If the PHP OpenSSL Extension is not available on a child site server, the MainWP plugin was designed to drop back to an MD5 encryption connection for securing the communication between the dashboard and child site. After an extensive review and security audit, it was shown that the MD5 encryption drop back is not as secure as we would like.
Since the security is the most important thing to MainWP team, we have decided to enable users with sites currently connected via MD5 encryption to see which sites are currently connected with MD5 encryption and disallow any new sites from being connected via MD5.
How this affects already MD5 – connected sites?
After installing the MainWP Dashboard 3.2.2 and the MainWP Child 3.2.5 all child sites connected by using the MD5 will be listed in the Connection Status widget
If you see this icon on your MainWP Dashboard, it means that the PHP OpenSSL Extension is not enabled on your child site server and that the MainWP Plugin uses MD5 when the child sites have been added.
From this point, it is highly recommended to Enable the OpenSSL on your child site server, and re-establish the connection in order to drop the MD5 encryption and set the OpenSSL encrypted connection.
To do that:
- Login into the Child site
- Go to the WP Admin > Settings > MainWP Child > Server Information page
- Locate the OpenSSL Extension Enabled check and see if the Extension has been disabled or it has been enabled in the meantime
- If the OpenSSL extension has been disabled, It needs to be enabled.
Before doing anything by yourself, we highly recommend contacting your hosting support department and asking them to do it for you.
To enable the SSL Extension, we suggest uncommenting the ;extension=php_openssl.dll line in your php.ini file by removing the ( ; ) in front of it.
If you are not familiar with the location of your php.ini file or not comfortable with editing the file yourself most hosting companies will make this change for you.
Some servers will require a reboot to enable the new settings, please contact your hosting provider for details.
- Once the OpenSSL has been enabled, reset your MainWP Child plugin by deactivating it and re-activating it on the WP Admin > Plugins page.
- Login into your MainWP Dashboard
- Sync your site(s). After syncing, the dashboard will show that the child site got disconnected
- After the page reloads, go to the MainWP > Sites > Manage page
- Reconnect your child site
How this affects new sites?
If you attempt to connect a website that is hosted on a server that has the OpenSSL extension disabled, the process will fail. Before connecting a site, you need to enable the OpenSSL extension on the server.