> ## Documentation Index
> Fetch the complete documentation index at: https://help.noxity.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Site management

> The expanded per-site dashboard in WP Toolkit. File Manager, Clone, Back Up, Logs, WP-CLI, Updates, Security, Performance, Maintenance mode, Smart Update, vulnerability mitigation.

Click the chevron on a site row, or one of the row icons, and the per-site dashboard expands. This is where you manage one WordPress install in depth, separate from the bulk view on the [Installations tab](/web-hosting/cpanel/domain-management/wordpress-management/installations).

The dashboard has four tabs: **Dashboard**, **Plugins**, **Themes**, **Database**.

<Frame caption="Expanded per-site view with the Dashboard tab open">
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/domain-management/wordpress-management/site-management/dashboard-light.png" alt="Per-site WP Toolkit dashboard with thumbnail, login, and four content sections" className="block dark:hidden" />

  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/domain-management/wordpress-management/site-management/dashboard-dark.png" alt="Per-site WP Toolkit dashboard with thumbnail, login, and four content sections" className="hidden dark:block" />
</Frame>

## The header strip

Top of the panel, a strip with the same status badges from the row view: **Security risk**, **SSL/TLS**, **UPDATES**, **N ISSUE**. Same behaviour: click any badge to jump to the matching section.

The five right-side icons (shield, list, folder, refresh, external link, three-dot menu) repeat what you have on the row view. Use them when you've drilled in but want a shortcut elsewhere.

## Site identity

Below the badges:

* A thumbnail screenshot of the site's frontend.
* The site title (click the pencil to rename, this writes to `wp_options.blogname`).
* A **Log in** button. One-click admin login as the user WP Toolkit set up at install time. No password prompt.
* A **Setup** button (only on new installs that haven't completed first-run config). Walks you through site title, language, and admin email if you skipped them at install.
* The admin username and the site domain.

## Quick actions row

A bar of shortcut links across the top of the Dashboard tab.

| Action                | What it does                                                                                                                       |
| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| **File Manager**      | Open cPanel's [File Manager](/web-hosting/cpanel/file-management/file-manager) rooted at this site's folder.                       |
| **Copy Data**         | Pull data from another WordPress site on the account into this one. Files, database, or both.                                      |
| **Clone**             | Create a copy of this site on a different domain or subdomain (typical use: spin up a staging site from production).               |
| **Back Up / Restore** | WP Toolkit's per-site backups. Separate from JetBackup, lighter, faster, restore is one click.                                     |
| **Logs**              | Tail recent error and access logs without leaving the panel.                                                                       |
| **WP-CLI**            | A browser terminal that runs `wp` commands against this install. Useful for plugin management, db search-replace, transient flush. |

## Updates section

Lists the upgrade status of every component:

* **WordPress.** Current core version. The number is a link to the WordPress release notes.
* **Plugins.** If any have updates, an orange triangle and the **Install plugin updates** action. Click to roll all of them.
* **Themes.** Same pattern.

Updates run in the background. With Smart Update on, WP Toolkit clones the site first, tests the update on the clone, and surfaces a report for you to review before pushing to live. With it off, updates apply directly.

## Tools section

Two toggles for things you'd otherwise need a plugin for.

### Debugging

Flips `WP_DEBUG`, `WP_DEBUG_LOG`, and `WP_DEBUG_DISPLAY` in `wp-config.php`. The cog next to the toggle opens a modal where you can pick which of the three to enable.

<Warning>
  Turn debugging off on production. With `WP_DEBUG_DISPLAY` on, PHP notices appear on every public page.
</Warning>

### Password protection

Wraps the site in HTTP basic auth. Anyone hitting the URL has to enter a username and password before WordPress loads. The cog opens the credential form.

Use this on a staging site you don't want indexed or accessed by random visitors. For production sites, do not use this; users can't log in to the public side.

## Security section

A condensed view of the same data behind the Security risk badge. Three things show up here:

* **CloudFlare, Inc.** (or whichever CDN/security service is detected on the domain). A note that the site sits behind it. Click to read what WP Toolkit detected.
* **Mitigate vulnerabilities.** Lists CVEs across plugins and themes for which a virtual patch is available. Clicking opens the per-CVE detail; **Apply** runs the patch (this is the **Vulnerability Protection** feature, paid on Noxity, see below).
* **Critical security measures applied.** Confirms which built-in hardening steps WP Toolkit has already taken: blocked direct PHP execution in `wp-content/uploads`, disabled file editing in admin, set safe file permissions, and others. Click to review the list.

## Performance section

Two more toggles.

### Search engine indexing

Mirrors the **Discourage search engines from indexing this site** option in WordPress admin. On for production, off for staging.

WP Toolkit also writes a `Disallow: /` to `robots.txt` when this is off, in addition to the WordPress meta tag.

### Take over wp-cron.php

WordPress runs scheduled tasks via `wp-cron.php`, which fires on every page load. On a busy site that adds latency. Toggling **Take over wp-cron.php** on tells WordPress to skip the in-request trigger; WP Toolkit registers a real system cron job that runs `wp-cron.php` on a five-minute schedule instead.

Almost always worth turning on.

## Vulnerability Protection

<Info>
  **This is a paid feature on Noxity hosting.**

  The vulnerability *scanner* is included with every plan; you can see which CVEs apply to your site without paying anything.

  Vulnerability *Protection*, the feature that auto-applies virtual patches for vulnerable plugins and themes before the upstream vendor ships an official fix, is an opt-in add-on. Open a ticket from the [Members Area](https://members.noxity.io) to enable it on your account.

  Everything else on this dashboard is included.
</Info>

When Vulnerability Protection is on, WP Toolkit applies the virtual patch automatically as soon as the upstream feed publishes one for a plugin or theme on your site. With it off, you can still scan and see which CVEs apply, you just have to apply each fix manually (which usually means upgrading the plugin or removing it).

## Hotlink protection

Stops other sites from embedding images directly from your site (the classic "saving bandwidth" feature). The cog opens a list of allowed referrers: leave blank for "same site only", or add hostnames for partners.

Default off. Useful for image-heavy sites whose work is being copied without permission.

## The footer strip

A row of features at the bottom of the dashboard.

### Updates

Repeats the Updates link from the top quick actions row.

### Autoupdate settings

A modal with three independent toggles for **WordPress core**, **plugins**, and **themes**.

For each, you pick:

* **Off.** No automatic updates. You handle them manually or via the Updates button.
* **Minor only.** Auto-apply minor versions (5.x.1 → 5.x.2). Major versions wait for you.
* **All.** Auto-apply everything.

Recommended on production: **Minor only** for core, **Off** for plugins and themes (handle plugin/theme updates intentionally, with backups).

### Smart Update

A toggle. Smart Update tests WordPress updates without touching the production site. WP Toolkit clones the site, applies the update on the clone, runs a battery of checks to see if anything broke, and surfaces the results. You review the report, browse the cloned test site directly if you want to poke around, and then decide whether to apply the update to production.

Included on Noxity hosting. Toggle it on per site to get the safety net before risky updates.

### Check WordPress Integrity

Runs a comparison of the WordPress core files on disk against the official WordPress.org checksums. Catches malware that has modified core files (a common WordPress attack pattern).

If the check finds modified core files, WP Toolkit lists each one. **Restore** rewrites the file from the official source. Always run this after restoring a site from a backup of unknown provenance.

### Maintenance mode

Replaces the public site with a friendly **Site under maintenance** page. The cog next to the toggle opens an editor for the maintenance page (text, background, custom HTML). Visitors see the maintenance page; admins still log in normally.

Use this when you're pushing risky changes and want to freeze visitors for a few minutes.

## Plugins, Themes, Database tabs

The other three tabs in the per-site view:

* **Plugins.** Per-site plugin list with install / activate / update / delete buttons. For multi-site management, see the top-level [Plugins tab](/web-hosting/cpanel/domain-management/wordpress-management/plugins).
* **Themes.** Same idea for themes. Multi-site view at the top-level [Themes tab](/web-hosting/cpanel/domain-management/wordpress-management/themes).
* **Database.** Connection info (db name, user, host, prefix), a quick **phpMyAdmin** shortcut, and a search-and-replace tool that runs `wp search-replace` for you. Useful when cloning between domains.

## Common issues

<AccordionGroup>
  <Accordion title="One-click admin login fails">
    Usually a security plugin (Wordfence, iThemes Security) blocking the login URL or rotating nonces in a way WP Toolkit can't predict. Disable the plugin, log in normally to confirm, then re-enable. If it persists, the WP Toolkit admin user may have been deleted from WordPress; open a ticket.
  </Accordion>

  <Accordion title="Smart Update toggle is greyed out">
    Smart Update needs PHP `max_execution_time` of at least 600 seconds and enough disk to clone the site temporarily. If the toggle is disabled, bump `max_execution_time` in [PHP Settings & Management](/web-hosting/cpanel/advanced-settings/php-settings-management/php-settings-management-example) and check disk usage; if it still won't activate, open a ticket.
  </Accordion>

  <Accordion title="Maintenance mode page shows for everyone, including admins">
    A caching plugin or Cloudflare cached the maintenance HTML. Purge the cache (plugin and Cloudflare). If it still shows, the caching is bypassing the WordPress request entirely; switch off Cloudflare proxy on the domain temporarily.
  </Accordion>

  <Accordion title="Check WordPress Integrity flags files I changed on purpose">
    The check uses official checksums; any local edit to a core file is a mismatch. Don't edit core files; if you must, accept that the integrity check will keep flagging them and review the report manually.
  </Accordion>

  <Accordion title="Clone fails on a large site">
    Bigger sites hit the PHP `max_execution_time` and run into a transfer timeout. Bump `max_execution_time` to 600 in [PHP Settings & Management](/web-hosting/cpanel/advanced-settings/php-settings-management/php-settings-management-example) and retry. For very large sites (10+ GB), open a ticket and we'll do it server-side.
  </Accordion>
</AccordionGroup>

## Need a hand?

<CardGroup cols={2}>
  <Card title="Open a ticket" icon="life-ring" href="https://members.noxity.io/submitticket.php">
    Best for anything that needs an account check or a config change on our end.
  </Card>

  <Card title="Live chat" icon="messages" href="https://noxity.io/contact">
    Faster for quick questions during business hours.
  </Card>
</CardGroup>