1. Getting Started
Developed exclusively for WordPress sites, our managed hosting solution provides dedicated memory and storage space in highly configured Virtual Private Servers for each site hosted.
If you are not using WPMU DEV hosting, learn more about pricing, what’s included, and how to get started free.
Want to compare how to set up and self-manage a VPS hosting environment yourself? Check out Optimized WordPress Hosting: DIY or Managed? on our blog.
1.1 About Free SitesCopy chapter anchor to clipboard
Depending on your WPMU DEV membership plan, it may include hosting credits that can be applied toward the cost of sites hosted with us.
We do this by applying a hosting credit to your membership account that can be used to defer the per-site costs associated with whatever hosting plan you choose.
Efficient allocation of resources is one of the ways we keep costs down for all members. Therefore, free sites will be archived after 21 days unless a permanent domain has been added to the site and set as the Primary domain, and the site’s Hub has been visited at least once. Members are notified by email at least seven days before a site is archived and can prevent that from happening for another 21-days simply by clicking a link in that email. There is no limit to the number of times members can extend that 21-day period and sites that have been archived can be reactivated within 30 days by contacting support, or see Restoring a Deleted Site below.
1.2 Creating a New SiteCopy chapter anchor to clipboard
All members, including those on an introductory free trial, whose sites are hosted by WPMU DEV can create and manage new hosting sites in from The Hub.
WPMU DEV members are authorized up to 10 free email accounts that can be configured in minutes to display the member’s domain in the email address. See our Email Hosting product page for details.
From the Hub 2.0 site overview screen, click the Add a website (+) icon.
Click the Create site button under the Create new module to create a brand new site hosted with WPMU DEV.
Choose your temporary destination and click the blue arrow button to continue.
Enter your desired admin credentials on the Create WordPress Administration Account screen and click the blue arrow button to continue.
Choose where you would like your site hosted. For best performance, select a location closest to the majority of your visitors. See the Locations & Regions chapter below for more info.
- Your ‘Site Title’ can be changed at any time in the future.
- Your ‘Temporary Destination Domain’ CANNOT be changed in the future without using the site migration tool. This is the link you will use to access the site before you configure DNS and choose a final primary domain.
- Your ‘WordPress admin’ user information can be changed in the future. Do remember the password you set in order to access the WordPress Dashboard once the site is ready. If you lose it, you can always do a password reset by email.
- The ‘Server’ location CANNOT be changed in the future without changing DNS information or migrating your site. The best idea is to always choose the location closest to where the majority of your site’s visitors are located.
- You can convert a single site to a ‘Multisite’ network in the future, but it is much more challenging to go the other way.
- To prevent phishers/hackers, we do not allow the following to be part of temp domains: ‘agric’, ‘securip’, ‘apple’, ‘google’, ‘gmail’, ‘netflix’, ‘paypal’, ‘amazon’, ‘billing’, ‘netfix’, ‘bill-‘, ‘-bill’, ‘credit-‘
1.3 Migrating An Existing SiteCopy chapter anchor to clipboard
Sites can be migrated to WPMU DEV hosting using our migration tool or by manually transferring files using sFTP/SSH and phpMyAdmin. We recommend using the migration tool because it simplifies and accelerates the process and automatically resolves issues that occasionally interfere with a smooth migration.
When migrating a site that has tracking codes like Adsense, you may want to temporarily remove those codes from the duplicate site created here to avoid any possible tracking errors or penalties due to duplicate codes on different domains. Once you’ve got everything set up on the new site here and have adjusted DNS for the domain name, you can add those tracking codes back on your new site created here.
1.3.1 Migration Tool Method (Recommended)Link to chapter 3
The WPMU DEV migration tool is a server-to-server via FTP process that is much more robust than any PHP-driven, i.e., plugin migration.
For starters, the migration tool is far less susceptible to timeout issues than PHP. Additionally, it handles all file transfers and redefines URLs in one smooth process that doesn’t involve programs or utilities that many users seldom use. As long as the source server isn’t afflicted with FTP issues, it would take the Mario Andretti of web admins to perform a faster, safer migration.
Prepare to Migrate
First, as always, back up your site. Do this at your original host. It’s unlikely that the migration process will harm your site, especially when using the migration tool, but backing up is always step one when making major changes to your site.
You will need your current FTP username and password. The migration tool connects WPMU DEV servers to your host’s servers using the same FTP credentials you would use to connect via FTP. If you don’t know them, they should be displayed on a screen you can access from your dashboard or control panel at your original host. If you cannot locate them, contact the host’s support team for assistance.
From the Hub 2.0 site overview screen, click the Add a website (+) icon.
From the Let’s get started! screen, click Migrate Existing Site.
The dropdown menu on the next screen will reveal a list of all the sites currently connected to The Hub. If the site you wish to migrate does not appear in the list, then it is not connected, and you should click the Please add it to your Hub first link, and follow the instructions provided. Once the site is connected, select it from the dropdown menu and click the arrow to proceed.
Your site’s files will reside on a temporary domain until you make DNS record changes. Learn more about pointing your site to a custom domain name in our DNS documentation. Enter your preferred temporary domain name in the field provided, and click the arrow to proceed.
You can use the Migrate Existing Site option under the Hosting > Tools tab in your Hub to migrate a 3rd-party hosted site and overwrite your WPMU DEV hosted site. See our Migrate Existing Site doc for details on that.
Select the geographic area where you wish your site to be hosted.
WPMU DEV servers need to log in to your site using the same FTP username and password you use when you manage files with an FTP client. If you don’t know the credentials, you should find them in your site’s dashboard or control panel at your current host. If they do not exist, create them, paste them into the fields provided, and click Start Migration.
Required FTP/SFTP credentials:
Once they access your site, WMPU DEV servers will attempt to locate your site’s files, and most of the time, they have no problem doing so. Occasionally, however, the path to those files contains an unknown directory that our servers cannot resolve, and the migration will fail. If you know the FTP path to your site files, you can insert it in the WordPress install path field highlighted below if the automated system cannot locate the files.
If you don’t know your FTP path, the simplest thing to do is ask your current host to provide it.
You can find it on your own by logging in to your site via FTP. Regardless of the FTP client you use, your path will be displayed on the screen similarly to how they appear in the image below.
Simply cut and paste the path–in this case /site/public_html/–into the WordPress install path field.
Do not include the domain name in the path but just the words and slashes as they appear in the placeholder text in the image above.
When ready, click Start Migration.
This screen allows users to monitor migration’s progress, although you can safely close the window and move on to other things without jeopardizing the migration. You will receive an email notification when the migration is complete or if it fails.
Please note that your temporary credentials for the migrated site are as follows:
- username: admin
- email: Your WPMU DEV account email address
- password: random
Following a successful migration, the temporary domain used in this migration is set as the primary domain for the migrated content and is viewable. Unless the original site has been disabled in some way, your content is viewable at both the original URL and the temporary one. In a moment, you will be instructed to update your DNS records and set your original domain as the primary domain, at which point your permanent domain is the only one visitors can access.
Before making those updates, however, we encourage you to visit the temporary domain to verify that the migration was successful. You can do so by clicking WP Admin option next to the temporary domain in The Hub site manager.
If the migration fails for any reason and you want to access the new site hosted here, you will need to first reset the password for the auto-created admin account. That account is created using the email address associated with your WPMU DEV account, and the default username is: admin. So to reset the password, you need only go to the /wp-login.php screen for the new site, click the Lost your Password? link, and enter your WPMU DEV email address. Click the reset link in the email, and enter the new password you want to use for the default admin account.
If you discover a problem with the site following migration, contact support, and our team will help you determine how best to proceed. If you are satisfied with the migration, then it’s time to edit your DNS records. See our WPMU DEV DNS Records documentation for guidance.
1.3.2 Manual Migration by WPMU DEV StaffLink to chapter 3
As a WPMU DEV member, you can also request that we manually migrate your site in case the above options don’t work for you. We can migrate either directly from the server where your existing site is currently hosted, or by using a full and complete backup of your existing site that you provide.
To get your migration done by our staff, you’d need to provide the following required information for either method to our live chat support superheroes.
They will then create the needed support ticket for you, and our hosting support techs will get the migration done. You’ll be notified in your support ticket once the migration is finished.
Info required for manual migration
- Admin login credentials to your existing WordPress site (if Multisite please provide Super Admin details):
- Admin Username
- Admin Password
- Login URL
- FTP credentials to your existing WordPress site:
- Key-File (and password) if needed
- Server admin credentials to your existing WordPress site (cPanel, Plesk or equivalent at your current host):
- Login URL
- Destination Environment
- WPMU DEV Hosting temporary *.tempurl.host URL (can be an existing WPMU DEV hosted site you wish to overwrite, or a brand new one you create before requesting the migration)
- A full backup of your existing WordPress site (.zip, .tar.gz etc)
- Must include all site files and export of your database (.sql file)
- Destination Environment
- WPMU DEV Hosting temporary *.tempurl.host URL (can be an existing WPMU DEV hosted site you wish to overwrite, or a brand new one you create before requesting the migration)
Supported Migrations & Conversions
It’s important to note that some types of migrations are out-of-scope and cannot be handled by our support or hosting staff. Following are the types of manual migrations/conversions that we can and cannot do for you.
- Supported migrations
- Yes – If Single site -> Single site
- Yes – If Multisite -> Multisite
- Supported conversions
- Yes – If Single site -> Multisite
- Yes – If Subsite -> Single site (you should expect to need to perform some cleanup in the converted site, and there may be configuration issues for some plugins due to conversion)
- Depends – If Multisite -> Single site (supported only if there’s just a main site, without subsites)
- Depends – If Subdomain -> Subdirectory (supported only if there’s just a main site, without subsites)
- Depends – If Subdirectory -> Subdomain (supported only if there’s just a main site, without subsites)
- Not supported – Out of scope
- No – If Single -> Subsite (3rd party developer required for this type of migration)
- No – If Subsite -> Subsite (3rd party developer required for this type of migration)
1.5 Cloning a SiteCopy chapter anchor to clipboard
The Clone a site module in the hosting getting started wizard allows you to quickly set up new websites with your favorite plugins, theme, and configuration options from a template.
Click the Clone Site button and follow the clone module guide to make a copy of an existing site or use one of our pre-configured templates.
For guided information on using Clone to set up and use templates on your WPMU DEV hosting account, visit the Cloning Sites documentation.
1.6 Locations & RegionsCopy chapter anchor to clipboard
- Australia (Sydney)
- Canada (Toronto)
- Germany (Frankfurt)
- India (Bangalore)
- Japan (Tokyo)
- Netherlands (Amsterdam)
- United Kingdom (London)
- USA East (New York City)
- USA West (San Francisco)
At WPMU DEV, we’re always looking for ways that we can provide the best opportunity for a blazing-fast site, which means setting up data centers in strategic locations. In this case, we decided to test out just how much the addition of the data center in Australia impacted load times for an audience there. Check out our blog, Timed & Tested: Shave Seconds Off Your Load Time to read more about the results.
The easiest way to migrate a site from one hosting region to another is by using our Clone tool in the Hub. For details on how to do that, please see the Migrate a Site to a New Region chapter in the Cloning Sites documentation. You can also request a Manual Migration by WPMU DEV Staff as detailed above.
Members are free to migrate sites from one region to another at any time but should be aware that our hosted backups are regionally isolated and cannot be migrated with the site. Members should download any hosted backups they wish to preserve before initiating the migration. Hosting backups cannot be accessed from a different region, and we cannot move them for you after the fact.
Also, migrating a site to a new region will require the assignment of a new dedicated IP address, so all DNS settings will have to be reconfigured, including any IP address-dependent plugins or integrated apps.
Finally, there is downtime to consider. The original site will cease to function the moment the migration begins. The time required for the migration depends on the size of the site or sites being moved, and once the site is up in its new region, how long it takes to reconfigure its plugins and apps depends largely on the skill of the admins.
1.7 Plans & Usage LimitsCopy chapter anchor to clipboard
Each site that we host gets its own plan, complete with its own dedicated memory, CPUs, storage, and usage limits.
Curious about how our hosting holds up against other popular hosting services on the market? Well, even if you weren’t curious, we definitely were! So, we decided to put them all to the test and thought we’d clue you in on exactly how we did that – full transparency. Check out How to Accurately Test Your WordPress Host for more information on the tests we conducted and what online resources we used.
You can upgrade plans at any time. You can also downgrade a plan at any time. However, please note that downgrading more than one level may require a DNS change that only our support team can accomplish manually. This is because of technical limitations around storage space in the environment. In these cases, we’ll set up a new hosting environment at the desired plan and manually migrate the site’s files and content over.
We do not set hard limits on visits, bandwidth, or traffic, but we do provide recommended visit levels for each plan to help you determine which plan will be right for you. Your site will have lower performance, including brief outages, when your memory and CPU resources are maxed out.
Factors that might use more resources and thus require you to upgrade:
- WordPress Multisite – Multisite networks are more taxing on server resources, especially Subdomain installs and those Multisite where you will have many logged-in users.
- Membership Sites – Membership sites receive a higher percentage of traffic where users are logged in, which means that caching systems in place are not as helpful in managing their load.
- e-Commerce Sites – Similar to Membership sites, increased logged-in activity for checkout can cause a higher server load.
- Poorly coded themes or plugins – Some themes and plugins just aren’t as efficient for performance as others. They may also add features that require higher processing loads.
You will notice that each hosting plan offers a different number of shared vCPUs. These virtual CPU cores play a key role in determining your site’s performance. However, it is important to note that performance is controlled by more than just the number of vCPUs and simply having more vCPUs will not necessarily improve your performance. Your site will also be heavily affected by the dedicated RAM and so the balance between RAM and vCPUs is worth noting. All of our hosting plans have been allocated specific RAM and vCPUs with that ratio in mind.
Also note that if a theme or plugin is so poorly coded that it slows your site to a crawl, or is throwing fatal errors, upgrading your plan would likely not improve performance until those issues are investigated and resolved.
1.7.1 Bulk Hosting DiscountsLink to chapter 7
Are there discount rates available for bulk hosting with WPMU DEV dedicated managed WordPress hosting? Yes, WPMU DEV has discount rates available for agencies or users with 20+ websites.
To learn more about bulk pricing, contact support, or start a live chat to discuss discount options.
Hosting Discounts Rates:
- Are for users with more than 20 sites
- Are based on volume (the more sites you have on your account, the better the rate we can offer.)
1.8 WordPress MultisiteCopy chapter anchor to clipboard
Unlike many hosts, we support (and encourage!) the use of WordPress Multisite on all plans.
However, you should be aware that WordPress Multisite networks will use more server, CPU, and memory resources than standard WordPress single installs. So, if you have more than a handful of sites, you might find you need one of the higher plans to meet your WordPress Multisite network’s needs.
Subdirectory installations (i.e., mysite.com/sitename) can be created by you in your Hosting Hub.
Subdomain installations (i.e., sitename.mysite.com) require manual work from our support team. Before converting or migrating a WordPress Multisite subdomain install, we need to be sure that you are able to:
- Configure wildcard DNS for the desired domain with your domain registrar
- Provide us with a wildcard SSL certificate for the desired name.
Please contact support to start the process for a subdomain install.
1.9 Modifying Size and Type LimitsCopy chapter anchor to clipboard
This guide covers how to safely modify the WordPress default limits on the size and type of files that can be uploaded to the media library.
After reading this guide, if you still have questions regarding file upload limits or you need help setting the right limits for your site, you can always start a Live chat with our hosting support Superheroes or submit a support ticket using the Support tab of your WPMU DEV Dashboard.
WPMU DEV Max Upload File Size
The maximum file upload size for all WPMU DEV-hosted sites is 128Mb, regardless of hosting plan. Members can restrict the size of uploaded files, but the maximum size cannot be increased.
This cap should be more than enough for most sites, and is set on our managed WordPress hosting to limit the potential of attacks that can exploit large file size limits with huge post requests and overload your server.
Files larger than 128Mb should be uploaded by SFTP/SSH. See our SFTP & SSH documentation for information on how to upload large files.
To view the current maximum upload size for any site, navigate to the WordPress media uploader: Dashboard > WP Admin > Media > Add New. The upload size limit will be displayed at the bottom of the UI.
WordPress Default File Types
Members can add or remove file types from the allowed upload list as needed but should keep in mind that each added file type creates a potential security risk for your site or network. We recommend that you add only those file types you need.
WordPress allows uploading of these file types by default:
Images: jpg, jpeg, png, gif, ico
Documents: pdf, doc, docx, ppt, pptx, pps, ppsx, odt, xls, xlsx, psd
Audio: mp3, m4a, ogg, wav
Video: mp4, m4v, mov, wmv, avi, mpg, ogv, 3gp, 3g2
1.9.1 Multisite Upload LimitsLink to chapter 9
Multisite admins can adjust both the file size and file type limits in their Network Settings, located here: Dashboard > Network Admin > Settings > Network Settings.
Scroll down to the Upload Settings section, where you will find the Upload file type and Max Upload File Size fields.
Adding/Removing File Types in Multisite
In the Upload file types field, enter the file extensions of the file types you want to add, separating the extensions with a single space. Delete the extensions of file types you do not want to be uploaded.
Modifying the File Size Upload Limit in Multisite
In the Max Upload File Size field, enter a size, in kilobytes, up to 12800kb (128mb) to set the max size for files uploaded to this network.
Click Save Changes, and that’s all there is to it. The new file size limit will apply to every site within this network.
1.9.2 Standard Installation Upload LimitsLink to chapter 9
If you’ve seen the “Sorry, this file type is not permitted for security reasons” error message; you’ve tried to upload a file type that is not on your site’s upload allowed list or has failed a WordPress security validation test.
Adding/Removing File Types in Standard Installations
We’re going to show you how the plugin WP Extra File Types can resolve either issue. The first thing to do is install and activate the plugin.
While we’re at it, we will show you how to use this plugin to identify why a file might trigger a security validation error, information that will be helpful if a particular file type or a particular user experiences ongoing upload issues.
Once you’ve installed the plugin, you’ll find a new option, Extra File Types, in your site’s Settings tab, located here: Dashboard > Settings > Extra File Types.
Click Extra File Types UI, and you will see a list of hundreds of file types from which to choose.
You will also see two checkbox options, shown below. Do not select either of these boxes yet. Selective use of these options can help identify why a file triggered the upload error.
Select the file type(s) you wish to add to the allowed list and then scroll to the bottom of the UI to click Save Changes.
Try to upload the problem file again, and if the upload succeeds, great! This means the file was simply not on the allowed list, and now it is. You and your users can now upload that file type as needed.
If the file triggers a validation error again, return to the WP Extra File Types UI, and select the Check only file extensions option shown below. Leave Skip WordPress checks unchecked, and click Save Changes. If the file is failing WordPress’s MIME type validation, this option will bypass that check without disabling other security measures.
Try to upload the problem file again, and if the upload succeeds, great! This means there was an issue with the file’s MIME type. Otherwise, the file was deemed safe to upload.
If the file triggers a validation error with Check only file extensions enabled, it’s time to consider whether you are certain the file is valid and not harmful. If you are uncertain, we recommend not uploading the file.
If you are certain the file is valid and not harmful, return to the WP Extra File Types UI. Uncheck the Check only file extensions option, and check the Skip WordPress checks option. Save your changes.
WARNING: Selecting this option will disable all WordPress upload security measures, and should only be used to upload files you are certain are not harmful. Leaving this option enabled allows users to upload any file type to your site, including potentially harmful files. You should disable this option when you are not actively troubleshooting an upload issue.
Try to upload the problem file again. If the upload fails with WordPress checks disabled, it is likely that the issue has nothing to do with the file type, and you should contact support for help troubleshooting the problem.
Adding Custom File Types in Standard Installations
You also can use WP Extra File Types to add file types not included with the plugin’s preset list. To do this, scroll to the bottom of the UI where you will find the Add your custom file types panel. Click the plus sign (+) to open the interface.
This will open up a table of fields where you must specify a file format by completing the Description, File Extension, and MIME Type fields. The Internet Assigned Numbers Authority (IANA) is responsible for all official MIME types, and you can find the information required for these fields on their Media Types page. Click Save Changes before returning to the media uploader.
1.9.3 Standard Installation Upload File SizeLink to chapter 9
Install the Increase Maximum Upload File Size plugin to make this task as easy as it can be.
Once the plugin is activated, Increase Maximum Upload File Size will appear as a new option near the bottom of your Admin Menu. Click the link to open the plugin.
The plugin contains a single dropdown menu. When you open the UI for the first time, it will display your current max upload file size.
Click the dropdown menu to view the menu of various upload size limits. Setting a file size larger than 128MB will not override the 128MB max upload limit. Select the desired upload limit and click Save Changes.
Once a limit has been set, the plugin displays both the WPMU DEV Managed Hosting default limit of 128mb and the lower limit established by the plugin.
1.10 Getting .htaccess SupportCopy chapter anchor to clipboard
Our servers run NGINX, the fastest, most stable webserver type, and NGINX does not support .htaccess. Members accustomed to using .htaccess to enable or disable functionality needn’t worry. However, because all the functions typically associated with it are automatically handled by our servers.
Servers with the AllowOverride directive on, a prerequisite for .htaccess files, process requests at a much slower rate than NGINX servers. In fact, NGINX servers process many more requests per server than their Apache counterparts in large part because they don’t support .htaccess.
If your site has a .htaccess file in the root directory, WordPress or a plugin might attempt to write to that file when configurations change, but this is not a problem as our servers will simply ignore that file.
Some of the common uses for .htaccess that our servers automatically achieve are:
- Permalinks – Our servers are configured to automatically handle permalinks for you.
- Caching – Our servers handle caching for you, no need to install plugins or modify .htaccess files.
- Redirects/rewrites – Redirects can be handled using a plugin or via custom server-side redirects that WPMU DEV support can install for you.
- Security – Many WordPress security plugins have you modify the .htaccess file to install security rules. Fortunately, WPMU DEV hosting already has these security precautions in place at the server level.
Regardless of what you’re trying to achieve, if you’re doing it with .htaccess, then you’re probably doing it wrong. Instead, contact our support Superheroes, and they will help you figure out how to implement the same thing without creating or modifying a .htaccess file.
1.11 Getting nginx.conf SupportCopy chapter anchor to clipboard
As noted in the previous chapter, our server architecture is built on Nginx which does not support .htaccess. However, there may be times when you need some custom rules added to your server, to handle some plugin functionality for example.
As our system is managed WordPress, you do not have root access to the server, so cannot make those changes yourself.
In cases like this, simply contact our support superheroes via live chat or submit a support ticket using the Support tab of your WPMU Dev Dashboard, and we’ll be happy to make those changes for you.
1.12 Restoring a Deleted SiteCopy chapter anchor to clipboard
A WPMU DEV hosted site can be deleted for any of the following reasons:
- Automatically via CRON – If a site is unused, it gets automatically archived after 21 days as noted in the About Free Sites chapter above.
- Deleted manually – You are free to delete any of your sites at any time.
- WPMU DEV membership expired – If your membership at WPMU DEV expires, your hosted sites would also expire.
If you wish to restore a deleted site, the process is quite simple but it must be done within 30 days from the time it was deleted.
- Create a site while logged-in with the same WPMU DEV account, using the same temporary tempurl.host name & region as the original site.
- You’ll then see the backups of the original site available under the Hosting > Backups tab. Restore one of the available backups within 30 days, and your site will be live again.
1.13 Customizing Error PagesCopy chapter anchor to clipboard
If you’re hosting your site(s) with WPMU DEV, and we certainly hope you are, you can take white labeling to another level by customizing server error pages with your brand, or any custom information you may want.
So, for example, if you’re not too enthusiastic about our default error 500 page:
You could create something much more suited to your brand:
1.13.1 Available error pagesLink to chapter 13
Here are the error pages that can be customized to suit your needs:
Client error pages
401.html – Displays if the site has password protection enabled and the HTTP Auth form is dismissed by the user.
402.html – Displays if the site is suspended due to required payment on your account.
404.html – Displays when the URL or page requested by the user cannot be found.
410.html – Displays if the requested page has been deleted permanently.
429.html – Displays to a user/IP if they’re attacking /wp-login.php or /xmlrpc.php (see Bruteforce Attack Protection below).
Note that the 403 error page that displays if a connection is forbidden, possibly via a WAF rule, cannot be customized as it is built into Nginx.
Server error pages
500.html – Displays if there is an internal server error.
502.html – Displays if your server gets an invalid response from another web server.
503.html – Displays if the server is currently unable to handle your request due to scheduled maintenance or a temporary overload.
504.html – Displays if the server timed-out handling your request due to a temporary overload or a long-running script.
1.13.2 How to customizeLink to chapter 13
To create a custom page for any of the above errors, create a .html file with the error number as the filename, with any content you wish inside. Then upload it to the root of your WordPress install.
For example, to create a custom error page in the unlikely case something goes wrong on your server and you get the dreaded “500 internal server error”, you’d create a file called 500.html
Add any custom HTML content you like to your file, and upload. You can use the Manage Files utility from your Hub > Tools screen to create and add content to the file, or edit on your computer and upload via the File Manager or FTP.
Here’s an example of the basic HTML you’d want to have in any custom error page:
Your custom pages can be as simple or as creative as you like, and branded however you need. If you need some inspiration, have a look at these pages for some great examples:
1.13.3 More whitelabeling optionsLink to chapter 13
Our White Label services allow you to remove all WPMU DEV branding so that you can use your own branding or even your client’s branding. This is largely offered as a tool through our WPMU DEV Dashboard Plugin. For a guide to rebranding with the WPMU DEV Dashboard Plugin, read our White Label Plugins document.
The process of white labeling your site is also closely linked to our Branda plugin. Branda simplifies white label branding, maintenance, and much more. Read our WPMU DEV documents on Branda to learn more about the plugin’s capabilities.
And if you’re using our Hub Client plugin to offer all the amazing site management tools of our Hub to your clients, you’ll want to review the Hub Client documentation as well.
1.14 Bruteforce Attack ProtectionCopy chapter anchor to clipboard
All sites hosted by WPMU DEV have measures enabled at the server level to help prevent bruteforce attacks. This is to help ensure your site’s server never goes down due to a bot attack on the most commonly targeted WordPress URIs: /wp-login.php & /xmlrpc.php
Those URIs are continuously monitored on our hosting, and if either of them receives more than 1 request every 2 seconds (30 requests/min) from a single IP address, rate limiting will be applied automatically to block access to any user with that IP, and a 429 error page will be displayed to that user.
This will throttle the connections a bit and help avoid having the server instantly go down due to an attack. If the connection is throttled 30 times within the last 30 minutes, then the attacking IP will be banned for 1 hour to help even more.
Any such 429 error will be logged by your server and can be viewed in the Access Logs in your Hub.
You can customize and brand the Error 429 page if you wish, just like any other default server error page, by following the directions in the Customizing Error Pages chapter above.
Note that only the URIs noted above are monitored, and rate-limited if attacked. For example, if you have modified your wp-login.php slug using the Mask Login feature in Defender, and that custom slug is discovered and attacked by a malicious bot, your custom login would not be protected by these measures. We, therefore, recommend that any such custom login not be too obvious; don’t make it easy for bad actors to guess.
Also note that, while these measures can help mitigate the effects of DoS/DDoS attacks, they should not be considered as full protection for such attacks. You may want to consider using the robust protection options offered by CloudFlare for that.