Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Connecting your sites to VMP Security Portal

VMP Security Portal lets you manage many WordPress sites from a single dashboard. Before a site shows up in the Portal, it has to be linked to your account through a one-time secure handshake between the VMP Security plugin and the Portal service. This article walks through both ways to start that handshake, how to remove a site later, and what to do when a connection won’t complete.

In This Article

Connecting a site from the Portal dashboard

This is the recommended path when you are setting up a new site or onboarding a fleet of sites you already own. You start the handshake from inside Portal, and Portal hands you a one-time link that finishes the connection on the destination site.

  1. Sign in to Portal at vmpsecurity.com/portal/ with the same account that owns your VMP Security license.
  2. From the dashboard, click Add Site and enter the WordPress site’s home URL. Portal will check that the site is reachable and that VMP Security is installed.
  3. Portal generates a short-lived connection link. Copy it, then open it in a browser tab where you are already logged in to that WordPress site as an administrator.
  4. Confirm the connection on the WordPress side. The plugin completes the handshake, registers the site with Portal, and you are redirected back to the dashboard with the new site listed.

The connection link expires after a few minutes. If it expires before you finish, just click Add Site again to generate a fresh one.

Connecting a site from the VMP Security plugin

You can also start the handshake from inside the WordPress admin if you are already on the site you want to connect. This is convenient when you are configuring sites one at a time or do not have the home URL handy.

  1. In WordPress, go to VMP Security → Portal.
  2. Click Connect this site to VMP Security Portal. The plugin opens a Portal sign-in window.
  3. Sign in to your Portal account (or create one). Portal shows the site that initiated the request and asks you to confirm.
  4. Click Approve connection. The browser is sent back to the WordPress admin, the plugin verifies the response, and the site appears in your Portal dashboard.

The connection token issued during this flow is stored encrypted in the WordPress database. It is scoped to that one site and cannot be used to act on any other site in your account.

Removing a site from VMP Security Portal

You can disconnect a site from either side — whichever you have access to. Removing the site stops Portal from receiving events from it and revokes the stored connection token.

From Portal: open the site in the dashboard, click Settings, and choose Disconnect site. Portal sends a revocation notice to the WordPress site and clears its data from the dashboard.

From the WordPress plugin: go to VMP Security → Portal and click Disconnect this site. The plugin clears the local token and tells Portal to drop the site.

If the WordPress site is no longer reachable (for example, it was decommissioned), use the Portal-side option. The dashboard entry will be removed even if the WordPress side cannot acknowledge the request.

Troubleshooting connection issues

Most failed connections fall into one of a few categories. The plugin’s Portal page shows the last error message returned by the handshake, which is usually enough to point you at the right fix.

The connection link expired

Portal connection links are valid for a short window. If you do not finish the handshake in time, the link returns an “expired token” error. Generate a new link from Add Site and try again.

The site is behind HTTP basic auth or a staging gate

Portal needs to reach the site over HTTPS to verify it. If the site is protected by HTTP basic auth, an IP allowlist, or a “coming soon” gate that blocks all traffic, the verification step fails. Either remove the gate during the handshake or add a temporary allowlist for the Portal egress IPs listed on the Settings → Network page in your account.

WordPress is blocking outbound requests

If the WordPress side cannot reach the Portal API, the connection completes on the dashboard but the site never confirms. This is usually caused by a host-level firewall or the WP_HTTP_BLOCK_EXTERNAL constant being set without WP_ACCESSIBLE_HOSTS including the VMP Security API domains. Contact support to obtain the current hostnames to allowlist, then try again.

Mismatched account or license

If the WordPress site is already connected to a different Portal account, the new handshake will fail with an “already connected” message. Disconnect the site from the old account first (or from the plugin side, if you no longer have access to the old account) before reconnecting.

Still stuck?

Open the plugin’s Diagnostics page and copy the “Portal connectivity” section into a support ticket. The diagnostics include the last handshake response and the resolved Portal endpoints, which is what our support team needs to investigate.

Contents