Built on the conviction that your tooling should belong to you
WPMgr is an open-source WordPress fleet manager. We built it because managing WordPress sites across a portfolio should not require trusting a proprietary SaaS with your clients' data, your backup archives, or your site credentials.
The full control plane is open under the AGPL. The WordPress agent is MIT-licensed. Every message the agent sends is Ed25519-signed. You can read every line of code before you run any of it.
The principles we build to
These are not aspirations. Each one is enforced in the codebase, in the license choice, and in the product decisions we make.
Readable by design
Every line of the control plane is open under the AGPL. The WordPress agent is MIT-licensed. You can read every function, every migration, and every message format before you trust the software with your sites.
Your infrastructure, your data
WPMgr runs on servers you choose. Fleet data, backups, and diagnostic logs never leave your infrastructure unless you explicitly configure a remote destination. The hosted cloud version, when it launches, will have the same open codebase.
Cryptographically verifiable
Every command the control plane sends to a WordPress site is signed with an Ed25519 key. The agent verifies the signature before executing any instruction. You can verify this in the source code and in the agent's verification log.
Reversible by default
Features that modify a site, such as image format conversion, caching rules, or security hardening, are designed to be reversed with a single click. Originals are archived, not deleted. No feature creates a dependency you cannot remove.
AGPL + MIT: no ambiguity
The control plane is AGPL-3.0 so you can read, run, fork, and contribute back. The WordPress agent is MIT so you can use it in any project without license friction. Both choices are deliberate and permanent.
Privacy off by default
Diagnostics, performance telemetry, and Real User Monitoring are all opt-in or scoped to what the WordPress site already collects. WPMgr does not phone home, does not collect usage analytics, and does not require an account to self-host.
Licensing: no ambiguity
We chose licenses that make the terms unambiguous and that make forks and contributions straightforward. These choices are permanent.
Control plane
AGPL-3.0
Self-host, fork, and modify. If you distribute a modified version as a network service, you publish the source.
WordPress agent
MIT
Fully permissive. Use it in any project, proprietary or open, without restriction.
Agent signing
Ed25519
Every release is signed. Every runtime command is signed. Verification is in the code.
Open source means open to contribution
Good-first-issue labels are maintained on the repository. The architecture decision records are committed alongside the code so you can follow the reasoning behind every major choice without asking. The contributing guide explains how to set up a local dev environment, how to write tests, and how to open a pull request.
Issues that affect self-hosted users are treated the same as issues that affect the cloud product. There is no premium support tier for open-source users.
Pull requests open
Fork the repository and send a PR. Reviews are constructive.
Architecture decision records
Every major design choice has an ADR so you know why things are built the way they are.
Semantic versioning
Every release is tagged and has curated release notes. The changelog is committed to the repository.
Shipped regularly, documented clearly
WPMgr releases follow a predictable cadence. Every change is in the changelog, every version is tagged on GitHub, and production deployments happen through the same public repository.
Run it yourself. Read every line.
Self-host the complete control plane on your own infrastructure. No per-site fee, no data sent to a third party, and no features behind a paywall.