A security researcher alerted MainWP that some customer account information had been found in a large dump of compromised accounts. The notification says the accounts may be ones where users reused their credentials on multiple sites. MainWP reset all passwords and are requiring two factor authentication going forward. The account information is logging into the MainWP website, not ones related to connected sites.

Yikes, this is scary. Thomas J. Raef reports that WordPress management consoles such as ManageWP, WPUmbrella, and MainWP have been used to compromise connected child sites. It seems the exact way the parent sites are being compromised is not certain, but possibly from site admins using open WiFi networks. There isn’t an indication that ManageWP, WPUmbrella, or MainWP themselves have been hacked.

MainWP added a new “demo” mode option to allow new and prospective users the chance to test and see how it works.

MainWP 4.5 was released with a number of enhancements. There is now a three level navigation system, more flexible widgets, the ability to find sites with missing plugins and themes, better permissions, etc. This 4 minute video gives an overview.

Pressable hosting has partnered with MainWP to create an extension that lets you create and manage Pressable websites from your MainWP dashboard.

This would be a boon for users of both Pressable and MainWP. However, I expect there may not be that many currently using both. What this does, is gives Pressable a quick dashboard so their users can manage multiple sites. For other hosting companies it may suggest an option worth pursuing.

Rob Cairns has an interesting discussion with Dennis Dornon, co-founder of MainWP. They talk about how MainWP got started, viability of lifetime licenses, hosting, security, and what’s coming with MainWP.