Kualo / docs
On this page

Managing WordPress Across Multiple Client Accounts with WP Toolkit

WP Toolkit's reseller-level view in WHM lets you manage every client WordPress installation from one place, saving hours of per-account work.

7 min read Updated 8 Jun 2026

If you manage WordPress sites for multiple clients on a Kualo reseller account, logging into each cPanel individually to run updates and security checks is slow and error-prone. WP Toolkit's reseller-level view in WHM surfaces every WordPress installation across all your client accounts in one place, making a reliable monthly maintenance workflow practical at scale.

Accessing the reseller WP Toolkit view in WHM

The reseller view is separate from the WP Toolkit interface your clients see inside their own cPanel accounts. To reach it:

  1. Log in to WHM using your reseller credentials.
  2. In the left-hand search bar, type WP Toolkit and select it from the results.
  3. The dashboard loads a list of every WordPress installation across all accounts under your reseller.

For each installation you can see the domain, the cPanel account it belongs to, the WordPress version, the number of plugins and themes installed, and status indicators that flag anything needing attention. You can also access a client's cPanel directly from WHM if you need to work at the account level - see how to access your clients' cPanel account for the two methods available to you.

Running updates across multiple installations

Bulk core, plugin and theme updates

WP Toolkit lets you apply WordPress core, plugin and theme updates to many installations at once rather than visiting each site individually.

  1. In the WHM WP Toolkit dashboard, use the checkboxes to select the installations you want to update. You can filter by account, version, or status to narrow the list.
  2. Click Update (or the relevant bulk action button) and choose whether to update core, plugins, themes, or a combination.
  3. Review the summary and confirm. WP Toolkit applies the updates and reports the outcome for each installation.

Before running a bulk update across client sites, we recommend taking account-level backups. You can do this through cPanel's backup tools - see creating a full account backup in cPanel for the steps involved. WP Toolkit also has its own site-specific backup option, covered in backing up your WordPress website with WP Toolkit.

Smart Updates

Smart Updates add a safety layer to the update process. When you trigger a Smart Update, WP Toolkit:

  • Takes a snapshot of the live site.
  • Applies the update to a temporary clone.
  • Runs automated visual and functional checks to compare the clone against the original.
  • Only pushes the update to the live site if no regressions are detected.

This makes bulk updates considerably safer for client sites, especially where you cannot test every site manually before updating. The snapshot process uses temporary additional disk space while the check runs, so be aware of that if accounts are close to their storage limits.

For a full walkthrough of how Smart Updates work, see using Smart Updates in WP Toolkit.

Automatic Smart Updates

You can configure WP Toolkit to apply updates automatically on a schedule, using the Smart Updates check as the safety gate. This is a good fit for:

  • Low-customisation sites where the visual check is likely to catch any real problems.
  • Clients on a hands-off retainer who have agreed that updates can be applied without prior sign-off.

To enable automatic updates for an installation, open its settings in WP Toolkit and set the update policy to automatic. You can configure this per installation or apply a policy across multiple sites using the bulk settings.

Automatic updates still respect the scope you configure. For clients who need to approve changes before they go live, keep those installations on manual or Smart Updates with reseller review rather than full automation. Communicate your update policy to clients clearly so there are no surprises.

For broader guidance on auto-update policies, see configuring software auto-updates and WordPress auto updates - how they work and best practice.

Managing plugins across client accounts

Installing a plugin across many sites at once

If you want to roll out a new plugin to all or most of your client sites - for example, switching every site to a new SEO plugin after retiring a previous one - WP Toolkit lets you do this without visiting each account individually.

  1. In the WHM WP Toolkit dashboard, select the installations you want to target.
  2. Choose the Plugins bulk action and then Install.
  3. Enter the plugin slug or upload the plugin file, confirm the selection, and apply.

WP Toolkit installs the plugin on each selected site and reports success or failure per installation.

Removing a plugin in bulk

If a plugin used across many client sites is discontinued, or a vulnerability is disclosed and you need to remove it quickly, bulk removal works in the same way:

  1. Select the affected installations.
  2. Choose Plugins, then Uninstall (or Deactivate if you want to disable without removing).
  3. Confirm and apply.

This is particularly useful when a security advisory requires fast action across a large number of sites. You can also bulk-activate or bulk-deactivate plugins using the same workflow - useful when rolling out a new plugin in stages or temporarily disabling something for testing.

For general guidance on evaluating and managing plugins on individual sites, see managing and auditing WordPress plugins for performance and how to manage your plugins in WordPress.

Security and vulnerability auditing

Reviewing the security status dashboard

The WHM WP Toolkit view includes a security status column for each installation. At a glance you can see which sites have:

  • Outdated WordPress core versions.
  • Plugins or themes with known vulnerabilities.
  • Security hardening measures that have not been applied.

This makes it straightforward to prioritise which sites need attention without opening each one individually. For a detailed explanation of how vulnerability scanning works, see understanding vulnerability scanning in WP Toolkit.

Applying security hardening in bulk

WP Toolkit includes a set of security hardening measures - such as disabling file editing in the WordPress admin, protecting the wp-config.php file, and blocking access to sensitive files - that you can apply across multiple installations at once.

  1. Select the installations you want to harden.
  2. Choose the Security bulk action.
  3. Review the available measures, select those you want to apply, and confirm.

For a full list of the individual hardening options and what each one does, see security measures in WP Toolkit.

Using this as a monthly retainer checklist item

A practical monthly workflow for agency retainers might look like this:

  • Open the WHM WP Toolkit dashboard and review the status column for any flagged installations.
  • Apply outstanding core, plugin and theme updates using Smart Updates.
  • Run a security audit and apply any hardening measures not yet in place.
  • Check for abandoned or forgotten installations (see below).
  • Document the actions taken and share a summary with the client.

WP Toolkit's server-level security tools work alongside Patchman, which scans for vulnerabilities and outdated applications across your reseller accounts. See Patchman information for resellers and an introduction to Patchman for how those two tools complement each other. Imunify360 also runs at the server level to catch malware and intrusions in real time - see an introduction to Imunify360 for background.

Other practical uses

Spotting abandoned installations

The WHM WP Toolkit dashboard makes it easy to spot installations that have not been updated in a long time - old staging sites, test installs, or sites a client has forgotten about. These are a common security liability because they receive no maintenance but remain accessible on the web. When you identify them, either update and secure them or remove them after confirming with the client.

Checking PHP version compatibility before bulk updates

Before applying a bulk WordPress or plugin update, it is worth checking the PHP version running on each affected installation. A plugin update may drop support for an older PHP version, and applying it without checking first can break a site.

PHP versions on Kualo hosting are managed through the CloudLinux PHP Selector in each cPanel account. See how to change the PHP version in cPanel for the steps involved. [confirm: whether the WHM-level WP Toolkit reseller view surfaces the PHP version per installation directly in the dashboard, or whether you need to check each account's PHP Selector individually]

WP Toolkit reduces the risk of a failed update through Smart Updates, but it does not eliminate compatibility issues entirely. Checking PHP versions before a bulk update is your responsibility as the reseller.

Client visibility of reseller actions

Actions you take at the WHM reseller level - such as installing or removing plugins, applying updates, or changing security settings - are visible to the client inside their own cPanel WP Toolkit view. Factor this into your client communication, particularly if a client actively logs into their cPanel. A brief note in your monthly report explaining what was done and why will prevent confusion.

Was this helpful?
Your feedback helps us find gaps in the docs.
Related articles
Reseller Hosting
How to Design Profitable Hosting Plans as a Reseller
Turn your Kualo reseller account into a profitable hosting business by designing clear pla...
Reseller Hosting
Introduction to WP Toolkit (For Resellers)
This article will introduce you to WP Toolkit and show how to use it. WP Toolkit is a set...
Reseller Hosting
Setting up private nameservers for your reseller account
Branded private nameservers let you present your hosting under your own company name. This...
Reseller Hosting
Understanding Permanent Resource Boosts for Resold Accounts
Permanent resource boosts let you increase the CPU, RAM, and other limits on a resold acco...
Still need a hand?
Real people, around the clock - start a chat or open a ticket and we'll help you put it right.
Contact us Start a chat