license, so I recommend you read beforehand about what you can do and what you should not do with these images.
This portal is the best of all this group to which I have made my evaluation. It is spectacular. Yes, its free. Your data will not be required and the photos are of the highest quality. The gallery is great and you can also use it on your blogs or commercially, edit them, copy them. They will invite you to do an accreditation to the author but it is not mandatory at all. It is phenomenal. The gallery is immense and it is one of the most recognized portals of free images of high definition and excellent quality. Highly recommended.
Just avoid these
In my experience, these sites do not provide free artifacts. In my opinion, just avoid them. This is only my opinion.
(avoid) bigstockphoto . com
This is not a free photos portal, you must pay to get them without a watermark. You must leave your email and card details to access a 7-day free sample. The standard license has countless clauses. The photos are beautiful but expensive.
(avoid) freefoto . com
Some are free but I particularly think they don’t have a nice variety of photos. You must leave your email and accept an agreement so that you can download the photo. Many rules. In addition, it is mandatory that you prove authorship and place the link where the photo is on the portal or the home link of freefoto.com. Very complicated for the user.
(avoid) classroomclipart . com
You will not find free images on this portal. You can download them for free but will have the watermark. I wonder, what is it for?
Your website is a huge part of your identity. When it comes to protecting your identity, is there ever enough security? Well, it depends.
This article is going to explain how to add a host hardening layer of protection by password protecting the WordPress login script, the “wp-login.php” file — all for free.
To better understand the task at hand, “wp-login.php” is a special login script associated with logging into WordPress. A brute force “password knowledge” attack is going to start by navigating to “www.yourdomain.com/wp-login.php”. Once there, the attacker will have the option of logging directly into your WordPress host.
As with any lock, the goal here is to make it just a little more difficult for the attacker. In this case, we’ll password protect the WordPress php login script itself. In this way, the attacker will have to circumvent the file system’s password protection before even being presented the opportunity of circumventing wp-login. It is just yet another step to reduce the number of driveby attacks.
Here are the steps to wrapping wp-login.php with file system protection:
1. Update .htpasswd file
The .htpasswd file is the password repository. For those familiar with Unix based systems, it is similar in structure to the old school /etc/passwd file, with each line affiliated with a single user. Here’s the process to create or update the .htpasswd file.
a. Identify base location for .htpasswd file
This is a rather simple but vital step. You can use a tool to identify the .htaccess base location. Place the following code in a php file (such as “path.php“) in the directory structure wherever .htaccess should be placed.
<?php
$dir = dirname(__FILE__); # NOTE double underscores on either side of FILE
echo "<p>Path to this directory: " . $dir . "</p>";
echo "<p>Path to .htpasswd file: " . $dir . "/.htpasswd" . "</p>";
?>
Then execute the php code from a web browser like Chrome:
https://www.<sitename>.com/path.php
The output will resemble
Path to this directory: /home/<sitename>/public_html
Path to .htpasswd file: /home/<sitename>/public_html/.htpasswd
b. Create .htpasswd file
There are many options available on the internet or even downloadable applications. You might need to google “htpasswd generator”. Here is one option: http://www.htaccesstools.com/htpasswd-generator/
Create at least one username and password pair. I’ve used “special-username” as my login name. The file is going to look something like this:
This article is going to help you change the built in WordPress 2019 Gutenberg Featured Image shading.
“I say there is no darkness but ignorance.”
William Shakespeare, Twelfth Night
William Shakespeare warned us that there is no darkness but ignorance. Applying the quote to this blog post, there are two darknesses — ignorance, and also the darkness that envelops the Featured Image on the newly released Twenty Nineteen theme!
Darkened and Color Enhanced by default Featured Image
Introduction
As many of my colleagues followed suit, I was excited with the most recent WordPress offering! I quickly update to WordPress 5.x, and Gutenberg blocks, and Twenty Nineteen … and bam, gosh I do not like those darkened Featured Images! While I am sure it is just that I am not yet used to them, this Darkness Factor must go! Another reason is that I have folks complaining because they didn’t ask for this “new shading” darkness, it just showed up.
In this article I’m going to show you the easy way to get rid of those colored Featured Images. Stick with me, it is just a few steps.
Before we start, let me mention there is some amount of controversy over changing this darkening behavior. The reason for the default darkening behavior has to do with contrast, and making sure the text on your main page shows up adequately. After you have completed this task, make sure your text shows up reasonably well.
In my opinion, it is always good to have options. As you get more familiar with the 2019 theme, you may even want to change the behavior back to default. It is easy enough to do. Enough said, here is how to updated the WordPress 2019 Featured Image default color enhancement.
There are only two configuration items to make all this happen. The first is to turn off the 2019 Filter. The second is to add CSS to remove shading.
1. Log in as Administrator
Login to WordPress as Administrator
First thing you’ll have to do is log in as Administrator. If you’ve read my blog post on Security, I’ll expect that the username is NOT admin! 🙂
You actually don’t have to be Admin, you just have to have the ability to change the Appearances section of WordPress.
2. Disable 2019 filter
The first step is to disable the filter.
Go to Customizer
WordPress menu – Appearance > Customize
Click through to the 2019 Theme Customizer.
Go to Colors
Active Theme 2019 > Colors
Click through to the Colors menu.
Disable Filter
Colors Primary Color Default & Disable Filter
Uncheck “Apply a filter to featured images using the primary color”.
While you change the default, keep a note of this option! You might even consider dabbling in the Custom Color area just to get a better understanding of what this option accomplishes.
Before you continue with the next step you should go check your Featured Image. It might be to your liking! Here is what mine looked like.
Darkened but not color enhanced Featured Image
3. Add nobackground CSS
The second step is to update the CSS.
Open the Additional CSS editor
WordPress 2019 Theme Additional CSS editor
We’ll be adding a little code to the CSS editor here. CSS editing in WordPress is not complicated, so don’t get worried!
On the Twenty Nineteen theme Customizer page, there is a link to “Additional CSS”. This allows you to modify CSS attributes in a controlled environment. If anything goes wrong, you can just go right back into this area and delete any customizations. The rest of CSS will remain intact! This “Additional CSS” area basically adds to and overwrites any competing CSS attributes.
Add featured image CSS
Additional CSS editor
In the Additional CSS Editor, add the following CSS
Let me ask an honest question. Would you rather be doing business with “bobrx153@hotmail.com” or “bob@randolf.com” ? Which one looks more professional? Which one looks more trustworthy?
WordPress is an incredible Content Management System — and it is free! WordPress off the shelf is just that — a content management system. The best part of WordPress is that it is extensible.
This post is a part of the WordPress Plugins discussion threads and focuses on Plugins that increase the Security of your WordPress site. Just as with all WordPress Plugin recommendations, only “free” Plugins will be considered.
First, a definition for this very important section. Security is protecting the Confidentiality, Integrity, and Availability of a system. We’ll be examining WordPress Plugins that help to achieve:
Confidentiality: Protecting information so as it is only available to those who have permission to know. Protecting information against observation from every other user.
Integrity: Does it relate to hackers defacing a web site? Can it look like one person is posting, when in fact someone else is posting? Can attribution of the information change? Are there controls in place to confirm the identity of the person interacting with the web site?
Availability: Is the information protected against System outages? Is the data available within an allowable speed constraint?
This article is part of the WordPress collection. The article details how to configure and install Mailjet on your WordPress instance. The procedure will be similar if you decide to use a different outbound mail relay.
Have you notice that WordPress saves post revisions for you? It is a great feature. Try it out yourself. Edit a post, click “Update”, and voila, you have Post Revisions.
Most of us are familiar with files, directories, and subdirectories. In the art of computer science, directories are a way to organize files into a meaningful hierarchy. WordPress relies on hierarchical file systems to organize the thousands of required files in a WordPress instance.
History lesson! Hierarchical file systems were introduced in Microsoft’s world with DOS 2.0!
When installing WordPress, it is reasonable to place the installation itself into a subdirectory instead of in the primary web accessible directory (often called “./public_html/”). It is easier to manage the WordPress installation if installed in a simple subdirectory such as “/wp/”. Ease of maintenance is especially important when you are faced with something as drastic as a reinstallation. It is also just a whole lot cleaner, and you can even install multiple WordPress instances on your domain this way.
Managing multiple WordPress sites is no easy task. While managing a single WordPress site in itself can seem difficult at times, managing many WordPress sites concurrently requires keeping track of multiple security updates, different Plug-In updates, Theme updates, backups, usernames and credentials, and Firewall settings.
Fortunately, this is a common problem for many WordPress managers. Why is this fortunate? Because you don’t have to reinvent anything! But you will have to work through the slew of management platforms that exist. This article is here to help you identify the best WordPress management platform for all your sites.
Before exploring the opportunity of managing your own WordPress site instances, hiring someone else to manage the sites should be considered.
This option is simply to pay someone else to manage all your WordPress instances. This obviously doesn’t meet the “free” criteria, but paying someone to manage your sites should be seriously considered.
If you don’t have the time, then this is the option for you. There are quite a few vendors available to manage your WordPress site, well beyond the scope of this document. Managed WordPress should be considered if you are not sure how to manage your own site, or you don’t have the time to reasonably manage your site. Send me a note if you decide to hire out WordPress management.
1. Success criteria
“The best is the enemy of the good”
Voltaire
As we get into reviewing the options, it is going to quickly become apparent that finding the “best” platform is difficult at best. Lowering one’s expectation to “the good enough” is one of the more important exercises as we search through the hundreds of available WordPress management platforms.
The following are the requirements and criteria for success.
Free
Must be free. At least the basic offering must be free. This article is going to focus on the “free” part of the offering, and judge usefulness based only on that free part.
Site count limits
Some of the central management platforms are going to limit the number of sites that can be managed. It is important to know the limits in place as you begin using the toolsets.
User management
User management is an important part of WordPress, and is an important part of centralized management.
Installations & updates
Updating Plugins, Themes, and Core files are critical to WordPress security. Centralizing these tasks allows more timely update management.
Uptime monitoring
It is important to know when your site is not available.
Performance checks
Uptime is only a part of the user experience. Performance checks validate performance usability for your sites.
Multiple managers
As your sitebase grows, there will come a time when you need to have more than one person managing the collection of sites. Some platforms allow this with unique usernames assigned to each manager. It is generally a bad idea to share credentials between multiple users.
Multi factor authentication
That is, multi factor security (MFA/2FA) to log into the central management system. Multi factor is important to prevent the management system itself from being a critical admin level security vulnerability.
2. The candidates
As mentioned, there are hundreds of options available when it comes to centralized WordPress management. Here we’ll cover some of the more popular options that are common in the industry.
Recommended: MainWP
MainWP at first looks like a paid site, but quickly you’ll find that it is a FREE solution with many free options available.
MainWP Free Feature List
This is self hosted and open source, hosted on your private WordPress instance. It isn’t a third party cloud solution. MainWP is actually hosted on your own WordPress. This means that you control the platform security.
MainWP – Self hosted, Open source, Private
Understand that the domain under which MainWP will be running is the master key to all of your sites. The particular WordPress instance controls all of your other sites. In this, I recommend the following:
Minimize the vulnerability footprint
Purchase a brand new URL for this domain
Host no other utility, no other sites, no anything on this domain other than MainWP. Every additional site
Do not install any PlugIns that are not absolutely necessary. PlugIns increase the vulnerability landscape and generally make the site less secure.
Lockdown
Lock down the instance as much as practical
Harden the host
Enforce multi factor authentication for all users
Alerts
Create login alerts for all users — when anyone logs into the site, you need to know about it
With those recommendations you’ll be in a better position to protect all of your sites. Centralized management will also enhance your site security by allowing central control of updates and other management tasks.
Runner up: ManageWP
ManageWP is a popular centralized management platform. The free tier allows unlimited sites, but there are limits to what is “free”.
Example Freemium option in ManageWP
Getting started with ManageWP is a breeze, but you will encounter “freemium” options quickly.
For a very long time I was using ManageWP. It is great! Software as a service tool, no installation required, everything is cloud based. But, there are significant limitations. At least for the free version, you could not have multiple users managing the collection of web sites. This is a problem if you have a few people on your staff that rotate duties. But the worst part of the toolset is that it is cloud based in someone else’s cloud. If the site is compromised, I may or may not find out about it in a timely manner, and anyone who captured my credentials on the main page would then have control of all of the WordPress sites in my control. This had been a difficult pill to swallow.
Consideration: Jetpack Manage
You likely already have JetPack installed on your website, why not use JetPack to manage WordPress? Installation is automatic, JetPack Manage comes with the installation.
The features are a little more difficult to control across the collective of managed web sites. For example, adding a user across all web sites is a manual step to add a user to each of the websites sequentially. That said, it is free.
Not recommended: InfiniteWP
InfiniteWP is unique in this bunch in that it is not a Cloud offering. InfiniteWP is a program that you download and host on your own servers.
However, the free offering is quite limited. Considering the complexity of having to stand up your own server and the limited features in the free offering, I’ve personally skipped the install.
InfiniteWP — limited free offering
Just say no: Maekit (formerly WP Remote)
As you start looking at management options, WP Remote will come up as a friendly platform. Formerly WP Remote, the toolset is now marketed under the Maekit moniker. As of this writing, the Helper Plugin hasn’t been updated in more than a year. As such, this platform cannot be recommended at all.
WP Remote maekit — no updates in over a year
Just say no: CMS Commander
The first thing I noticed is that CMS Commander lands on a “not secure” URL. Being security minded, I did a double check on that, and sure enough the site is not HTTPS.
But even more important to this study, CMS Commander limits the free offering to only 30 days. Just say no.
CMS Commander … is not free
Just say no: iControlWP
Remaining with our mandated Free Only offerings, iControlWP does not meet that demand. Recommendation is to keep looking.
iControlWP is not free
Just say no: WPPipeline
The first thing I noticed about WP Pipeline is that it looked like a website I built back in the 1990s. It appears to not have a free offering, so it does not meet the minimum requirements of our review.
WP Pipeline —
3. Recommendations
I’ve used several of the tools listed in this article. One thing for sure, there are many great tools available.
MainWP came under review while investigating the toolsets this year and writing this paper. I tested MainWP on a few sites and appreciated the suite. More importantly though, MainWP is hosted on WordPress itself, and on your own instance of WordPress that you control and you protect. It can be locally hosted on your local server, or cloud hosted on your own server, or hosted on any WordPress instance.
After a few weeks of testing, I expanded the test to include a couple of dozen sites. So far, I’ve found the MainWP system to be exceptional. The toolset itself is free, meeting the requirements set forth in this article. The company makes money when you need special PlugIns and feature sets.
With all that said, in my experience you are unlikely to go wrong with using MainWP.
4. References
“Manage all your WordPress sites with the MainWP Dashboard”, https://mainwp.com/
