WordPress Multisite Security: Say hello to our official security partner, WebARX!

The WaaS (a.k.a WordPress as a service) model is getting more and more popular with digital agencies who wish to offer a fully managed service to their customers. WP Ultimo has simplified this process for many agencies worldwide.

While making the management of a network of sites easier with WP Ultimo, thanks to our integration partner WebARX, you can now also have better security coverage across all your sites and networks.

WebARX took an extra mile to specifically build out Multisite support around WP Ultimo architecture by analyzing and optimizing each and every aspect of protecting Multisite networks and WaaS solutions built with WP Ultimo.

Introducing WebARX, our official security partner

WebARX is a comprehensive security platform with managed endpoint firewall, security monitoring and with remote hardening options to keep your sites protected from plugin vulnerabilities, brute-force attacks and all kinds of malicious traffic. 

Additionally to WordPress, WebARX supports Joomla, Magento, Drupal and even generic web apps built on PHP.

A general view on WebARX dashboard

Integration with WebARX allows you to manage security within your WordPress Multisite network with ease. Everything can be managed directly from a single security dashboard and you can even have multiple networks within a single WebARX dashboard.

Manage multiple networks from your WebARX dashboard

Setting up Multisite security with WebARX

Setting up WebARX on your Multisite network is as easy as following the Multisite setup wizard after installing the WebARX plugin to the core-site.

Right after you have installed WebARX to your network, you will be asked to choose the sites within the network where you want WebARX to be turned on, and which sites you’d like to add to security monitoring via WebARX dashboard. Sites you select will magically appear on your WebARX account.

Once you activate the plugin on the network, you can then set global security settings for all the sites.

Different options will be available for:

  • Website Hardening, Firewall
  • Login Protection
  • Cookie Notice (You can see a cookie notice message powered by WebARX also on wpultimo.com).
General security configurations panel

What is WebARX?

Once you click on any of the sites you have on your WebARX dashboard, you will have a detailed security overview for each site. Just click on any of the sites as shown here:

List of sites on a WebARX dashboard

You will then see a detailed site view where you can set email and slack notifications, see detailed security monitoring results and much more.

You will be able to see: 

  • The details of every attack blocked on each website
  • Uptime monitoring
  • Error monitoring
  • Activity logs (such as by whom/when/where posts were edited, uploaded media files to the sites, etc.), Hardening settings
  • Plugin versions
  • Users
  • and more.

Firewall logs:

Once you click on the Firewall tab, you will see all the details about malicious traffic blocked from accessing your website. You will see the list of IPs being blocked to access the site under the sub-tab Banned IP Addresses where you can analyze them and un-ban them.

Uptime/Error logs:

WebARX helps you to monitor the uptime of each and every domain on your Multisite network. Once every hour, WebARX checks which HTTP response code the site serves.

List of response codes served by sites

Activity logs: 

Activity logs can be helpful whenever you need to look back in time to find out who was administering or editing any of the sites within the Multisite network.

It will give you a clear understanding of who logged in, signed up, edited posts, edited users or uploaded any media to the website, with minute precision.

Activity Logs panel

WordPress Hardening:

WebARX allows you to manage WordPress hardening settings remotely.

Some of the mentionable features would be login protection, ReCaptcha setup, two-factor authentication, login rate-limiting, HTTP security header configurations, cookie notice policy management and much, much more. See the full list here.

WordPress Plugin Management:

Plugins and components such as themes, etc. are in the center of the focus for WebARX.

Based on the studies from the last year, a whopping 98% of security vulnerabilities within the WordPress ecosystem comes from third-party components such as vulnerable plugins and themes. 

WebARX allows you to monitor vulnerabilities within the plugins (you can also get alerts on Slack and email if any of the plugins are vulnerable) and you can update/deactivate/delete them directly from WebARX portal.

Not your regular website firewall

WebARX has really put their focus on proactive prevention and that’s one of the reasons why they currently don’t do file scanning, but instead have invested heavily into an advanced, flexible endpoint firewall engine. You can read from here, what are the differences between a cloud-based and endpoint web application firewall.

By default, whenever you install WebARX to any of the sites the firewall will get specific protection modules enabled. 

For example, if you enable WebARX on a WordPress website, you will get 2 modules activated by default – OWASP module and WordPress Virtual Patches module. 

OWASP module protects your site from 0days and from the top 10 web application vulnerabilities such as SQLi, XSS, etc. while the WordPress Virtual Patches module will get your site very specific rules to block attacks against plugin vulnerabilities.

Manage your firewall rules from this panel. OWASP and Virtual Patches active by default

Additionally, you have complete freedom of creating your own rules and assigning to them across all your websites.

You can assign new rules across multiple Multisite networks or even across sites running different content management systems.

You have the freedom to match anything within the HTTP protocol and choose what do you want to do with the matching traffic. Currently, you can either Block, Log or Redirect traffic based on your custom rules. Check out some examples here.

Customize your firewall rules

While creating custom rules can be a bit technical, OWASP and Virtual Patches modules are maintained by the WebARX team and updated on a regular basis.

WebARX even has a competitive advantage thanks to its bug bounty platform (plugbounty.com) where they crowdsource threat intelligence about plugin vulnerabilities.

White-labeled PDF reports for your customers

The best way to show your customers that you care is to send out monthly security reports showing that you’ve taken care of their site and how many attacks you’ve been blocking to keep it up and safe.

WebARX allows you to generate PDF reports and even set automatic generation on a monthly basis.

By activating a white-labeling add-on, you can add your own company logo to each of those reports before you send them out to your clients.

An overview of a WebARX report

Access management

If you’re running your WaaS project or you’re an agency, you most probably have more than one person who takes care of the customer’s sites. You can create multiple WebARX accounts and choose what permissions they have.

You can choose between four user types:

  • Leader
  • Admin
  • Manager
  • Member
Change access from WebARX Team Management panel

Website malware removal guarantee

If you’re serious about security and want to cover every corner, WebARX also offers a website malware removal guarantee.

Whenever something happens to your site, they will have a forensics team jump in, collect evidence, clean up the site and get back to you with a detailed report on what happened and how to improve the security of your current infrastructure. You can read more about the website malware removal guarantee here.

Lastly, a discount for WP Ultimo users

October is the national cyber-security awareness month and If you’re already a WP Ultimo user, you can get a 50% discount from all WebARX plans. Just be sure to use the coupon code “wpultimo”. The promo is valid until November 8th, 2019.

If you have more than 30 sites on your Multisite network, WebARX has agreed to do a special agency plan (all add-ons, guarantees included) offer to anyone who is interested.

You can also get a full malware removal guarantee for the sites you want. This means whenever something happens to the site, the WebARX team will jump in and get it cleaned up. You can read more about it here.

If you have any questions, feel free to reach out to the WebARX team at webarxsecurity.com, open up the Chat from the bottom-right corner and say you’re a WP Ultimo customer, you’ll get a warm welcome and all your questions answered!

Stay safe!

The Pro Sites – WP Ultimo Migrator is here!

Hey there!

As many of you might know by now, WPMU DEV gave us a shout out while announcing they were setting over 90% of their Premium plugins free .

Pro Sites was one of those plugins, and as soon as we heard the news we started to work on a solution that could help those who wanted to move their networks from Pro Sites to WP Ultimo, a migrator of sorts.

After two weeks of hard labor, here it is! The Pro Sites → WP Ultimo Migrator has arrived.

We know: switching a premium network from one platform to another might sound scary.

Our Migrator should be able to do 99% of the heavy-lifting for you in a completely automated way: Settings, API Keys, Coupons, Plans, Subscriptions, Transactions, Mappings. All that gets converted into data WP Ultimo can understand and you are pretty much ready to rock your WP Ultimo network after a couple of minutes.

The entire migration takes the form wizard that guides you through the process and you can check the tutorial we wrote about it here .

The Migrator is available as a free add-on and can be installed directly from the network admin panel on WP Ultimo → Add-ons.

The migrator also requires WP Ultimo version 1.9.11 to be installed, which in addition to fixing some small bugs, also adds support to domain mapping syncing to WPMU DEV’s new managed hosting with no extra configuration steps required on your part.

If you are interested in seeing the Migrator in action, we’ll be doing a live webinar on the WP Builds Facebook group this Thursday (June 6). Here’s the link to the event: https://www.facebook.com/events/1871222949646541/. You’ll have to join the group to participate, which you should have done by now anyways! They are a great community.

UPDATE: You can watch the complete webinar by clicking on this link!

Important Notice:

Despite having a lot of features in common, Pro Sites and WP Ultimo do have some differences. This inevitably means that, by migrating, you will lose some features, gain others, and have to learn how to manage your network the WP Ultimo way.

So, please, make sure you read this post to understand all these details.

Let us know if you have any questions!

We are here to help you on that journey!

2019: The Year of Website as a Service (WaaS) – and of WP Ultimo!

The new year has barely started and there’s already a bunch of new stuff going on here in the WP Ultimo HQ! And we are happy to announce a couple of them today!

Meet Juliana and Marcelo!

Some of you might have noticed some new faces on the chat bubble on our main site. That would be me, Juliana, and Marcelo. Two months ago we arrived at NextPress, and since then we’re getting to know everything around here. The goal is to provide even better support and deliver new features and fixes faster and better (1).

(1) and to ease the burden on my back a bit, haha
— Arindo

Marcelo Assis is an experienced WordPress professional that joined our team as a full-time developer, helping with maintaining the add-ons and on pushing WP Ultimo core forward as well. Are you aware that the last Admin Page Creator release (1.3.0) added Brizy and Elementor support in addition to Beaver Builder? Well, that’s Marcelo’s work right there!

Need something? Glad to help you! I’m Juliana Dias, WP Ultimo’s new Community Manager. I’m here to aid community members and to help with questions you may have before and after starting your own network. Also, you can talk to me in English, Spanish and Portuguese =)

A new year, a new way to work:

This year will be awesome, with a lot of changes to come! And all of these changes will be guided by you guys: the WP Ultimo Community.

Speak your mind on the Roadmap!

From now on, WP Ultimo is developed on 6-week-long cycles (we’ve copied this idea from the folks at Basecamp). Once the features that make up a cycle are decided (and we’ll decide them together), we don’t add anything else until that cycle is finished. If we think the features are too large to fit on the 6 weeks after we started to work on them, we will cut some details out until we reach a version that ships in 6 weeks.

The goal here is to have some sort of “contract” with the community and provide better estimates of when things will ship. Arindo does not have a great track record when it comes to giving estimates and he’s aware of it (I know how frustrating this can be, sorry guys – Arindo). This aims to make this less of a problem.

Cycle 1 has already begun and things are right on schedule. Features that will be developed during this first cycle are divided among its 6 weeks, and you can follow everything on our recently updated Roadmap.

After each cycle, we’ll have a cool down period of 1-2 weeks. Here we won’t focus as much on new features, but on making sure the things we added on the previous cycle are working as smoothly as possible, writing documentation, and, most importantly, talking with you to decide what should make into the next cycle.

Developers, developers, developers!

Steve Ballmer has said it all!

In this first quarter of the year, we are also focused on writing better documentation for developers and producing video-tutorials so we can see more and more add-ons developed by third-party shops, which we are already starting to see (check out WaaS PRO and Keypress).

We also aim to improve the Getting Started documentation with video-tutorials covering the basic functionality for people that are just starting out with their Website as a Service platforms.

Group Chats

As Arindo promised last time, we are planning to hold Community Conversations, starting next month. This will be a group chat where we’ll discuss WP Ultimo, people will be able to share what they are doing with the plugin and we will eventually demo features that are under construction. This will be fun! Be sure to subscribe to our mailing list to receive the invitation (don’t worry, if you are a license holder, you are already subscribed =]).

We hope to have you join us in the incredible ride 2019 is going to be!

— Juliana Dias

PS.: If you were having issues with a slow admin panel, we released an update (1.9.6) a few hours ago that addresses it. To learn how to enable updates for WP Ultimo, read this.