MD5 Connection Issue

If the PHP OpenSSL Extension is not available on a child site server, the MainWP plugin was designed to drop back to an MD5 encryption connection for securing the communication between the dashboard and child site. After an extensive review and security audit, it was shown that the MD5 encryption drop back is not as secure as we would like.

tldr; version

Since the security is the most important thing to MainWP team, we have decided to enable users with sites currently connected via MD5 encryption to see which sites are currently connected with MD5 encryption and disallow any new sites from being connected via MD5.

How this affects already MD5 – connected sites?

After installing the MainWP Dashboard 3.2.2 and the MainWP Child 3.2.5 all child sites connected by using the MD5 will be listed in the Connection Status widget

Unsecure Connection (MD5)

If you see this icon on your MainWP Dashboard, it means that the PHP OpenSSL Extension is not enabled on your child site server and that the MainWP Plugin uses MD5 when the child sites have been added.

From this point, it is highly recommended to Enable the OpenSSL on your child site server, and re-establish the connection in order to drop the MD5 encryption and set the OpenSSL encrypted connection.

To do that:

  1. Login into the Child site
  2. Go to the WP Admin > Settings > MainWP Child > Server Information page
  3. Locate the OpenSSL Extension Enabled check and see if the Extension has been disabled or it has been enabled in the meantimeOpenSSL Disabled
  4. If the OpenSSL extension has been disabled, It needs to be enabled. 
    Before doing anything by yourself, we highly recommend contacting your hosting support department and asking them to do it for you.

    To enable the SSL Extension, we suggest uncommenting the ;extension=php_openssl.dll line in your php.ini file by removing the ( ; ) in front of it.

    ;extension=php_openssl.dll

    to

    extension=php_openssl.dll

    If you are not familiar with the location of your php.ini file or not comfortable with editing the file yourself most hosting companies will make this change for you.

    Some servers will require a reboot to enable the new settings, please contact your hosting provider for details.

  5. Once the OpenSSL has been enabled, reset your MainWP Child plugin by deactivating it and re-activating it on the WP Admin > Plugins page.
  6. Login into your MainWP Dashboard
  7. Sync your site(s). After syncing, the dashboard will show that the child site got disconnected
  8. After the page reloads, go to the MainWP > Sites > Manage page
  9. Reconnect your child site

How this affects new sites?

If you attempt to connect a website that is hosted on a server that has the OpenSSL extension disabled, the process will fail. Before connecting a site, you need to enable the OpenSSL extension on the server.

OpenSSL Required Error Message

Important Notes

It is required to have the OpenSSL Extension enabled on your Dashboard site Server too. If OpenSSL Extension is disabled on the Dashboard Server, you won’t be able to connect child sites with the OpenSSL encrypted connection.