Managing WordPress at scale – How to easily ensure all your websites are up-to-date and secure

28 Jun 2024, by Slade Baylis

When it comes to making sure your website is secure, one of the most important things - if not the most important - is to make sure that sure your website is up-to-date.  From the software used to build the website itself, to all the plugins, libraries, and other external resources that are used, any of these can have vulnerabilities that can leave your website open to being compromised.  That’s why it’s important to regularly update all the software on your website to ensure it’s secure.

Doing this for a single website is one thing, but for those who have many websites, the amount of work required to maintain all of their websites can stack up considerably.  And the workload is not just about pushing through these updates - it’s about knowing when these updates are available for any plugins and themes that you are using, and then after you have applied these updates, to check that all your websites are still functioning correctly.  It’s also about backing up and restoring your sites if needed.  All of these are critical steps that take up precious time which also don't scale well if you need to manage many different websites.

That’s why this month we’ll be discussing the different tools and services that are available to make this easier. We’ll be talking about WordPress websites specifically, covering some of the different site management options that are available for managing it at scale, as well as some important differences between “cloud-hosted” and “self-hostable” solutions.

Site Management Tools - What problem do they aim to solve?

At their core, site management tools were initially built to solve a single problem, that being the difficulty of managing many different websites and keeping them up-to-date.  Keeping your websites up-to-date is extremely important, because if they aren’t updated, they can become more vulnerable to being hacked and broken into over time.  For those not familiar with the world of software though, it can seem odd – how can software that was secure today suddenly become vulnerable and potentially broken into the next time? The answer is that there are unfortunately many different ways that this can happen. 

One of the primary ways is through the discovery of previously unknown flaws in the software.  As with most things, software – and the code that it's comprised of - isn’t perfect.  Any software that is being actively worked on or developed will receive ongoing updates and new features over time.  With these ongoing changes to the software’s code, vulnerabilities unfortunately have the potential to be introduced.  This can occur either due to error on the part of the developers themselves, or alternatively, by the introduction of third-party code which itself has its own vulnerabilities. 

Regardless of the way the vulnerability was introduced, making sure that your website is as up-to-date as possible, is the best way to ensure you’re protected.  The developers of the software you use have an incentive to make sure their code is secure, so once they become aware of the flaw, most will set to work in fixing it and releasing that fix as an update.  By updating your software as soon as that update becomes available, you’re able to shorten the window of time that your websites are vulnerable to being compromised via that exploit.

This raises a question though - how do you find out when an update is available for your software?  Even more so, if you have many different websites all being configured to use their own unique combination of plugins and themes - then how can you know when any one of those different plugins, themes, or WordPress itself has a pending update that needs to be put through?  The answer is to look at using a site management tool that simplifies this process by allowing you to do it all through a single unified dashboard.

Reducing Overhead – Simplifying management, maintenance, and more using a single dashboard

Whilst there’s a wide array of different site management tools that are available, making the process for updating your websites much simpler is the fundamental core aim that underpins all of them.  Every site management plugin allows you to add each of your individual websites to a single dashboard, view what WordPress version is in use, what plugins and themes are installed, and allows you to upgrade each without needing to log into each individual website.

On top of this, there are many other features that site management tools now commonly come with. All of these features have that same aim, that of simplifying the act of maintaining one's websites overall and reducing the amount of time that is needed to be spent working on each individual site.  Features such as integrated backup and restores, monitoring websites for malware or vulnerabilities, performance testing, and even integrated reporting, all work towards this goal.

One particularly useful feature that’s worth highlighting here is the “Safe Update” feature. Put simply, this is a feature that aims to make updating WordPress safer by taking backups for you automatically prior to any updates being pushed through.

As with any software, the time that they are most likely to have issues is when their code is changed.  Even with relatively safe code changes, unforeseen issues can cause a website to break requiring the website to be restored from a backup.  This is due to the way that WordPress and other open-source platforms like it are built.  With CMS (Content Management Systems) platforms - like WordPress where their flexibility comes from how they allow you to extend their functionality through adding your own choice of plugins - these combination plugins have the potential to cause issues for one another.   In any case, by having an automatic backup taken with each update that you can restore to, you're able to severely reduce the impact of any website issues should they occur.

There are a lot of different site management tools available though, so which should you choose?  Options such as MainWP, ManageWP, WPMU Dev, and InfiniteWP all appear to have very similar features, so how can you choose between them?  Whilst there is no definitive answer, as it will depend on which features are most important to you, one important aspect to consider is where the management application itself is hosted.

Cloud-Hosted vs Self-Hostable – What’s the difference and why does it matter?

When it comes to cybersecurity, the location of your data is becoming increasingly important to more and more people.  One of the recent and ongoing trends in the software space has been the move to providing it as SaaS (Software as a Service) solutions, wherein the software itself is hosted on cloud infrastructure that the software providers themselves operate and maintain.  This has some advantages for their clients, as they then don’t need to worry about configuring and maintaining their own infrastructure and systems to host the software. However, the downside is that they also give up control over it.

For those interested, we’ve covered the rise of many different types of “as a Service” solutions in our previous It’s beginning to feel a lot like XMaaS - The rise of “as a Service” article from back in late 2022.

This lack of control is something that many are learning about and growing more concerned with, especially in light of regular headlines about different SaaS cloud-hosted solutions being targeted – and even successfully breached – by malicious hacking groups.  With these solutions being designed to host all the information for all of their clients in a centralised cloud-hosted system, this becomes a big target and payday for any hackers that want to break in.  This is one of the main reasons that many organisations are instead looking to host software on their own infrastructure.  On their own systems they are able to set their own maintenance and security standards, as well as have full control over who has access to their systems. 

With the transition of some software to SaaS though, not all software is able to be hosted on your own environment.  Many software providers will choose to either provide their software as one or the other, either as a cloud service or as software that you run on your own systems – though there are some that will offer both. 

Out of the different WordPress site management tools mentioned, MainWP and InfiniteWP are examples of software that you are able to run on your own systems and infrastructure.  ManageWP and WPMU Dev however are SaaS solutions, ones wherein each of your individual websites are connected to and managed via a centralised cloud portal that they provide.

Have any questions about any of these site management solutions?

If you are looking to find out more about the different solutions for managing your websites, let us know!  We can have a discussion about the different options that are available, the features of each, and what to consider when choosing between them.

If you would like to discuss options, you can reach us via email at sales@micron21.com or via phone on 1300 769 972 - and we’ll be more than happy to discuss what will be the best fit for you.