Security should be a huge priority for any blogger. Awareness is possibly at an all time high for WordPress users, following the recent TimThumb security breach and WordPress.org repository hack (covered in our recent article).
We recognize the importance of security here at ManageWP, and have gone to great lengths to ensure that our platform is extremely well protected.
Think of your website’s data as the core of an onion. In order for any hacker to gain access to your data, they have to punch through several layers of security (like the layers of an onion). At ManageWP, we are constantly working towards strengthening those layers.
Let’s take a closer look at how ManageWP functions.
Your ManageWP Dashboard
Our data is stored in two datacenters, with the primary center located in the USA and the secondary center in Germany. All data is replicated in real-time, which enables us us to quickly switch in the event of emergency.
We use secure (SSL) login capability only, which is the industry standard for secure logins. If you require further security, we provide the option to limit logins to your account to specific IP address (or a range of addresses). You can find this in your Settings, under Advanced Settings.
Beyond that we added yet another layer of security with what is known as two-factor authentication. This requires you to enter a code sent to your mobile via an SMS message during login.
Your Site and ManageWP
One of our basic principles is “the less data we keep, the better passive security is.” To put it in a more straightforward fashion, we will never ask for your sites’ passwords.
Access to your site is governed by the ManageWP Worker plugin that you install directly onto your blog. When you install and activate the plugin, you must immediately link your site using the ManageWP dashboard. If you do not, another user could theoretically link to your site (although in reality, the likelihood of that occurring is absolutely miniscule). If you are not ready to link your site, just deactivate the plugin.
For those amongst you who are technically minded, communication between ManageWP and your sites is handled by OpenSSL signed protocol. We dumped the XML-RPC implemented in WordPress by default due to its vulnerability to traffic sniffing (i.e. it is inherently insecure). Instead, we use OpenSSL signed communication, which makes it nearly impossible for a hacker to fake any of the messages sent by ManageWP.
Backups
Backing up is something that often evades even the most well-intentioned bloggers, usually because it is a less than straightforward process. But with ManageWP, you can set up scheduled backups to Amazon S3, Dropbox, your own server, any external FTP or an email address for all of your blogs with just a few clicks.
Although the process is very simple, there are more powerful options for those who wish to customize their backup procedure, which we will cover in one of our upcoming articles.
You’re In Safe Hands
As you may have gathered by now, we treat the issue of security very seriously, and are constantly endeavoring to ensure that your sites are very well protected.
If you have any questions, please fire away in the comments section below!
Photo Credit: Gritty City Girl
Sudeep Acharya
Any tutorial how to backup and restore the same into different host.
nestievillanueva
Hi, i installed and activate your plug in , in my site , you said here that “To put it in a more straightforward fashion, we will never ask for your sites’ passwords” , but to connect from managewp site to my website you ask for my administrator username and password? is my credential safe
Nemanja Aleksic
This is for your convenience only. There are two ways you could add a website:
1) Install and activate the ManageWP Worker plugin. You can then add the website o ManageWP without entering the administrator credentials
2) Let us install and activate the Worker plugin for you. The username and password are only used for this, and they are not stored on our end. This is optional, and much quicker than the first option.
سایت پروژه
Hi
ManageWP seems really awesome!
Ankur
I don’t comprehend this some piece of the email you connected to:
“This implies that by dealing with your destinations through ManageWP you are not presented to Heartbleed helplessness while dealing with your locales regardless of the fact that your facilitating server or site is not fixed.”
In the event that ManageWP servers unite with the specialist plugin on my server by means of OpenSSL then isn’t the general purpose of the Heartbleed issue that that whole trade of information was powerless and that an aggressor could imitate the ManageWP server?
In the event that this was a couple of hours of helplessness, then I could see it being a try to race to make sense of the ManageWP woker code and compose a hack (perhaps not a trouble –I don’t know how simple it is for a talented programmer). Notwithstanding, it being a couple of YEARS of vulneraibility, that does give a programmer a ton of time to make sense of everything.
Correspondingly, the information being copied on two landmasses — well, how is that information shared between the servers? Safely by means of OpenSSL?
It appears that this is the entire unnerving issue with Heartbleed is that everything is conceivably traded off and possibly has been for quite a while. Any safe OpenSSL transmission of information, wasn’t really secure. That is my best comprehension of Heartbleed right now.
Not pointing the finger at ManageWP or anything like that. This is an enormous overall issue. Nonetheless, I am attempting to comprehend the extent of it and I feel that platitude it’s not an issue without clarifying how that could be is misaddressing the i
rosh hashanah
Indeed a truly spoken article, i also upgraded to this platform with OpenSSL security version and hoping for a significant response.
ManageWP
Hi,
ManageWP sends encrypted and hashed messages from ManageWP.com to the Worker plugin and all these can only be accepted from our servers and are one-use only – so even if someone would decrypt the whole message he would not be able to use it again.
To insure this we use a nonce based system. You can read more about nonce here http://en.wikipedia.org/wiki/Cryptographic_nonce
Nonce is made invalid after the Worker accepts the message so it can only be used once.
We will create a blog post about how our security works in this regard, but that will take some time.
Passwords are not saved on our end and are not transmitting them during our communication with the Worker plugin on your site.
Also, as mentioned, ManageWP.com never ran any of the affected OpenSSL versions. OpenSSL on ManageWP.com prior to discovery of Heartbleed bug was older then affected OpenSSL versions.
Best regards,
Ivan Bjelajac
Chief Operations Officer
ManageWP.com
Eric Shefferman
@intriguingnw
I do not understand this part of the email you linked to:
“This means that by managing your sites through ManageWP you are not exposed to Heartbleed vulnerability while managing your sites even if your hosting server or website is not patched.”
If ManageWP servers connect to the worker plugin on my server via OpenSSL then isn’t the whole point of the Heartbleed issue that that entire exchange of data was vulnerable and that an attacker could impersonate the ManageWP server?
If this was a few hours of vulnerability, then I could see it being a bother to rush to figure out the ManageWP woker code and write a hack (maybe not a bother –I don’t know how easy it is for a skilled hacker). However, it being a few YEARS of vulneraibility, that does give a hacker a lot of time to figure it all out.
Similarly, the data being duplicated on two continents — well, how is that data shared between the servers? Securely via OpenSSL?
It seems that this is the whole scary issue with Heartbleed is that everything is potentially compromised and potentially has been for a very long time. Any secure OpenSSL transmission of data, wasn’t actually secure. That is my best understanding of Heartbleed at the moment.
Not blaming ManageWP or anything like that. This is a huge worldwide problem. However, I am trying to understand the scope of it and I think that saying it’s not a problem without explaining how that could possibly be is misaddressing the issue.
ManageWP
Hi Eric,
You have a very good point, however ManageWP communication with the Worker plugin is made in such a way that even if an attacker would get a hold of the message sent from ManageWP to the Worker plugin he would not be able to re-use it.
As far as logging in to ManageWP.com – we used an older version of OpenSSL then the affected versions so it was never compromised.
Best regards,
Ivan Bjelajac
Chief Operations Officer,
ManageWP.com
intriguingnw
Someonee asked about Heartbleed, ot sure if this is public but ManageWP have given their OpenSSL implementation mentioned in the post the all clear and we do have to remember folks that they don’t use xmlrpc for good reasons too, nothings perfect…or invincible but would you rather try ad battle all this on your own without Opensource? Not me. http://us5.campaign-archive1.com/?u=05e8c30921fa419d01d3561c8&id=200147fab7&e=24a831a984
AndyBeard
I would also be concerned with changing any authorization tokens used between ManageWP and client blogs.
ManageWP
Hi Andy,
ManageWP.com itself was never affected by this issue.
As stated, all of these are one use only so you should not be worried even if your hosting provider did not update OpenSSL.
Passwords are not stored or sent via ManageWP and all messages are signed with a nonce so even if an attacker would be able to intercept the communication he would not be able to use it.
Canton
Regarding “Heartbleed”:
Can you confirm please:
1) As of today, are the managewp.com servers running a secure version of openssl?
2) Before this week, were any of the managewp.com servers running a vulnerable version of openssl?
If the answers to these questions are both “yes”, then it makes sense for all of us to change our manage WP passwords right away since there’s no way of knowing whether or not these were exploited anytime in the past two years.
intriguingnw
See here Canton http://us5.campaign-archive1.com/?u=05e8c30921fa419d01d3561c8&id=200147fab7&e=24a831a984
Jim Walker
I think I can clarify some of this Heartbleed discussion as well. I wrote an article on the subject to help explain a few things about this OpenSSL bug, http://hackrepair.com/heartbleed-openssl-hackers-server-patching-mania
That said, it appears the ManageWP folks have done a bang up good job in closing this “potential” exploit. So we can move on to more positive subjects now…
ManageWP
Hi Canton,
Yes, we have patched our servers, but no ManageWP.com server ever ran an affected OpenSSL version.
Scott
I’m sorry, this doesn’t really address the most important questions on my mind. When I log in to the ManageWP dashboard, I *do* enter a password and that exchange is conducted over a TLS encrypted connection. The relevant questions to answer is do you use OpenSSL to conduct that login, and have you patched?
If you use OpenSSL to conduct the login to ManageWP dashboard and you are not advising everyone who uses this service to change their passwords, why not? What is different in the infrastructure here that makes it so I can disregard the standard advice I am hearing?
ManageWP
Hi,
ManageWP sends encrypted and hashed messages from ManageWP.com to the Worker plugin and all these can only be accepted from our servers and are one-use only – so even if someone would decrypt the whole message he would not be able to use it again.
To insure this we use a nonce based system. You can read more about nonce here http://en.wikipedia.org/wiki/Cryptographic_nonce
Nonce is made invalid after the Worker accepts the message so it can only be used once.
We will create a blog post about how our security works in this regard, but that will take some time.
Passwords are not saved on our end and are not transmitting them during our communication with the Worker plugin on your site.
Also, as mentioned, ManageWP.com never ran any of the affected OpenSSL versions. OpenSSL on ManageWP.com prior to discovery of Heartbleed bug was older then affected OpenSSL versions.
Best regards,
Ivan Bjelajac
Chief Operations Officer
ManageWP.com
Winterideen
Thx. And which Version i must buy for self-hosted and Dashboard on own Server?
ManageWP
That would be the Enterprise version. http://managewp.com/self-hosted
Winterideen
Does ManageWP run on my own server? Or on managewo.com?
Thx, good work guys!
ManageWP
The worker plugin works on your server, while the dashboard works on ours. You can also purchase the self-hosted so you have dashboard running on yours too.
rusola
So can the next post explain about restore? Both methods using your own hosting space and from Dropbox, as this seems to be for me more important, is how to get the back back! Thx
ManageWP
Sure that’s a good idea.
Samuel
So you have replicated data on 2 continents, great to know that! The SMS authentification is really the top of what web security can be, Google themself use that for their gmail and sensitive data.
Big thanks for the follow-up post, keep up the great work you’re doing with ManageWP 🙂