Client portal

You'll never wonder what's happening with your site again.

Real-time visibility into hosting, billing, DNS, security, and every WordPress operation — from one authenticated dashboard.

Become a client See what's inside

The problem

Most agencies give you a login and a prayer.

  • Where is my site hosted?

    Most clients genuinely don't know. You shouldn't have to open a support ticket to find out which datacentre your business runs from.

  • Is my site backed up?

    If yes — where, how recent, and how do you restore from it? "Trust me" is not a backup strategy.

  • What plugins are installed?

    And when were they last updated? Every outdated plugin is a potential security hole. You should see every version, live.

  • MoonFactory clients see everything.

    Hosting stack, backup times, plugin versions, DNS history, uptime, invoices, tickets — all visible from day one. No tier gates, no premium unlock.

What you see

This is your dashboard. Not a screenshot — the real UI.

portal.moonfactory.dev/dashboard
Site statusHealthy
Outstanding balance$0.00
Uptime (30d)99.98%
MFX SentinelProtecting — last scan 4 min ago
MoonFactory ConnectorConnected — plugin v1.0.0
Last backupToday, 03:14 — off-site replicated
SSL certificateRenews 2026-05-19 (28 days)

Capabilities

Every tool your site needs to run, in one place.

  • 01

    Billing

    Xero-integrated invoices visible the moment they post.

  • 02

    WordPress ops

    Plugin updates, backups, and uptime checks — automated.

  • 03

    DNS

    Per-client Cloudflare zones with a permanent audit trail.

  • 04

    Analytics

    Per-client Umami — privacy-first, cookieless by default.

  • 05

    Files

    MinIO-backed deliverables with presigned download URLs.

  • 06

    Support

    Client requests routed to Linear and Slack from one inbox.

  • 07

    Backups

    Off-site-replicated nightly WordPress snapshots, plus Postgres point-in-time recovery via pgBackRest to Hetzner and Cloudflare R2.

  • 08

    Email

    Mailbox provisioning plus MX, SPF, DKIM, DMARC health checks.

  • 09

    QR codes

    Batch generation, branded presets, and scan analytics.

Read the full client documentation →

Integrations

Fifteen integrations. One pane of glass.

Hosting, billing, DNS, payments, monitoring, support, analytics, mail — already wired in, authenticated, and reconciled. Nothing for you to set up, nothing for you to maintain.

  • Cloudflare
  • Xero
  • Hostinger
  • Linear
  • Stripe Connect
  • Anthropic
  • MinIO
  • Resend
  • Slack
  • Umami
  • GlitchTip
  • Healthchecks
  • Checkmate
  • Track1099
  • Porkbun

Atlas inside

The same Atlas you're talking to. Inside your portal.

Every authenticated client gets Atlas inside the portal — same persona, but with access to your account context. It knows your invoices, your projects, your open tickets. Ask "what's overdue?" or "who replied to my last support ticket?" and it answers from the live data, not from a script.

Under the hood

Built like production infrastructure, because it is.

These aren't vanity metrics. They're the engineering surface area that keeps your site running, secured, and recoverable. Every number on this page is generated from the production codebase. When the codebase changes, this page changes.

  • 110 Production tables

    A relational schema sized for actual operations — clients, invoices, websites, DNS zones, tickets, backups, jobs, audit log. Every row is a fact someone can act on.

  • 3,562 Automated tests

    Every deploy runs the full suite against a real Postgres. Broken auth, dropped migrations, misrouted RBAC — caught before they reach a client.

  • 12 Encryption keys

    Per-column AES-256-GCM keys isolate credentials, tokens, and client secrets. A compromised key exposes a slice, not the portal.

  • 36 Scheduled jobs

    Backup sweeps, SSL renewals, Cloudflare reconciliation, WordPress crons. The work that keeps things running while nobody is watching.

Security posture

Your data is treated like it matters. Because it does.

  • Per-column key isolation

    Twelve AES-256-GCM keys split credentials, tokens, and client secrets. A compromise surfaces a slice, not the portal.

  • MFA on every account, freshness-gated

    TOTP-based MFA on every staff and affiliate account. Sensitive operations re-challenge if your last verification is older than 15 minutes. RBAC checks run per-route — there is no global auth middleware to bypass.

  • Six-role permission system

    Granular access — viewer, support, financial admin, admin, owner, engineer — controls who sees what. Hand a client a viewer login without exposing billing or infrastructure.

  • Hash-chained, append-only audit log

    Every write — DNS change, invoice status flip, plugin install — appends a row to a database-trigger-enforced append-only ledger. Each row hash-chains to the previous, so post-hoc tampering is detectable, not just discouraged.

  • GDPR lifecycle built in

    Data export, erasure, retention windows, and consent mirror the tables that hold the data they touch.

  • WCAG 2.2 AA throughout

    Every interactive surface — portal, plugins, marketing — passes Level AA. Accessibility is a requirement, not a feature.

See our full security posture →

Get started

This is what it looks like when your agency actually builds the infrastructure.

Every MoonFactory client gets portal access from day one. No tier gates, no premium unlock.

Become a client Talk to us first