I built WP Manage — an open-style VPS & WordPress control panel
Hey r/WordPress 👋
For the past while I've been working on a project called WP Manage (https://wppanel.io.vn/) — a self-hosted control panel for managing VPS servers and WordPress sites from a single dashboard. It's aimed at agencies, hosting providers, and anyone who's tired of juggling SSH, cPanel-style tools, and a dozen WordPress admins.
I wanted something that felt closer to GridPane / RunCloud / SpinupWP, but with a stack I could fully control. Here's what it does today:
Architecture
A hub-and-spoke setup: a central API server (Go + Fiber v2) talks to lightweight agents on each VPS over gRPC with TLS. The dashboard is React 18 + TypeScript + Vite with real-time WebSocket updates.
Server management
- One-command install on Ubuntu 22.04/24.04
- 12-step auto-provisioning: Nginx, PHP-FPM (7.4–8.5), MariaDB, Redis, Certbot, Fail2Ban, UFW, WP-CLI
- Live CPU/RAM/Disk monitoring, log streaming, cron jobs, SSH key management
WordPress site management (20+ tabs per site)
Overview, File Manager, Staging (clone + push to prod), Updates, Database, Performance, Image optimization, Multisite, Domains/aliases, Redis, Cron, SFTP (chroot per site), WAF, SSL, WP-CLI terminal, FastCGI Cache, Import, Hardening, PHP config. One-click HMAC-signed auto-login into wp-admin.
Security
- Dual malware scanning: ClamAV + a WordPress-aware signature engine
- Per-site ModSecurity WAF with OWASP CRS (paranoid levels 1–4)
- Fail2Ban with 5 jails including WP login + xmlrpc
- Cloudflare-Only mode that automatically syncs CF IPs into UFW weekly
- WordPress Hardening with 6 reversible rules
- AES-256-GCM backup encryption, SHA-256 checksums
Backups & Migration
Full or DB-only backups to S3, R2, Google Drive, or Backblaze B2, with rotation policies. Server-to-server migration runs in 5 phases (prepare → initial rsync + mysqldump → delta sync → cutover → cleanup) with rollback + automatic DNS updates.
Monitoring
60s HTTP uptime checks, threshold-based alerts on CPU/RAM/Disk, SSL auto-renewal with 14/7/3/1-day expiry warnings, alerts via Telegram, Slack, and email.
Other stuff
- 150+ REST API endpoints + API keys with rate limiting
- Agent rollouts: Canary, Rolling, or Immediate, with atomic binary updates and auto rollback
- RBAC (Admin / Manager / Viewer), team-based permissions, 2FA + recovery codes
- A "Transfer Tool" that imports existing WordPress sites from any external server over SSH — no agent required on the source
- 9 background workers handling backups, scans, updates, uptime, log cleanup, etc.
Try it
Minimum requirements: Ubuntu 22.04/24.04 VPS, 1 CPU, 1 GB RAM, a domain pointing to the VPS.
# Panel only
bash <(curl -sSL https://mirrors.bucloud.com/install.sh) -d yourdomain.com
# Panel + Agent on the same VPS (quick start)
bash <(curl -sSL https://mirrors.bucloud.com/install.sh) -d yourdomain.com --with-agent
Full docs and feature breakdown: https://wppanel.io.vn/
I'd really love honest feedback from people who actually run WordPress at scale:
- What's missing compared to the panels you use today?
- Anything in the security/WAF/backup story you'd want done differently?
- Bugs or rough edges — please tell me, I'll fix them.
Happy to answer any questions in the comments. Thanks for taking a look 🙏