Security - ManageWP

ManageWP was developed with security in mind. No sensitive information about your sites is stored on the ManageWP server and you are never required to enter a password for any of your blogs. All operations are performed on your blogs directly as if you were logged into them. This is possible due to the Worker plugin installed on your sites. The installation process requires special care to ensure your sites are secure.

Once the Worker plugin is installed and activated make sure to add the site to your ManageWP account to close the loop. Otherwise, you run a risk of somebody else adding it to their account. If you aren’t ready to add the site through the ManageWP dashboard then deactivate the plugin until you are. Once the plugin is activated a warning message appears through your site’s admin interface until the site is added to your ManageWP account.

You can read a full blog post on How ManageWP handles security. Or read on for some technical details.

ManageWP communicates with the worker plugin through the OpenSSL implementation of the SSL communication protocol using encryption with private and public keys. When this is available you will see a label saying “This site uses SSL signed communication” when you open the site options in ManageWP .

If you do not have OpenSSL installed you can ask your ISP to enable it or check how can you enable OpenSSL support in PHP.

If OpenSSL is not available on your site, ManageWP will automatically fall-back to our own encrypted protocol. If you later wish to upgrade to SSL signed protocol, enable it on your server and simply re-add the site to your dashboard.