Frequently asked questions

BlockForge is a WordPress management platform built for agencies, freelancers, and site owners who manage multiple WordPress installations. It provides verified backups, uptime monitoring, security scanning, staging environments, and incident automation — all from a single dashboard. If you're responsible for keeping WordPress sites secure, updated, and running smoothly, BlockForge is designed for you.

Install the BlockForge Connector plugin on your WordPress site. After activation, enter the connection key from your BlockForge dashboard. The plugin establishes a secure, authenticated connection and begins syncing your site data within seconds. No manual configuration needed — the plugin handles everything automatically.

Most users are fully set up in under 5 minutes. Create an account, install the connector plugin on your site, and enter the connection key. BlockForge immediately starts collecting plugin/theme inventories, uptime data, and security information. Backup configuration and monitoring thresholds can be customized afterwards.

Yes. BlockForge supports CSV import for bulk site onboarding. You can also use SSH Server Discovery to automatically find all WordPress installations on a server. If you're migrating from ManageWP, MainWP, or similar tools, the process is straightforward — install the connector plugin on each site and they appear in your dashboard automatically.

No. The connector plugin communicates over HTTPS using a secure API. SSH access is optional and only needed for the SSH Server Discovery feature, which scans a server for WordPress installations. All core features — backups, monitoring, security scanning, updates — work through the plugin alone.

BlockForge supports WordPress 5.0 and above. We recommend running the latest stable version for optimal compatibility and security. The connector plugin is tested against every major WordPress release before it ships.

Yes. BlockForge works with WordPress Multisite networks. The connector plugin is installed once on the network and provides monitoring, backups, and security scanning for the entire multisite installation. Each subsite's plugins and themes are tracked individually.

Workspaces are separate environments within your BlockForge account. Each workspace has its own sites, team members, and settings. Agencies typically create one workspace per client or per team. You can switch between workspaces instantly and invite different team members to each one with granular permissions.

Yes. All paid plans include free onboarding support. We help with initial setup, plugin installation, migrating from other tools, and configuring monitoring and backup schedules. Enterprise customers receive dedicated onboarding with a technical specialist.

Yes. BlockForge includes a Client Portal feature that gives your clients a white-labeled, read-only view of their sites. Clients can see uptime status, backup history, and activity reports without accessing your full dashboard. You can customize the portal branding and even use a custom domain.

BlockForge uses verified backups. Every backup is automatically restored in an isolated Docker container to confirm it actually works. Most backup solutions just store files and hope for the best — we prove the backup is restorable before marking it as verified. Backups are stored in two geographic locations (dual-location storage) and protected with SHA-256 integrity checks.

BlockForge checks your site from multiple monitoring nodes at configurable intervals (down to 1 minute on paid plans). When a downtime event is detected, it's verified from a second location to prevent false alarms. You receive instant notifications via email, Slack, or webhooks. The dashboard shows response times, uptime percentages, SSL certificate status, and historical performance data.

Safe Update creates a backup before updating any plugin or theme, performs the update, then runs a health check to verify the site still works. If the health check fails, BlockForge automatically rolls back to the pre-update state. This means you can update plugins with confidence, even on production sites, without worrying about breaking changes.

BlockForge creates staging environments using Docker containers from any backup snapshot. The staging site runs in an isolated environment with its own database and file system. You can test plugin updates, theme changes, or WordPress core upgrades without touching your live site. Staging environments are automatically cleaned up after a configurable TTL.

Yes. The Update Center shows all pending plugin, theme, and WordPress core updates across all your sites in one view. You can apply updates individually or in bulk, with optional Safe Update mode that creates a backup and verifies site health after each update. Filter by update type, severity, or site to prioritize critical security patches.

BlockForge runs multiple security layers: vulnerability scanning against the WPScan database for known plugin/theme vulnerabilities, file integrity monitoring that detects unauthorized file changes, malware detection, WordPress core file verification against official checksums, and SSL certificate monitoring. Security snapshots let you compare file states over time to detect tampering.

SSH Server Discovery connects to your server via SSH and automatically finds all WordPress installations in common hosting paths. It identifies the WordPress version, active plugins, database details, and site URL for each installation. This is particularly useful for agencies that manage many sites on shared or dedicated servers and want to ensure nothing is missed.

WP Auto-Login generates a secure, one-time authentication token that logs you into the WordPress admin of any connected site with a single click. The token expires after use and is scoped to a specific user account. No need to remember or store WordPress credentials for each site.

Yes. BlockForge generates branded PDF reports that summarize activity, uptime, backups, security status, and updates for any site over a custom date range. Reports include an executive summary, per-site breakdowns, and security posture badges. You can use them to demonstrate value to clients or meet contractual reporting requirements.

BlockForge supports email notifications, Slack integration (per-channel routing), outgoing webhooks with HMAC signing, and in-app notifications. Notification preferences are configurable per site — you can get Slack alerts for downtime on critical sites while receiving email summaries for less urgent ones. Webhooks support 30+ event types for integration with external tools.

All BlockForge infrastructure is hosted in the European Union. Application servers, databases, and backup storage are located in EU data centers. Backups are stored in two separate EU locations for redundancy. We do not transfer or store customer data outside the EU.

Yes. BlockForge is designed with GDPR compliance in mind. We process data based on legitimate interest and contractual necessity, provide data export and deletion capabilities, maintain a data processing agreement (DPA), and use only EU-based infrastructure. We use strictly necessary cookies only — no tracking or analytics cookies. See our Privacy Policy for details.

All communication between BlockForge and your WordPress sites is encrypted via TLS/HTTPS. The connector plugin uses HMAC-signed API requests with per-site authentication tokens. Tokens are generated during setup and can be rotated at any time. No WordPress admin credentials are stored in BlockForge.

Yes. BlockForge supports TOTP-based two-factor authentication (compatible with Google Authenticator, Authy, 1Password, and similar apps). Recovery codes are provided during setup. Additionally, BlockForge uses risk-based authentication that detects login anomalies such as new locations or impossible travel and requires email verification before granting access.

BlockForge provides compliance tooling for ISO 27001, SOC 2 Type II, NIS2, and GDPR. This includes exportable audit reports (PDF/CSV), a security posture dashboard, configurable data retention policies, comprehensive audit logging, and an incident report generator for NIS2 Art. 23 obligations. Compliance features are included in Enterprise plans and available as an add-on for Pro plans.

Yes. Enterprise plans include SSO support with SAML 2.0 and OpenID Connect (OIDC). This works with Azure AD, Okta, Google Workspace, Keycloak, and other identity providers. Domain-based discovery automatically redirects users to the correct IdP. Administrators can enforce SSO and disable password login for their organization's email domains.

Backups are encrypted in transit (TLS) and at rest (AES-256 server-side encryption on S3-compatible storage). Each backup is verified with SHA-256 checksums, and a post-upload integrity check confirms the stored data matches what was uploaded. Backup storage is isolated per workspace with no cross-tenant access.

Yes. Enterprise and compliance add-on users can configure data retention periods for backups, audit logs, activity data, and other stored information. A daily cleanup job automatically purges data that exceeds the configured retention window. This helps meet regulatory requirements for data minimization.

BlockForge includes an incident report generator compliant with NIS2 Article 23. When a security event is detected, the platform can generate structured incident reports with timeline, impact assessment, and remediation steps. All security events are logged in the audit trail with timestamps, user context, and affected resources.

Yes. BlockForge maintains comprehensive audit logs covering 80+ event types: site changes, plugin updates, backup operations, user authentication events (including failed attempts and MFA usage), team membership changes, and sensitive data access. Logs are exportable as PDF or CSV for compliance audits. A weekly audit report email is automatically sent to workspace administrators.

BlockForge offers three plans: Free (up to 3 sites with basic monitoring), Pro (10 to 200 sites with all features), and Enterprise (unlimited sites with SSO, compliance, and SLA). All paid plans include the full feature set — the only difference is the number of sites. See our Pricing page for details.

Yes. Upgrade or downgrade at any time from your account settings. Changes take effect immediately with prorated billing. If you downgrade and exceed the new plan's site limit, your existing sites continue working but you won't be able to add new ones until you're within the limit.

No. All plans are month-to-month with no long-term commitment. Cancel anytime with no penalty or cancellation fees. Enterprise plans with custom SLAs may have separate terms negotiated on a case-by-case basis.

We accept all major credit and debit cards (Visa, Mastercard, American Express) via Stripe. SEPA direct debit is available for EU customers. Enterprise plans can be invoiced with NET-30 payment terms. All prices are in USD.

The Free plan with 3 sites has no time limit and no credit card required. Use it as long as you need to evaluate BlockForge. When you're ready for more sites or advanced features like verified backups and staging, upgrade to Pro.

You'll be prompted to upgrade to the next tier. All existing sites continue working without interruption — we never disable monitoring or backups on active sites. You simply won't be able to add new sites until you upgrade or remove existing ones.

Yes. Verified backups, uptime monitoring, security scanning, staging, remote control, client reporting, bulk updates, notifications — everything is included in every Pro tier. No per-feature upsells. The only things exclusive to Enterprise are SSO, the compliance dashboard, and SLA guarantees. Compliance features are also available as an add-on for Pro plans.

The compliance add-on gives Pro plan users access to the compliance dashboard, exportable audit reports (ISO 27001, SOC 2, NIS2), data retention policies, and the incident report generator. It's the same compliance tooling included in Enterprise, available as a separate add-on so smaller teams can meet regulatory requirements without upgrading to a full Enterprise plan.

Annual billing with a discount is coming soon. Currently, all plans are billed monthly. Subscribe to our newsletter or follow our changelog for announcements.

After cancellation, your account is downgraded to the Free plan. Your sites, settings, and historical data are retained for 30 days. During this period, you can reactivate your plan and pick up where you left off. After 30 days, backup files and associated data are permanently deleted. You can request a full data export before cancellation.

Yes. BlockForge provides a REST API for programmatic access to sites, backups, uptime data, and more. Authentication uses Bearer tokens (Sanctum). The API follows standard REST conventions with JSON responses. See our API Reference for endpoints and examples.

No. The connector plugin is lightweight and only activates when BlockForge sends a request or during scheduled heartbeat checks. It adds no overhead to front-end page loads, doesn't inject scripts or stylesheets, and uses minimal server resources. Background operations like backup uploads run with low priority to avoid impacting site performance.

BlockForge works with any hosting provider that runs WordPress and allows outbound HTTPS connections. This includes shared hosting (SiteGround, Bluehost, Hostinger), managed WordPress hosting (WP Engine, Kinsta, Flywheel, Cloudways), VPS/dedicated servers (DigitalOcean, Hetzner, Linode), and custom infrastructure. Some managed hosts that restrict plugin execution may require configuration adjustments.

Yes. BlockForge supports outgoing webhooks with 30+ event types covering backups, uptime, security, updates, and more. Webhook payloads are signed with HMAC-SHA256 so you can verify authenticity. A delivery log shows the status, response code, and retry history for each webhook call. Use webhooks to integrate with Zapier, n8n, PagerDuty, or any custom system.

Yes. The BlockForge browser extension for Chrome and Safari detects WordPress sites as you browse and shows their connection status, plugin info, and security overview in a popup. It's a quick way to check if a site you're visiting is managed by BlockForge and access its dashboard with one click.

Yes. BlockForge offers a native iOS app for monitoring your sites on the go. Check uptime, view recent backups, receive push notifications for critical events, and manage basic site operations from your phone. An Android app is planned for a future release.

The connector plugin requires PHP 7.4 or higher. We recommend PHP 8.1+ for optimal performance and security. The plugin uses standard WordPress APIs and doesn't require any special PHP extensions beyond what WordPress itself needs.

The connector plugin monitors for changes made outside of BlockForge — direct WordPress admin actions, plugin installations, settings changes, and user modifications. Changes are reported via a heartbeat mechanism and critical changes trigger immediate push notifications. This gives you full visibility into what's happening on your sites, even when changes are made by other administrators or by automated processes.

Yes. BlockForge fully supports WooCommerce sites. Backups include the WooCommerce database (orders, products, customers), security scanning covers WooCommerce-specific vulnerabilities, and uptime monitoring checks critical store pages. The Safe Update workflow is particularly valuable for WooCommerce sites where plugin updates can break checkout flows.

Your WordPress sites are completely independent of BlockForge and continue running normally. The connector plugin is dormant unless contacted by BlockForge, so even if our platform is temporarily unavailable, there is zero impact on your live sites. Pending monitoring checks and backup jobs are queued and execute as soon as service is restored. You can check our platform status at any time on our status page.