Skip to main content
Click the chevron on a site row, or one of the row icons, and the per-site dashboard expands. This is where you manage one WordPress install in depth, separate from the bulk view on the Installations tab. The dashboard has four tabs: Dashboard, Plugins, Themes, Database.
Per-site WP Toolkit dashboard with thumbnail, login, and four content sections

The header strip

Top of the panel, a strip with the same status badges from the row view: Security risk, SSL/TLS, UPDATES, N ISSUE. Same behaviour: click any badge to jump to the matching section. The five right-side icons (shield, list, folder, refresh, external link, three-dot menu) repeat what you have on the row view. Use them when you’ve drilled in but want a shortcut elsewhere.

Site identity

Below the badges:
  • A thumbnail screenshot of the site’s frontend.
  • The site title (click the pencil to rename, this writes to wp_options.blogname).
  • A Log in button. One-click admin login as the user WP Toolkit set up at install time. No password prompt.
  • A Setup button (only on new installs that haven’t completed first-run config). Walks you through site title, language, and admin email if you skipped them at install.
  • The admin username and the site domain.

Quick actions row

A bar of shortcut links across the top of the Dashboard tab.
ActionWhat it does
File ManagerOpen cPanel’s File Manager rooted at this site’s folder.
Copy DataPull data from another WordPress site on the account into this one. Files, database, or both.
CloneCreate a copy of this site on a different domain or subdomain (typical use: spin up a staging site from production).
Back Up / RestoreWP Toolkit’s per-site backups. Separate from JetBackup, lighter, faster, restore is one click.
LogsTail recent error and access logs without leaving the panel.
WP-CLIA browser terminal that runs wp commands against this install. Useful for plugin management, db search-replace, transient flush.

Updates section

Lists the upgrade status of every component:
  • WordPress. Current core version. The number is a link to the WordPress release notes.
  • Plugins. If any have updates, an orange triangle and the Install plugin updates action. Click to roll all of them.
  • Themes. Same pattern.
Updates run in the background. With Smart Update on, WP Toolkit clones the site first, tests the update on the clone, and surfaces a report for you to review before pushing to live. With it off, updates apply directly.

Tools section

Two toggles for things you’d otherwise need a plugin for.

Debugging

Flips WP_DEBUG, WP_DEBUG_LOG, and WP_DEBUG_DISPLAY in wp-config.php. The cog next to the toggle opens a modal where you can pick which of the three to enable.
Turn debugging off on production. With WP_DEBUG_DISPLAY on, PHP notices appear on every public page.

Password protection

Wraps the site in HTTP basic auth. Anyone hitting the URL has to enter a username and password before WordPress loads. The cog opens the credential form. Use this on a staging site you don’t want indexed or accessed by random visitors. For production sites, do not use this; users can’t log in to the public side.

Security section

A condensed view of the same data behind the Security risk badge. Three things show up here:
  • CloudFlare, Inc. (or whichever CDN/security service is detected on the domain). A note that the site sits behind it. Click to read what WP Toolkit detected.
  • Mitigate vulnerabilities. Lists CVEs across plugins and themes for which a virtual patch is available. Clicking opens the per-CVE detail; Apply runs the patch (this is the Vulnerability Protection feature, paid on Noxity, see below).
  • Critical security measures applied. Confirms which built-in hardening steps WP Toolkit has already taken: blocked direct PHP execution in wp-content/uploads, disabled file editing in admin, set safe file permissions, and others. Click to review the list.

Performance section

Two more toggles.

Search engine indexing

Mirrors the Discourage search engines from indexing this site option in WordPress admin. On for production, off for staging. WP Toolkit also writes a Disallow: / to robots.txt when this is off, in addition to the WordPress meta tag.

Take over wp-cron.php

WordPress runs scheduled tasks via wp-cron.php, which fires on every page load. On a busy site that adds latency. Toggling Take over wp-cron.php on tells WordPress to skip the in-request trigger; WP Toolkit registers a real system cron job that runs wp-cron.php on a five-minute schedule instead. Almost always worth turning on.

Vulnerability Protection

This is a paid feature on Noxity hosting.The vulnerability scanner is included with every plan; you can see which CVEs apply to your site without paying anything.Vulnerability Protection, the feature that auto-applies virtual patches for vulnerable plugins and themes before the upstream vendor ships an official fix, is an opt-in add-on. Open a ticket from the Members Area to enable it on your account.Everything else on this dashboard is included.
When Vulnerability Protection is on, WP Toolkit applies the virtual patch automatically as soon as the upstream feed publishes one for a plugin or theme on your site. With it off, you can still scan and see which CVEs apply, you just have to apply each fix manually (which usually means upgrading the plugin or removing it). Stops other sites from embedding images directly from your site (the classic “saving bandwidth” feature). The cog opens a list of allowed referrers: leave blank for “same site only”, or add hostnames for partners. Default off. Useful for image-heavy sites whose work is being copied without permission. A row of features at the bottom of the dashboard.

Updates

Repeats the Updates link from the top quick actions row.

Autoupdate settings

A modal with three independent toggles for WordPress core, plugins, and themes. For each, you pick:
  • Off. No automatic updates. You handle them manually or via the Updates button.
  • Minor only. Auto-apply minor versions (5.x.1 → 5.x.2). Major versions wait for you.
  • All. Auto-apply everything.
Recommended on production: Minor only for core, Off for plugins and themes (handle plugin/theme updates intentionally, with backups).

Smart Update

A toggle. Smart Update tests WordPress updates without touching the production site. WP Toolkit clones the site, applies the update on the clone, runs a battery of checks to see if anything broke, and surfaces the results. You review the report, browse the cloned test site directly if you want to poke around, and then decide whether to apply the update to production. Included on Noxity hosting. Toggle it on per site to get the safety net before risky updates.

Check WordPress Integrity

Runs a comparison of the WordPress core files on disk against the official WordPress.org checksums. Catches malware that has modified core files (a common WordPress attack pattern). If the check finds modified core files, WP Toolkit lists each one. Restore rewrites the file from the official source. Always run this after restoring a site from a backup of unknown provenance.

Maintenance mode

Replaces the public site with a friendly Site under maintenance page. The cog next to the toggle opens an editor for the maintenance page (text, background, custom HTML). Visitors see the maintenance page; admins still log in normally. Use this when you’re pushing risky changes and want to freeze visitors for a few minutes.

Plugins, Themes, Database tabs

The other three tabs in the per-site view:
  • Plugins. Per-site plugin list with install / activate / update / delete buttons. For multi-site management, see the top-level Plugins tab.
  • Themes. Same idea for themes. Multi-site view at the top-level Themes tab.
  • Database. Connection info (db name, user, host, prefix), a quick phpMyAdmin shortcut, and a search-and-replace tool that runs wp search-replace for you. Useful when cloning between domains.

Common issues

Usually a security plugin (Wordfence, iThemes Security) blocking the login URL or rotating nonces in a way WP Toolkit can’t predict. Disable the plugin, log in normally to confirm, then re-enable. If it persists, the WP Toolkit admin user may have been deleted from WordPress; open a ticket.
Smart Update needs PHP max_execution_time of at least 600 seconds and enough disk to clone the site temporarily. If the toggle is disabled, bump max_execution_time in PHP Settings & Management and check disk usage; if it still won’t activate, open a ticket.
A caching plugin or Cloudflare cached the maintenance HTML. Purge the cache (plugin and Cloudflare). If it still shows, the caching is bypassing the WordPress request entirely; switch off Cloudflare proxy on the domain temporarily.
The check uses official checksums; any local edit to a core file is a mismatch. Don’t edit core files; if you must, accept that the integrity check will keep flagging them and review the report manually.
Bigger sites hit the PHP max_execution_time and run into a transfer timeout. Bump max_execution_time to 600 in PHP Settings & Management and retry. For very large sites (10+ GB), open a ticket and we’ll do it server-side.

Need a hand?