The last major WP Toolkit release in 2021 — v5.9.0 — is now officially available for Plesk. This quick release adds more site vulnerability goodness with a number of important bug fixes. As there have already been major developments in the 5.8 release, this newest update is building on those existing features:
Site Vulnerability: Policies
It’s hugely beneficial that you can now update or disable vulnerable WordPress assets in WP Toolkit once you learn that they’re vulnerable. However, you must log in and perform these actions manually, even if it’s not a convenient time for you. To make life easier for site admins, we have added advanced autoupdate policies that allow site admins to make sure that vulnerabilities that can be fixed by installing updates are addressed by WP Toolkit automatically. In the case of plugins, site admins can also opt to deactivate them instead of updating (before you ask, we can’t do the same with themes, since there must always be an active theme on a site).
Security updates for vulnerabilities are installed immediately after these vulnerabilities are found; there is no ~24 hour wait period. Also, there is no special autoupdate policy for WordPress core, since minor WordPress autoupdates already handle this case.
Finally, if you’re a server admin, keep an eye on future release as we’re planning to introduce autoupdate defaults specifically to suit your needs. This should help keep the servers secure even when some customers forget to look after their sites.
Site Vulnerability: Email Notifications
As we’ve mentioned, you can easily learn if you have vulnerabilities when you visit WP Toolkit. But this could cause you to miss this information because you don’t visit your control panel that much. To address this, we have added email notifications about security vulnerabilities found by WP Toolkit:
These notifications differ from our usual email notifications — they are sent immediately after WP Toolkit finds a vulnerability, without any delay. Once a notification about a particular vulnerability on a particular site is sent, we will not repeat it to avoid spamming.
At Plesk, we will continue working on WP Toolkit API and improving our site vulnerability experience. We have a bunch of very cool features scheduled for 2022, and we think the next year will be the best even for WP Toolkit customers (at least until 2023!).
Have you tried out the WP Toolkit site vulnerability features yet? Let us know what you think in the comments!