WP-Safety

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Security & Risk Analysis

wordpress.org/plugins/mainwp-child

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K active installs v6.0.2 PHP 7.4+ WP 6.2+ Updated Mar 10, 2026
backupsmonitoringsecuritysite-managementupdate
91
A · Safe
CVEs total7
Unpatched0
Last CVEDec 12, 2024
Plugin page Download
Safety Verdict

Is MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Safe to Use in 2026?

Generally Safe

Score 91/100

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Dec 12, 2024Updated 24d ago
Risk Assessment

The MainWP Child plugin exhibits a mixed security posture. While it demonstrates strengths in using prepared statements for SQL queries and proper output escaping, and notably has no currently unpatched CVEs, several areas raise significant concerns. The presence of dangerous functions like `exec`, `unserialize`, `popen`, and `shell_exec` indicates potential for severe code execution vulnerabilities if not handled with extreme care. The taint analysis revealing a high number of flows with unsanitized paths, including 11 critical severity flows, is particularly alarming, suggesting a substantial risk of data manipulation or unintended code execution. The plugin also has a history of numerous past vulnerabilities, including critical and high severity issues such as missing authorization, SQL injection, and authentication bypass, which points to recurring security weaknesses. The unprotected AJAX handler further compounds these concerns by providing an entry point without proper authorization checks, making it a prime target for attackers. Despite efforts in other areas, these critical findings and historical patterns necessitate a cautious approach to this plugin's deployment.

Key Concerns

  • Unprotected AJAX handler
  • High number of unsanitized taint flows
  • Presence of dangerous functions (exec, unserialize, etc.)
  • History of critical/high severity CVEs
  • 11 High severity taint flows
Vulnerabilities
7

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Security Vulnerabilities

CVEs by Year

3 CVEs in 2015
2015
1 CVE in 2018
2018
1 CVE in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
4
Medium
2

7 total CVEs

CVE-2024-10783high · 8.1Missing Authorization

MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation

Dec 12, 2024 Patched in 5.3.4 (51d)
CVE-2023-3132medium · 5.9Exposure of Sensitive Information to an Unauthorized Actor

MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files

Jun 23, 2023 Patched in 4.4.1.2 (214d)
CVE-2021-24877high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

MainWP Child <= 4.1.7.1 - SQL Injection via orderby, order Parameters

Oct 25, 2021 Patched in 4.1.8 (820d)
WF-f83f878d-b708-4677-929a-e1ced535d99f-mainwp-childhigh · 8.3Authentication Bypass Using an Alternate Path or Channel

MainWP Child < 3.4.5 - Authentication Bypass

Feb 18, 2018 Patched in 3.4.5 (2165d)
WF-a5a34838-fdc5-4954-9576-abf81cbaac2e-mainwp-childmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MainWP Child <= 2.0.27 - Multiple Cross-Site Scripting

Sep 7, 2015 Patched in 2.0.28 (3060d)
WF-71d63f0d-ce01-489e-bcc4-7632f1a4bb04-mainwp-childhigh · 7.3

MainWP Dashboard and MainWP Child <= 2.0.22 - Unspecified Vulnerability

Aug 7, 2015 Patched in 2.0.23 (3091d)
WF-84019c69-32fd-4331-95d7-53ea1aaff616-mainwp-childcritical · 9.8Authentication Bypass Using an Alternate Path or Channel

MainWP Child – Securely connects sites to the MainWP WordPress Manager Dashboard < 2.0.9.2 - Authentication Bypass

Mar 9, 2015 Patched in 2.0.9.2 (3242d)
Code Analysis
Analyzed Mar 16, 2026

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Code Analysis

Dangerous Functions
20
Raw SQL Queries
30
148 prepared
Unescaped Output
181
960 escaped
Nonce Checks
31
Capability Checks
20
File Operations
99
External Requests
20
Bundled Libraries
0

Dangerous Functions Found

execexec( "mysqldump --user={$user} --password='{$pass}' --host={$host} {$database_name} | gzip > {$gzipclass\class-mainwp-child-api-backups.php:100
unserialize$cpt_whitelist_arr = unserialize( $gpi_options['cpt_whitelist'] ); // phpcs:ignore WordPress.PHP.Disclass\class-mainwp-child-pagespeed.php:650
unserialize$meta_value = unserialize( $meta_value ); // phpcs:ignore -- safe internal value.class\class-mainwp-child-posts.php:658
unserialize$meta_value = unserialize( $meta_value ); // phpcs:ignore -- safe internal value.class\class-mainwp-child-posts.php:741
popen$popenHandle = popen( 'du -s ' . $directory . ' --exclude "' . str_replace( ABSPATH, '', $uploadDir class\class-mainwp-child-stats.php:1088
shell_exec$size = shell_exec( 'du -s ' . $directory . ' --exclude "' . str_replace( ABSPATH, '', $uploadDclass\class-mainwp-child-stats.php:1102
unserialize$return_array['wptc_own_cron_status'] = unserialize( $cron_status ); // phpcs:ignore -- safclass\class-mainwp-child-timecapsule.php:540
unserialize$return_array['start_backups_failed_server'] = unserialize( $start_backups_failed_server ); // phpcsclass\class-mainwp-child-timecapsule.php:546
unserialize$cron_status = unserialize( $cron_status ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-timecapsule.php:586
unserialize$Ldata = unserialize( $rec->log_data ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-timecapsule.php:869
unserialize$Moredata = unserialize( $srec->log_data ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-timecapsule.php:927
unserialize$current = unserialize( $current ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-timecapsule.php:1724
unserialize$new = unserialize( $data['wptc_auto_update_settings'] ); // phpcs:ignore -- compatible third paclass\class-mainwp-child-timecapsule.php:1725
unserialize$current = unserialize( $current ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-timecapsule.php:1759
unserialize$new = unserialize( $data['vulns_settings'] ); // phpcs:ignore -- third party compatible // NOSOclass\class-mainwp-child-timecapsule.php:1760
unserialize$ex = unserialize( $ex ); // phpcs:ignore -- safe internal value, third party credit.class\class-mainwp-child-wordfence.php:2979
unserialize$ex = unserialize( $ex ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-wordfence.php:3020
unserialize$ex = unserialize( $ex ); // phpcs:ignore -- safe internal value, third party.class\class-mainwp-child-wordfence.php:3042
unserialize$unserialized = ( is_string( $data ) && is_serialized( $data ) ) ? unserialize( $data ) : false; // class\class-mainwp-clone-install.php:806
unserialize$data = unserialize( $data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctionsclass\class-mainwp-clone-install.php:829

SQL Query Safety

83% prepared178 total queries

Output Escaping

84% escaped1141 total outputs
Data Flows
38 unsanitized

Data Flow Analysis

25 flows38 with unsanitized paths
<class-mainwp-backup> (class\class-mainwp-backup.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_mainwp_backupbuddy_download_archiveclass\class-mainwp-child-back-up-buddy.php:83
authwp_ajax_mainwp_wordfence_download_htaccessclass\class-mainwp-child-wordfence.php:268
WordPress Hooks 246
filtermainwp_site_sync_others_dataclass\class-mainwp-child-aam.php:80
actionadmin_enqueue_scriptsclass\class-mainwp-child-assets.php:71
actionadmin_enqueue_scriptsclass\class-mainwp-child-assets.php:74
filtermainwp_site_sync_others_dataclass\class-mainwp-child-back-up-buddy.php:81
actionmainwp_child_site_statsclass\class-mainwp-child-back-up-buddy.php:84
filterall_pluginsclass\class-mainwp-child-back-up-buddy.php:87
actionadmin_menuclass\class-mainwp-child-back-up-buddy.php:88
filtersite_transient_update_pluginsclass\class-mainwp-child-back-up-buddy.php:89
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-back-up-buddy.php:90
filtermainwp_site_sync_others_dataclass\class-mainwp-child-back-up-wordpress.php:76
actionmainwp_child_site_statsclass\class-mainwp-child-back-up-wordpress.php:100
filterall_pluginsclass\class-mainwp-child-back-up-wordpress.php:103
actionadmin_menuclass\class-mainwp-child-back-up-wordpress.php:104
filtersite_transient_update_pluginsclass\class-mainwp-child-back-up-wordpress.php:105
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-back-up-wordpress.php:106
actionadmin_initclass\class-mainwp-child-back-wp-up.php:173
filtermainwp_site_sync_others_dataclass\class-mainwp-child-back-wp-up.php:174
actionmainwp_child_site_statsclass\class-mainwp-child-back-wp-up.php:339
filterall_pluginsclass\class-mainwp-child-back-wp-up.php:342
actionadmin_menuclass\class-mainwp-child-back-wp-up.php:343
filterwp_die_ajax_handlerclass\class-mainwp-child-back-wp-up.php:1265
actionmainwp_child_deactivationclass\class-mainwp-child-branding.php:71
filtermainwp_child_plugin_row_metaclass\class-mainwp-child-branding.php:72
filterhttp_request_argsclass\class-mainwp-child-branding.php:407
actionin_admin_footerclass\class-mainwp-child-branding.php:451
actionwp_after_admin_bar_renderclass\class-mainwp-child-branding.php:453
filterall_pluginsclass\class-mainwp-child-branding.php:465
filtersite_transient_update_pluginsclass\class-mainwp-child-branding.php:468
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-branding.php:469
filtermap_meta_capclass\class-mainwp-child-branding.php:476
actionadmin_menuclass\class-mainwp-child-branding.php:478
filterwp_footerclass\class-mainwp-child-branding.php:481
actionwp_dashboard_setupclass\class-mainwp-child-branding.php:482
actionadmin_headclass\class-mainwp-child-branding.php:488
actionlogin_enqueue_scriptsclass\class-mainwp-child-branding.php:489
filtergettextclass\class-mainwp-child-branding.php:490
actionlogin_headclass\class-mainwp-child-branding.php:491
filterlogin_headerurlclass\class-mainwp-child-branding.php:492
filterlogin_headertextclass\class-mainwp-child-branding.php:493
actionwp_headclass\class-mainwp-child-branding.php:494
filterupdate_footerclass\class-mainwp-child-branding.php:496
filteradmin_footer_textclass\class-mainwp-child-branding.php:497
actionadmin_initclass\class-mainwp-child-branding.php:501
actionadmin_menuclass\class-mainwp-child-branding.php:504
actionadmin_menuclass\class-mainwp-child-branding.php:505
actionadmin_bar_menuclass\class-mainwp-child-branding.php:575
filtermanage_posts_columnsclass\class-mainwp-child-branding.php:588
filtermanage_edit-post_tag_columnsclass\class-mainwp-child-branding.php:589
filtermanage_edit-category_columnsclass\class-mainwp-child-branding.php:590
filtermanage_pages_columnsclass\class-mainwp-child-branding.php:676
filterhttp_request_argsclass\class-mainwp-child-bulk-settings-manager.php:207
filtermainwp_site_sync_others_dataclass\class-mainwp-child-cache-purge.php:81
actionplugins_loadedclass\class-mainwp-child-cache-purge.php:82
actiontrashed_commentclass\class-mainwp-child-comments.php:88
filtercomments_clausesclass\class-mainwp-child-comments.php:170
filtermainwp_child_db_updater_sync_dataclass\class-mainwp-child-db-updater-elementor.php:63
filtermainwp_child_db_updater_sync_dataclass\class-mainwp-child-db-updater-wc.php:71
filtermainwp_site_sync_others_dataclass\class-mainwp-child-db-updater.php:54
actionadmin_enqueue_scriptsclass\class-mainwp-child-html-regression.php:82
filtermainwp_site_sync_others_dataclass\class-mainwp-child-html-regression.php:83
filterhttp_request_argsclass\class-mainwp-child-install.php:440
filterhttp_request_argsclass\class-mainwp-child-install.php:443
filtermainwp_site_sync_others_dataclass\class-mainwp-child-ithemes-security.php:77
filterall_pluginsclass\class-mainwp-child-ithemes-security.php:283
actionadmin_menuclass\class-mainwp-child-ithemes-security.php:284
actionadmin_initclass\class-mainwp-child-ithemes-security.php:285
actionadmin_headclass\class-mainwp-child-ithemes-security.php:286
filtermainwp_site_sync_others_dataclass\class-mainwp-child-jetpack-protect.php:93
filterall_pluginsclass\class-mainwp-child-jetpack-protect.php:96
actionadmin_menuclass\class-mainwp-child-jetpack-protect.php:97
actionadmin_headclass\class-mainwp-child-jetpack-protect.php:98
filtersite_transient_update_pluginsclass\class-mainwp-child-jetpack-protect.php:99
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-jetpack-protect.php:100
actionadmin_headclass\class-mainwp-child-jetpack-scan.php:99
filterall_pluginsclass\class-mainwp-child-jetpack-scan.php:100
actionadmin_menuclass\class-mainwp-child-jetpack-scan.php:101
filtersite_transient_update_pluginsclass\class-mainwp-child-jetpack-scan.php:102
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-jetpack-scan.php:103
filtermainwp_site_sync_others_dataclass\class-mainwp-child-links-checker.php:90
filterall_pluginsclass\class-mainwp-child-links-checker.php:157
filterupdate_footerclass\class-mainwp-child-links-checker.php:158
filtermainwp_site_sync_others_dataclass\class-mainwp-child-pagespeed.php:81
actionmainwp_child_deactivationclass\class-mainwp-child-pagespeed.php:83
filterall_pluginsclass\class-mainwp-child-pagespeed.php:132
actionadmin_menuclass\class-mainwp-child-pagespeed.php:133
actionmainwp_child_pagespeed_cron_checkclass\class-mainwp-child-pagespeed.php:189
actionadmin_noticesclass\class-mainwp-child-password-policy.php:50
actionwp_pre_insert_user_dataclass\class-mainwp-child-password-tracker.php:65
actionprofile_updateclass\class-mainwp-child-password-tracker.php:66
actionpassword_resetclass\class-mainwp-child-password-tracker.php:67
actionafter_password_resetclass\class-mainwp-child-password-tracker.php:68
filtermainwp_site_sync_others_dataclass\class-mainwp-child-patchstack.php:109
filterall_pluginsclass\class-mainwp-child-patchstack.php:111
actionadmin_menuclass\class-mainwp-child-patchstack.php:112
filterupgrader_package_optionsclass\class-mainwp-child-patchstack.php:324
filterplugins_api_argsclass\class-mainwp-child-plugins-check.php:108
actionmainwp_child_deactivationclass\class-mainwp-child-plugins-check.php:109
filterposts_whereclass\class-mainwp-child-posts.php:321
actiontrash_postclass\class-mainwp-child-posts.php:480
actiondelete_postclass\class-mainwp-child-posts.php:483
filtermainwp_site_sync_others_dataclass\class-mainwp-child-staging.php:108
filterall_pluginsclass\class-mainwp-child-staging.php:125
actionadmin_menuclass\class-mainwp-child-staging.php:126
filtersite_transient_update_pluginsclass\class-mainwp-child-staging.php:127
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-staging.php:128
filterdefault_option_active_pluginsclass\class-mainwp-child-stats.php:237
filteroption_active_pluginsclass\class-mainwp-child-stats.php:238
filterpre_site_transient_update_themesclass\class-mainwp-child-stats.php:582
filterpre_site_transient_update_coreclass\class-mainwp-child-stats.php:679
filterpre_transient_update_coreclass\class-mainwp-child-stats.php:682
filterpre_site_transient_update_pluginsclass\class-mainwp-child-stats.php:790
filterthemes_api_argsclass\class-mainwp-child-themes-check.php:108
actionmainwp_child_deactivationclass\class-mainwp-child-themes-check.php:109
filtermainwp_site_sync_others_dataclass\class-mainwp-child-timecapsule.php:79
actionmainwp_child_site_statsclass\class-mainwp-child-timecapsule.php:99
filterall_pluginsclass\class-mainwp-child-timecapsule.php:102
actionadmin_menuclass\class-mainwp-child-timecapsule.php:103
filtersite_transient_update_pluginsclass\class-mainwp-child-timecapsule.php:104
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-timecapsule.php:105
filterpre_site_transient_update_pluginsclass\class-mainwp-child-updates.php:215
filterpre_site_transient_update_pluginsclass\class-mainwp-child-updates.php:239
filterpre_site_transient_update_themesclass\class-mainwp-child-updates.php:494
filterpre_site_transient_update_themesclass\class-mainwp-child-updates.php:501
filtersite_transient_update_themesclass\class-mainwp-child-updates.php:578
filterpre_site_transient_update_themesclass\class-mainwp-child-updates.php:676
filterpre_site_transient_update_pluginsclass\class-mainwp-child-updates.php:1121
filterpre_site_transient_update_themesclass\class-mainwp-child-updates.php:1129
filterpre_site_transient_update_coreclass\class-mainwp-child-updates.php:1195
filterpre_transient_update_coreclass\class-mainwp-child-updates.php:1198
filterupgrader_install_package_resultclass\class-mainwp-child-updates.php:1439
filtermainwp_site_sync_others_dataclass\class-mainwp-child-updraft-plus-backups.php:75
filterupdraftplus_save_last_backupclass\class-mainwp-child-updraft-plus-backups.php:76
actionhttp_request_argsclass\class-mainwp-child-updraft-plus-backups.php:1549
actionhttp_request_argsclass\class-mainwp-child-updraft-plus-backups.php:1805
filterall_pluginsclass\class-mainwp-child-updraft-plus-backups.php:4136
actionadmin_menuclass\class-mainwp-child-updraft-plus-backups.php:4137
filtersite_transient_update_pluginsclass\class-mainwp-child-updraft-plus-backups.php:4138
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-updraft-plus-backups.php:4139
actionwp_before_admin_bar_renderclass\class-mainwp-child-updraft-plus-backups.php:4140
actionadmin_initclass\class-mainwp-child-updraft-plus-backups.php:4141
actionmainwp_child_cron_plugin_vuln_nvd_continue_checkclass\class-mainwp-child-vulnerability-checker.php:87
actionmainwp_child_cron_plugin_vuln_nvd_continue_force_checkclass\class-mainwp-child-vulnerability-checker.php:88
actionmainwp_child_deactivationclass\class-mainwp-child-woocommerce-status.php:63
actionmainwp_child_deactivationclass\class-mainwp-child-wordfence.php:258
actionmainwp_child_site_statsclass\class-mainwp-child-wordfence.php:287
filterall_pluginsclass\class-mainwp-child-wordfence.php:289
actionadmin_menuclass\class-mainwp-child-wordfence.php:290
actionadmin_initclass\class-mainwp-child-wordfence.php:291
actionmainwp_child_wordfence_cron_scanclass\class-mainwp-child-wordfence.php:408
actionplugins_loadedclass\class-mainwp-child-wp-cli-command.php:36
filtermainwp_site_sync_others_dataclass\class-mainwp-child-wp-rocket.php:94
filterall_pluginsclass\class-mainwp-child-wp-rocket.php:96
actionadmin_menuclass\class-mainwp-child-wp-rocket.php:97
filtersite_transient_update_pluginsclass\class-mainwp-child-wp-rocket.php:98
filtermainwp_child_hide_update_noticeclass\class-mainwp-child-wp-rocket.php:99
actionwp_before_admin_bar_renderclass\class-mainwp-child-wp-rocket.php:100
actionadmin_initclass\class-mainwp-child-wp-rocket.php:101
filtermainwp_site_sync_others_dataclass\class-mainwp-child-wpvivid-backuprestore.php:84
filterwp_footerclass\class-mainwp-child.php:96
actionmainwp_child_writeclass\class-mainwp-child.php:138
actioncurrent_screenclass\class-mainwp-child.php:181
actionpre_current_active_pluginsclass\class-mainwp-child.php:186
actioncore_upgrade_preambleclass\class-mainwp-child.php:188
actioncurrent_screenclass\class-mainwp-child.php:195
actioninitclass\class-mainwp-child.php:235
actiontemplate_redirectclass\class-mainwp-child.php:246
actionactivated_pluginclass\class-mainwp-child.php:247
actioninitclass\class-mainwp-child.php:248
actioninitclass\class-mainwp-child.php:249
actioninitclass\class-mainwp-child.php:250
actionadmin_initclass\class-mainwp-child.php:251
actionplugin_action_links_mainwp-child/mainwp-child.phpclass\class-mainwp-child.php:252
filtermainwp_child_create_action_nonceclass\class-mainwp-child.php:255
filtermainwp_child_verify_authed_acion_nonceclass\class-mainwp-child.php:257
filtermainwp_child_get_ping_nonceclass\class-mainwp-child.php:258
filtermainwp_child_get_encrypted_optionclass\class-mainwp-child.php:259
filterwp_mainwp_stream_current_agentclass\class-mainwp-client-report.php:65
filtermainwp_site_sync_others_dataclass\class-mainwp-client-report.php:72
actionmainwp_child_logclass\class-mainwp-client-report.php:73
filterall_pluginsclass\class-mainwp-client-report.php:295
actionadmin_menuclass\class-mainwp-client-report.php:296
filtersite_transient_update_pluginsclass\class-mainwp-client-report.php:305
filtermainwp_child_hide_update_noticeclass\class-mainwp-client-report.php:306
filterupload_mimesclass\class-mainwp-clone-page.php:86
actionmainwp-child_clone_backupcreateclass\class-mainwp-clone.php:69
actionmainwp-child_clone_backupcreatepollclass\class-mainwp-clone.php:70
actionmainwp-child_clone_backupdownloadclass\class-mainwp-clone.php:71
actionmainwp-child_clone_backupdownloadpollclass\class-mainwp-clone.php:72
actionmainwp-child_clone_backupextractclass\class-mainwp-clone.php:73
actioncheck_admin_refererclass\class-mainwp-clone.php:192
actionadmin_noticesclass\class-mainwp-clone.php:194
filtermainwp_site_sync_others_dataclass\class-mainwp-custom-post-type.php:65
actionsave_postclass\class-mainwp-custom-post-type.php:67
actiontrashed_postclass\class-mainwp-custom-post-type.php:68
actiondeleted_postclass\class-mainwp-custom-post-type.php:69
actionuntrashed_postclass\class-mainwp-custom-post-type.php:70
filterhttp_request_host_is_externalclass\class-mainwp-custom-post-type.php:204
actionadmin_initclass\class-mainwp-pages.php:90
actionadmin_menuclass\class-mainwp-pages.php:91
actionadmin_noticesclass\class-mainwp-pages.php:92
filterplugin_row_metaclass\class-mainwp-pages.php:93
actionmainwp-child-pageheaderclass\class-mainwp-pages.php:285
actionmainwp-child-pagefooterclass\class-mainwp-pages.php:286
filterautomatic_updater_disabledclass\class-mainwp-system.php:93
filterhttp_request_argsclass\class-mainwp-utility.php:328
filterwp_mail_fromclass\class-mainwp-utility.php:810
filterhttp_request_argsclass\class-mainwp-wordpress-seo.php:117
actionplugins_loadedmainwp-child.php:137
actionprofile_updatemodules\changes-logs\classes\class-changes-handle-bbpress-user.php:35
actionset_user_rolemodules\changes-logs\classes\class-changes-handle-bbpress-user.php:36
actionadd_attachmentmodules\changes-logs\classes\class-changes-handle-wp-files.php:37
actionadmin_initmodules\changes-logs\classes\class-changes-handle-wp-files.php:38
actiondelete_attachmentmodules\changes-logs\classes\class-changes-handle-wp-files.php:39
actionadmin_initmodules\changes-logs\classes\class-changes-handle-wp-menus.php:64
actionadmin_menumodules\changes-logs\classes\class-changes-handle-wp-menus.php:65
actioncustomize_registermodules\changes-logs\classes\class-changes-handle-wp-menus.php:66
actioncustomize_save_aftermodules\changes-logs\classes\class-changes-handle-wp-menus.php:67
actionwp_create_nav_menumodules\changes-logs\classes\class-changes-handle-wp-menus.php:68
actionwp_delete_nav_menumodules\changes-logs\classes\class-changes-handle-wp-menus.php:69
actionwp_update_nav_menumodules\changes-logs\classes\class-changes-handle-wp-menus.php:70
actionwp_update_nav_menu_itemmodules\changes-logs\classes\class-changes-handle-wp-menus.php:71
actionadd_post_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:43
actionadd_user_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:44
actiondeleted_post_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:45
actionsave_postmodules\changes-logs\classes\class-changes-handle-wp-metadata.php:46
actionupdate_post_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:47
actionupdate_user_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:48
actionupdated_post_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:49
actionupdated_user_metamodules\changes-logs\classes\class-changes-handle-wp-metadata.php:50
actionuser_registermodules\changes-logs\classes\class-changes-handle-wp-metadata.php:51
actionadd_user_to_blogmodules\changes-logs\classes\class-changes-handle-wp-multisite.php:30
actionremove_user_from_blogmodules\changes-logs\classes\class-changes-handle-wp-multisite.php:31
actiondelete_usermodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:37
actionedit_user_profilemodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:38
actiongrant_super_adminmodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:39
actiongranted_super_adminmodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:40
actionprofile_updatemodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:41
actionrevoke_super_adminmodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:42
actionrevoked_super_adminmodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:43
actionset_user_rolemodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:44
actionupdate_user_metamodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:45
actionuser_registermodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:46
actionwpmu_delete_usermodules\changes-logs\classes\class-changes-handle-wp-user-profile.php:47
actioninitmodules\changes-logs\classes\class-changes-logs.php:55
actioninitmodules\changes-logs\classes\class-changes-logs.php:56
actionmainwp_child_actions_data_cleanmodules\changes-logs\classes\class-changes-logs.php:77

Scheduled Events 6

mainwp_child_pagespeed_cron_check
googlepagespeedinsightschecknow
mainwp_child_cron_plugin_vuln_nvd_continue_force_check
mainwp_child_cron_plugin_vuln_nvd_continue_check
mainwp_child_wordfence_cron_scan
rocket_update_dynamic_lists
Maintenance & Trust

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads40.5M

Community Trust

Rating100/100
Number of ratings70
Active installs700K
Alternatives

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Alternatives

Modular DS: Monitor, update, and backup multiple websites

Modular DS: Monitor, update, and backup multiple websites

modular-connector

A
87

Manage all your WordPress sites from one place. Automate updates, backups, uptime monitoring, security, maintenance reports, and more.

40K 3 CVEs
WP Umbrella: Update Backup Restore & Monitoring

WP Umbrella: Update Backup Restore & Monitoring

wp-health

A
97

Everything you need to sell WordPress maintenance and manage multiple sites effortlessly: backup, update, uptime monitoring, and security.

60K 1 CVE
The WP Remote WordPress Plugin

The WP Remote WordPress Plugin

wpremote

A
100

Manage updates, backups, and more across all your WordPress sites with WP Remote.

30K 1 CVE
MainWP Dashboard: Self-hosted WordPress Management for Agencies

MainWP Dashboard: Self-hosted WordPress Management for Agencies

mainwp

A
97

Run updates, backups, security and reporting across all client sites from your own server. Keep data private and prove your value with branded reports &hellip;

20K 6 CVEs
InfiniteWP Client

InfiniteWP Client

iwp-client

A
90

Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.

200K 7 CVEs
Developer Profile

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Developer Profile

mainwp

4 plugins · 825K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
1278 days
View full developer profile
Detection Fingerprints

How We Detect MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mainwp-child/css/1.10.4/jquery-ui.min.css/wp-content/plugins/mainwp-child/css/1.11.1/jquery-ui.min.css/wp-content/plugins/mainwp-child/mainwp-child.php
Version Parameters
mainwp-child/mainwp-child.php?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- MainWP Child Plugin --><!-- MainWP Child Plugin Autoloader to load all other class files. --><!-- Delay the heavy constructor until we really need it. --><!-- MainWP Child Assets -->+20 more
FAQ

Frequently Asked Questions about MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites