DNS Manager 1.0: Security Concerns and Cloudflare Integration

One of the huge headaches that face every web consultant is trying to communicate DNS changes to their customers. This is amplified even more when running a turnkey website platform on WordPress Multisite.

We’ve tried to solve this problem by bringing DNS management into the WordPress dashboard so you, or your clients, can easily manage DNS from the same place you manage your website.

The plugin works by connecting WordPress to a compatible Managed DNS service, and makes it possible to create zones and manage records from within WordPress.

Right now, we’re focusing on integrating the following DNS providers:

We recently released the plugin as a public beta in order to get people to try it and help us work through any bugs.

Through this process, and as we work toward version 1.0, we’ve discovered some things that we want to address here.

Security Concerns Addressed

One of the first things we heard about from our beta testers was concerns around security. After all, DNS settings are very sensitive and can cause some major damage if they fall into the wrong hands.

What would happen if the database or admin login were compromised? In that case, they would have access to the DNS API credentials and could potentially redirect all your customer’s domains to malicious websites.

As we continue to work on developing the DNS Manager plugin, we’ve heard about your security concerns and want to make sure we’re addressing them in the best way possible, while still keeping the plugin as convenient and easy to use as possible.

Solution 1: Ask for authentication before any change

One way to solve the security concerns would be to prompt you, the admin (or super admin), to provide your DNS API credentials every time you want to make a record change. This would prevent the need for us to hard-code the credentials anywhere in your WordPress install

While this is arguably the most secure solution, it’s also the least convenient for you and your customers. It means that you would have to enter your credentials constantly. It would also prevent your users from EVER being able to update their own DNS records unless they have access to YOUR API key, which would be a bigger security concern.

This would prevent you from implementing any sort of automation around DNS and would basically defeat the purpose of our plugin.

Solution 2: Store the encryption key in wp-config

Another option is to mask the API credentials using secret key encryption.

This is the solution we decided to go with. We think it’s a good compromise between security and convenience.

Here’s how it works:

1. After you enter your DNS manager’s API credentials, an encryption key is created.

DNS Manager API encryption key screen
DNS Manager API encryption key modal

2. You must copy and paste this key into your wp-config.php file.

3. Once this is done, your API credentials will be encrypted and not visible to anyone, even yourself.

DNS Manager Masked API Credentials

4. We also prompt you to enable SSL if it is not enabled, to ensure secure transfer of your DNS manager credentials.

DNS Manager SSL prompt
DNS Manager SSL prompt

With this solution, if your database or your WordPress admin are breached, the hacker will still not have access to your DNS API credentials and you can easily block them from accessing your network’s DNS account.

NOTE: However, it’s still of utmost importance that you keep your WordPress install secured using best practices, not only to prevent access to DNS settings, but also many other settings on your multisite network.

Cloudflare Integration Woes

When we announced this plugin, we asked what DNS manager you’d like us to integrate with. A majority of you chose Cloudflare as your solution of choice.

Cloudflare Poll in Facebook
Cloudflare DNS FTW!

It’s not a surprise, as Cloudflare has an extremely popular free tier, which also includes DNS management.

However, there are two huge caveats that may prevent Cloudflare’s free plan from being an optimal choice for use with our plugin.

It’s potentially against Cloudflare’s terms of use to use their free tier for commercial purposes.

See the screenshot below from Cloudflare’s terms of use.

Screenshot of Cloudflare's Terms of Use
Screenshot of Cloudflare’s Terms of Use

This seems to suggest that you can not use their free tier for websites where money is being collected. This would prevent the most popular use-case for our plugin, using it on a paid turnkey website platform.

No custom nameservers on the free plan.

An even bigger issue is that white label (custom) nameservers are not available on Cloudflare’s free plan.

Cloudflare Custom Nameserver Chart
No Custom Nameserver with Cloudflare’s Free plan

One of the primary objectives of our DNS Manager plugin is to give you the opportunity to move DNS providers and hosts without the need to bother your customers with updating anything. If you don’t use custom branded nameservers, then your customers will have to update their nameservers if you ever decide to move to a different DNS service. Not to mention it’s cool to be able to ask your customers to change their nameservers to ns.yourcompanyname.com.

With that being said, we’ll still work on a Cloudflare integration, we just want to let you know that you’ll need to upgrade to the Business Plan (currently $200/month!) if you want to take advantage of the full benefit of our plugin. There are much more cost-effective solutions out there given that fact.

What do you think about our plans for DNS Manager 1.0? Let us know in the comments below!

Leave a Comment