Andrey Kugaevskiy, author at Plesk

WordPress Toolkit 4.5 Update Features Website Labels Among Improvements

WordPress Toolkit 4.5 Features Website Labels Among Improvements - Plesk

We’ve just released the first WordPress Toolkit update of 2020: WordPress Toolkit 4.5. The first of many coming up this year. Let’s see what’s in there for you.

Website Labels in WordPress Toolkit 4.5

Websites nowadays are usually more than just a single site you see in your browser. Developers often host separate copies of their website for various purposes. One for development, one for testing, and so on. We’ve been thinking about properly supporting development workflow for quite some time now. And so, introduction of website labels is our first shot at it.

Every site registered in WordPress Toolkit 4.5 can now have its own label:

Labels act as a helper for identifying the role of a particular installation. This is why the selection of labels is predetermined. Users can choose from Production, Staging, Testing, Demo, and Development labels. Obviously, labels are optional, and you can change or remove a label at any time.

We expect this change to help you quickly identify their WordPress installations, making life a bit easier. It’s only a first step towards having proper project management in WordPress Toolkit. But that’s a tale for a different time. 😉

WordPress Toolkit for cPanel?

The majority of our time was spent developing WordPress Toolkit for cPanel. We’ve had a very good start with this ambitious project. Constantly keeping in touch with cPanel team, who continue to be very helpful, sharing their knowledge and offering advice. The first installable prototype will be shared soon, and we’re expecting more feedback after. We’ll then continue to focus mainly on WordPress Toolkit for cPanel until at least the first public release. This is expected in the middle of 2020.

Latest Bugfixes and Improvements

Most of the issues nagging our customers were addressed in the minor WordPress Toolkit 4.4.1 update in December. So there wasn’t much left for WordPress Toolkit 4.5. Yet we still fixed a couple of bugs reported by customers and our support team. We’ve also cleaned up some translations again, and now we’re looking into improving the speed and quality of our translations.

Future WordPress Toolkit Update and Plans

The team is already working on the next WordPress Toolkit update, targeted at the end of February. Our main focus continues to be the development of WordPress Toolkit for cPanel. However, we’re also planning to spend some time introducing customer-focused features like CLI for cloning and data copy.

Stay tuned for the next update. In the meantime, do you have any questions or feedback? Let me know in the comments below.

The WordPress Toolkit 4.4 Update

We’ve just released two WordPress Toolkit updates at the same time: v4.3.5 and v4.4.0 – for different Plesk versions. WordPress Toolkit 4.3.5 is a “maintenance only” fork of WordPress Toolkit for Plesk Onyx 17.0 and 17.5. Meanwhile WordPress Toolkit 4.4 is available for Plesk Onyx 17.8 and Obsidian 18.0.

WordPress Toolkit 4.4 is where we’re introducing the most changes to the product. The new functionality helps us spend less time supporting old Plesk versions. Thus allowing us to use newer, better technologies in order to work faster and more efficiently than before.

WordPress Toolkit 4.4 UI and Settings Redesign

We had to make sure WordPress Toolkit GUI is not using any Plesk-specific frontend code, so it can work as a product separate from Plesk (spoiler alert!). Plugins, Themes, and Sets tabs are now using the Plesk UI Library, as well as the WordPress Toolkit Settings screen.

The changes are relatively minor and don’t introduce new features or possibilities. However, they do make our interface faster, more responsive, and more consistent. This gives us a great base for doing the actual redesign of old WordPress Toolkit screens. Which is something we’re planning to do next year.

We’ve also modified the presentation of WordPress Toolkit Settings. Previously, they appeared as a form on a separate navigation tab, which was inconsistent with the rest of the interface. To address this, we moved the Settings tab contents to a separate screen, which you open by clicking the Settings button next to the WordPress Toolkit title.

Installing Sets on Existing Sites

Plugin/Theme Sets should be addressing new WordPress sites pre-populating with a bunch of out-the-box plugins and themes. However, some time ago hosters have flagged another important case. When a user migrates their existing site, their new hoster wants to enrich it with their own plugins and themes.

Hosters told us that they mostly wanted this ability for the server administrator, because in 80-90% of cases, they are the one doing this. So now Sets addresses this request via the Install Set button on the drop-down for each set on the tab.

Clicking the button next to the corresponding set opens a dialog window. There, you can select one or several sites for the set to be installed on. Installing the set takes some time, especially for multiple sites. So the installation task launches in the background asynchronously to avoid blocking admins from doing other stuff in the panel.

Action Notifications Behavior Change

Remember the floating thingies notifying you of the results of your actions? We decided to change the way these notifications behave if the action was successful. While working in WordPress Toolkit, you don’t want to see these notifications cluttering your screen.

So, we decided notifications of successful actions (the “green” ones) should automatically close after three seconds. All other notifications displaying errors or warnings will continue to behave as usual. This is because we believe it’s important that users notice them and explicitly acknowledge them by clicking close.

WordPress Toolkit 4.5 and Other Plans

As Plesk Obsidian marches through servers, we’re planning to create another “maintenance only” fork, this time for Plesk Onyx 17.8, sometime next year. Since this Plesk version still uses an outdated Plesk UI library, it prevents us from providing you with quality interface improvements. This release means only Plesk Obsidian will get all the new WordPress Toolkit features and changes. Both “maintenance only” forks will only receive critical security updates, so you should really update to Plesk Obsidian.

The team has also cleaned up several translations and a number of nagging customer bugs and issues – See our Changelog. Our next major release will be WordPress Toolkit 4.5 – out in January 2020. While it will obviously include customer features and bugfixes, we’re also planning to spend a lot of time on WordPress Toolkit for cPanel, working closely with the cPanel team. Stay tuned for the announcement next year!

There will even be more features our current WordPress Toolkit users should look out for. In the meantime, let’s give a big thanks to the team for all the WordPress Toolkit versions released this year. Six versions since the last major 4.3 release. We hope to stay as productive in 2020, and wish the same to you all!

We’d love to get your feedback on this latest release. Let us know what you like, or if you encounter any frustrations below!

WordPress WordPress Toolkit wordpress toolkit update

WordPress Toolkit 4.3 Reveals Radical Improvements to Smart Updates Premium

We’re happy to announce WordPress Toolkit 4.3 is now publicly available. This release focuses on radical improvements to our premium Smart Updates. Namely user experience, checks, and more usability features like sitemap and switch.

New Smart Updates User Experience

The main complaint about Smart Updates was that it worked as a black box. It took its time to clone and analyze the site (performance was also addressed in WordPress Toolkit 4.2). Also, after analysis, users wouldn’t get any proper info, which understandably made you doubt us. Therefore, the main way to combat this issue was full process transparency.

Upon performing the cloning and the subsequent analysis, Smart Updates will show our users all the details. The Website Summary tab will list pages checked and mention all issues found, while also informing users what it was looking for. You can even download a full test summary as a text file – Handy for update issues you want to investigate further. While the forecast tells you if the update is safe to execute or not.

If at least one new issue is found during the test, Smart Updates warns you of the dangers. Hence, you should address issues before running the update – or, if they’re not serious, update anyway and fix them after.

What’s really cool about the new Smart Updates though, is it alerts you of site issues – even those unrelated to the update. The system may detect an issue before the update which then persists. The tool will tell you that although the update’s safe, the site has a pre-existing issue you should check. If Smart Updates finds issues on a page, you can switch to the Page Details tab to see what exactly is wrong on that page.

As you can see, if a page has a new issue, you’ll get a red dot. The aspects with issues also have a red dot on the Page Details tab.

New Smart Updates Checks

As you can see from the above screenshots, the system is now also checking for PHP errors, warnings, or notices. Such issues typically indicate a broken plugin or a theme, so you shouldn’t take them lightly. Speaking of plugins, Smart Updates is also looking for any Plugin shortcodes on a page (WP-specific pieces of code that various plugins widely use).

When a shortcode is inserted in a post or on a page, WordPress dynamically replaces it with the corresponding content upon generating the page. This means if the actual shortcode appears on a page instead of the content, something went horribly wrong and the site admin needs to intervene.

Using Sitemap to Analyze Pages

The page limit is currently set to 30 URLs to avoid overloading both our screenshot-making service and the servers where Smart Updates is used. We’re now monitoring the Smart Updates load in order to fine-tune this limit. Meanwhile users can create a special custom sitemap that tells Smart Updates which pages to check. This is useful if you have a large site with over 30 URLs and you’re worried about certain pages more than others. (Docs for this feature are coming soon.)

The Smart Updates Switch and Screen

Before, you could only enable Smart Updates on the Updates screen, which you may have missed if you enabled auto-updates. So, to ensure Smart Updates is visible to everyone, we added a Smart Updates switch on the website card.

A red dollar sign appears if you have not purchased the feature. Server Administrators see the Upgrade button in the prompt, since they can install the license key in Plesk. Other users will be prompted to contact their server administrator to buy the feature.

The Updates screen also got some love when we trimmed off unnecessary descriptions of plugins and themes. Or rather moved them to small pop-up windows which you open by clicking ( i ) next to each plugin/theme. The current and available version of WordPress core, plugins, and themes also went into a separate column for better visibility.

Outdated PHP Notifications on WordPress Toolkit 4.3

You’ll see a warning if your PHP is earlier than 5.6 because these websites may not be manageable via WordPress Toolkit soon. We’re planning to update wp-cli soon, and the new version of this truly invaluable utility requires WordPress sites to use at least PHP 5.6.

More WordPress Toolkit 4.3 Stuff

This release also includes multiple smaller enhancements (see Release Notes), like the Smart Updates Results page. It used to open after following the link in the notification email, but it’s now branding-neutral. So hosters no longer need to worry about unexpected Plesk branding displayed in odd places.

The team has also fixed dozens of bugs, including a bunch reported by you – our users. Most were related to Smart Updates or the update procedure anyway.

We’re also currently running a 30 day free trial period for those who have not yet checked Smart Updates out.

Our next WordPress Toolkit release will be a small 4.3.1 update for last-day Smart Updates fixes and improvements. Our team will then focus on the changes we need to launch our remote initiatives. Such as WordPress Toolkit for cPanel, Remote Management functionality and other endeavours. So stay tuned for more WordPress Toolkit updates this Fall and join me in celebrating another impressive release. Cheers!

smart updates smart updates for wordpress toolkit WordPress Toolkit wordpress toolkit update

The WordPress Toolkit 4.1 Update

We’re thrilled to announce the public availability of WordPress Toolkit 4.1. Due to the large amount of changes under the hood, we needed more time to ensure everything works. However, good things come to those who wait because here it is now! Featuring the Remote WordPress Management Plugin, Website Quarantine and more great improvements.

Remote Management for WordPress Toolkit Plugin

Let’s start with the biggest change introduced in WordPress Toolkit 4.1: The Remote WordPress Management Plugin. The plugin is a part of the overall Remote Management functionality, which is still available as a Beta feature.

Many customers told us they couldn’t use the Remote Management feature because they don’t have root SSH access to the remote server. The only other (reasonable) way to connect remote WordPress sites on such servers was to use a WordPress plugin.

Once you provide access credentials to the remote WordPress site, WordPress Toolkit connects to it and installs the plugin. The Toolkit can then manage the site to the full extent of capabilities offered by the Remote Management functionality.

In rare cases where WordPress Toolkit for some reason cannot connect to your site and install the plugin, there is a workaround offered directly in the interface:

In short, you need to download the plugin and install it in WordPress manually. Then copy the connection data and paste it in the connection window inside WordPress Toolkit.

To minimize the impact on hosters, the ability to use the plugin is limited to server administrators. The plugin will leave Beta once the whole Remote Management feature leaves Beta. Speaking of which, we’ve made a number of improvements to the Remote Management functionality based on internal testing and user feedback.

WordPress Website Quarantine

We’ve often encountered a situation where scanning the server for WordPress sites made the WordPress Toolkit completely unresponsive. After some digging, we found that, most of the time, it is malware infection on one or more WordPress sites on the server that causes this problem. This caused WordPress Toolkit not to properly access certain important files. So it was doomed to eternally wait for files, while not responding to any commands.

To address this issue, we added a reasonable timeout for certain WordPress Toolkit operations. The suspicious WordPress websites that WordPress Toolkit finds now go into quarantine mode. Then, WordPress Toolkit proceeds to working with the rest of the websites. This fix should also address several reported issues with connecting remote servers that host such websites.

Site Health Check Support for WordPress Toolkit 5.2

WordPress 5.2 has introduced a new feature called Site Health Check. This feature helps website owners get useful information about the health of their website. Unfortunately, we found out WordPress Toolkit was not working well with WordPress updates.

This was not easy to fix, but thankfully, our top-notch engineers found a good solution. The constant in wp-config.php file now contains the actual status of WordPress automatic updates. So the health check isn’t triggered by it – unless you turn off all automatic updates manually. However, WordPress Toolkit will still handle the updates, and you can get notifications and use Smart Updates as before.

WordPress Toolkit improvements, fixes and upcoming releases

WordPress Toolkit now provides more information about broken websites to help users identify the website and troubleshoot the problem. You can now find the exact path where the broken files are located.

Another notable improvement was related to the Clone and Copy Data functionality. These operations can now handle absolute paths in WordPress database.

Our team has also fixed a bunch of customer-reported bugs too, which you can find in the full WordPress Toolkit 4.1 release notes. The next WordPress Toolkit release will focus on changing the way our Smart Updates work. This and several more customer requests that we’ll address. So stay tuned for news about WordPress Toolkit 4.2.

How do you like the new available WordPress Toolkit 4.1 release? Tell us in the comments.

remote management WordPress security WordPress Toolkit WordPress Toolkit 4.1

Remote WordPress Management Arrives With WordPress Toolkit 4.0 [ VIDEO ]

You’re about to experience a fundamental change to the world of WordPress Toolkit: the ability to manage remote WordPress sites. This feature is Remote WordPress Management – publicly available as part of the WordPress Toolkit 4.0 release. Let’s dive into the details so you can install it on your server today.

Not installed WordPress Toolkit yet? Watch the quick demo and get the new version right away.

Remote WordPress Management: Currently in Beta

As you can see from the demo above, all intended functionality is already there. But it may have bugs and few screens that need a UX polish. Since Remote WordPress Management is a beta feature, we’re providing it for free temporarily. Licensing will become available when the feature is 100% production-ready.

To avoid any unpleasant surprises, you’ll see the below notification the first time you open the ‘Servers’ tab. You’ll also get notified here with advance notice when licensing will be becoming available.

Remote WordPress Management Limitations

Remote Management is only available in Plesk 17.8 or later since it requires new WordPress Toolkit UI.
Remote servers can be Plesk, cPanel or no panel but must be Linux. Windows remote servers aren’t supported yet – but this might change depending on the amount of user requests.
In order to connect a remote server, you need to have root access to it. We know it’s a serious limitation, so we’re already prototyping a WordPress worker plugin you can install inside WordPress. This plugin will connect the WordPress site to a central WordPress Toolkit server, letting you manage the site without root access.
Installation and data copy features aren’t available yet but will be in time.
Since cloning isn’t available yet, Smart Updates aren’t either. This will change when cloning can also support remote sites.
A number of security measures that require modification of web server config aren’t available for remote installations. But we’re planning it for upcoming WordPress Toolkit updates.
Password protection feature is too deeply-integrated in Plesk right now, so it’s not available either.
Since we’re working with non-Plesk servers, nginx caching management is missing for remote installations. We’ll make it available for Plesk servers later, but non-Plesk servers may prove too difficult.
Database management is using a lot of Plesk-specific things, so we cannot provide it for remote sites at the moment.
Both File manager and Backup integration are linked to Plesk functionality. Making them available for remote sites means we need to implement both features from scratch. It’s a huge undertaking, so these two features will probably be the last to be available for remote sites.

Everything else is already there, so check out the feature, spread the word, and let us know what you think.

More WordPress Toolkit 4.0 Updates

Smart Updates

One of the problems we’ve had with the Smart Updates feature was that the update procedure itself acted like a black box for the users. Some reported staring at the screen for a half hour thinking nothing was happening, wondering if the system still worked. We have hopefully improved this now since WordPress Toolkit 4.0 displays the steps the Smart Updates procedure has taken.

This only works for a single site update, since we’re still trying to figure out how to properly display the multi-step progress for several sites at once without making a mess in the UI. At least now you’ll know which steps are taking so long!

New User Interface is Everywhere

Now all the WordPress Toolkit functionality links in the Websites & Domains screen lead to the new interface. Because they previously were not. And yes, we’d love to show WordPress Toolkit 4.0 site cards directly on the Websites & Domains screen – we’re working on that. 😉

Database Server Info added to Database Tab

Yes, although this change does improve your life, it is a small change. However, the overall product experience is comprised of these small experiences. So it’s important for us to keep the product polished and make sure it doesn’t feel sloppy.

Cloning and Data Copy Improvements

You can now see the physical path of a WordPress site when you clone it or copy data from one site to another. This is useful in the rare case where your domain’s document root is pointing to another domain document root, so you need to be sure you’re not unexpectedly overwriting any data.

Also, WordPress Toolkit can now prevent users from trying to clone their WordPress site to a destination where another WordPress site already exists. Or a site into itself. We’re not exactly sure why somebody would do that, but we’re sure they won’t succeed.

WordPress Toolkit 4.1 Plans

Finally, I want to thank every person who actively participated in making this release see the light of day: Alexey B, Aleksey F, Aleksei V, Vladimir B, Igor L, Sergey S, Evgeny P, Igor L, Olga K, Nikolai T, Dmitriy M, Stas M, Lana K, Natalia A, Katerina S and Evgeny B.

Our obvious focus for the next major release is to gather the feedback on the Remote Management functionality and see what users are asking for. Besides that, we’ve got a few more surprises up our sleeves, so stay tuned for the imminent April release!

Give us feedback on Remote WordPress Management in the comments below!

remote wordpress management smart updates WordPress Toolkit wordpress toolkit 4.0 wordpress toolkit update

All You Need to Know about the New WordPress Toolkit 3.5 [ VIDEO ]

Your needs come first so rest assured that we’re constantly evolving Plesk to bring you more value. Hence, the release of WordPress Toolkit 3.5, introducing an assortment of new security measures, a reimagined installation experience and more. Read on for a detailed overview of the updates you wanted, a WordPress Toolkit tour, plus WordPress Toolkit 3.6 spoilers.

Quick Tour of the updated WordPress Toolkit

Our pal Joe Casabona was one of the first to take the new WordPress Toolkit 3.5 for a spin. Here’s him demonstrating how easy it is to install and secure your WordPress, update multiple sites, clone and create a staging environment. All in just over 7 minutes!

New WordPress Toolkit Security Measures

First, you’ll likely see this notification pop up or find your previously secure instances suddenly marked as insecure. But don’t be alarmed – this just means you need to review and update the security status of your WordPress instances. Why? Because WordPress Toolkit 3.5 introduces 8 new security measures.

1. New Hotlink Protection

Preventing other websites from displaying, linking or embedding your images (hotlinking), as this quickly drains your bandwidth and can make your site unavailable.

2. Disable unused scripting languages

This security measure removes support for the scripting languages WordPress doesn’t use, like Python and Perl. Thus, blocking their related vulnerabilities. Available if you have the corresponding Hosting Settings management permission.

3. New Bot Protection

Blocks bots that overload your site with unwanted requests, causing resource overuse. Note that you may want to temporarily disable this if you also use a service that scans your site for vulnerabilities, since it may also use bots.

4. Disabled file editing in WP Dashboard

This measure prevents you from editing plugin and theme file sources directly in the WordPress interface. This is an extra protection layer for the WordPress instance in case an admin account is compromised so no malicious executable code gets into plugins or themes.

5. Block access to sensitive files

Now you can choose to block files like wp-config.bak and wp-config.php.swp, from public access as they contain sensitive information, like connection credentials. Thus, also preventing exposure of files with info used to determine your WordPress instance. Also included are files like logs, shell scripts and other executables that may exist on your WordPress instance and whose security can be compromised.

6. Block author scans / user ID phishing

These scans find registered usernames, especially WordPress admin, and brute-force attack your site’s login page. The above block prevents this, but note that depending on your site’s permalink configuration, you may also be preventing visitors from accessing pages that list all articles by a certain author.

7. Block access to .htaccess and .htpasswd

Attackers who gain access to .htaccess and .htpasswd files can exploit your site to a variety of breaches. These files aren’t usually accessible by default, but sometimes they might be. This is where this security measure steps in.

8. Disable PHP execution in cache directories

If a compromised PHP file ends up in one of the cache directories of your site, executing it can lead to compromising the whole site. So this measure disables execution of PHP files in cache directories to prevent such exploits. However, certain plugins and themes may ignore WordPress Security recommendations and store valid PHP executables in their cache anyway. So you can disable this security feature for them to work, or find a more secure alternative, as recommended.

You’re in Control of Security Updates

You should be able to supervise any website-affecting changes so WordPress Toolkit won’t automatically apply these new security measures on existing installations. So upon opening your list of WordPress instances after the WordPress Toolkit 3.5 update, you’ll see a one-time notification about this.

On that note, you’ll now see that two existing security measures are now less restrictive. First, the “Security of the wp-includes directory” checker now excludes the wp-tinymce.php file to avoid potential issues with Gutenberg and other editing plugins. Second, the “Security of the wp-content directory” measure now prevents the execution of PHP files only in the wp-content/uploads directory.

These checkers will be reapplied automatically for convenience and do not reduce WordPress security in any noticeable way.

New WordPress Toolkit 3.5 Installation Experience

WordPress Toolkit previously offered two installation options: Quick and Custom. Both had unfortunate shortcomings. ‘Quick’ didn’t ask you questions, but also didn’t give info on the parameters to use when installing WordPress. ‘Custom’ gave you control and displayed everything, but you had to fill out the form.

Now users can make an informed choice whether to confirm defaults and install WordPress quick, or take time to change the options they want. With the new, unified WordPress installation, you can still install WordPress in one click, but you’ll always know how it’s happening. Meanwhile, you can change all relevant installation parameters when necessary.

Bonus: You now have to enable automatic updates of plugins and themes within a more streamlined form, without Search Engine Visibility and Debug Mode.

The final change to the WordPress installation process is the ability to install on any domain from any accessible subscription. This is available anytime you click WordPress in the left navigation panel, even if you’re a reseller or server admin. One small step for WordPress Toolkit, one giant leap for adminkind.

WordPress Classic Plugin anyone?

If you’re not yet ready to use Gutenberg, you have a new ‘WordPress Classic’ plugin set. It also has a sibling ‘WordPress Classic with Jetpack’. However, note that we don’t plan to add immediate support for ClassicPress.

Updates to CLI

We updated the CLI command for the new WordPress installation. Specifically adding -auto-updates, -plugins-auto-updates, and -themes-auto-updates to the plesk ext wp-toolkit install command. And plesk ext wp-toolkit –clear-wpt-cache to clean WordPress Toolkit cache and handle issues with invalid cache data like corrupted WordPress distributive lists, or broken lists of languages and versions.

WordPress Toolkit 3.6 Spoilers

The Plesk team fixed a record 43 issues reported by customers and over 140 bugs reported overall. Moving forward, WordPress Toolkit 3.6 will lay foundations for the upcoming release of Remote Management for WordPress Toolkit. Plus, we’re continuing the switch to the new UI, this time redesigning the Clone and Sync procedures along with more relevant user-requested improvements. We’re also busy improving our internal process so we can deliver more high-quality stuff in less time, so stay tuned!

bot protection CLI hotlink protection security update WordPress plugins WordPress security WordPress Toolkit WordPress Toolkit Video Tutorial

Merry Christmas!

WordPress Toolkit – how we made life better for WordPress users in Plesk

WordPress is the most popular CMS in the world today, powering more than 74 million websites in the world and 47% of all websites using a CMS. It’s giving birth to dozens of millions of new posts and comments each month, and that’s just the tip of the iceberg. WordPress also dominates application installations in Plesk – in fact, it comprises almost two thirds of all known applications installed on Plesk servers. After looking at all these numbers, it should not be a surprise for any person involved in hosting industry that we have decided to address the growing market of WordPress users by adding a tool that helps them manage and secure their blogs. Enter WordPress Toolkit, available in Plesk 12:

In this article I will explain the ways WordPress Toolkit helps WordPress hosters and users, address some misconceptions, answer several frequently asked questions, and share some spoilers about what’s to come in the next versions of WordPress Toolkit.

WordPress Toolkit WPTK