Articles on: Sites

Site Tools - Advanced Site Management

InstaWP's Site Tools feature provides a comprehensive toolkit for managing your WordPress site's settings, security, and performance. Access powerful one-click tools to maintain your site, optimize performance, enhance security, and troubleshoot issues—all from a single, convenient location.


In this documentation, we will explore:



Let's get started 🚀


This feature is available in Sandbox plans and above. View Pricing here. If you are not logged in, use this link to view pricing.


What are Site Tools?


Site Tools is an all-in-one management dashboard that brings together essential WordPress site management functions. It includes both toggle-based settings (for features you turn on/off) and action-based tools (for operations you execute on demand).


Why Use Site Tools?


  • Centralized Management: Access all essential site tools from one convenient location
  • Enhanced Security: Control XML-RPC, REST API, and other security-sensitive features
  • Performance Optimization: Clear caches, optimize databases, and fix permissions with one click
  • Easy Maintenance: Put your site in maintenance mode, control search engine visibility, and more
  • WordPress Health: Verify core files, flush permalinks, and maintain WordPress integrity
  • Time-Saving: Execute complex operations instantly without SSH or database access


Who Should Use This Feature?


  • Site Administrators: Manage WordPress sites efficiently without technical complexity
  • Developers: Quickly perform maintenance tasks during development and troubleshooting
  • Security-Conscious Users: Control API access and security features
  • Performance Optimizers: Maintain optimal site performance with one-click tools
  • Content Managers: Temporarily disable sites for maintenance or updates


How to Access Site Tools


Follow these steps to access the Site Tools page:


Step 1: Navigate to your Sites page in the InstaWP dashboard.




Step 2: Click on your site to open the site management panel.




Step 3: In the left sidebar menu, click the Tools menu item (with adjustments icon).




Step 4: The Tools page will open, displaying all available site management tools.




Free Sites Limitation: Site Tools are not available on free sites. You'll see an upgrade prompt if you try to access this feature on a free site. Upgrade to Sandbox or higher to unlock this feature.


Toggle-Based Settings


Toggle-based settings are features you can turn on or off instantly. Changes take effect immediately when you toggle the switch.


Maintenance Mode


Temporarily disable your site for visitors while you perform updates, make changes, or troubleshoot issues. When enabled, visitors see a maintenance message instead of your site.


What it does:

  • Displays a Site under maintenance message to all visitors
  • Keeps your WordPress admin accessible (you can still log in)
  • Creates a .maintenance file in your WordPress root directory
  • Automatically shows a countdown or custom message


When to use:

  • During major content updates or redesigns
  • When updating plugins or themes that may cause temporary issues
  • While migrating content or making database changes
  • For scheduled maintenance windows


How to enable:


Step 1: On the Site Tools page, locate the Maintenance Mode toggle.




Step 2: Click the toggle to turn it ON.




Step 3: Visit your site in a new browser window to verify the maintenance message is displaying.




✅ Maintenance Mode Active: Your site is now in maintenance mode. Don't forget to disable it when your maintenance work is complete! You can still access your WordPress admin at /wp-admin/.


How to disable: Simply toggle the switch back to OFF to restore normal site access.



Search Engine Visibility


Control whether search engines like Google, Bing, and others can index your WordPress site. This setting updates the WordPress blog_public option.


What it does:

  • ON: Discourages search engines from indexing your site (adds noindex meta tag)
  • OFF: Allows search engines to index your site normally (default)
  • Updates the setting in WordPress Settings → Reading → Search Engine Visibility


When to use:

  • Enable (discourage indexing) when:
  • Your site is under development or testing
  • You're working on a staging site that shouldn't appear in search results
  • Temporarily hiding your site from search engines during major changes
  • Disable (allow indexing) when:
  • Your site is ready for public access
  • You want to improve SEO and appear in search results
  • Running a production site


How to toggle:


Step 1: Locate the Search Engine Visibility toggle on the Site Tools page.




Step 2: Toggle ON to discourage search engines, or OFF to allow indexing.




Important: This setting adds a noindex meta tag but does not guarantee search engines will honor it. Some search engines may still index your content. For complete privacy, use password protection or maintenance mode.



Disable XML-RPC


XML-RPC is a WordPress feature that allows remote access to your site via XML-RPC protocol. While useful for some applications, it's also a common attack vector for brute force attacks and DDoS attempts.


What it does:

  • ON: Disables XML-RPC by blocking access to xmlrpc.php via .htaccess rules
  • OFF: Allows XML-RPC access (WordPress default)
  • Adds rewrite rules to return 403 Forbidden for XML-RPC requests


Why disable XML-RPC:

  • Security: Prevents brute force attacks targeting XML-RPC
  • Performance: Reduces server load from XML-RPC pingback spam
  • DDoS Protection: Blocks XML-RPC amplification attacks
  • Recommended for most sites unless you specifically need XML-RPC


When to keep XML-RPC enabled:

  • You use the WordPress mobile app to manage your site
  • You use Jetpack or other plugins that require XML-RPC
  • You need remote publishing from desktop applications
  • You use trackback/pingback functionality


How to disable:


Step 1: Locate the Disable XML-RPC toggle.




Step 2: Toggle ON to disable XML-RPC and enhance security.




🔒 Security Tip: Most modern WordPress sites don't need XML-RPC. We recommend keeping it disabled unless you have a specific requirement. You can always re-enable it if needed.



Disable REST API


The WordPress REST API enables external applications to interact with your WordPress site. While essential for modern WordPress features, you may want to disable it for security or to prevent unauthorized data access.


What it does:

  • ON: Disables the WordPress REST API by adding .htaccess rewrite rules
  • OFF: Allows REST API access (WordPress default - required for Gutenberg)
  • Blocks access to /wp-json/ endpoints


Why disable REST API:

  • Security: Prevents unauthorized access to site data via REST API
  • Privacy: Stops external applications from querying your content
  • Data Protection: Prevents enumeration of users, posts, and site structure


Important considerations:

Warning: Disabling the REST API will break the Gutenberg block editor and many modern WordPress features. Only disable this if you're using the Classic Editor and don't rely on REST API functionality. Plugins that use the REST API will also stop working.


When to disable:

  • You use Classic Editor exclusively (not Gutenberg)
  • You want maximum security and privacy
  • Your site doesn't use plugins that depend on REST API
  • You're running a simple blog or static site


When to keep enabled (recommended):

  • You use Gutenberg (block editor) - required
  • You use page builders that rely on REST API
  • You use plugins with modern features (WooCommerce, contact forms, etc.)
  • You need mobile app access or headless WordPress functionality


How to disable:


Step 1: Locate the Disable REST API toggle.




Step 2: Toggle ON to disable REST API.




Step 3: Verify the editor still works if you use Classic Editor, or toggle back OFF if you encounter issues.


Note: If you experience issues with your WordPress editor or plugins after disabling the REST API, simply toggle this setting back to OFF to restore REST API functionality.



Action-Based Tools


Action-based tools are operations you execute on demand by clicking a button. These tools perform specific maintenance, optimization, or diagnostic tasks.



Flush (reset) WordPress rewrite rules to fix permalink and routing issues. This is equivalent to going to Settings → Permalinks → Save Changes in WordPress admin.


What it does:

  • Executes wp rewrite flush --hard command
  • Regenerates .htaccess rewrite rules
  • Fixes 404 errors on posts and pages
  • Resolves permalink structure issues


When to use:

  • Posts or pages show 404 errors despite existing
  • After changing permalink structure
  • Custom post types aren't showing correctly
  • After plugin activation that adds custom post types
  • Troubleshooting routing issues


How to use:


Step 1: Locate the Flush Permalinks tool in the Action Tools section and Click the Flush button.




Step 2: Wait for the success confirmation.



✅ Done! Your permalink structure has been refreshed. Test your site's URLs to verify 404 errors are resolved.



Fix File/Folder Permissions


Automatically correct file and folder permissions to WordPress-recommended standards. This resolves permission-related errors and improves security.


What it does:

  • Sets all directories to 755 (rwxr-xr-x)
  • Sets all files to 644 (rw-r--r--)
  • Sets wp-config.php to 600 (rw-------)
  • Recursively fixes ownership and permissions
  • Applies secure permission standards


When to use:

  • You see "Permission denied" errors in WordPress
  • After migrating your site from another server
  • Uploads folder isn't writable
  • Plugin or theme installation fails due to permissions
  • Troubleshooting file access issues
  • After manually moving files via SFTP


Security benefits:

  • Prevents unauthorized file modifications
  • Protects wp-config.php from public access
  • Follows WordPress security best practices
  • Reduces attack surface for hackers


How to use:


Step 1: Locate the Fix File/Folder Permissions tool and Click the Fix button.



Step 3: Wait for confirmation (this may take 10-30 seconds depending on site size).




🔒 Security Improved: Your file permissions now follow WordPress security best practices. This helps protect your site from unauthorized modifications.



Clear Temporary Files


Remove temporary files, cached data, and transients to free up disk space and resolve caching issues.


What it does:

  • Clears WordPress cache directories
  • Removes expired transients from database
  • Deletes object cache files (if not using persistent cache)
  • Cleans up temporary uploaded files
  • Frees disk space occupied by cache


What gets cleared:

  • wp-content/cache/ directory contents
  • Expired transients in wp_options table
  • Object cache drop-in files (temporary)
  • PHP session files (expired)
  • Temporary upload files


When to use:

  • Site runs out of disk space
  • You see stale or outdated content
  • After deactivating caching plugins
  • Troubleshooting display issues
  • Before taking a backup (to reduce size)
  • Cleaning up after development work


How to use:


Step 1: Locate the Clear Temporary Files tool and Click the Clear button.




Step 3: Review the success confirmation.




Note: Clearing cache is safe and won't harm your site. Your site may be slightly slower immediately after clearing (while cache rebuilds), but performance will return to normal quickly.



Verify Core Checksum


Verify the integrity of your WordPress core files by comparing them against official WordPress checksums. This helps detect hacked or corrupted files.


What it does:

  • Executes wp core verify-checksums command
  • Compares your WordPress files against official WordPress.org checksums
  • Identifies modified, missing, or unexpected core files
  • Displays a detailed report of verification results
  • Helps detect security breaches and file corruption


What it checks:

  • All WordPress core files in /wp-admin/, /wp-includes/, and root
  • Verifies file integrity against WordPress.org official versions
  • Detects unauthorized modifications to core files
  • Identifies missing or extra files


When to use:

  • You suspect your site has been hacked
  • After a security incident or breach
  • Regular security audits (monthly recommended)
  • Troubleshooting mysterious WordPress errors
  • Verifying WordPress installation integrity
  • Before and after major updates


How to use:


Step 1: Locate the Verify Core Checksum tool and Click the Verify button.




Step 3: Review the verification results in the modal window.



Interpreting results:


  • "Success: WordPress installation verifies" - All core files are intact ✅
  • "Warning: File doesn't verify" - Core files have been modified ⚠️
  • "Error: File is missing" - Expected core files are missing ❌


🔍 All Clear: If verification succeeds, your WordPress core files are intact and unmodified. If issues are detected, consider reinstalling WordPress core (preserves your content, themes, and plugins).


Important: Modified core files don't always mean hacking. Some hosts or plugins modify core files (not recommended). However, any unexpected modifications should be investigated.



Optimize Database


Optimize your WordPress database tables to improve performance and reclaim wasted space. This tool runs database optimization, checking, and repair operations.


What it does:

  • Executes wp db optimize to optimize all tables
  • Runs wp db check to verify table integrity
  • Performs wp db repair if issues are detected
  • Removes overhead and fragmentation
  • Improves database query performance


Benefits:

  • Faster Queries: Optimized tables return results faster
  • Reclaimed Space: Frees up disk space from deleted data
  • Better Performance: Reduces database server load
  • Fixed Corruption: Repairs corrupted tables automatically
  • Maintenance: Keeps database healthy over time


What it optimizes:

  • All WordPress database tables (wp_posts, wp_options, etc.)
  • Removes overhead from deleted rows
  • Rebuilds table indexes for faster searches
  • Defragments tables to improve sequential reads
  • Repairs any corrupted table structures


When to use:

  • Regular maintenance: Monthly or quarterly
  • Site feels slower than usual
  • After deleting large amounts of content
  • After uninstalling plugins (cleanup leftover data)
  • Database has grown significantly in size
  • Before taking backups (to reduce backup size)


How to use:


Step 1: Locate the Optimize Database tool and Click the Optimize button.




Step 3: Review the optimization results in the modal.




⚡ Performance Improved: Your database is now optimized and running more efficiently. You should notice faster admin panel loading and improved query performance.


Note: Database optimization is safe and non-destructive. It doesn't delete any content, only removes internal overhead and rebuilds indexes. On very large databases, optimization may take 1-2 minutes.



Reset WordPress (Fresh Start)


⚠️ DESTRUCTIVE OPERATION ⚠️


Completely reset your WordPress site to a fresh installation state. This deletes ALL content, users, settings, and data—use with extreme caution.


What it does:

  • Deletes all posts, pages, and media
  • Removes all users (except one admin account)
  • Deletes all comments and settings
  • Resets all WordPress options to defaults
  • Reinstalls WordPress core files
  • Creates a clean admin account
  • Preserves themes and plugins (but deactivates them)


What gets deleted:

  • ❌ All posts and pages
  • ❌ All media library files
  • ❌ All comments
  • ❌ All custom post types
  • ❌ All users (except new admin)
  • ❌ All WordPress settings and options
  • ❌ All widgets and menus
  • ❌ All theme customizations
  • ❌ Database content (posts, pages, settings)


What gets preserved:

  • ✅ Installed themes (but deactivated)
  • ✅ Installed plugins (but deactivated)
  • ✅ Theme and plugin files on disk


When to use:

  • Starting completely over with a clean site
  • Converting a demo site to a production site
  • Removing all test/development content
  • Troubleshooting by eliminating all content/settings
  • Creating a blank canvas for a new project


When NOT to use:

  • Never use on a production site with valuable content
  • You just want to clear cache (use Clear Cache instead)
  • You want to fix a specific issue (try other tools first)
  • You're not 100% certain you want to delete everything


How to use:


⚠️ DANGER: This action is IRREVERSIBLE. All content will be permanently deleted. There is no undo. Make sure you have a backup if you might need your content later.


Step 1: Locate the Reset WordPress tool at the bottom of the page and Click the Reset button.



Step 2: In the Alert Box, Click Reset Site and wait for the process to complete (may take 1-2 minutes).



Step 3: You'll be notified when the reset is complete with new admin credentials.




✅ Reset Complete: Your WordPress site is now fresh and clean. Log in with the new admin credentials provided. All themes and plugins are deactivated—activate what you need and start building your new site!


Troubleshooting


Maintenance Mode Stuck


Problem: Can't disable Maintenance Mode, or site is stuck in maintenance.


Solutions:

  • Try toggling off again and wait 30 seconds
  • Access your site via SFTP and manually delete the .maintenance file in WordPress root
  • Clear all caches (browser, server, CDN)
  • Contact support if you can't access SFTP



Permission Fix Didn't Resolve Issues


Problem: Still seeing permission errors after using Fix Permissions tool.


Solutions:

  • Check the specific error message for which file/folder is affected
  • Some folders may need special permissions for specific hosting environments
  • Use SFTP to manually check permissions on the problematic file
  • Ensure your SFTP user has ownership of the files
  • Some hosts require different permission schemes—contact support for guidance



Database Optimization Failed


Problem: Optimize Database shows errors or fails to complete.


Solutions:

  • Check that database isn't too large (may need more time on very large databases)
  • Try again after a few minutes (database may have been locked)
  • Verify database credentials are correct in wp-config.php
  • Check database server is responding (site should be accessible)
  • Contact support if specific table errors appear



WordPress Reset Confirmation Not Working


Problem: Can't confirm the Reset operation (button stays disabled).


Solutions:

  • Make sure you checked the checkbox AND typed "DELETE" exactly (all caps)
  • Clear the text field and type "DELETE" again carefully
  • Try refreshing the page and attempting again
  • Use a different browser if the issue persists



Site Shows Errors After Using Tools


Problem: Site displays errors or stops working after using a tool.


Solutions:

  • If after disabling REST API: Toggle it back ON immediately (Gutenberg needs it)
  • If after clearing cache: Wait 2-3 minutes for cache to rebuild
  • If after fixing permissions: Revert to 755/644 didn't cause issues; check error logs
  • If after resetting WordPress: This is expected; log in with new credentials and rebuild
  • Check WordPress error logs via Tools → View Logs
  • Contact support with specific error messages



FAQs


Are Site Tools available on free sites?


No, Site Tools require a Sandbox plan or higher. Free sites will see an upgrade prompt when trying to access this feature. View pricing plans to unlock Site Tools and other advanced features.



Can I undo changes made by Site Tools?


  • Toggle settings: Yes, just toggle back OFF
  • Flush Permalinks: No
  • Clear Cache: No
  • Fix Permissions: N
  • Optimize Database: Non-reversible but safe (doesn't delete data, only optimizes structure)
  • Verify Checksum: Read-only, makes no changes
  • Reset WordPress: IRREVERSIBLE—all content permanently deleted


Important: Always back up your site before using tools you're unfamiliar with, especially on production sites.



Why is Disable REST API dangerous?


Disabling the WordPress REST API breaks the Gutenberg block editor and many modern WordPress features that rely on REST API endpoints:


  • Gutenberg Editor: Completely breaks (can't add blocks, can't save)
  • Block Themes: Won't work properly
  • Page Builders: Many modern builders use REST API
  • Plugins: Contact forms, WooCommerce, and many plugins depend on REST API
  • Mobile Apps: WordPress mobile app won't function


Only disable REST API if:

  • You use Classic Editor exclusively
  • You don't use modern plugins/themes
  • Security is more important than functionality for your use case



What happens to Object Cache when I clear temporary files?


If you have Object Cache enabled, the Clear Temporary Files tool clears the object cache data along with other cache files. Your object cache will automatically rebuild as visitors browse your site. Performance may be slightly slower for the first few requests while the cache rebuilds.



Can I use these tools via WP-CLI or API?


Most of these tools execute standard WordPress commands under the hood. If you have SSH access, you can run equivalent commands:


  • Flush Permalinks: wp rewrite flush --hard
  • Verify Checksum: wp core verify-checksums
  • Optimize Database: wp db optimize && wp db check && wp db repair
  • Fix Permissions: Custom script via shell


However, toggle settings (Maintenance Mode, XML-RPC, REST API) require specific InstaWP infrastructure and are best managed through the dashboard.



Will fixing permissions affect my SFTP access?


No, fixing permissions sets standard WordPress permissions that work with SFTP access. The tool sets:

  • Directories: 755 (owner can write, others can read/execute)
  • Files: 644 (owner can write, others can read)
  • wp-config.php: 600 (only owner can read/write)


These are WordPress-recommended permissions that maintain SFTP functionality while improving security.



💡 Did you know - InstaWP also offers automated backups, site cloning, and one-click WordPress updates. Combined with Site Tools, you have everything needed for comprehensive WordPress site management!





Updated on: 13/11/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!