Latest Posts

Using MainWP with Cloudflare

I use MainWP to help me manage my clients’ WordPress sites but recently was having some connectivity issues with some of the sites running Cloudflare.  In the MainWP parent site I would connect to my client site and establish a connection but would immediately lose the connection upon sync.  I could not reconnect to the child site unless I went in and disable the MainWP Child plugin then reactivated it.  I could then connect to the site but would once again lose the connection if I tried to the sync the site.  After some digging I found a solution and want to share it with my fellow MainWP people.

In order to fix this you must have access to the Cloudflare control panel on Cloudflare’s website.  You will also need to know the IP address of your MainWP parent site.

First, let’s add your MainWP parent site’s IP address to the Cloudflare whitelist.  This will keep your MainWP Parent site from getting blocked by the Cloudflare firewall.  From the Cloudflare control panel click on the Firewall button and it will take you to the firewall page.

Next, scroll down the page until you see the the Access Rules section.  Add a new rule and put your parent site’s IP address into the field and then from the dropdown choose “whitelist” for this website.  Click add to apply the rule and whitelist your MainWP parent site’s IP address with Cloudflare.

Next, we are going to prevent Cloudflare from applying performance and security features to our admin area of the child site.  This is what causes the site to disconnect from the parent site.

In Cloudflare navigate to the “Page Rules” area by clicking on the “Page Rules” button.

Scroll down and click on the “create page rule” button to setup your page rules.  For the url area enter:* but obviously replace the “” with your site’s url.

Next, click the “+Add a setting” link to add our first rule.   From the dropdown choose “Disable Security” then add another rule and from the dropdown choose “Disable Performance”.  Click Save and Deploy.

Now go back and try and reconnect to your child site.  You should be able to connect and sync without Cloudflare blocking the connection!

Got any tips to help improve WordPress with Cloudflare? Leave em in the comments!

How to Check WordPress for Malware

WordPress websites often fall malware attacks that embed malicious code into a site’s files or database and can leave a website owner feeling lost and vulnerable.  Sometimes you will even get an email from your hosting provider letting you know that your website has been hacked or contains malicious code that needs to be addressed.  Once this occurs, knowing where to go and what to do next can seem like a daunting task.  Here is a list of websites to help you get started on determining if your WordPress website has been hacked, and what to do if so.

Sucuri Site Check

Sucuri offers website security services to help prevent malware attacks in the first place – however – what we find most helpful is their free site check scanning service.  You can easily scan your site’s homepage to see if there is any bad stuff there.

Sucuri SiteCheck Free Scanner


VirusTotal is an online scanning service that allows you to upload specific files or scan a url on your site for malware.  This is another great tool to use with Sucuri because it checks a ton of different malware services to see if they have your site listed as containing malware.  So you are not just trusting one source, but many.  Furthermore, if you think a specific file may have malware in it, you can isolate that file and upload it to the VirusTotal scanner.

VirusTotal Free Online Scanner


WordFence is a popular WordPress security service that runs as a plugin and will set up all sorts of high-level security measures to protect your website.  They have a premium feature on top of their free service as well however we really like the free-to-use scanner that comes with the plugin.  WordFence allows you to scan your entire WordPress website and database for malicious code or bad links to external sites that could be harmful to your visitors.  Once the WordFence scan completes you can also ask it to automatically remove any malware that was found.  This isn’t a perfect fix but is a start to getting rid of the malware.

WordFence Plugin Download

These three site scanners should get you started on removing malware from your WordPress website.  It is important to note that there is no single automated silver bullet to fix a malware attack and the only way you can be certain your site is clean is to hire a professional.  At WP Merlin we can help you remove malware from your infected WordPress website and as long as you are on one of our maintenance plans we will guarantee your site stays clean.  Contact us to get started.