WordPress team access control with a tamper-evident audit log
Four roles from owner to viewer, per-site sharing, OIDC SSO, and a hash-chained audit log of every action across the fleet. Share a single site with a collaborator without exposing the rest of the portfolio.
Sharing WordPress fleet access with a collaborator should not mean giving them a view of every client's sites
Most fleet management tools treat access as all-or-nothing: either a team member sees every site or nothing. Agencies and freelancers often need to share a single site with a client, a contractor, or a developer without exposing the rest of the portfolio. WPMgr's per-site sharing model gives a collaborator the exact scope they need, no more.
Under the hood
The steps that make it work, and what each one does.
Invite team members by email
Send email invites directly from the dashboard. New members verify their email address and are prompted to set a password. OIDC SSO can be configured for company-wide single sign-on.
Assign a role with least privilege
Four roles: owner, admin, member, and viewer. Owner has full access including billing and org settings. Viewer can see dashboards and reports but cannot make changes. Roles apply fleet-wide.
Share individual sites
Share a single site with any user at a specific role level. The user sees only that site in their dashboard. Revoke access at any time from the site or from the user's profile.
Review the audit log
Every login, role change, site action, backup, update, and configuration change is recorded in a hash-chained audit log. The chain break detector shows if any record was tampered with or deleted.
What's included
Every capability ships in the open-source release.
Four-role access model
Owner, admin, member, and viewer. Roles apply fleet-wide. Per-site overrides allow narrower or broader access for specific collaborators.
Per-site sharing
Share exactly one site with a user without giving them fleet access. Revoke access instantly without affecting their access to other sites.
OIDC SSO
Configure your company's identity provider for single sign-on. Members authenticate with their corporate account; WPMgr does not store their password.
Tamper-evident audit log
Every action is recorded in a hash-chained log. The chain break detector identifies gaps, modifications, and deletions. An integrity report explains the cause of any detected break.
Dashboard two-factor authentication
TOTP and WebAuthn passkeys protect dashboard access. Trusted devices, recovery codes, and a single-use code flow ensure operators can always recover access.
API key management
Create named API keys with scoped permissions for automation and integrations. Keys can be revoked individually without affecting other keys or team member access.
Questions answered
Common questions about this feature.
Self-host it, read the code, and run your whole fleet.
Free and open source. No per-site fee. The full release is on GitHub.