wpmgr
Team and access

WordPress team access control with a tamper-evident audit log

Four roles from owner to viewer, per-site sharing, OIDC SSO, and a hash-chained audit log of every action across the fleet. Share a single site with a collaborator without exposing the rest of the portfolio.

Sharing WordPress fleet access with a collaborator should not mean giving them a view of every client's sites

Most fleet management tools treat access as all-or-nothing: either a team member sees every site or nothing. Agencies and freelancers often need to share a single site with a client, a contractor, or a developer without exposing the rest of the portfolio. WPMgr's per-site sharing model gives a collaborator the exact scope they need, no more.

How it works

Under the hood

The steps that make it work, and what each one does.

1

Invite team members by email

Send email invites directly from the dashboard. New members verify their email address and are prompted to set a password. OIDC SSO can be configured for company-wide single sign-on.

2

Assign a role with least privilege

Four roles: owner, admin, member, and viewer. Owner has full access including billing and org settings. Viewer can see dashboards and reports but cannot make changes. Roles apply fleet-wide.

3

Share individual sites

Share a single site with any user at a specific role level. The user sees only that site in their dashboard. Revoke access at any time from the site or from the user's profile.

4

Review the audit log

Every login, role change, site action, backup, update, and configuration change is recorded in a hash-chained audit log. The chain break detector shows if any record was tampered with or deleted.

Team and access3 members
JM
Jordan M.All sites
Admin
ST
Sam T.All sites
Member
CA
Client Ashop.client-a.com
Viewer
Audit loghash-chained
Backup startedJordan M.4m ago
Plugin updatedSam T.22m ago
Login failedunknown1h ago
Role changedJordan M.3h ago

What's included

Every capability ships in the open-source release.

Four-role access model

Owner, admin, member, and viewer. Roles apply fleet-wide. Per-site overrides allow narrower or broader access for specific collaborators.

Per-site sharing

Share exactly one site with a user without giving them fleet access. Revoke access instantly without affecting their access to other sites.

OIDC SSO

Configure your company's identity provider for single sign-on. Members authenticate with their corporate account; WPMgr does not store their password.

Tamper-evident audit log

Every action is recorded in a hash-chained log. The chain break detector identifies gaps, modifications, and deletions. An integrity report explains the cause of any detected break.

Dashboard two-factor authentication

TOTP and WebAuthn passkeys protect dashboard access. Trusted devices, recovery codes, and a single-use code flow ensure operators can always recover access.

API key management

Create named API keys with scoped permissions for automation and integrations. Keys can be revoked individually without affecting other keys or team member access.

FAQ

Questions answered

Common questions about this feature.

Self-host it, read the code, and run your whole fleet.

Free and open source. No per-site fee. The full release is on GitHub.