Features
70+ features designed to eliminate every failure mode in WordPress operations. Verified backups, real monitoring, automated security, and operational tooling — in one platform.
Backup & Recovery
Every backup is verified by restoring it in an isolated Docker container. You never have to wonder if a restore will work.
Automated daily backups with configurable schedules. Selective parts — database, core, plugins, themes, uploads. Multi-storage with S3 and Hetzner.
Every backup is restored in a Docker container, WordPress is booted, and the site is validated with an HTTP request. Not a checksum — an actual restore test.
Isolated Docker containers for each verification. Matching PHP and MySQL versions. Complete teardown after testing — zero residue.
Every backup stored in two independent geographic locations. If one provider fails, your backups are still safe. Automatic failover between S3 and Hetzner.
Database integrity validation, WordPress core boot testing, HTTP response verification, and page title matching. Every backup gets a confidence score.
One-click Docker staging from any verified backup. Identical PHP and MySQL versions. Shareable preview URLs. Auto-expiry after 24 hours.
Test plugin, theme, and core updates in an isolated Docker environment before deploying to production. Catch breaking changes safely.
Configurable schedules — hourly, twice daily, daily, weekly, or monthly. Automatic cleanup of expired backups. Next backup time calculation.
AES-256 encryption at rest. Per-user backup key management. Multi-part upload with progress tracking for large sites.
Monitoring
Beyond simple pings. BlockForge validates that your WordPress sites actually work — content, SSL, performance, and error logs.
Multi-region checks from Frankfurt, Amsterdam, and New York. 1-minute intervals. Response time tracking with min, max, and average. Uptime percentage over 24h and 30d.
Every check validates the actual HTML response — not just the HTTP status code. Detects white screens, PHP fatal errors, and broken layouts that return 200.
Configure the expected page title. If it changes — defacement, error page, or plugin conflict — BlockForge catches it immediately.
Certificate expiry tracking with countdown alerts. Chain validation, protocol version checking, and multi-region SSL verification.
Monitoring from 3+ global locations simultaneously. Detect regional outages and CDN issues that single-region monitoring misses.
Track errors, warnings, and notices across all sites. Severity classification, read/unread status, and error statistics from one dashboard.
Toggle WordPress debug mode remotely. View, download, and clear debug logs without SSH. Real-time polling for new entries.
List all scheduled WordPress cron jobs. Create, delete, enable, or disable crons. Trigger manual execution on demand.
Automatically detect when a site is broken — white screen, database errors, or plugin conflicts. Instant alerts with diagnostic context.
Continuous response time tracking, trend analysis, and performance threshold alerts. Spot degradation before users notice.
Google PageSpeed API integration. Desktop and mobile scores. Core Web Vitals — FCP, LCP, TBT, CLS, Speed Index, TTI.
Track domain registration expiry dates with countdown alerts. Get notified 14 and 7 days before expiration to prevent accidental lapses.
Detect external changes made outside BlockForge — new users, plugin installs, setting changes, and core updates. Heartbeat monitoring with critical push alerts.
AI-powered analysis of PHP errors and debug logs. Automatic root cause identification, fix suggestions, and severity classification with sensitive data scrubbing.
Per-site alert configuration via email and Slack. Event-specific rules for backups, downtime, security, and updates. Deduplication for alert fatigue.
Security
Detect vulnerabilities, monitor file changes, scan for malware, and track configuration drift across every WordPress installation.
Continuous scanning of all installed plugins against known CVE databases. Severity ratings with CVSS scores and remediation guidance.
Scan active and inactive themes for known vulnerabilities. Cross-reference with CVE databases for every theme version.
WordPress core version monitoring against known vulnerabilities. Alerts when your core version has published security issues.
Core file checksum verification against WordPress.org originals. Plugin integrity checks. Modification tracking with exclusion lists.
Pattern-based malware scanning with signature database. Detects backdoors, injected scripts, and obfuscated code across all installations.
Point-in-time security snapshots of your entire WordPress configuration. Compare snapshots to detect drift and unauthorized changes.
Track changes to users, roles, permissions, and plugin settings over time. Per-plugin snapshot tracking with change history.
Automated WordPress security key and salt rotation. Configurable intervals with rotation history. Invalidates all existing sessions.
File permission audits, security hardening verification, and configuration best-practice checks. Automated detection and one-click fixing.
8-category static analysis before every update: malware patterns, SQL injection, code injection, input validation, external connections, file integrity, CVE lookup, and checksum verification. Results cached globally — scan once, apply everywhere.
Aggregated health score per site based on 6 categories: updates, security, backups, uptime, SSL, and vulnerabilities. Displayed on site overview and detail pages with critical filter.
Workspace-wide security overview. Aggregated vulnerability counts, compliance scores, SSL status, and security trend charts across all managed sites.
WordPress Management
Manage plugins, themes, core, database, and settings from one dashboard. No wp-admin logins required.
See all available plugin, theme, and core updates across every site in one view. Select, batch-update, and rollback with per-site progress tracking, backup toggles, and code safety verification.
Configure auto-updates, admin UI, editor settings, security hardening, and frontend features remotely. All settings synced directly to WordPress.
View, activate, deactivate, update, delete, and upload plugins. Bulk actions for batch operations. Version history with rollback support. Quick backup before every update.
View, activate, update, and delete themes. Child theme creation with auto-generated functions.php and style.css. Safe updates with rollback.
One-click WordPress core updates. PHP version display, server software info, and database details at a glance.
Toggle maintenance mode remotely. Customize page content, colors, and CSS. Manage allowed IPs for bypass access. Tabbed settings for full control.
Clean post revisions, spam, trash, and expired transients. Preview impact before execution. Scheduled maintenance with cleanup history.
Database-wide search and replace with serialization support. Automatic backup before every operation. Dry-run preview before committing.
Edit wp-config.php and .htaccess directly from BlockForge. Content validation, version history, and instant restore to previous versions.
One-click login to any WordPress admin panel. Secure, token-based authentication — no passwords needed. Jump straight into wp-admin.
Backup before update, apply update, verify site health, auto-rollback on failure. Per-plugin safe mode toggle. Notification on every automatic rollback.
Schedule maintenance windows for updates and operations. Automatic maintenance page activation during the window. Configurable duration and recurrence.
Site Onboarding
Three ways to add sites — SSH discovery, bulk import, or CSV upload. From one site to hundreds in a single operation.
Connect to a server via SSH and automatically find every WordPress installation. Temporary keys with 5-hour expiry. WP-CLI and filesystem scanning.
Add dozens of sites in one operation. Automatic connection testing, plugin installation, and initial health checks. Parallel processing.
Upload a spreadsheet, map columns, preview validation, and create all sites in one batch. Template download and auto-detection included.
Team & Organization
Workspaces, granular permissions, client management, and branded reports. Everything you need to run a professional WordPress operation.
Separate workspaces for different teams or clients. Workspace switching, invitation links, and workspace-level Slack integration.
30+ granular permissions across sites, backups, security, staging, and more. Create custom permission groups. Standard Admin and Editor templates.
Organize sites by client. Contact management, client notes, and client-specific activity logs. Assign and unassign sites with one click.
Build reports with uptime, performance, security, backups, errors, and activity sections. Custom date ranges. PDF generation and download.
Complete audit trail across all sites. Filter by category, status, and time period. User attribution for every action. Export to CSV and PDF.
Dedicated portal for your clients with their own login. White-label branding, custom domain support, and read-only access to site status, backups, and reports.
Brand BlockForge as your own. Custom logo, colors, and custom domain for client-facing interfaces. Present a professional, unified experience.
Automated weekly email to workspace admins with team member overview, site count, active alerts, and security summary. Configurable via platform settings.
Support & Communication
Integrated ticket system, Slack alerts, and a WordPress admin widget for your clients to reach you directly.
Integrated ticket system with replies, internal notes, priority levels, and assignment. Attachments and status management. Central support center.
Your clients create tickets directly from their WordPress admin panel. No separate support portal needed. Tickets appear in your BlockForge dashboard.
OAuth 2.0 Slack connection. Workspace-level setup with per-site channel overrides. Alert deduplication to avoid notification fatigue.
Per-event notification configuration. Backup completion, uptime alerts, security scans, vulnerability discoveries, and update availability.
HTTP callbacks to external URLs on 30+ site events. HMAC SHA-256 signing, per-webhook event filters, delivery logs, and automatic retries with exponential backoff.
Developer Tools
Sandbox environments, code safety checks, native apps for iOS and macOS, a browser extension, and a free security scanner.
Spin up isolated WordPress installations with any PHP and WordPress version. Docker-based, configurable lifetime, auto-cleanup after 24 hours.
Static analysis across 8 categories before every update. Results cached globally in a vulnerability database — check a plugin version once, reuse the result across all sites instantly.
Native SwiftUI app with a real-time status circle, uptime charts (Swift Charts), health scores, push notifications, and WP Auto-Login. Built for iOS 17+, Keychain-secured auth.
Native SwiftUI menu bar app for support ticket management. View, reply, and get desktop notifications for new tickets — without opening a browser. Built for macOS 14+.
Detect WordPress sites as you browse. View plugin info, theme details, and security status instantly. Available for Chrome and Safari.
13 security checks, plugin vulnerability lookup, performance snapshot, and A–F grading. Shareable URLs and PDF export — no account required.
Compliance & Auditing
Exportable audit reports, incident documentation, and data retention policies designed for ISO 27001, SOC 2, and NIS2 compliance.
Generate PDF and CSV audit reports covering uptime, security, backups, and activity logs. Designed for ISO 27001, SOC 2, and NIS2 compliance requirements.
Generate NIS2 Article 23 compliant incident reports with timeline, impact assessment, and remediation steps. PDF export for regulatory submissions.
Configurable retention periods for logs, backups, and audit data. Automated daily cleanup jobs. Per-data-type retention settings with compliance presets.
80+ logging points across all operations. Login, logout, and authentication events. Sensitive data access tracking. Full user attribution for every action.
View and revoke active sessions. Configurable session timeouts with dynamic lifetime adjustment. IP and device tracking for every session.
Login anomaly detection via GeoIP. Email OTP verification for new locations. Impossible travel detection. Two-factor authentication via TOTP with recovery codes.
Enterprise
SAML 2.0 and OIDC single sign-on for organizations that require centralized identity management. Domain-based discovery with optional enforcement.
Connect any SAML 2.0 identity provider — Azure AD, Okta, OneLogin, Keycloak, and more. SP metadata endpoint for easy IdP configuration.
Generic OIDC integration with automatic endpoint discovery. Connect Google Workspace, Azure AD, Auth0, or any OIDC-compliant provider.
Configure email domains for automatic SSO routing. Users are redirected to their organization’s identity provider based on their email address.
Optionally enforce SSO for specific domains. Block password login for users whose organization requires identity provider authentication.
Automatically create user accounts on first SSO login. Configure default workspace assignment and team membership. No manual user creation required.
One-click login and registration via Google. Automatic linking with existing accounts. Available on all plans.
Start with 3 sites for free. No credit card required.