WordPress is the world’s most popular content management system. This makes it a popular target for attackers. We have developed a solution to protect you from unwelcome attacks.
With helloly’s exclusive WordPress Manager, you can protect and manage your WordPress installations conveniently, centrally and at no extra cost!
*Source: W3Techs.com
Table of contents
We present our WordPress Manager and show you how you can use it to manage multiple installations centrally, securely and conveniently.
What is the helloly WordPress Manager?
Keep track of your WordPress installations. Even if you only run one WordPress website. The helloly WordPress Manager is a relief in many areas. Always included – free of charge!
What the helloly WordPress Manager has to offer:
- A central management cockpit for all your WordPress installations.
- Perform updates centrally without having to log into each installation separately.
- A secure login to your WordPress installation. Without a password, with just one click.
- Install, update and manage themes and plugins centrally.
- Configure automated updates individually.
- Centralize essential WordPress settings.
- Create and manage new users.
- Set security measures centrally.
Where can I find the WordPress Manager?
You find the helloly WordPress Manager in the cPanel under Software in the helloly Auto Installer.
Open the helloly Auto Installer. You can find the WordPress Manager in the menu at the top right.
Centrally maintain WordPress installations
You can see all installations at a glance in the WordPress Manager.
Next to each installation you will find a login button. With one click, you can immediately access the installation. The user and password are stored in the WordPress Manager and do not need to be entered separately. This also makes it easier to use a separate, secure password for each installation.
You can also see whether an update is available for an installation. For each installation, you will find an icon which you can use to display additional settings.
Functions and settings in the detailed view:
Site Info
Here you can find the website URL and the site name of the website. Under Database Details you will find the Database Name, the Database User and the Database Host of the respective installation. One click on View Database will take you directly to the phpMyAdmin.
Configuration
Here you can see the installed WordPress version. If an upgrade is available, a blue button with the label Upgrade Now takes you directly to the upgrade settings.
Upgrade Now
Before you install an upgrade, it does not hurt to create a backup. Under Install Plugin(s) you will find common plugins that you can install at the same time if you wish. To perform the upgrade, click on Upgrade.
Auto Upgrade WordPress Core
You can select one of the following settings in the drop-down menu below:
- Do not Auto Upgrade (no upgrades are installed automatically)
- Upgrade to Minor versions only (only minor upgrades are installed automatically)
- Upgrade to latest version available (minor and major upgrades are installed automatically)
Auto Upgrade WordPress Plugins
If you wish, you can also update plugins automatically in the WordPress Manager.
Search Engine Visibility
Use this function to determine whether your website is indexed by search engines. If your website is under construction, it makes sense to deactivate this function.
WordPress Cron (wp-cron.php)
If this function is deactivated, the WordPress cron is deactivated and a cron job is installed that is executed twice an hour.
Debug Mode
Here you can activate the debug mode of WordPress.
Auto Upgrade WordPress Themes
If you wish, you can also update WordPress themes automatically in the WordPress Manager.
Install and manage plugins centrally
With the Manage Plugins function, you can install, activate, update and delete plugins without having to log into WordPress.
Especially if you want to roll out a plugin on several WordPress installations, it is useful to be able to do this centrally in one place.
Installed
Here you will find all plugins and the installed version. A symbol means that an update is available for this plugin. Click on it to install the update.
You can also see the current status (activated or deactivated) and have the option of deleting plugins directly.
Add Plugins
Search all plugins on wordpress.org and install the desired plugin with one click. The current version, rating and a link to the plugin are also displayed.
Upload Plugin
With the Manage Plugin feature, you can also upload plugins manually. If you check “Activate the plugin after upload”, the plugin will be activated immediately after uploading.
Install and Manage Themes centrally
With the Manage Themes function, you can install, activate, update and delete themes without having to go into WordPress.
Especially if you want to roll out a theme on several WordPress installations, it is useful to be able to do this centrally in one place.
Installed
Here you will find all themes and the installed version. A symbol means that an update is available for this theme. Click on it to install the update.
You can also see the current status (activated or deactivated) and have the option of deleting themes directly.
Add Themes / Upload Theme
Just like plugins, you can also search and install themes on wordpress.org or upload them manually (Upload Theme)
Set Security Measures
The Security Measures function allows security settings to be made centrally.
Basically, all security measures (All), only critical security measures (Critical and Recommended) or manually selected security measures (Choose manually) can be activated.
Change default administrator’s username
By default, the WordPress administrator is called “admin”. If you did not assign a different name during the installation, you cannot change it afterwards. This security function changes the name of the “admin” user to a random character string and thus protects against brute force attacks.
Restrict access to Files and Directories
If files and folders are assigned the wrong permissions, this can lead to unauthorized access. In this way, hackers can compromise your website. If you activate the security option “Restrict access to files and directories”, the authorization for wp-config.php is set to 0600, for other files to 0644 and for folders to 0755.
Block unauthorized access to xmlrpc.php
This option prevents unauthorized access to the xmlrpc.php file. Note: Individual directives in the .htaccess file can override this function.
Block access to .htaccess and .htpasswd
Access to .htaccess and .htpasswd files allows attackers to expose your website to a variety of exploits and vulnerabilities. This security option ensures that .htaccess and .htpasswd files are inaccessible to attackers.
Turn off pingbacks
Pingbacks allow other WordPress websites to automatically leave comments under your posts when these websites link to these posts. Pingbacks can be abused to use your website for DDoS attacks on other websites. This security option disables XML-RPC pingbacks for your entire website and also disables pingbacks for previously created posts with pingbacks enabled.
Disable file editing in WordPress Dashboard
The ability to edit files directly in the WordPress user interface is disabled. This option provides additional protection if one of the WordPress administrator accounts has been compromised. In particular, it prevents compromised accounts from easily inserting malicious executable code directly into plugin or theme files.
Block Author scans
“Author scans” search for usernames of registered users (especially WordPress administrators). They perform brute force attacks on the login page of your website to gain access. This security option prevents such scans from revealing usernames. Note: Depending on the permalink configuration on your website, this option may prevent visitors from accessing pages that list all articles written by a particular author.
Block directory browsing
If directory browsing is enabled, hackers can obtain various information about your website that could jeopardize its security. Directory browsing is normally disabled by default. However, if it is enabled, it will block this security option.
Forbid execution of PHP scripts in the wp-includes directory
There may be insecure PHP files in the wp-includes directory. If these are executed, a hacker could take over your website. This security option prevents the execution of PHP files in the wp-includes directory. Note: User-defined directives in the .htaccess files can override this.
This security option disables the chaining of scripts that are executed in the WordPress admin panel. This prevents your website from being affected by certain DoS attacks. Disabling script chaining may slightly affect the performance of the WordPress admin panel. Visitors should not be affected by this function.
Block access to sensitive files
This option prevents public access to certain files that may contain confidential information.
Enable bot protection
This option protects your website from useless, malicious or otherwise harmful bots. It blocks bots that scan your website for vulnerabilities. Or bots that overload your website with unwanted requests. Note: While you are using an online service that scans your website for vulnerabilities, you should temporarily disable this option. Such services also use bots.
Clone WordPress installation
You can use the Clone function to clone your entire WordPress installation. This means you always have a fully functional backup.
You can regularly clone your live system to a subdomain. In an emergency, you have your complete WordPress installation including database at hand. You can migrate this quickly and easily to your main domain. And you are online again.
Chose Installation URL
Select the protocol, (sub)domain and directory for your clone.
Database name
Select a free, descriptive name for the database, such as wp_clone. This way you will always know that it is the database of your clone.
Disable Search Engine Visibility
We recommend that you select this option. This means that your clone will not be crawled by Google. This will prevent both your live system and your clone from being indexed by Google.
Tip: Set directory protection for your clone. This will ensure that your website clone cannot be accessed from outside. You can set directory protection in the cPanel under Files / Data protection for folders.
Page name
Leave this field blank if you want the same page name for your clone.
Create staging copy
Staging allows you to further develop your WordPress website securely. A clone is created for this purpose. All changes to this clone can later be seamlessly migrated to the live system.
For the further development of your WordPress website, the staging function has a major advantage over a simple clone: once you have completed your work on the staging system, you can migrate only the customizations to the live system with a single click.
If you were to continue developing your website on a clone, you would have to migrate the entire website each time.
The big advantage of staging: comments and user interactions are retained 100%. When migrating a clone, the database is only ever as up-to-date as the clone itself.
Live INSTALLATION URL
The URL of your live system.
Choose Installation URL
Define a URL for your staging system.
Database Name
Choose a database name for your staging system.
DISABLE SEARCH ENGINE VISIBILITY
We recommend that you select this option. This means that your clone will not be crawled by Google. This will prevent both your live system and your clone from being indexed by Google.
Tip: Set directory protection for your clone. This will ensure that your website clone cannot be accessed from outside. You can set directory protection in the cPanel under Files / Data protection for folders.
PAGE NAME
Leave this field blank if you want the same page name for your clone.
Create and restore a backup
The backup function is ideal for the ongoing backup of your WordPress website. Together with a clone and a staging instance, you are perfectly equipped for all situations.
We recommend daily to weekly backups with the backup function. This protects you from minor complications, such as those that can arise from a faulty plugin.
We also recommend creating an up-to-date clone of your WordPress installation on a weekly to monthly basis. This will get you back online as quickly as possible in the event of major complications or attacks.
You use the staging copy as a sandbox for the further development of your website and for the targeted migration of new functions.
Save directory
Backs up the entire WordPress directory.
Save database
This option also backs up the database (recommended).
BackUp note
You can enter a short note for each backup here.
Restore allows you to restore an installation using a backup.
Each backup created is displayed in a separate line. If you move the mouse over the icon, the backup note is displayed.
You can also download the backup , restore or delete .
Remove WordPress installation
The two functions Remove and Uninstall help you to remove your WordPress installation without leaving any residue. The two functions differ in detail.
A WordPress installation consists of a WordPress directory, a database and a database user.
With the Remove function, you can choose which elements you want to remove: WordPress directory, database and/or database user.
All three options are already selected for the Uninstall function. This ensures that your WordPress installation is removed without leaving any residue.
You may also be interested in the following article:
Good to know: 6 facts about helloly data centers0 (0)
The heart of every hosting provider is the data center. helloly operates two of them. A look behind the scenes.
