WordPress Multisite Security: Say hello to our official security partner, WebARX!

The WaaS (a.k.a WordPress as a service) model is getting more and more popular with digital agencies who wish to offer a fully managed service to their customers. WP Ultimo has simplified this process for many agencies worldwide.

While making the management of a network of sites easier with WP Ultimo, thanks to our integration partner WebARX, you can now also have better security coverage across all your sites and networks.

WebARX took an extra mile to specifically build out Multisite support around WP Ultimo architecture by analyzing and optimizing each and every aspect of protecting Multisite networks and WaaS solutions built with WP Ultimo.

Introducing WebARX, our official security partner

WebARX is a comprehensive security platform with managed endpoint firewall, security monitoring and with remote hardening options to keep your sites protected from plugin vulnerabilities, brute-force attacks and all kinds of malicious traffic. 

Additionally to WordPress, WebARX supports Joomla, Magento, Drupal and even generic web apps built on PHP.

A general view on WebARX dashboard

Integration with WebARX allows you to manage security within your WordPress Multisite network with ease. Everything can be managed directly from a single security dashboard and you can even have multiple networks within a single WebARX dashboard.

Manage multiple networks from your WebARX dashboard

Setting up Multisite security with WebARX

Setting up WebARX on your Multisite network is as easy as following the Multisite setup wizard after installing the WebARX plugin to the core-site.

Right after you have installed WebARX to your network, you will be asked to choose the sites within the network where you want WebARX to be turned on, and which sites you’d like to add to security monitoring via WebARX dashboard. Sites you select will magically appear on your WebARX account.

Once you activate the plugin on the network, you can then set global security settings for all the sites.

Different options will be available for:

  • Website Hardening, Firewall
  • Login Protection
  • Cookie Notice (You can see a cookie notice message powered by WebARX also on wpultimo.com).
General security configurations panel

What is WebARX?

Once you click on any of the sites you have on your WebARX dashboard, you will have a detailed security overview for each site. Just click on any of the sites as shown here:

List of sites on a WebARX dashboard

You will then see a detailed site view where you can set email and slack notifications, see detailed security monitoring results and much more.

You will be able to see: 

  • The details of every attack blocked on each website
  • Uptime monitoring
  • Error monitoring
  • Activity logs (such as by whom/when/where posts were edited, uploaded media files to the sites, etc.), Hardening settings
  • Plugin versions
  • Users
  • and more.

Firewall logs:

Once you click on the Firewall tab, you will see all the details about malicious traffic blocked from accessing your website. You will see the list of IPs being blocked to access the site under the sub-tab Banned IP Addresses where you can analyze them and un-ban them.

Uptime/Error logs:

WebARX helps you to monitor the uptime of each and every domain on your Multisite network. Once every hour, WebARX checks which HTTP response code the site serves.

List of response codes served by sites

Activity logs: 

Activity logs can be helpful whenever you need to look back in time to find out who was administering or editing any of the sites within the Multisite network.

It will give you a clear understanding of who logged in, signed up, edited posts, edited users or uploaded any media to the website, with minute precision.

Activity Logs panel

WordPress Hardening:

WebARX allows you to manage WordPress hardening settings remotely.

Some of the mentionable features would be login protection, ReCaptcha setup, two-factor authentication, login rate-limiting, HTTP security header configurations, cookie notice policy management and much, much more. See the full list here.

WordPress Plugin Management:

Plugins and components such as themes, etc. are in the center of the focus for WebARX.

Based on the studies from the last year, a whopping 98% of security vulnerabilities within the WordPress ecosystem comes from third-party components such as vulnerable plugins and themes. 

WebARX allows you to monitor vulnerabilities within the plugins (you can also get alerts on Slack and email if any of the plugins are vulnerable) and you can update/deactivate/delete them directly from WebARX portal.

Not your regular website firewall

WebARX has really put their focus on proactive prevention and that’s one of the reasons why they currently don’t do file scanning, but instead have invested heavily into an advanced, flexible endpoint firewall engine. You can read from here, what are the differences between a cloud-based and endpoint web application firewall.

By default, whenever you install WebARX to any of the sites the firewall will get specific protection modules enabled. 

For example, if you enable WebARX on a WordPress website, you will get 2 modules activated by default – OWASP module and WordPress Virtual Patches module. 

OWASP module protects your site from 0days and from the top 10 web application vulnerabilities such as SQLi, XSS, etc. while the WordPress Virtual Patches module will get your site very specific rules to block attacks against plugin vulnerabilities.

Manage your firewall rules from this panel. OWASP and Virtual Patches active by default

Additionally, you have complete freedom of creating your own rules and assigning to them across all your websites.

You can assign new rules across multiple Multisite networks or even across sites running different content management systems.

You have the freedom to match anything within the HTTP protocol and choose what do you want to do with the matching traffic. Currently, you can either Block, Log or Redirect traffic based on your custom rules. Check out some examples here.

Customize your firewall rules

While creating custom rules can be a bit technical, OWASP and Virtual Patches modules are maintained by the WebARX team and updated on a regular basis.

WebARX even has a competitive advantage thanks to its bug bounty platform (plugbounty.com) where they crowdsource threat intelligence about plugin vulnerabilities.

White-labeled PDF reports for your customers

The best way to show your customers that you care is to send out monthly security reports showing that you’ve taken care of their site and how many attacks you’ve been blocking to keep it up and safe.

WebARX allows you to generate PDF reports and even set automatic generation on a monthly basis.

By activating a white-labeling add-on, you can add your own company logo to each of those reports before you send them out to your clients.

An overview of a WebARX report

Access management

If you’re running your WaaS project or you’re an agency, you most probably have more than one person who takes care of the customer’s sites. You can create multiple WebARX accounts and choose what permissions they have.

You can choose between four user types:

  • Leader
  • Admin
  • Manager
  • Member
Change access from WebARX Team Management panel

Website malware removal guarantee

If you’re serious about security and want to cover every corner, WebARX also offers a website malware removal guarantee.

Whenever something happens to your site, they will have a forensics team jump in, collect evidence, clean up the site and get back to you with a detailed report on what happened and how to improve the security of your current infrastructure. You can read more about the website malware removal guarantee here.

Lastly, a discount for WP Ultimo users

October is the national cyber-security awareness month and If you’re already a WP Ultimo user, you can get a 50% discount from all WebARX plans. Just be sure to use the coupon code “wpultimo”. The promo is valid until November 8th, 2019.

If you have more than 30 sites on your Multisite network, WebARX has agreed to do a special agency plan (all add-ons, guarantees included) offer to anyone who is interested.

You can also get a full malware removal guarantee for the sites you want. This means whenever something happens to the site, the WebARX team will jump in and get it cleaned up. You can read more about it here.

If you have any questions, feel free to reach out to the WebARX team at webarxsecurity.com, open up the Chat from the bottom-right corner and say you’re a WP Ultimo customer, you’ll get a warm welcome and all your questions answered!

Stay safe!

Share this post


Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Ready to get started?

Easily build your own WaaS platform with WP Ultimo!