Best WordPress Caching Plugins Comparison

WordPress Caching Plugins Plesk

WordPress caching plugins is a complex topic for many people (especially newcomers), and there’s a lot to cover in any guide. A comprehensive exploration of WordPress caching might even demand a whole book — which we obviously don’t have the space or time to create here. But we can make the essentials of WordPress caching easier to understand, and that’s exactly what we’ll do below.

First, let’s start by looking at caching it as if it were a fairly straightforward math problem to be solved. Most of you reading this would have no problem multiplying, say, eight by eight to get 64. That’s a simple sum countless children learn in school every year. And they — and you — know the answer because you’ve memorized it. You might run a brief calculation in your head, but it should seem as if you can pull the solution out of your memory as naturally as recalling your own name. So, this form of memorization can be compared to website caching, even though it is a major simplification of the process. This example helps to visualize caching and illustrates why WordPress caching plugins are so important for a quality user experience.

Your website is required to present the same (or similar) content again and again, no matter how many visitors you receive per day. Even if you only attract a few dozen people, your site is still bringing the same content up repeatedly over weeks and months. Wouldn’t it be fantastic if the server was able to remember the necessary files required to present your website as it needs to every single time more efficiently, as you can when solving simple calculations?

Explaining the Caching Process

Basically, any page a visitor navigates to on your website requires a server request, and processing by that same server (along with database queries). Next, a final result will be sent from the server to the visitor’s browser, which enables them to view your website with all the elements and files essential for forming its complete design. These include menus, blog posts, images, videos, etc.

As the server is expected to process each of these requests, and to do so as quickly as possible, delivering a full web page to users can be a surprisingly time-consuming process. Particularly for bigger websites or those best described as “clunky”.

But this is where WordPress caching plugins prove helpful. The caching plugin is designed to tell the server to keep some of the files stored to RAM or disk (based on your specific configuration). That means the server can remember content it’s served in the past and duplicate it for the user. Web pages will load far faster from the cache directly, and the amount of work needed to generate a pageview is reduced significantly.

That’s the power of caching.

When You Need WordPress Caching Plugins

We’ve already covered how caching can increase the speed of web pages, but is it always essential to install WordPress caching plugins? And are there any other advantages to caching you should know about? For anyone responsible for managing their own servers or using shared hosting, caching plugins are generally a fantastic idea.

But there are times when you won’t actually need a caching plugin. If you were to work with a trustworthy managed WordPress host, for example, they would handle the caching on your behalf. This would be performed at server-level and much quicker, in a lot of cases. Server-level caching demands no knowledge, expertise, or time-intensive configuration to achieve the best speeds. It will be fast all the time — that’s it.

Often, top managed WordPress hosts don’t utilize caching plugins on their platforms as they may affect performance quality. Some things can go awry if you don’t know what you’re doing with plugins, which is where a little expert management can be a big help.

Why Some Caching Is Always Necessary

No matter if you choose server-level caching or opt for a plugin instead, you’ll always find some type of caching necessary. Here are some of the main benefits of caching to consider:

  • Deliver a faster browsing experience for users — we’ve already addressed how WordPress caching plugins can boost your site’s speed, but it’s a core advantage so deserves to be on this list!
  • Provide a better user experience overall — as your website will run more quickly, users will be more likely to stay and explore. Faster sites are known to have lower bounce rates, reducing the risk of people becoming frustrated and clicking away after waiting for more than 10 seconds or so for pages to load.
  • Servers rely on fewer resources — fewer resources contribute to a quicker website, and place less strain on servers. This is crucial for highly-dynamic websites (e.g. membership sites) and for determining what can or can’t be served from cache.
  • Potential SEO improvement — a faster speed and better user experience can inspire search engines to recognize that your website is worthy of a higher ranking. This makes caching a helpful addition to your search engine optimization strategy.
  • Lower time to first byte (TTFB) — using WordPress caching plugins is one of the simplest ways to reduce your TTFB, by as much as 90 percent in some cases.

How Does Caching Compare Against No Caching?

To show you how much difference caching versus no caching makes, we decided to run a few simple server-level caching speed tests.

First, we ran five Pingdom tests with no caching activated and measured the average, and then did the same with caching enabled. The average load time without caching was 677 ms, and the average with caching was 521 ms!

So, caching decreased our page load time by more than 23 percent, with no additional work required. We used a fairly well-optimized site for the speed tests, which means websites with less optimization will run even more quickly.

TTFB with no caching

Remember when we discussed how caching can affect your TTFB above? Well, we ran some more tests to identify how well caching can reduce TTFB.

We found that TTFB with no caching was more than 200 ms, but this dropped to under 40 ms when we enabled caching. That’s a huge difference.

It’s clear, then, that enabling WordPress caching plugins can decrease your TTFB substantially. And, again, that means better performance overall.

What Are the Best WordPress Caching Plugins Available?

Below, we’ll explore the best WordPress caching plugins to try if you plan to manage your own server or use shared hosting. While some may be more intuitive, they’ve all earned fantastic reviews from users. A lot of posts published online will attempt to compare caching plugin speeds and sell you the one they consider the best. But this is almost impossible, as plugins will perform differently depending on your choice of server, resources, configuration, and location.

Yes, we find speed tests as helpful as anyone else, but dubbing one plugin “the quickest” is frankly unfair. Why? Because what works brilliantly for one user might not be so effective for another. And that’s not to mention that there hundreds of different settings may be available to enable or disable.

With all this in mind, we feel it’s best that you always test WordPress caching plugins yourself to determine which work best for you.

We’ve collated a concise list of the top WordPress caching plugins to help you make an informed decision. You’ll find more detailed insights for each one further down, covering pricing, benefits, and more.

Our list:

We’ve found that it’s ideal to experiment with a minimum of two or three WordPress caching plugins before committing to any one option. You might find that you love the user interface and design in some caching plugins, but find others much easier to use overall.

Another recommendation from our experts is to run a speed test with a dedicated tool, such as GTMetrix or Pingdom, once you’ve implemented each plugin. This will enable you to check the impact the plugin has on your site’s performance.

But be sure to run a number of speed tests to make sure plugins are serving from cache. When you clear your WordPress website’s cache, it needs to rebuild. Helpfully, some plugins include an option to preload (or “warm”) the cache once it’s been cleared.

Be aware, though, that caching plugins can lead to issues while they’re helping your website run faster. There’s a particular error to watch out for when using caching plugins: “No update required. Your WordPress database is already up to date”. Keep that in mind, though it certainly shouldn’t put you off!

So, onto our in-depth look at the top WordPress caching plugins for your site!

WP Rocket

This is a premium WordPress caching plugin, offering three payment plans. You can pay a one-time fee, but if you keep your payments running, support and updates will be included. WP Rocket lists caching for a single website as $39, while support for three sites is just $99. For $199, you can get caching for an unlimited number of websites. Free plugins are available, but these rates are impressive considering WP Rocket is one of the market’s most feature-rich WordPress caching plugins.

There’s no free version or free trial for the WordPress caching WP Rocket plugin, but WP Rocket’s developers provide a 14-day money-back guarantee to ensure your satisfaction.

One of the main advantages of WP Rocket is its user-friendly interface and fast, hassle-free setup. This is a caching plugin for WordPress with the power to help your website run much faster, and yet any newcomer would find it easy to grasp the majority of the settings from the start.

Another top reason for WP Rocket to be worth a consideration is that it’s designed to run nicely on eCommerce sites. That’s ideal as, most often, those require better caching speed the most.

On the whole, you might ask why you should pay any cash for a WordPress caching plugin at all when there are some competitors giving theirs away for free. Well, that’s because WP Rocket offers a wealth of solid features and is simpler to use overall.

For example, WP Super Cache provides users with page caching, yet browser caching is unavailable. WP Rocket, on the other hand, delivers both.

And Hyper Cache is missing lazyload, whereas that’s just another part of the WP Rocket package.

We could go on and on like this, comparing WP Rocket with the competition, but the main point to remember is that $39 is a modest rate to pay for the sheer variety of features included.

Reasons this is one of the top WordPress caching plugins

  • WP Rocket delivers a developer-friendly package, with a great dashboard to help newcomers feel at ease. Developers rarely have so much to experiment with in caching plugins, and others can make it far too complex for first-timers too.
  • The setup process is highly accessible for users of all experience and skill levels.
  • You can use the included database optimization to clean up your WordPress database, as well as decreasing the amount of resources used.
  • You can use WP Rocket to lazyload media, so that images don’t load on your site until a user actually scrolls over them. That means the server won’t need to do the work until it’s absolutely necessary.
  • You can increase your website’s speed even more with WP Rocket’s CloudFlare compatibility.
  • Multisite compatibility is also available through this plugin.
  • You can preload your cache.
  • Tools for minification and concatenation are included.
  • One of the most distinctive features is the Google Fonts optimization. I haven’t seen this included as part of another caching plugin so far.
  • Support available for object caching.

Take a look at the official WP Rocket documentation for help when configuring and experimenting with this plugin on your WordPress website.

Cache Enabler

Cache Enabler is an open-source, free caching plugin from KeyCDN (known for powering the Kinsta CDN). The disk caching engine’s performance is quick and dependable, while the multisite support is a benefit for users operating networks of sites.

The WordPress caching Cache Enabler plugin is a quality option without a hefty price tag: you may not be receiving the comprehensive range of features you would in WP Rocket, but Cache Enabler is still a terrific alternative if you’re on a tighter budget.

Cache Enabler’s big claim to fame is that it was the first WordPress plugin designed to help you serve WebP images with no need to use JavaScript. Sounds like senseless technical jargon to you? All you need to know is that while JavaScript is an important coding language, it can disrupt website speed in some cases.

Combining Cache Enabler with ShortPixel, EWWW, or Optimus plugin enables you to utilize this more recent image format properly. That’s a fantastic option for anyone running an online business, as most websites include dozens or hundreds of images, such as eCommerce sites or blogs.

Finally, Cache Enabler’s settings are simple and concise. They ask for such things as caching behavior preferences and cache expiry behind the scenes, the settings page offers explanations, and the number of settings is fairly low overall. As a result, most people will find this a confusion-free zone.

Reasons this is one of the top WordPress caching plugins

  • Cache Enabler provides a unique way to serve WebP images: you can convert pictures to WebP format via ShortPixel, Optimus, or EWWW Cloud (the cloud version is recommended for its solid performance).
  • Cache Enabler WordPress caching plugins include a user-friendly, streamlined interface for maximum convenience. This is one of the simplest plugins to set up, and users at all levels of experience should find it a pleasure to handle.
  • Actual cache size is presented on the dashboard, to help you understand the amount of space the cache consumes. This is a fast, efficient caching program, offering manual and automated clearing options.
  • Minification for inline JavaScript and HTML is available.
  • This combines with the Autoptimize plugin to bring you additional features, such as injecting CSS into page heads.

Take a look at the official Cache Enabler documentation for help when you configure and test this plugin on your website.

WP Super Cache

WP Super Cache is a terrific example of an open-source WordPress caching plugin boasting installation numbers in the millions. When you search for caching plugins, WP Super Cache and W3 Total Cache (see below) will appear high on the list most of the time.

While it’s unfortunate that these plugins have such similar names, they are very different. It’s best to install both and try them separately to identify the right one for your site. You might prefer to install WP Super Cache first purely because it’s the work of the Automattic team, but both are worth considering.

Regardless, WP Super Cache is an open-source, free plugin with zero upgrades required once you’ve installed it. This performs efficiency by building static HTML files and serving these instead of the weighty WordPress PHP scripts.

Three caching modes are available, which is one of the WordPress caching WP Super Cache plugin’s most appealing features. One is titled Simple Mode: the average WordPress user would choose this as it poses the least risk. But another of the modes, Expert Mode, enables you to super cache files with various modifications to the .htaccess file. This is great for seasoned developers who prefer greater control over their site’s caching process.

The Simpler mode makes WP Super Cache simple to set up (as the name suggests!). This enables you to compress pages, and offers easy caching, CDN support, as well as cache rebuilding. On top of all this, you can identify known users and choose to not cache pages for them if necessary.

Additional homepage checks can be helpful too, when you want to make sure your site’s primary page is as optimized as it can be.

One of the core advantages of WP Super Cache is its garbage collecting: your cache directory fills up and can leave your site running slowly over time. WP Super Cache runs automated garbage collections regularly to clean older files out and maintain your site’s optimization.

Reasons this is one of the top WordPress caching plugins

  • WP Super Cache boasts a positive reputation and track record, so you can expect its caching services for one or more of your sites to be of a high standard (no matter how big they may be).
  • This is an open-source, free product from Automattic — this means updates are regular and WP Super Cache is unlikely to disappear without warning.
  • In WP Super Cache’s backend interface, a lot of the settings you require are already filled in. As a result, it’s fairly easy to understand and put to work, even if you’re a total novice.
  • WP Super Cache utilizes a garbage collection process, clearing your older files out of the cache to prevent slowdown. This helps your site run faster and more smoothly.
  • This is integrated with a unique CDN setup, distributing your files better.
  • You can select from three caching modes, including Simple and Super Caching. This makes WP Super Cache a top option for diverse skill levels: the Simple cache option is great for the average user, while the Super Cache mode enables more advanced users to boost their site’s speed substantially.
  • WP Super Cache includes a unique feature known as Cache Rebuilding. Your blog’s cache won’t be cleared whenever a visitor posts a comment: the cache will be rebuilt and the old page will be served to other users instead.

While WP Super Cache has no official documentation online, the repository page carries a wealth of information.

 

Comet Cache

Comet Cache has one of the coolest names of all the WordPress caching plugins, and it has a solid reputation too. You can choose from a free or paid version.

The paid version is available from $39 to $139, as a one-time charge. However, you can opt to pay extra fees if you would prefer more extensive customer support with the WordPress caching Comet Cache plugin.

Comet Cache includes similar features to the caching plugins we’ve explored above, but it stands out for its incredible documentation. Even the regular WordPress plugin page offers lots of FAQs and links to help you learn about caching.

The Comet Cache website is home to a complete knowledge base and insightful blog. There’s plenty of information on the free and premium versions, with comparisons to help you choose.

A key reason for upgrading is Comet Cache’s automation: you can set this up and forget about it while the plugin does the majority of the work on your behalf.

The free version is capable of accomplishing many of the same tasks, but you will need to complete them yourself manually at times.

The client-side browser caching is helpful, too, as you’re basically double caching: the server is on your end and the browser is on the user’s. Crucially, it’s fairly simple to install the Comet Cache plugin and the dashboard is easy to navigate.

Reasons this is one of the top WordPress caching plugins

  • With Comet Cache, you can take advantage of a quick setup and decent backend, so configuring the cache takes a matter of minutes.
  • You can cache on pages, posts, categories, and tags.
  • With the paid version of Comet Cache, you can try intelligent and automatic cache clearing. This allows you to establish caching preferences when you install it and forget about them for a while.
  • You can cache RSS feeds to avoid delays in your content syndication.
  • The plugin gives most of its main features away free, so you might not need to upgrade.
  • The paid version is similar to what you would receive from WP Rocket, so we’d advise that you test both to see which suits your goals best.

Browse the Comet Cache official documentation and community forum for help when configuring or testing this plugin on your website.

Hyper Cache

The WordPress caching Hyper Cache plugin runs on PHP only, so it’s simple to set up with no complicated configurations to worry about. This is also compatible with WordPress blogs of any kind.

A main benefit of Hyper Cache is that it’s aware of mobile environments. As a result, the caching continues to run when a user visits your site on their smartphone or tablet. This ensures your website remains fast and performs smoothly across devices, for total user convenience.

As Hyper Cache is open-source, there’s no need to pay or stress about future upgrades either. If you want to support the developer and compensate them for their work, though, you can make a donation.

The installation process for Hyper Cache is quick and easy. That’s ideal for newcomers and unskilled users of WordPress who might feel overwhelmed by extensive caching settings.

Furthermore, the compression caching optimizes bandwidth and boosts page speed brilliantly. This plugin is also intended to work with bbPress well, so if you want to run a forum, Hyper Cache is a fantastic option for caching its pages.

Perhaps Hyper Cache’s biggest advantage is its simple configuration. You can almost set it up and forget about it, with no reason to worry about its function following installation.

Admittedly, some of the settings have been assigned unexpected names or can seem somewhat tricky at first. But they generally include recommendations to help you understand what to enable and how they work.

Reasons this is one of the top WordPress caching plugins

  • There are no payment plans for Hyper Cache: this is a free, open-source plugin, and all features are included with initial download.
  • Hyper Cache is mobile-aware, so caching runs on mobile devices too.
  • This plugin includes CDN support, enabling you to tap into larger networks of servers and increase your website’s speed further.
  • Hyper Cache provides options for serving cached pages to visitors writing comments on your blog. You can cultivate more discussions on your posts without worrying about them affecting its speed.
  • Compression will be managed via the Hyper Cache plugin, for non-cached pages too.
  • Hyper Cache is designed to detect if a site’s theme has changed to its mobile version, for a better user experience.
  • This plugin will relocate the cache folder beyond your blog, and the cache folder won’t be included in your website backups. That means you can make smaller backup files while saving space.

Take a look at the official Hyper Cache documentation and visit the community forum to learn more when setting this plugin up on your site.

WP Fastest Cache

WP Fastest Cache’s name is obviously similar to some of the other WordPress caching plugins on this list, but don’t be fooled: this has a number of features that make it stand out.

You can get started with a free version of the WordPress caching WP Fastest Cache plugin, though a premium one is available for purchase through the settings module if you want to upgrade.

With the premium version of WP Fastest Cache, the fee is one-time only, and you’ll get access to a varied selection of tools that are unavailable in the free version. But generally, the majority of websites will be satisfied with the free plugin, as it features desktop caching, combination options for CSS and JavaScript, as well as HTML minification.

You’ll also have access to GZIP tools and browser caching in the free WP Fastest Cache plugin. Overall, this plugin can help to make websites’ performance much faster and smoother compared to sites using no caching plugin whatsoever.

The settings basically consist of a checkbox list, which makes it one of the simpler settings pages to explore. Information boxes are also included, offering clear explanations to guide your choices. You can switch between tabs for managing key items, such as imagine optimization, the CDN, and the cache timeouts.

Reasons this is one of the top WordPress caching plugins

  • The free version of WP Fastest Cache can prove useful for the majority of sites, and it appears to serve sites more quickly than a lot of the competitors.
  • The settings comprise a list of checkboxes alongside easy-to-follow information points, so it’s simple to use.
  • You can upgrade from the free to the premium version in the WordPress dashboard for maximum convenience. You don’t have to download a plugin from the developer’s site.
  • CSS and JavaScript can be combined and minified.
  • You can integrate CDN without too much configuration required.
  • Optimization of images is performed separately from the caching process, so you can see the amount of space saved with one of your biggest resource-consumers.
  • A feature is included for creating a cache for a mobile theme specifically. You can also opt to not serve a cached version for the desktop to your mobile users.

While WP Fastest Cache has no official documentation in one place, you can still find a wealth of tutorials on configuring WP Fastest Cache on your WordPress website on their blog.

W3 Total Cache

You might be aware of W3 Total Cache, as it’s one of the most popular WordPress plugins available. The WordPress caching W3 Total Cache plugin is a decent free, open-source solution, though we can’t pretend that it’s the ideal option for any website.

One of its main disadvantages is that its backend settings can be extensive and, sadly, hard to grasp. The development team can complete the proper settings for you efficiently, though newcomers may still feel confused.

Despite this issue, W3 Total Cache has managed to achieve millions of installations. It can be integrated with a CDN, and works for mobile and desktop websites nicely. It’s also recommended as a helpful companion for sites holding SSL certificates, which means eCommerce websites in particular might benefit from installing it.

The free version of the W3 Total Cache plugin includes all the features, and there are no prompts designed to push you into upgrading. The plugin can also help you make savings on bandwidth, thanks to HTTP compression, feed optimization, and minifications.

Yes, it doesn’t have the best backend configuration we’ve ever seen, but that could be down to our personal taste. Nevertheless, W3 Total Cache is still sure to help your website’s performance improve and, in turn, increase conversions.

Reasons this is one of the top WordPress caching plugins

  • W3 Total Cache is free, and most of the caching plugins you’ll need to boost your site’s speed and optimization are included.
  • Popularity can be considered an indication of a plugin’s quality,thanks to its millions of installations, though we don’t recommend you base your decisions on that alone. Take the time to browse the many positive reviews to learn more about W3 Total Cache before you commit.
  • W3 Total Cache is compatible with various hosting options, including shared hosting, clusters, and dedicated servers.
  • You can use caching for any mobile environment, so that when a user visits your site on a smartphone, they’ll still benefit from caching as they would on their computer.
  • W3 Total Cache provides SSL support, to help your online store run more quickly and efficiently. That can improve the customer experience overall.
  • As the CDN works with the media library, you can check the quality of your images’ optimization easily.
  • You’ll have access to compression and minification, as well as caching of databases, objects on your disk, and posts.
  • Object caching is supported with W3 Total Cache.

You can get started with help from the in-depth documentation for W3 Total Cache available

Alternative Approach To Caching

Instead of using caching solutions on web app level you may think about NGINX – it can proxy requests to other web servers or apps. The outcome here – performance increase for serving static files.  Another important feature – NGINX can sit ‘in front’ of web servers where it acts as a gateway to other applications or servers. Additionally, it can also cache the results of requests proxied to FastCGI and uWSGI processes, as well as to other HTTP servers.

NGINX is fully supported by Plesk and can be configured/tuned up easily via Plesk interface. And if you consider to user NGINX with Plesk for caching – think also about WordPress Toolkit, which will help you a lot to manage WordPress routine tasks.

Conclusion

We hope we’ve helped you understand why website caching is so important, but the functions that make caching work can be incredibly difficult for the average WordPress user to understand initially. That’s why you might struggle to determine which settings in a caching plugin will be right for you at first.

Again, if you choose managed WordPress hosting, you won’t need to organize your own plugins. The host will do that for you, and caching will take place on the server. But caching plugins are essential if you’re using shared or self-managed hosting.

Now that you’ve reached the end of this guide, we hope you’ll find picking the best plugins for your WordPress website easier. Focus on learning as much as you can about any of the WordPress plugins that appeal to you most, to help yourself make the most well-informed decision.

Holiday Stories with Jens Meggers, our New WebPros CEO

Happy holiday season to all Plesky people around the world! The year 2020 has brought us all manner of things. And sadly, some of them haven’t been exactly what we wished for. The global pandemic has left many businesses uncertain about their future. And at Plesk, we had to re-route our roadmap to focus on helping our customers stay open and connected during these unprecedented times.

Although this year’s been quite a difficult one, we’ve still managed to celebrate all sorts of events while staying indoors. For example, Plesk has had its 20th anniversary, released new products such as Plesk Premium Email, powered by Kolab and SolusIO, and launched the Next Level Ops Podcast. And, on top of that, 2020 has brought a new CEO for the WebPros Group (in case you missed this info, WebPros is the leading website hosting automation software global provider that comprises cPanel, Plesk, SolusIO, WHMCS, and XOVI).

To wrap up the year, we want to celebrate this fresh arrival together with our wide community and share the bliss and the jolliness of this holiday season. So, here’s this year’s episode of the Plesk Holiday Stories. This time featuring Jens Meggers, our new WebPros CEO.

The Life of a CEO During the Holiday Season

Welcome to the family, Jens. To warm-up, why don’t you tell us (and our readers) a bit about yourself?

I have a large family with five kids and a dog. After spending time at work and with my family, there is little time left. But that doesn’t stop me from enjoying my hobbies. These are gaming, coding, kite surfing, and triathlon.

I grew up in Germany but relocated to California in my early 30th. When I got my first computer as a teenager, I fell in love with creating software. And that has not changed as of today.

What’s a typical day for Jens Meggers during the holiday season? Any advice on how to cheer up the mood?

I take it slow. Run, swim, and bike in the morning. And then stay indoors in the afternoon. My advice for this year is to ramp up the geek level – Watch as many new movies as you can, play as many new games as you want, and get a VR system.

What would be your jolly, memorable holiday story to share? 

Starting a few years back, most tech companies started to close operations during the core holiday days. Most people protested, but it was a real game-changer with almost zero emails and messages for almost ten days. It was epic!

Which are your favorite dish, drink, and city in winter?

I love the taste and the warmth of German Gluehwein, also known as spiced wine or mulled wine, at the Christmas markets. But unfortunately, nothing like this is really available here in California, where I live.

As the CEO of WebPros, you must find yourself very busy. Do you follow any routine to keep your energy levels high and increase productivity? Any tips you’d like to share with the Plesky community?

I always try to balance screen time with outdoor activities. There’s always something to do. I pick activities that don’t take too long. A 5k run after work only takes 25 minutes, or a 2k swim can be done in 45 minutes. Make sure to get 6-7 hours of sleep. And of course, always secure access to good coffee!

How about offering a sneak peek of what 2021 holds for Plesk and its users?

We have tons of great things coming. I’m super excited about 2021 and the innovative products we are going to launch. Stay tuned! 

Holiday Greetings from Plesk!

Thank you, Jens, for sharing such great advice! We’ll surely take you seriously if we want a productive mind and an active body for 2021. And good luck with your sporty activities, we’ll cheer for you!

So… another year has gone by. And we want to thank our readers for being such an important part of Plesk. We wish you all a happy holiday! 

Keep your eyes open if you want to read more articles like the one from Jens Meggers in the new year. Do you want to share your holiday stories or memories with us? Let us know in the comments below. See you next year!

An Overview of PHP Vulnerabilities – WordPress Perspective

WordPress PHP vulnerabilities Plesk

You probably already know that WordPress websites are vulnerable to brute force attacks, called so because they just try over and over again to guess your username and password combination. But in the never-ending arms race between hackers and site owners there is also the problem of much more sophisticated bots that will try to worm their way into weaknesses in your website’s PHP code, too. Both of these hacks are popular ways of testing your defenses and they both underline the need for constant vigilance on the part of site owners and admins. To that end, you need to consistently upgrade your WordPress so that it’s always one step ahead of potential PHP vulnerabilities and you also need to make sure that you only use the most up-to-date versions of your plugins and themes.

If you didn’t already know, your WordPress website, themes, plug-ins, and apps such as PhpMyAdmin rely on a language called PHP to work properly. Now, the developers who write all of that stuff are not lazy and they aren’t deliberately leaving doors open for hackers to slip in through. The truth is, it’s hard for developers to write code that anticipates every single way that a bad actor might choose to attack. They do their best, release the software, and then it’s often only through everyday use that any holes in the defenses become apparent. Users’ experiences with attacks help to inform the process making everything secure. It’s a case of building it as best you can and testing it ‘in the wild’, responding to each new security alert as fast as possible, and then bracing for the next. It will become clear as you read that the majority of the PHP vulnerabilities shown here come about because of unsafe user input, meaning that someone has fed malevolent code to the web app or moved it to a section of the app in such a way that a vulnerability is created. This highlights why it’s important to pay special attention to all situations where user input can either deliberately or inadvertently introduce dangerous code to the system. These are always the leakiest parts of any WordPress ship.

There are a few different classifications of PHP vulnerabilities. We’ve include a few of the most frequently encountered ones with a basic explanation for each of them, but we haven’t included any PHP code as we’re aiming this to be an overview for people like admins rather than an exhaustive report for developers.

RCE – Remote Code Execution

Remote Code Execution (RCE) is just like it sounds. It happens when someone attacks and manages to upload code to your website and then runs it. A problem with a PHP application might let a user enter code which it then treats as PHP code, which might subsequently make it possible for the hacker to do various things. It could allow them to create a new file containing code that gives them full access to your website, for instance. This opportunity to remotely run malicious code is referred to as an RCE vulnerability. As you can imagine, the ability to do whatever they want with your website makes remote code execution an extremely dangerous kind of attack.

SQL Injection or SQLi

SQL Injection is similar, it’s when the hacker can get your database to run their own instructions. Anytime a PHP developer invites data input from a website visitor they should only pass it to the database after they’ve checked it to make sure that it isn’t trying to sneak in any dangerous code. SQL Injection gives a hacker free rein with the data on your website, which means they could create new data in your database including links to spammy or equally undesirable URLs. Hackers might also want to create their own admin level user account, to give themselves full access to and control of your website. It’s easily done with SQL injection. It’s another very serious security vulnerability because again, it hands the hacker the keys to your site.

Authentication Bypass

Sometimes a PHP developer might believe that they are properly validating that a site visitor has the right access level before performing an action, but they’ll actually be checking the wrong thing.
This problem can insinuate itself into WordPress apps via a mistake that WordPress developers frequently make where they use the ‘is_admin()’ function when trying to confirm that someone is indeed an admin. The problem is that this function only tells you if someone is viewing an admin page, but it doesn’t prove that a site visitor is actually an administrator. If a developer inadvertently uses this function, then they are handing admin level features to users who aren’t really admins.
There are other examples in the same vein, and they occur most often when a developer doesn’t check to make sure that the user is permitted this kind of access before they allow a function to be executed.

PHP Object Injection

A PHP object Injection attack is more sophisticated because a PHP app passes input from the user to a function called ‘unserialize()’. This takes a stored object and puts it in memory. Although this seems complex, the main thing to remember with PHP object Injection is that it happens when a developer doesn’t do the right kind of gatekeeping and allows unsafe input from the user to enter a PHP application.

Cross-Site Scripting (XSS)

This is when a hacker causes a website visitor’s browser to load and run dangerous code, which might then (for example) grab their cookies and hand administrator-level access to the intruder, meaning that Bell once again be able to do whatever they like.
Cross-Site Scripting comes in two flavors – Stored and Reflected. A Stored Cross-Site Scripting vulnerability is one where the hacker tricks the website into allowing in dangerous code which later gets sent to and run in a visitor’s web browser. This kind of thing often happens when a comment is posted on your WordPress website that contains dangerous code. It then steals user cookies and passes them on to the hacker.
Reflected Cross-Site Scripting happens when a hacker puts dangerous code in a link. If it then gets loaded into a browser, the website serves it up along with the content. This code then runs in the visitor’s browser and it can steal cookies or perform other nefarious tasks. One example of a Reflected Cross-Site Scripting attack is a WordPress search results page that includes the search query included in the URL and is not cleaned properly. The page then serves up the search results as well as the initial query, which could be dangerous code that runs within the visitor’s browser. Hackers could use Reflected Cross-Site Scripting to compromise a website by creating a link to a page of search results with dangerous code in it, and they could then send that to the site administrator to steal their cookies.

Cross-Site Request Forgery – CSRF

A Cross-Site Request Forgery (CSRF) refers to when someone creates a link and manages to get a site admin (or in fact anybody with high-level access) to follow it, and this causes the site to perform an action. So, for instance, if somebody built a link that creates a new admin with a known password when a site admin clicks on it, this would be an example of a Cross-Site Request Forgery attack. It’s not all plain sailing though. The difficult part for the hacker is finding a way to convince the site admin to follow the link, and then set up the new admin with one of the currently used passwords which the bad guys hope to steal. WordPress does already have a way of protecting itself from this kind of approach. It uses a security token (just a number) known as a “nonce” which is granted to the admin each time they log in, and this number is included every time the WordPress site admin does something of the sensitive nature. If a hacker takes the approach we’ve described, trying to use a link in a Cross-Site Request Forgery attack, they also need to know the nonce to send with it. Since this number changes every day, successfully executing a Cross-Site Request Forgery attack becomes much more difficult, if not impossible. With that in mind, it should be the case that every developer knows not to build themes and plug-ins that don’t use nonces for request verification, but not everyone is as diligent as they should be. But they can put it right after the fact, and for an easy remedy they just need to use code to access WordPress’s native nonce feature.

Remote File Inclusion (RFI) and Local File Inclusion (LFI)

Remote File Inclusion or RFI happens when a PHP app passes user input to a function that loads a file. If the file turns out to be a URL, the function would then load PHP code from the hacker’s specially built website to attack your website. Including a remote file in a URL is called Remote File Inclusion or RFI. If the file a hacker passes is a local file, the application might send its contents to the screen. This is an approach frequently used by hackers to help them break into a WordPress website’s wp-config.php file. This approach is known as Local File Inclusion or LFI. Functions vulnerable to RFI and LFI in PHP are: include, include_once, fopen, file_get_contents, require and require_once.
All of these functions load PHP code or content from a place that the developer decides on. If they don’t configure the website’s PHP installation in the safest way, a hacker can then load a dangerous file as PHP code or content and use it give them access to your site. The majority of PHP installations keep you safe from RFI attacks which load remote URLs by restricting where files can be included from. But it’s not uncommon for PHP developers to inadvertently produce code that lets a hacker access a local file like wp-config.php. This helps to explain why Remote File Inclusion vulnerabilities happen less often than Local File Inclusion vulnerabilities.

Conclusion

We hope this overview of frequently seen PHP vulnerabilities and their creation has helped you in your role as a WordPress administrator. You might have seen a few of them on your security updates. We hope that the insights that we’ve shared about what they do will help you to stay vigilant and deal with them more effectively. This knowledge should make you better able to ask questions of developers and better able to see how vulnerabilities work before you deal with them.

Most Widely Used Plesk Extensions and Toolkits This ‘HoliDeals’ Season (Part 2)

If you enjoyed the first HoliDeals announcement, this blog post will definitely perk you up. The world is running on Cloud today. Especially businesses that have to host their websites. Plesk has emerged as a great web hosting control panel that can make things way too easy for you. And you can make your Plesk control panel even more efficient with the right extensions, feature-rich packs, and toolkits. This way you not only increase productivity but reduce operating costs too.

But don’t worry – we got you sorted. As they say, ’tis the season to be jolly. And we want to make your holidays even more special with our Plesk HoliDeals Calendar. For 24 days, starting from December 1st, 2020, you’ll get exclusive discounts on top Plesk extensions, feature packs, toolkits, and licenses to make your toolbox jingle all the way!

So, enough chitchat – Let’s reveal the next 12 extensions and discuss their major benefits and features!

#13 Teamspeak Interface

It’s Tea(m) Time! This extension is a multifunctional web interface that allows you to install Teamspeak Interface and add-on modules with just a single click. With this extension, you can manage TeaSpeak and Teamspeak 3 Voice Server and other existing instances.

It provides you with an extensive set of user management options and roles, customized according to your customer needs or the co-administrators’ needs.

Teamspeak Interface extension is an ideal solution that enables you to control TeaSpeak and Teamspeak 3 servers through the web. There are two available license packages with Teamspeak Interface – Basic Starter and Pro Starter.

The Basic Starter pack comes with:

  • 100 additional user accounts.
  • Manage up to 3 voice server instances.
  • Includes extensions like Server File Management and Icons, Server Group Management, Channel Group Management, Client and Permission Management, TS Bots, and API.

The Pro Starter pack comes with:

  • 300 additional user accounts.
  • Manage up to 10 voice server instances.
  • Includes extensions like Reseller Management, Server File Management and Icons, Server Group Management, Channel Group Management, Client and Permission Management, TS Bots, and API.

We are offering an exclusive discount on this extension through HoliDeals. Make sure you grab the opportunity before it’s too late.

#14 Joomla! Toolkit

Joomla! Toolkit is a powerful toolkit for Joomla! users that allows them to secure and mass manage Joomla templates, extensions, and instances running on the Plesk server. The toolkit comes with a single dashboard for easy management, safety, and creation of Joomla instances.

All it takes is a single click to download, initialize, and configure the toolkit for hassle-free operation. We have created Joomla! Toolkit to enhance the security aspects of your content management system. There is no security expertise requires – the toolkit hardens your website by default, and with its security scanner, you can ward off any potential threats.

It is an all-inclusive toolkit for Joomla! as you can update templates, extensions, and instances from a single place. Also, you can monitor the performance of your Joomla websites from a single dashboard.

#15 KernelCare

Those who have Linux servers installed always experience system vulnerabilities and security flaws. To cope with this issue, we have launched the KernelCare extension that protects your Linux server against critical issues and downtime.

It is a paid extension and is probably one of the best security and server tools. During the HoliDeals, you have the opportunity to purchase the subscription at the best value.

The extension installs kernel updates within a matter of minutes without needing to reboot your Linux server. In this updated version of KernelCare, we have fortified the extension with the following benefits:

  •   Displays the server uptime.
  •   Enables roll back changes.
  •   Support automatic and manual updates.
  •   Check for updates every four hours.

#16 Cloudplan

You can use Cloudplan on your Plesk server to host folders and files, synchronize them between all your devices and share them on the go. We have designed Cloudplan to be a PCaaS (Private Cloud as a Service) solution that you can install on all on-premise servers, cloud servers, and even hybrid clouds.

The primary objective of Cloudplan is to provide users with a complete private cloud solution with full control over data. With this extension, you can connect all the possible nodes available, including cloud and on-premise servers, mobile devices, PCs, and laptops, among others.

They all can be connected automatically with end-to-end encryption. You will be provided with a centralized web portal to control and monitor the whole private cloud network.

#17 Sitejet

Sitejet is a web design platform for agencies that allows you to collaborate with your team and customers with ease and create, manage, and launch quality websites. It comes with a high-performance content management system (CMS), which you can use to create responsive websites.

It is designed and developed by a team of experienced web designers looking at cost-effective results for web developers. With Sitejet, you can streamline your web development process.

The extension comes with intelligent workflow automation, file management system, time tracking, to-do, and a ticket to make the design process less complicated and less time-consuming. Some of its salient features include:

  •   Customer collaboration.
  •   Whitelabel platform.
  •   Multi-user and permissions.
  •   Scale your agency.
  •   Manage customers efficiently.
  •   More time for creativity.
  •   Complete design flexibility.
  •   Save management and design time.

#18 Virusdie

Virusdie is a Plesk website antivirus extension for Windows and Linux servers that lets you keep your websites free from viruses with just a single click. The extension comes with features like email alerts, patch management for plugins and CMS, an in-built file editor with malicious code highlighting, automatic malicious code deletion, and an accurate threat scanner.

The best part is that we have designed Virusdie to be compatible with a selection of content management systems, including PrestaShop, DLE, Drupal, Joomla, and WordPress, among other popular methods.

We are offering Virusdie services for both free and paid. In the free version, you get features like:

  •   Email notifications
  •   Automatic antivirus database updates every 6 hours
  •   Full description of viruses
  •   Automatic site scans for vulnerabilities.

In the premium version, you get:

  •   Scheduled scans – daily and weekly
  •   Vulnerability manager
  •   Malicious code highlighting
  •   Safe and accurate malicious code deletion
  •   Scheduled scans – daily and weekly
  •   Vulnerability manager
  •   Malicious code highlighting
  •   Safe and accurate malicious code deletion

#19 Smart Updates for WordPress Toolkit

If you have a WordPress content management system that you want to keep updated and secure all the time, then you should download our Smart Updates for WordPress Toolkit. We have designed this extension to help you determine the required updates to keep your websites up-to-date.

We are offering a one-month free trial of Smart Updates for WordPress Toolkit, in which you get smart, automated tests, and you will always remain in charge of the operations.

Make use of the free trial to understand how the extension might be helpful, and if you like it, you can always purchase it. As we are currently in the middle of the Plesk HoliDeals Calendar, there is a high chance that you might get a good deal on Smart Updates for WordPress Toolkit.

The prominent features that will make you install this extension are:

  •   Smart Updates available for WordPress themes, plugins, and core.
  •   Production website is not affected during both manual and automatic updates.
  •   Smart Updates service determines the changes, analyzes the update, and concludes whether the update needs to be performed on the production site.
  •   Automatic and manual updates are available.
  •   We are providing Smart Updates for WordPress Toolkit on a per-site basis.

#20 Statistics and Usage Manager

This is an extension for Plesk that enables you to manage and view disk usage and traffic of your Linux OS subscriptions. The best part is that Statistics and Usage Manager allows you to do this all in real-time.

With Statistics and Usage Manager, you can sort your subscriptions by disk space statistics or traffic. You are also provided with a custom button to manage and view the statistics of all your subscriptions. As an admin, you can disable or enable this function.

This is an excellent extension for web managers looking to gain insight into how their websites are performing. You can use the Plesk HoliDeals currently available to grab this extension at the best possible price.

#21 Google PageSpeed Insights

Google PageSpeed Insights provides you with increased visibility in search engines by suggesting specific improvements and providing you with tools to design and develop fast and fully optimized websites.

The extension allows you to analyze your website content and its performance to determine what can be improved. With Google PageSpeed Insights, you can:

  • Analyze the performance of your website.
  • Rate the website based on its desktop and mobile performance.
  • Make use of the suggestions to optimize your website.
  • Access extension UI like mod_pagespeed Apache module to enhance website performance.
  • Reduce the size of static files.

#22 Bitninja

Bitninja is a Plesk extension designed for companies who are looking to bulletproof their server security. This extension provides a proactive and unified system that prevents 99% of all types of malicious attacks, safeguarding your company from reputation loss.

It comes with nine defense modules, namely:

  • Port Honeypot.
  • IP Reputation.
  • DoS Mitigation.
  • Web Application Firewall.
  • Log Analysis.
  • Web Honeypot.
  • Malware Detection.
  • Outbound WAF.
  • SSL Terminating.

These defense modules save you at least 12 hours of troubleshooting every day.

#23 Additional Language Pack

Plesk includes language packs for the translation of UI into different languages. While all the supported languages are installed during Plesk installation, you can download the Additional Language Pack extension if you want additional languages.

The number of languages you can install and download will depend on the Plesk license you have bought.

Suppose your site operates globally, and you want to reach out to the local community by offering your website in their native language. In that case, you can do so with Additional Language Pack.

#24 Web Host VPS or dedicated

Finally, here’s our last but not least HoliDeals offer. The growing need for customer self-administration can be quickly taken care of by Web Host VPS or dedicated. This Plesk edition proves to be an optimal solution that can fully customize your business, allowing you to increase profit and service offerings. 

When you install Web Host VPS or dedicated, you get several benefits, such as:

  •   Improved supportability.
  •   Turnkey application storefront for resale of services and applications.
  •   Instant high-end website creation and design.
  •   Improved audience focus for agencies, content teams, and website developers.
  •   Customize your service offering.

Don’t Miss a Gift!

Did you know you can add your daily reminders to your personal calendar? Or you can also subscribe now to receive fresh updates to your mailbox. Check here if you want to know more!

So… these above are some super hot extensions that you would want to install to boost your Plesk server performance. So, you would want to make use of the Plesk HoliDeals Calendar

Based on their popularity, we have managed to list these 24 Plesk extensions and toolkits. If you think that you need offers on some other Plesk products and services, let us know in the comments. Happy HoliDeals!

The Plesk WordPress Toolkit 5.2 is Now Available

The Plesk WordPress Toolkit 5.2 is now publicly available! This release focuses on catching up on popular customer requests and fixing various nagging issues. The 5.2 update has something for everyone, so let’s take a look at what’s new!

Sets for Resellers

Allowing resellers to have their own sets is the most popular feature request in the WordPress Toolkit section of Plesk Uservoice. It’s requested not only by legit resellers but also by those who are using reseller accounts as limited Plesk server administrator accounts. Anyway, this feature is finally here:

Here’s what you need to know about this feature:

  • Resellers get the same default sets as server administrators.
  • Resellers can only access and manage their own sets.
  • Customers of resellers can see the sets of their resellers when installing WordPress. They do not see server administrator sets.
  • The global option “Allow customers to use sets when they install WordPress” will also affect reseller sets. If this option is switched off, resellers’ customers won’t see any sets when installing WordPress.
  • Reseller service plans actually include additional services with automatic installation of WordPress (alone or with any of the reseller sets).

Theme Activation in Sets

Another thing that’s been requested a lot recently is the ability to choose which theme should be activated in a set when this set is installed on a WordPress site. This feature allows hosters and web studios to provide more turnkey added value in their WordPress service offerings. So we made it happen.

As a reminder, you can install sets in one of the following ways:

  1. Provision a subscription-based on a service plan with a specific Additional Service that installs WordPress with a particular set.
  2. Install a set together with WordPress when you install a new WordPress site.
  3. Install a set on an already existing WordPress site via Sets tab functionality.

All these ways are available both via GUI and CLI. Your selection of a particular theme that should be activated in a set will be applied regardless of which way the set is installed.

Important notes:

  • This is not the final UI we’re aiming at. We’re planning to redesign the whole Sets tab next year to make it more convenient and user-friendly, and this feature will be a part of the redesign.
  • This ability is also available as a new operation of the –sets CLI command. Usage example: plesk ext wp-toolkit –sets -operation activate-theme -set-id ID -theme-id THEME_ID
  • By the way, plugins in a set can also be configured to be activated or deactivated upon the installation of the set. Since plugins are activated by default, the activation feature is more of a deactivation feature, so it’s not as important (most people would like their plugins to be active right away). Anyway, it was easy to do, so we threw it in as a bonus.
  • Activating and deactivating plugins in a set via CLI is also supported.

Pending Smart Update Notification

Looking at Smart Updates, cPanel team has noticed that there’s no way for users to learn that Smart Updates wasn’t applied automatically due to some issues and that they needed user attention. This happens because WordPress Toolkit is not yet integrated with email notifications in cPanel (something we’re planning to remedy soon). 

It also became clear that the problem is bigger than this. Users who’ve launched Smart Updates but closed the Update window without making a decision could also forget that they needed to either apply the update or reject it. To fix this problem, we have added a visual marker notifying about a pending Smart Update on a site card:

This notification will be displayed whenever there’s a finished Smart Update test run that needs to be reviewed and either applied or rejected by the user. To open the Smart Updates window, users will be asked to click on the Check Updates button.

WordPress Toolkit Deluxe Dashboard… Lite

After the introduction of the second licensing type in WordPress Toolkit for cPanel, we realized that there’s no quick and convenient way for the server admin to check who exactly has access to the paid WordPress Deluxe features. Depending on how the hoster’s packages and feature lists are organized in WHM, this task can range from trivial to quite challenging. 

To make things a bit easier, we’ve added a very basic screen that lists all accounts on a server with access to WordPress Toolkit Deluxe. It can be accessed via a link on the Settings screen:

Lo and behold, this might be the simplest WordPress Toolkit screen in the product history:

Depending on user feedback, we might improve this list, including stuff like redirects to cPanel of a particular user account, and so on. For now, it does what it intends to, and we hope it will prove useful.

Underscore in Slugs

WordPress Toolkit had a long-lasting issue with plugins and themes that use underscore symbol in their slugs (technical names / IDs). Specifically, it was not possible to upload, install, or update any plugin or theme with such a symbol in its slug through WordPress Toolkit. 

For a time, this was not deemed to be a real issue since WordPress directory maintainers do not usually assign slugs with an underscore to submitted plugins and themes, so this symbol is not typically used in such context. 

However, over the years we have discovered that there are several popular plugins that feature underscore in their slugs (js_composer is the biggest culprit). The time has finally come, and we have updated a number of internal WordPress Toolkit routines to properly work with plugins and themes that have slugs with underscore symbol.

Site List Expanding Changes

In WordPress Toolkit 5.0 we have introduced a new list-based interface for sites, which brought not only new features but also new issues with it. 

One particular issue happened when users installed a new site. The interface for managing this site was often collapsed by default even if it was the only site in the list. We’ve investigated the behavior of our new list UI and introduced a number of changes in WordPress Toolkit 5.2. Now, the following logic is used:

  • After a site is installed, it is expanded by default, regardless of how many sites are in the site list.
  • After a clone is created, it is expanded by default, regardless of how many sites are in the site list.
  • If a user only has one site, it should always be expanded by default.

This is just the beginning, though. We continue to look into improving the collapse/expand behavior further in our next releases. In particular, we’d like to remember the user’s choice (which site was expanded, and which was collapsed) and improve the performance of the site list when it has a lot of sites. Both items might seem obvious but are far from trivial in terms of implementation. Therefore they will take some time to address.

CentOS 8 & CloudLinux 8 support

WordPress Toolkit v5.2 supports CentOS 8 and CloudLinux 8 on both Plesk and cPanel. Note that the CloudLinux team has not officially announced CloudLinux 8 support for Plesk and cPanel, but WordPress Toolkit works fine on it, as far as we can tell.

Web Server Rules Description

WordPress Toolkit adds specific rules to web server config files when it applies certain security measures. If you look at these rules, it’s not apparent who added them and why. To make things more transparent for admins, we have added short descriptions for each rule right in the webserver config files (except for IIS, where it’s not so easy). 

It’s a small change, but we’d like to think it can help users better understand the value brought by WordPress Toolkit and help debug things if something goes wrong.

Research, Improvements, and Bugfixes

During this release, the team did a lot of research on topics we’d like to address in the future. Here are some of the things we’ve investigated:

  • How to properly clone and copy the content of a specific WordPress site if another WordPress is located inside the first site’s subdirectory.
  • How to properly clone and copy the Elementor plugin.
  • What are the most frequent and important issues with cloning functionality?
  • Why Smart Updates sometimes provide false negatives on websites with a large number of posts.
  • How we can ship a specific version of the UI library in WordPress Toolkit for Plesk.
  • How broken WordPress Toolkit will be after we perform a very belated and very major wp-cli update.
  • What issues related to PHP module requirements might turn up if WordPress Toolkit is using ea-php or alt-php when installed in cPanel working on CloudLinux 6 & 7.
  • How to improve site list performance and WordPress Toolkit performance in general on cPanel.

Some of these research tasks resulted in an immediate item resolved in the 5.2 release. Such was the case for cPanel performance research. The team has significantly improved the performance right away in v5.2 and identified several good improvement opportunities for the upcoming WordPress Toolkit 5.3 release. 

Future Plans

Our next major release will be out in January 2021. As mentioned above, we’ll continue our efforts to fix and improve existing functionality. WordPress Toolkit 5.3 will have an increased focus on improving our cloning feature, updating wp-cli utility to the latest version, and improving site list performance on both cPanel and Plesk. 

We’re still looking into what else we fit into the next release, so expect some surprises later down the road. Thanks for reading and see you next year!