The Plesk WordPress Toolkit 5.3 is Now Available

WordPress Toolkit update 5.3 blog Plesk Header

The first WordPress Toolkit release of 2021 is now publicly available — please welcome WordPress Toolkit v5.3  This release is focused on fixing issues reported by customers, improving performance, and making sure we can properly handle working with both outdated PHP versions and the latest PHP 8. 

Read on to learn what’s new:
 

Updated wp-cli & PHP 8 Support

 

PHP 8 was released two months ago, and already many of you trying to use it for hosting WordPress sites. So, to support this release, we needed to explore the outdated wp-cli component used for managing many aspects of WordPress sites. 

In v5.3 of the WordPress Toolkit, the team has updated  from the previously used (and quite outdated) version 1.4.0 to the latest available version 2.4.1, which finally allows WordPress Toolkit to manage sites working on PHP 8. Note that PHP 8 support in this  version is still kind of experimental (or “beta”, if you wish), so customers are advised to be more vigilant than usual when using PHP 8. As soon as  team announces full and proper PHP 8 support, we’ll immediately work on including the corresponding  update in WordPress Toolkit.

WordPress Toolkit 5.3 Plesk

Identifying Outdated and Unsupported Sites

 
Updating wp-cli resulted in certain unfortunate consequences: WordPress Toolkit now cannot manage sites working on PHP 5.2 (End of Life on 6 Jan 2011, 10 years ago) and PHP 5.3 (End of Life on 14 Aug 2014, 6 and a half years ago). To accommodate for this change, WordPress Toolkit can now identify websites using unsupported version of PHP and display corresponding information in the interface:
WordPress Toolkit Plesk v5.3
 
If your PHP version has reached End of Life but still supported by WordPress Toolkit, you will be notified about this as well:
 
WordPress Toolkit v5.3 Plesk blog

 

Since we’ve started to better differentiate between various site states, WordPress Toolkit now also properly notifies users if their WordPress version is way too old:
 
WordPress Toolkit v5.3 Plesk

 

We’ve also added an extra notification about outdated WordPress core, since some people have complained that existing notifications are not visible enough:
 
Plesk WordPress Toolkit 5.3

 

To avoid scaring users, WordPress Toolkit now tries its best to create screenshots even for sites with unsupported PHP or WordPress versions. We hope that seeing a site screenshot will help customers understand that the site itself is working fine, but WordPress Toolkit cannot manage it because it’s so ancient that it should be surveyed by a team of archeologists first.
 

New Autoupdate Defaults in WordPress 5.6

WordPress 5.6 has introduced new default settings for WordPress core autoupdates. New WordPress installations are now configured to automatically install both minor and major updates by default. Existing WordPress installations updated to v5.6 will keep their previous autoupdate settings.
 
WordPress Toolkit now supports this change, so when you install WordPress 5.6 or newer via WordPress Toolkit, the autoupdate settings will be automatically set to “Both major and minor updates“, as opposed to “Only minor updates” option, which was the default before v5.6.
 
 
Due to the new defaults mentioned above, we have also changed the way WordPress Toolkit manages WordPress core autoupdate settings. Previously WordPress Toolkit was using the WP_AUTO_UPDATE_CORE constant in wp-config.php file to help WordPress understand how it should behave. With changes brought in WordPress 5.6, we have decided to avoid using this constant and use the get_site_option( ‘auto_update_core_major’ ) parameter stored in the WordPress database instead. This parameter is utilized by WordPress itself when site admin switches between “major & minor” and “minor only” autoupdates in WordPress admin area. Using this parameter makes WordPress site management via WordPress Toolkit more natural, transparent, and non-obtrusive for advanced site admins.
 
Existing WordPress installations updated to v5.6 will keep the WP_AUTO_UPDATE_CORE constant in wp-config.php file until autoupdate settings are changed by the site admin. Note that WordPress Toolkit will still have to use the WP_AUTO_UPDATE_CORE constant if site admin decides to completely disable all autoupdates.
 
An additional fix related to WP_AUTO_UPDATE_CORE constant was also included in WordPress Toolkit v5.3: the constant is no longer added automatically when WordPress Toolkit checks for availability of updates. It can only be added if customer explicitly saves or changes autoupdate settings.

Cloning with defined DEFINER

 
WordPress Toolkit creates a database dump when it clones a site. In certain cases, this dump includes a defined DEFINER clause, which leads to failure of the cloning procedure. You can now rest easy that this problem is finally fixed.
 
Since every site is different, this may not be convenient for you. Therefore, it is possible to turn off the application of this fix by adding the following option to the config file:
 
fixDatabaseDumpDefiner = false

 

Upsell Links Configuration in cPanel

 
WordPress Toolkit on cPanel has two Deluxe upsell links: one in WHM, one in cPanel. Hosters can configure these links in Manage2 or modify WordPress Toolkit config file on the server. To make things easier, we have added the ability to customize these links on the global “Settings” screen in WordPress Toolkit. We’ve also updated the default WordPress Toolkit upsell link to make sure it is pointing to a proper destination.
 

 

For reference, here’s the priority of link customizations: links in UI overrule the links in config file, which overrule links provided by Manage2, which in turn take precedence over the default links shipped with WordPress Toolkit.

Research, Improvements, Bugfixes

 
Based on the research performed in December, we have increased the site list loading speed on Plesk. We have also tested the performance of Smart Updates and regular updates to better understand where and how we can improve our product. 
 
As for bugs, the v5.3 release includes a number of customer-requested bugfixes, particularly those that address cloning-related issues.
 

What’s Next? 

 
We’re also working on a number of exciting new features to continue improving the WordPress Toolkit, based on your feedback and usage. Have you got the latest version yet? What has been your experience with the Toolkit? Let us know in the comments or via your partner account manager!

Wordfence vs Sucuri – WordPress Security Plugins Comparison

Wordfence vs Sucuri comparison - Plesk

Sucuri vs Wordfence – which plugin ensures full WordPress security? This is a question that lots of WordPress website owners find themselves pondering. In these days of state-sponsored attacks, organized crime gangs, and bedroom hacktivists, getting watertight cybersecurity for your WordPress website has never been more important. 

New and more sophisticated hacks and exploits happen every single day, around-the-clock, and after the Solar Winds breach came to light it’s apparent that even governments and multinationals are not as safe as they thought. 

So for the humble WordPress site owner, it’s important to find the most effective means of keeping malign intruders out. Any weaknesses are almost certain to be exploited by criminals (eventually), so it’s essential that you settle on the most effective security plug-in you can get your hands on to thwart nefarious actors. 

Site owners often wonder about choosing between Wordfence or Sucuri, simply because this pair is among the most well-known and prominent of plugins for comprehensive WordPress website protection, and so it’s difficult for many site owners to differentiate between the different offerings and identify the superior example. 

Sucuri or Wordfence: what do you need to consider?

Sucuri vs Wordfence is a tricky question to answer because both have the capacity to keep your WordPress site safe from data breaches, bot-net infections, and other unwanted security risks. 

Another criterion must be that it’s easy to use, because the less time you waste on activities that don’t contribute to selling your digital wares, the better. You don’t want to waste time becoming a security expert just so that you can run a plug-in that keeps your website safe. If that’s what’s required then it’s probably not worth investing in.

Sucuri vs Wordfence: user-friendliness

You shouldn’t need to know how the internal combustion engine functions just to stop your car from being stolen, so you also shouldn’t need to become an expert in cybersecurity to keep your website safe with Wordfence or Sucuri

Wordfence

After installation, you’ll need to confirm that you accept the terms and conditions, and then you’ll be asked for the email address where you want your security updates to be sent. 

The setup wizard that follows will walk you through the basics of the application, including where to find notifications and the results of scans.

Wordfence opens your web app firewall in learning mode and performs a scan in the background. This may take a while if you have a large website but it will let you know as soon as it’s finished.

Click the dialogue box when it’s got to the end and you’ll see what the scan discovered along with suggestions for what to do with any positive hits. If you’re lucky, it won’t find any threats, but it still might recommend useful security-related suggestions, like that you update to the newest version of your chosen theme.

The standard way that the firewall runs is as a WordPress plugin, which isn’t the ideal way of doing things in this instance. Wordfence will let you configure it to work under extended mode for enhanced security, but this requires manual configuration. 

Unfortunately, first-time users of the Wordfence UI will probably find it as difficult to understand as we did. It’s true that it doesn’t ask you to do very much in its basic configuration, so that may not be a problem, but beginners wishing to explore the different possibilities it offers may feel that it’s an uphill struggle. 

Sucuri

There’s no such trouble with Sucuri’s GUI. It isn’t cluttered by unnecessary notifications and your scan results will appear in the plug-in panel. It’s also worth mentioning that its website application firewall (WAF) is based in the Cloud and as a remote resource it doesn’t require any horsepower from your own server that would slow it down.

To set up your hosting server behind the firewall you’ll need to give it your API key and configure the DNS settings for your domain name. Once you’ve installed it, you’re done. It’s a case of “set it and forget it” because updates and maintenance are all taken care of. Also, when Sucuri gives you security recommendations you only need to click once to apply them all. 

The UI is certainly a step up from Wordfence’s design, but some options are still buried in the guts of it and will require some digging.

One hurdle that less technical users may find difficult to overcome when they’re configuring a Sucuri firewall is how to update a domain name server with their domain registrar. It may be helpful in this case to ask the registrar for some help.

Sucuri vs Wordfence: Web Application Firewall (WAF) 

It’s possible to run a firewall in one of two ways. You can run it as an application on your own server or use a cloud-based WAF solution. 

WAFs are useful for blocking website threats, and we believe that cloud-based ones are the superior option for reasons of efficiency and reliability. They constantly keep an eye on incoming web traffic, flagging and blocking issues as they appear. In the case of Wordfence vs Sucuri, both have this capability.

Wordfence

Wordfence features a WAF that keeps an eye on malicious web traffic. The fact that it’s application-based, running as a WordPress plugin, is something of a disadvantage because it means that WordPress needs to load before it can detect and respond to malicious activity. 

You’ll need to configure Wordfence’s firewall manually in expansion mode so that it can monitor traffic before it has a chance to get to your WordPress installation. 

Wordfence’s endpoint firewall only filters bad traffic once it’s reached the hosting server, and once it does, all of its resources will be stretched as it responds to the attack.

Sucuri

Sucuri’s firewall is a remote cloud resource. That means that it can trip up malicious traffic before it gets anywhere near your hosting server. Sucuri also has content delivery network (CDN) servers distributed across various regions, so this should also help to increase the speed of the response.

To use a firewall, you’ll need to change the DNS settings of the domain name. This will route your traffic through Sucuri’s server. 

Sucuri doesn’t have a basic or extended mode. As soon as the installation has finished, Sucuri’s WAF starts protecting your site straightaway.

When you’re choosing between Wordfence or Sucuri you might want to bear in mind that Sucuri uses highly effective machine learning algorithms to cut down on false positives, and its DDoS defences automatically block fake traffic and nefarious bot requests without slowing down bona fide traffic sources.

Security Monitoring and Notifications 

Downtime is money, so a security early warning system is essential for any website owner. To get notifications you’ll need to check that you can pick up emails from your WordPress site using SMTP. Let’s look at how well Sucuri vs Wordfence keeps you informed about attacks.

Wordfence

Wordfence does a decent job of telling you about any problems with elicit intrusions and the like. They show up both in the Control Panel and the Wordfence menu in the WordPress administration sidebar, with different highlights indicating their respective significance. Selecting each one will pull up options for how you deal with them, but you can only see them after logging into the WordPress dashboard. 

If you’d like to be alerted about security issues via email, then you can fairly easily do that in the Email Alert Preferences section on the Wordfence options page. You can also further explore them on this page too. 

Sucuri

It can be very distracting to be constantly interrupted by security alerts, so if you want to tell Sucuri to only bother you with the more serious cases, that’s easily done, and you can also tell the software to send them to your control panel as well. 

Look towards the upper right-hand part of the screen to explore the status of the main WordPress file. This includes the audit log and site status. 

To access the alert management system open the Sucuri security settings page and then the Alerts tab and enter the email address where you want to receive your notifications. 

You can tune the type of event notifications you get and also put a ceiling on their numbers. Your WAF will also send important alerts to your email address. 

Sucuri or Wordfence – Scanning for malware

Both of our contenders feature malware detection. They can also look for files that have been changed and snippets of code that may be up to no good. Out of Wordfence vs Sucuri, which will do the better job here? 

Wordfence

Wordfence’s malware scanner can be tweaked to meet your particular hosting and security needs. Scanning has default limitations to conserve resources.

Wordfence generates your analysis schedule automatically, but you are able to change this. With scanning, you only have access to some options if you’ve opted for advanced versions of the plug-in. Wordfence’s scanner can also check your themes and plug-ins in line with the appropriate repository version. 

Sucuri

Sucuri’s site check API assists the Sucuri scanner in its hunt for unwelcome code. It’s quite clever in that it uses secure browsing APIs to ensure that your WordPress site hasn’t been blacklisted. 

Sucuri has an automated way of checking that your core WordPress files haven’t been tampered with, but you can change any of your settings by clicking on the scanner tab on the security settings page.

The scanner isn’t specific to WordPress, which you’d think would make it less adept at dealing with WordPress security issues but in fact, the result is that it can scan for any kind of intruder. Another aspect in its favour is that it’s relatively lightweight and doesn’t impinge too much on your server resources. 

Cleaning Up Your Website

Getting hacked is no fun, and the cleanup operation that comes after your WordPress site has hosted unwelcome intruders is even less cause for celebration. Trojans and viruses can burrow into files, drop unwanted links, and who knows what else.

Unless you’re an expert you may find it beyond your ability to track down and eliminate every bit of damage that’s been done. Luckily, Wordfence vs Sucuri can do it for you, but which one is going to do the better job?

Wordfence

You’ll need to buy your cleaning solution separately from your Wordfence subscription because it isn’t something that they include in their free or paid packages. Once you’ve signed up though, it’s a fairly straightforward process to get your site analyzed and cleansed of bots and Trojans. Not only that, you’ll also get a compressive rundown of what was cleaned and advice on how you can limit the likelihood of this kind of intrusion occurring again in the future.

Sucuri

If you pay for a Sucuri plan then site cleaning will be included. Just open a support ticket and the service will get underway attending to blacklist removal, remedying SEO spam, cleaning the site, and WAF to avoid such occurrences in the future. 

Sucuri is pretty good at cleaning up viruses and other dodgy intrusions, spammy code injections, and backdoor access files. 

The team assisting you with the clean-up will use FTP/SSH access login details to get in, and they’ll be careful to back-up every file that they interact with to ensure that nothing is damaged or lost. 

Sucuri vs Wordfence – Who Is The Winner?

Wordfence vs Sucuri is a matchup between two seasoned and respected security heavyweights, but in our opinion, it’s Sucuri that crosses the finish line in first place. Its use of WAF in the Cloud is a definite plus point. Wordfence is a competent performer, but its server-side scanner and firewall can’t match Sucuri’s for security. 

Best WordPress Caching Plugins Comparison

WordPress Caching Plugins Plesk

WordPress caching plugins is a complex topic for many people (especially newcomers), and there’s a lot to cover in any guide. A comprehensive exploration of WordPress caching might even demand a whole book — which we obviously don’t have the space or time to create here. But we can make the essentials of WordPress caching easier to understand, and that’s exactly what we’ll do below.

First, let’s start by looking at caching it as if it were a fairly straightforward math problem to be solved. Most of you reading this would have no problem multiplying, say, eight by eight to get 64. That’s a simple sum countless children learn in school every year. And they — and you — know the answer because you’ve memorized it. You might run a brief calculation in your head, but it should seem as if you can pull the solution out of your memory as naturally as recalling your own name. So, this form of memorization can be compared to website caching, even though it is a major simplification of the process. This example helps to visualize caching and illustrates why WordPress caching plugins are so important for a quality user experience.

Your website is required to present the same (or similar) content again and again, no matter how many visitors you receive per day. Even if you only attract a few dozen people, your site is still bringing the same content up repeatedly over weeks and months. Wouldn’t it be fantastic if the server was able to remember the necessary files required to present your website as it needs to every single time more efficiently, as you can when solving simple calculations?

Explaining the Caching Process

Basically, any page a visitor navigates to on your website requires a server request, and processing by that same server (along with database queries). Next, a final result will be sent from the server to the visitor’s browser, which enables them to view your website with all the elements and files essential for forming its complete design. These include menus, blog posts, images, videos, etc.

As the server is expected to process each of these requests, and to do so as quickly as possible, delivering a full web page to users can be a surprisingly time-consuming process. Particularly for bigger websites or those best described as “clunky”.

But this is where WordPress caching plugins prove helpful. The caching plugin is designed to tell the server to keep some of the files stored to RAM or disk (based on your specific configuration). That means the server can remember content it’s served in the past and duplicate it for the user. Web pages will load far faster from the cache directly, and the amount of work needed to generate a pageview is reduced significantly.

That’s the power of caching.

When You Need WordPress Caching Plugins

We’ve already covered how caching can increase the speed of web pages, but is it always essential to install WordPress caching plugins? And are there any other advantages to caching you should know about? For anyone responsible for managing their own servers or using shared hosting, caching plugins are generally a fantastic idea.

But there are times when you won’t actually need a caching plugin. If you were to work with a trustworthy managed WordPress host, for example, they would handle the caching on your behalf. This would be performed at server-level and much quicker, in a lot of cases. Server-level caching demands no knowledge, expertise, or time-intensive configuration to achieve the best speeds. It will be fast all the time — that’s it.

Often, top managed WordPress hosts don’t utilize caching plugins on their platforms as they may affect performance quality. Some things can go awry if you don’t know what you’re doing with plugins, which is where a little expert management can be a big help.

Why Some Caching Is Always Necessary

No matter if you choose server-level caching or opt for a plugin instead, you’ll always find some type of caching necessary. Here are some of the main benefits of caching to consider:

  • Deliver a faster browsing experience for users — we’ve already addressed how WordPress caching plugins can boost your site’s speed, but it’s a core advantage so deserves to be on this list!
  • Provide a better user experience overall — as your website will run more quickly, users will be more likely to stay and explore. Faster sites are known to have lower bounce rates, reducing the risk of people becoming frustrated and clicking away after waiting for more than 10 seconds or so for pages to load.
  • Servers rely on fewer resources — fewer resources contribute to a quicker website, and place less strain on servers. This is crucial for highly-dynamic websites (e.g. membership sites) and for determining what can or can’t be served from cache.
  • Potential SEO improvement — a faster speed and better user experience can inspire search engines to recognize that your website is worthy of a higher ranking. This makes caching a helpful addition to your search engine optimization strategy.
  • Lower time to first byte (TTFB) — using WordPress caching plugins is one of the simplest ways to reduce your TTFB, by as much as 90 percent in some cases.

How Does Caching Compare Against No Caching?

To show you how much difference caching versus no caching makes, we decided to run a few simple server-level caching speed tests.

First, we ran five Pingdom tests with no caching activated and measured the average, and then did the same with caching enabled. The average load time without caching was 677 ms, and the average with caching was 521 ms!

So, caching decreased our page load time by more than 23 percent, with no additional work required. We used a fairly well-optimized site for the speed tests, which means websites with less optimization will run even more quickly.

TTFB with no caching

Remember when we discussed how caching can affect your TTFB above? Well, we ran some more tests to identify how well caching can reduce TTFB.

We found that TTFB with no caching was more than 200 ms, but this dropped to under 40 ms when we enabled caching. That’s a huge difference.

It’s clear, then, that enabling WordPress caching plugins can decrease your TTFB substantially. And, again, that means better performance overall.

What Are the Best WordPress Caching Plugins Available?

Below, we’ll explore the best WordPress caching plugins to try if you plan to manage your own server or use shared hosting. While some may be more intuitive, they’ve all earned fantastic reviews from users. A lot of posts published online will attempt to compare caching plugin speeds and sell you the one they consider the best. But this is almost impossible, as plugins will perform differently depending on your choice of server, resources, configuration, and location.

Yes, we find speed tests as helpful as anyone else, but dubbing one plugin “the quickest” is frankly unfair. Why? Because what works brilliantly for one user might not be so effective for another. And that’s not to mention that there hundreds of different settings may be available to enable or disable.

With all this in mind, we feel it’s best that you always test WordPress caching plugins yourself to determine which work best for you.

We’ve collated a concise list of the top WordPress caching plugins to help you make an informed decision. You’ll find more detailed insights for each one further down, covering pricing, benefits, and more.

Our list:

We’ve found that it’s ideal to experiment with a minimum of two or three WordPress caching plugins before committing to any one option. You might find that you love the user interface and design in some caching plugins, but find others much easier to use overall.

Another recommendation from our experts is to run a speed test with a dedicated tool, such as GTMetrix or Pingdom, once you’ve implemented each plugin. This will enable you to check the impact the plugin has on your site’s performance.

But be sure to run a number of speed tests to make sure plugins are serving from cache. When you clear your WordPress website’s cache, it needs to rebuild. Helpfully, some plugins include an option to preload (or “warm”) the cache once it’s been cleared.

Be aware, though, that caching plugins can lead to issues while they’re helping your website run faster. There’s a particular error to watch out for when using caching plugins: “No update required. Your WordPress database is already up to date”. Keep that in mind, though it certainly shouldn’t put you off!

So, onto our in-depth look at the top WordPress caching plugins for your site!

WP Rocket

This is a premium WordPress caching plugin, offering three payment plans. You can pay a one-time fee, but if you keep your payments running, support and updates will be included. WP Rocket lists caching for a single website as $39, while support for three sites is just $99. For $199, you can get caching for an unlimited number of websites. Free plugins are available, but these rates are impressive considering WP Rocket is one of the market’s most feature-rich WordPress caching plugins.

There’s no free version or free trial for the WordPress caching WP Rocket plugin, but WP Rocket’s developers provide a 14-day money-back guarantee to ensure your satisfaction.

One of the main advantages of WP Rocket is its user-friendly interface and fast, hassle-free setup. This is a caching plugin for WordPress with the power to help your website run much faster, and yet any newcomer would find it easy to grasp the majority of the settings from the start.

Another top reason for WP Rocket to be worth a consideration is that it’s designed to run nicely on eCommerce sites. That’s ideal as, most often, those require better caching speed the most.

On the whole, you might ask why you should pay any cash for a WordPress caching plugin at all when there are some competitors giving theirs away for free. Well, that’s because WP Rocket offers a wealth of solid features and is simpler to use overall.

For example, WP Super Cache provides users with page caching, yet browser caching is unavailable. WP Rocket, on the other hand, delivers both.

And Hyper Cache is missing lazyload, whereas that’s just another part of the WP Rocket package.

We could go on and on like this, comparing WP Rocket with the competition, but the main point to remember is that $39 is a modest rate to pay for the sheer variety of features included.

Reasons this is one of the top WordPress caching plugins

  • WP Rocket delivers a developer-friendly package, with a great dashboard to help newcomers feel at ease. Developers rarely have so much to experiment with in caching plugins, and others can make it far too complex for first-timers too.
  • The setup process is highly accessible for users of all experience and skill levels.
  • You can use the included database optimization to clean up your WordPress database, as well as decreasing the amount of resources used.
  • You can use WP Rocket to lazyload media, so that images don’t load on your site until a user actually scrolls over them. That means the server won’t need to do the work until it’s absolutely necessary.
  • You can increase your website’s speed even more with WP Rocket’s CloudFlare compatibility.
  • Multisite compatibility is also available through this plugin.
  • You can preload your cache.
  • Tools for minification and concatenation are included.
  • One of the most distinctive features is the Google Fonts optimization. I haven’t seen this included as part of another caching plugin so far.
  • Support available for object caching.

Take a look at the official WP Rocket documentation for help when configuring and experimenting with this plugin on your WordPress website.

Cache Enabler

Cache Enabler is an open-source, free caching plugin from KeyCDN (known for powering the Kinsta CDN). The disk caching engine’s performance is quick and dependable, while the multisite support is a benefit for users operating networks of sites.

The WordPress caching Cache Enabler plugin is a quality option without a hefty price tag: you may not be receiving the comprehensive range of features you would in WP Rocket, but Cache Enabler is still a terrific alternative if you’re on a tighter budget.

Cache Enabler’s big claim to fame is that it was the first WordPress plugin designed to help you serve WebP images with no need to use JavaScript. Sounds like senseless technical jargon to you? All you need to know is that while JavaScript is an important coding language, it can disrupt website speed in some cases.

Combining Cache Enabler with ShortPixel, EWWW, or Optimus plugin enables you to utilize this more recent image format properly. That’s a fantastic option for anyone running an online business, as most websites include dozens or hundreds of images, such as eCommerce sites or blogs.

Finally, Cache Enabler’s settings are simple and concise. They ask for such things as caching behavior preferences and cache expiry behind the scenes, the settings page offers explanations, and the number of settings is fairly low overall. As a result, most people will find this a confusion-free zone.

Reasons this is one of the top WordPress caching plugins

  • Cache Enabler provides a unique way to serve WebP images: you can convert pictures to WebP format via ShortPixel, Optimus, or EWWW Cloud (the cloud version is recommended for its solid performance).
  • Cache Enabler WordPress caching plugins include a user-friendly, streamlined interface for maximum convenience. This is one of the simplest plugins to set up, and users at all levels of experience should find it a pleasure to handle.
  • Actual cache size is presented on the dashboard, to help you understand the amount of space the cache consumes. This is a fast, efficient caching program, offering manual and automated clearing options.
  • Minification for inline JavaScript and HTML is available.
  • This combines with the Autoptimize plugin to bring you additional features, such as injecting CSS into page heads.

Take a look at the official Cache Enabler documentation for help when you configure and test this plugin on your website.

WP Super Cache

WP Super Cache is a terrific example of an open-source WordPress caching plugin boasting installation numbers in the millions. When you search for caching plugins, WP Super Cache and W3 Total Cache (see below) will appear high on the list most of the time.

While it’s unfortunate that these plugins have such similar names, they are very different. It’s best to install both and try them separately to identify the right one for your site. You might prefer to install WP Super Cache first purely because it’s the work of the Automattic team, but both are worth considering.

Regardless, WP Super Cache is an open-source, free plugin with zero upgrades required once you’ve installed it. This performs efficiency by building static HTML files and serving these instead of the weighty WordPress PHP scripts.

Three caching modes are available, which is one of the WordPress caching WP Super Cache plugin’s most appealing features. One is titled Simple Mode: the average WordPress user would choose this as it poses the least risk. But another of the modes, Expert Mode, enables you to super cache files with various modifications to the .htaccess file. This is great for seasoned developers who prefer greater control over their site’s caching process.

The Simpler mode makes WP Super Cache simple to set up (as the name suggests!). This enables you to compress pages, and offers easy caching, CDN support, as well as cache rebuilding. On top of all this, you can identify known users and choose to not cache pages for them if necessary.

Additional homepage checks can be helpful too, when you want to make sure your site’s primary page is as optimized as it can be.

One of the core advantages of WP Super Cache is its garbage collecting: your cache directory fills up and can leave your site running slowly over time. WP Super Cache runs automated garbage collections regularly to clean older files out and maintain your site’s optimization.

Reasons this is one of the top WordPress caching plugins

  • WP Super Cache boasts a positive reputation and track record, so you can expect its caching services for one or more of your sites to be of a high standard (no matter how big they may be).
  • This is an open-source, free product from Automattic — this means updates are regular and WP Super Cache is unlikely to disappear without warning.
  • In WP Super Cache’s backend interface, a lot of the settings you require are already filled in. As a result, it’s fairly easy to understand and put to work, even if you’re a total novice.
  • WP Super Cache utilizes a garbage collection process, clearing your older files out of the cache to prevent slowdown. This helps your site run faster and more smoothly.
  • This is integrated with a unique CDN setup, distributing your files better.
  • You can select from three caching modes, including Simple and Super Caching. This makes WP Super Cache a top option for diverse skill levels: the Simple cache option is great for the average user, while the Super Cache mode enables more advanced users to boost their site’s speed substantially.
  • WP Super Cache includes a unique feature known as Cache Rebuilding. Your blog’s cache won’t be cleared whenever a visitor posts a comment: the cache will be rebuilt and the old page will be served to other users instead.

While WP Super Cache has no official documentation online, the repository page carries a wealth of information.

 

Comet Cache

Comet Cache has one of the coolest names of all the WordPress caching plugins, and it has a solid reputation too. You can choose from a free or paid version.

The paid version is available from $39 to $139, as a one-time charge. However, you can opt to pay extra fees if you would prefer more extensive customer support with the WordPress caching Comet Cache plugin.

Comet Cache includes similar features to the caching plugins we’ve explored above, but it stands out for its incredible documentation. Even the regular WordPress plugin page offers lots of FAQs and links to help you learn about caching.

The Comet Cache website is home to a complete knowledge base and insightful blog. There’s plenty of information on the free and premium versions, with comparisons to help you choose.

A key reason for upgrading is Comet Cache’s automation: you can set this up and forget about it while the plugin does the majority of the work on your behalf.

The free version is capable of accomplishing many of the same tasks, but you will need to complete them yourself manually at times.

The client-side browser caching is helpful, too, as you’re basically double caching: the server is on your end and the browser is on the user’s. Crucially, it’s fairly simple to install the Comet Cache plugin and the dashboard is easy to navigate.

Reasons this is one of the top WordPress caching plugins

  • With Comet Cache, you can take advantage of a quick setup and decent backend, so configuring the cache takes a matter of minutes.
  • You can cache on pages, posts, categories, and tags.
  • With the paid version of Comet Cache, you can try intelligent and automatic cache clearing. This allows you to establish caching preferences when you install it and forget about them for a while.
  • You can cache RSS feeds to avoid delays in your content syndication.
  • The plugin gives most of its main features away free, so you might not need to upgrade.
  • The paid version is similar to what you would receive from WP Rocket, so we’d advise that you test both to see which suits your goals best.

Browse the Comet Cache official documentation and community forum for help when configuring or testing this plugin on your website.

Hyper Cache

The WordPress caching Hyper Cache plugin runs on PHP only, so it’s simple to set up with no complicated configurations to worry about. This is also compatible with WordPress blogs of any kind.

A main benefit of Hyper Cache is that it’s aware of mobile environments. As a result, the caching continues to run when a user visits your site on their smartphone or tablet. This ensures your website remains fast and performs smoothly across devices, for total user convenience.

As Hyper Cache is open-source, there’s no need to pay or stress about future upgrades either. If you want to support the developer and compensate them for their work, though, you can make a donation.

The installation process for Hyper Cache is quick and easy. That’s ideal for newcomers and unskilled users of WordPress who might feel overwhelmed by extensive caching settings.

Furthermore, the compression caching optimizes bandwidth and boosts page speed brilliantly. This plugin is also intended to work with bbPress well, so if you want to run a forum, Hyper Cache is a fantastic option for caching its pages.

Perhaps Hyper Cache’s biggest advantage is its simple configuration. You can almost set it up and forget about it, with no reason to worry about its function following installation.

Admittedly, some of the settings have been assigned unexpected names or can seem somewhat tricky at first. But they generally include recommendations to help you understand what to enable and how they work.

Reasons this is one of the top WordPress caching plugins

  • There are no payment plans for Hyper Cache: this is a free, open-source plugin, and all features are included with initial download.
  • Hyper Cache is mobile-aware, so caching runs on mobile devices too.
  • This plugin includes CDN support, enabling you to tap into larger networks of servers and increase your website’s speed further.
  • Hyper Cache provides options for serving cached pages to visitors writing comments on your blog. You can cultivate more discussions on your posts without worrying about them affecting its speed.
  • Compression will be managed via the Hyper Cache plugin, for non-cached pages too.
  • Hyper Cache is designed to detect if a site’s theme has changed to its mobile version, for a better user experience.
  • This plugin will relocate the cache folder beyond your blog, and the cache folder won’t be included in your website backups. That means you can make smaller backup files while saving space.

Take a look at the official Hyper Cache documentation and visit the community forum to learn more when setting this plugin up on your site.

WP Fastest Cache

WP Fastest Cache’s name is obviously similar to some of the other WordPress caching plugins on this list, but don’t be fooled: this has a number of features that make it stand out.

You can get started with a free version of the WordPress caching WP Fastest Cache plugin, though a premium one is available for purchase through the settings module if you want to upgrade.

With the premium version of WP Fastest Cache, the fee is one-time only, and you’ll get access to a varied selection of tools that are unavailable in the free version. But generally, the majority of websites will be satisfied with the free plugin, as it features desktop caching, combination options for CSS and JavaScript, as well as HTML minification.

You’ll also have access to GZIP tools and browser caching in the free WP Fastest Cache plugin. Overall, this plugin can help to make websites’ performance much faster and smoother compared to sites using no caching plugin whatsoever.

The settings basically consist of a checkbox list, which makes it one of the simpler settings pages to explore. Information boxes are also included, offering clear explanations to guide your choices. You can switch between tabs for managing key items, such as imagine optimization, the CDN, and the cache timeouts.

Reasons this is one of the top WordPress caching plugins

  • The free version of WP Fastest Cache can prove useful for the majority of sites, and it appears to serve sites more quickly than a lot of the competitors.
  • The settings comprise a list of checkboxes alongside easy-to-follow information points, so it’s simple to use.
  • You can upgrade from the free to the premium version in the WordPress dashboard for maximum convenience. You don’t have to download a plugin from the developer’s site.
  • CSS and JavaScript can be combined and minified.
  • You can integrate CDN without too much configuration required.
  • Optimization of images is performed separately from the caching process, so you can see the amount of space saved with one of your biggest resource-consumers.
  • A feature is included for creating a cache for a mobile theme specifically. You can also opt to not serve a cached version for the desktop to your mobile users.

While WP Fastest Cache has no official documentation in one place, you can still find a wealth of tutorials on configuring WP Fastest Cache on your WordPress website on their blog.

W3 Total Cache

You might be aware of W3 Total Cache, as it’s one of the most popular WordPress plugins available. The WordPress caching W3 Total Cache plugin is a decent free, open-source solution, though we can’t pretend that it’s the ideal option for any website.

One of its main disadvantages is that its backend settings can be extensive and, sadly, hard to grasp. The development team can complete the proper settings for you efficiently, though newcomers may still feel confused.

Despite this issue, W3 Total Cache has managed to achieve millions of installations. It can be integrated with a CDN, and works for mobile and desktop websites nicely. It’s also recommended as a helpful companion for sites holding SSL certificates, which means eCommerce websites in particular might benefit from installing it.

The free version of the W3 Total Cache plugin includes all the features, and there are no prompts designed to push you into upgrading. The plugin can also help you make savings on bandwidth, thanks to HTTP compression, feed optimization, and minifications.

Yes, it doesn’t have the best backend configuration we’ve ever seen, but that could be down to our personal taste. Nevertheless, W3 Total Cache is still sure to help your website’s performance improve and, in turn, increase conversions.

Reasons this is one of the top WordPress caching plugins

  • W3 Total Cache is free, and most of the caching plugins you’ll need to boost your site’s speed and optimization are included.
  • Popularity can be considered an indication of a plugin’s quality,thanks to its millions of installations, though we don’t recommend you base your decisions on that alone. Take the time to browse the many positive reviews to learn more about W3 Total Cache before you commit.
  • W3 Total Cache is compatible with various hosting options, including shared hosting, clusters, and dedicated servers.
  • You can use caching for any mobile environment, so that when a user visits your site on a smartphone, they’ll still benefit from caching as they would on their computer.
  • W3 Total Cache provides SSL support, to help your online store run more quickly and efficiently. That can improve the customer experience overall.
  • As the CDN works with the media library, you can check the quality of your images’ optimization easily.
  • You’ll have access to compression and minification, as well as caching of databases, objects on your disk, and posts.
  • Object caching is supported with W3 Total Cache.

You can get started with help from the in-depth documentation for W3 Total Cache available

Alternative Approach To Caching

Instead of using caching solutions on web app level you may think about NGINX – it can proxy requests to other web servers or apps. The outcome here – performance increase for serving static files.  Another important feature – NGINX can sit ‘in front’ of web servers where it acts as a gateway to other applications or servers. Additionally, it can also cache the results of requests proxied to FastCGI and uWSGI processes, as well as to other HTTP servers.

NGINX is fully supported by Plesk and can be configured/tuned up easily via Plesk interface. And if you consider to user NGINX with Plesk for caching – think also about WordPress Toolkit, which will help you a lot to manage WordPress routine tasks.

Conclusion

We hope we’ve helped you understand why website caching is so important, but the functions that make caching work can be incredibly difficult for the average WordPress user to understand initially. That’s why you might struggle to determine which settings in a caching plugin will be right for you at first.

Again, if you choose managed WordPress hosting, you won’t need to organize your own plugins. The host will do that for you, and caching will take place on the server. But caching plugins are essential if you’re using shared or self-managed hosting.

Now that you’ve reached the end of this guide, we hope you’ll find picking the best plugins for your WordPress website easier. Focus on learning as much as you can about any of the WordPress plugins that appeal to you most, to help yourself make the most well-informed decision.

An Overview of PHP Vulnerabilities – WordPress Perspective

You probably already know that WordPress websites are vulnerable to brute force attacks, called so because they just try over and over again to guess your username and password combination. But in the never-ending arms race between hackers and site owners there is also the problem of much more sophisticated bots that will try to worm their way into weaknesses in your website’s PHP code, too. Both of these hacks are popular ways of testing your defenses and they both underline the need for constant vigilance on the part of site owners and admins. To that end, you need to consistently upgrade your WordPress so that it’s always one step ahead of potential PHP vulnerabilities and you also need to make sure that you only use the most up-to-date versions of your plugins and themes.

If you didn’t already know, your WordPress website, themes, plug-ins, and apps such as PhpMyAdmin rely on a language called PHP to work properly. Now, the developers who write all of that stuff are not lazy and they aren’t deliberately leaving doors open for hackers to slip in through. The truth is, it’s hard for developers to write code that anticipates every single way that a bad actor might choose to attack. They do their best, release the software, and then it’s often only through everyday use that any holes in the defenses become apparent. Users’ experiences with attacks help to inform the process making everything secure. It’s a case of building it as best you can and testing it ‘in the wild’, responding to each new security alert as fast as possible, and then bracing for the next. It will become clear as you read that the majority of the PHP vulnerabilities shown here come about because of unsafe user input, meaning that someone has fed malevolent code to the web app or moved it to a section of the app in such a way that a vulnerability is created. This highlights why it’s important to pay special attention to all situations where user input can either deliberately or inadvertently introduce dangerous code to the system. These are always the leakiest parts of any WordPress ship.

There are a few different classifications of PHP vulnerabilities. We’ve include a few of the most frequently encountered ones with a basic explanation for each of them, but we haven’t included any PHP code as we’re aiming this to be an overview for people like admins rather than an exhaustive report for developers.

RCE – Remote Code Execution

Remote Code Execution (RCE) is just like it sounds. It happens when someone attacks and manages to upload code to your website and then runs it. A problem with a PHP application might let a user enter code which it then treats as PHP code, which might subsequently make it possible for the hacker to do various things. It could allow them to create a new file containing code that gives them full access to your website, for instance. This opportunity to remotely run malicious code is referred to as an RCE vulnerability. As you can imagine, the ability to do whatever they want with your website makes remote code execution an extremely dangerous kind of attack.

SQL Injection or SQLi

SQL Injection is similar, it’s when the hacker can get your database to run their own instructions. Anytime a PHP developer invites data input from a website visitor they should only pass it to the database after they’ve checked it to make sure that it isn’t trying to sneak in any dangerous code. SQL Injection gives a hacker free rein with the data on your website, which means they could create new data in your database including links to spammy or equally undesirable URLs. Hackers might also want to create their own admin level user account, to give themselves full access to and control of your website. It’s easily done with SQL injection. It’s another very serious security vulnerability because again, it hands the hacker the keys to your site.

Authentication Bypass

Sometimes a PHP developer might believe that they are properly validating that a site visitor has the right access level before performing an action, but they’ll actually be checking the wrong thing.
This problem can insinuate itself into WordPress apps via a mistake that WordPress developers frequently make where they use the ‘is_admin()’ function when trying to confirm that someone is indeed an admin. The problem is that this function only tells you if someone is viewing an admin page, but it doesn’t prove that a site visitor is actually an administrator. If a developer inadvertently uses this function, then they are handing admin level features to users who aren’t really admins.
There are other examples in the same vein, and they occur most often when a developer doesn’t check to make sure that the user is permitted this kind of access before they allow a function to be executed.

PHP Object Injection

A PHP object Injection attack is more sophisticated because a PHP app passes input from the user to a function called ‘unserialize()’. This takes a stored object and puts it in memory. Although this seems complex, the main thing to remember with PHP object Injection is that it happens when a developer doesn’t do the right kind of gatekeeping and allows unsafe input from the user to enter a PHP application.

Cross-Site Scripting (XSS)

This is when a hacker causes a website visitor’s browser to load and run dangerous code, which might then (for example) grab their cookies and hand administrator-level access to the intruder, meaning that Bell once again be able to do whatever they like.
Cross-Site Scripting comes in two flavors – Stored and Reflected. A Stored Cross-Site Scripting vulnerability is one where the hacker tricks the website into allowing in dangerous code which later gets sent to and run in a visitor’s web browser. This kind of thing often happens when a comment is posted on your WordPress website that contains dangerous code. It then steals user cookies and passes them on to the hacker.
Reflected Cross-Site Scripting happens when a hacker puts dangerous code in a link. If it then gets loaded into a browser, the website serves it up along with the content. This code then runs in the visitor’s browser and it can steal cookies or perform other nefarious tasks. One example of a Reflected Cross-Site Scripting attack is a WordPress search results page that includes the search query included in the URL and is not cleaned properly. The page then serves up the search results as well as the initial query, which could be dangerous code that runs within the visitor’s browser. Hackers could use Reflected Cross-Site Scripting to compromise a website by creating a link to a page of search results with dangerous code in it, and they could then send that to the site administrator to steal their cookies.

Cross-Site Request Forgery – CSRF

A Cross-Site Request Forgery (CSRF) refers to when someone creates a link and manages to get a site admin (or in fact anybody with high-level access) to follow it, and this causes the site to perform an action. So, for instance, if somebody built a link that creates a new admin with a known password when a site admin clicks on it, this would be an example of a Cross-Site Request Forgery attack. It’s not all plain sailing though. The difficult part for the hacker is finding a way to convince the site admin to follow the link, and then set up the new admin with one of the currently used passwords which the bad guys hope to steal. WordPress does already have a way of protecting itself from this kind of approach. It uses a security token (just a number) known as a “nonce” which is granted to the admin each time they log in, and this number is included every time the WordPress site admin does something of the sensitive nature. If a hacker takes the approach we’ve described, trying to use a link in a Cross-Site Request Forgery attack, they also need to know the nonce to send with it. Since this number changes every day, successfully executing a Cross-Site Request Forgery attack becomes much more difficult, if not impossible. With that in mind, it should be the case that every developer knows not to build themes and plug-ins that don’t use nonces for request verification, but not everyone is as diligent as they should be. But they can put it right after the fact, and for an easy remedy they just need to use code to access WordPress’s native nonce feature.

Remote File Inclusion (RFI) and Local File Inclusion (LFI)

Remote File Inclusion or RFI happens when a PHP app passes user input to a function that loads a file. If the file turns out to be a URL, the function would then load PHP code from the hacker’s specially built website to attack your website. Including a remote file in a URL is called Remote File Inclusion or RFI. If the file a hacker passes is a local file, the application might send its contents to the screen. This is an approach frequently used by hackers to help them break into a WordPress website’s wp-config.php file. This approach is known as Local File Inclusion or LFI. Functions vulnerable to RFI and LFI in PHP are: include, include_once, fopen, file_get_contents, require and require_once.
All of these functions load PHP code or content from a place that the developer decides on. If they don’t configure the website’s PHP installation in the safest way, a hacker can then load a dangerous file as PHP code or content and use it give them access to your site. The majority of PHP installations keep you safe from RFI attacks which load remote URLs by restricting where files can be included from. But it’s not uncommon for PHP developers to inadvertently produce code that lets a hacker access a local file like wp-config.php. This helps to explain why Remote File Inclusion vulnerabilities happen less often than Local File Inclusion vulnerabilities.

Conclusion

We hope this overview of frequently seen PHP vulnerabilities and their creation has helped you in your role as a WordPress administrator. You might have seen a few of them on your security updates. We hope that the insights that we’ve shared about what they do will help you to stay vigilant and deal with them more effectively. This knowledge should make you better able to ask questions of developers and better able to see how vulnerabilities work before you deal with them.

Most Widely Used Plesk Extensions and Toolkits This ‘HoliDeals’ Season (Part 2)

If you enjoyed the first HoliDeals announcement, this blog post will definitely perk you up. The world is running on Cloud today. Especially businesses that have to host their websites. Plesk has emerged as a great web hosting control panel that can make things way too easy for you. And you can make your Plesk control panel even more efficient with the right extensions, feature-rich packs, and toolkits. This way you not only increase productivity but reduce operating costs too.

But don’t worry – we got you sorted. As they say, ’tis the season to be jolly. And we want to make your holidays even more special with our Plesk HoliDeals Calendar. For 24 days, starting from December 1st, 2020, you’ll get exclusive discounts on top Plesk extensions, feature packs, toolkits, and licenses to make your toolbox jingle all the way!

So, enough chitchat – Let’s reveal the next 12 extensions and discuss their major benefits and features!

#13 Teamspeak Interface

It’s Tea(m) Time! This extension is a multifunctional web interface that allows you to install Teamspeak Interface and add-on modules with just a single click. With this extension, you can manage TeaSpeak and Teamspeak 3 Voice Server and other existing instances.

It provides you with an extensive set of user management options and roles, customized according to your customer needs or the co-administrators’ needs.

Teamspeak Interface extension is an ideal solution that enables you to control TeaSpeak and Teamspeak 3 servers through the web. There are two available license packages with Teamspeak Interface – Basic Starter and Pro Starter.

The Basic Starter pack comes with:

  • 100 additional user accounts.
  • Manage up to 3 voice server instances.
  • Includes extensions like Server File Management and Icons, Server Group Management, Channel Group Management, Client and Permission Management, TS Bots, and API.

The Pro Starter pack comes with:

  • 300 additional user accounts.
  • Manage up to 10 voice server instances.
  • Includes extensions like Reseller Management, Server File Management and Icons, Server Group Management, Channel Group Management, Client and Permission Management, TS Bots, and API.

We are offering an exclusive discount on this extension through HoliDeals. Make sure you grab the opportunity before it’s too late.

#14 Joomla! Toolkit

Joomla! Toolkit is a powerful toolkit for Joomla! users that allows them to secure and mass manage Joomla templates, extensions, and instances running on the Plesk server. The toolkit comes with a single dashboard for easy management, safety, and creation of Joomla instances.

All it takes is a single click to download, initialize, and configure the toolkit for hassle-free operation. We have created Joomla! Toolkit to enhance the security aspects of your content management system. There is no security expertise requires – the toolkit hardens your website by default, and with its security scanner, you can ward off any potential threats.

It is an all-inclusive toolkit for Joomla! as you can update templates, extensions, and instances from a single place. Also, you can monitor the performance of your Joomla websites from a single dashboard.

#15 KernelCare

Those who have Linux servers installed always experience system vulnerabilities and security flaws. To cope with this issue, we have launched the KernelCare extension that protects your Linux server against critical issues and downtime.

It is a paid extension and is probably one of the best security and server tools. During the HoliDeals, you have the opportunity to purchase the subscription at the best value.

The extension installs kernel updates within a matter of minutes without needing to reboot your Linux server. In this updated version of KernelCare, we have fortified the extension with the following benefits:

  •   Displays the server uptime.
  •   Enables roll back changes.
  •   Support automatic and manual updates.
  •   Check for updates every four hours.

#16 Cloudplan

You can use Cloudplan on your Plesk server to host folders and files, synchronize them between all your devices and share them on the go. We have designed Cloudplan to be a PCaaS (Private Cloud as a Service) solution that you can install on all on-premise servers, cloud servers, and even hybrid clouds.

The primary objective of Cloudplan is to provide users with a complete private cloud solution with full control over data. With this extension, you can connect all the possible nodes available, including cloud and on-premise servers, mobile devices, PCs, and laptops, among others.

They all can be connected automatically with end-to-end encryption. You will be provided with a centralized web portal to control and monitor the whole private cloud network.

#17 Sitejet

Sitejet is a web design platform for agencies that allows you to collaborate with your team and customers with ease and create, manage, and launch quality websites. It comes with a high-performance content management system (CMS), which you can use to create responsive websites.

It is designed and developed by a team of experienced web designers looking at cost-effective results for web developers. With Sitejet, you can streamline your web development process.

The extension comes with intelligent workflow automation, file management system, time tracking, to-do, and a ticket to make the design process less complicated and less time-consuming. Some of its salient features include:

  •   Customer collaboration.
  •   Whitelabel platform.
  •   Multi-user and permissions.
  •   Scale your agency.
  •   Manage customers efficiently.
  •   More time for creativity.
  •   Complete design flexibility.
  •   Save management and design time.

#18 Virusdie

Virusdie is a Plesk website antivirus extension for Windows and Linux servers that lets you keep your websites free from viruses with just a single click. The extension comes with features like email alerts, patch management for plugins and CMS, an in-built file editor with malicious code highlighting, automatic malicious code deletion, and an accurate threat scanner.

The best part is that we have designed Virusdie to be compatible with a selection of content management systems, including PrestaShop, DLE, Drupal, Joomla, and WordPress, among other popular methods.

We are offering Virusdie services for both free and paid. In the free version, you get features like:

  •   Email notifications
  •   Automatic antivirus database updates every 6 hours
  •   Full description of viruses
  •   Automatic site scans for vulnerabilities.

In the premium version, you get:

  •   Scheduled scans – daily and weekly
  •   Vulnerability manager
  •   Malicious code highlighting
  •   Safe and accurate malicious code deletion
  •   Scheduled scans – daily and weekly
  •   Vulnerability manager
  •   Malicious code highlighting
  •   Safe and accurate malicious code deletion

#19 Smart Updates for WordPress Toolkit

If you have a WordPress content management system that you want to keep updated and secure all the time, then you should download our Smart Updates for WordPress Toolkit. We have designed this extension to help you determine the required updates to keep your websites up-to-date.

We are offering a one-month free trial of Smart Updates for WordPress Toolkit, in which you get smart, automated tests, and you will always remain in charge of the operations.

Make use of the free trial to understand how the extension might be helpful, and if you like it, you can always purchase it. As we are currently in the middle of the Plesk HoliDeals Calendar, there is a high chance that you might get a good deal on Smart Updates for WordPress Toolkit.

The prominent features that will make you install this extension are:

  •   Smart Updates available for WordPress themes, plugins, and core.
  •   Production website is not affected during both manual and automatic updates.
  •   Smart Updates service determines the changes, analyzes the update, and concludes whether the update needs to be performed on the production site.
  •   Automatic and manual updates are available.
  •   We are providing Smart Updates for WordPress Toolkit on a per-site basis.

#20 Statistics and Usage Manager

This is an extension for Plesk that enables you to manage and view disk usage and traffic of your Linux OS subscriptions. The best part is that Statistics and Usage Manager allows you to do this all in real-time.

With Statistics and Usage Manager, you can sort your subscriptions by disk space statistics or traffic. You are also provided with a custom button to manage and view the statistics of all your subscriptions. As an admin, you can disable or enable this function.

This is an excellent extension for web managers looking to gain insight into how their websites are performing. You can use the Plesk HoliDeals currently available to grab this extension at the best possible price.

#21 Google PageSpeed Insights

Google PageSpeed Insights provides you with increased visibility in search engines by suggesting specific improvements and providing you with tools to design and develop fast and fully optimized websites.

The extension allows you to analyze your website content and its performance to determine what can be improved. With Google PageSpeed Insights, you can:

  • Analyze the performance of your website.
  • Rate the website based on its desktop and mobile performance.
  • Make use of the suggestions to optimize your website.
  • Access extension UI like mod_pagespeed Apache module to enhance website performance.
  • Reduce the size of static files.

#22 Bitninja

Bitninja is a Plesk extension designed for companies who are looking to bulletproof their server security. This extension provides a proactive and unified system that prevents 99% of all types of malicious attacks, safeguarding your company from reputation loss.

It comes with nine defense modules, namely:

  • Port Honeypot.
  • IP Reputation.
  • DoS Mitigation.
  • Web Application Firewall.
  • Log Analysis.
  • Web Honeypot.
  • Malware Detection.
  • Outbound WAF.
  • SSL Terminating.

These defense modules save you at least 12 hours of troubleshooting every day.

#23 Additional Language Pack

Plesk includes language packs for the translation of UI into different languages. While all the supported languages are installed during Plesk installation, you can download the Additional Language Pack extension if you want additional languages.

The number of languages you can install and download will depend on the Plesk license you have bought.

Suppose your site operates globally, and you want to reach out to the local community by offering your website in their native language. In that case, you can do so with Additional Language Pack.

#24 Web Host VPS or dedicated

Finally, here’s our last but not least HoliDeals offer. The growing need for customer self-administration can be quickly taken care of by Web Host VPS or dedicated. This Plesk edition proves to be an optimal solution that can fully customize your business, allowing you to increase profit and service offerings. 

When you install Web Host VPS or dedicated, you get several benefits, such as:

  •   Improved supportability.
  •   Turnkey application storefront for resale of services and applications.
  •   Instant high-end website creation and design.
  •   Improved audience focus for agencies, content teams, and website developers.
  •   Customize your service offering.

Don’t Miss a Gift!

Did you know you can add your daily reminders to your personal calendar? Or you can also subscribe now to receive fresh updates to your mailbox. Check here if you want to know more!

So… these above are some super hot extensions that you would want to install to boost your Plesk server performance. So, you would want to make use of the Plesk HoliDeals Calendar

Based on their popularity, we have managed to list these 24 Plesk extensions and toolkits. If you think that you need offers on some other Plesk products and services, let us know in the comments. Happy HoliDeals!

The Plesk WordPress Toolkit 5.2 is Now Available

The Plesk WordPress Toolkit 5.2 is now publicly available! This release focuses on catching up on popular customer requests and fixing various nagging issues. The 5.2 update has something for everyone, so let’s take a look at what’s new!

Sets for Resellers

Allowing resellers to have their own sets is the most popular feature request in the WordPress Toolkit section of Plesk Uservoice. It’s requested not only by legit resellers but also by those who are using reseller accounts as limited Plesk server administrator accounts. Anyway, this feature is finally here:

Here’s what you need to know about this feature:

  • Resellers get the same default sets as server administrators.
  • Resellers can only access and manage their own sets.
  • Customers of resellers can see the sets of their resellers when installing WordPress. They do not see server administrator sets.
  • The global option “Allow customers to use sets when they install WordPress” will also affect reseller sets. If this option is switched off, resellers’ customers won’t see any sets when installing WordPress.
  • Reseller service plans actually include additional services with automatic installation of WordPress (alone or with any of the reseller sets).

Theme Activation in Sets

Another thing that’s been requested a lot recently is the ability to choose which theme should be activated in a set when this set is installed on a WordPress site. This feature allows hosters and web studios to provide more turnkey added value in their WordPress service offerings. So we made it happen.

As a reminder, you can install sets in one of the following ways:

  1. Provision a subscription-based on a service plan with a specific Additional Service that installs WordPress with a particular set.
  2. Install a set together with WordPress when you install a new WordPress site.
  3. Install a set on an already existing WordPress site via Sets tab functionality.

All these ways are available both via GUI and CLI. Your selection of a particular theme that should be activated in a set will be applied regardless of which way the set is installed.

Important notes:

  • This is not the final UI we’re aiming at. We’re planning to redesign the whole Sets tab next year to make it more convenient and user-friendly, and this feature will be a part of the redesign.
  • This ability is also available as a new operation of the –sets CLI command. Usage example: plesk ext wp-toolkit –sets -operation activate-theme -set-id ID -theme-id THEME_ID
  • By the way, plugins in a set can also be configured to be activated or deactivated upon the installation of the set. Since plugins are activated by default, the activation feature is more of a deactivation feature, so it’s not as important (most people would like their plugins to be active right away). Anyway, it was easy to do, so we threw it in as a bonus.
  • Activating and deactivating plugins in a set via CLI is also supported.

Pending Smart Update Notification

Looking at Smart Updates, cPanel team has noticed that there’s no way for users to learn that Smart Updates wasn’t applied automatically due to some issues and that they needed user attention. This happens because WordPress Toolkit is not yet integrated with email notifications in cPanel (something we’re planning to remedy soon). 

It also became clear that the problem is bigger than this. Users who’ve launched Smart Updates but closed the Update window without making a decision could also forget that they needed to either apply the update or reject it. To fix this problem, we have added a visual marker notifying about a pending Smart Update on a site card:

This notification will be displayed whenever there’s a finished Smart Update test run that needs to be reviewed and either applied or rejected by the user. To open the Smart Updates window, users will be asked to click on the Check Updates button.

WordPress Toolkit Deluxe Dashboard… Lite

After the introduction of the second licensing type in WordPress Toolkit for cPanel, we realized that there’s no quick and convenient way for the server admin to check who exactly has access to the paid WordPress Deluxe features. Depending on how the hoster’s packages and feature lists are organized in WHM, this task can range from trivial to quite challenging. 

To make things a bit easier, we’ve added a very basic screen that lists all accounts on a server with access to WordPress Toolkit Deluxe. It can be accessed via a link on the Settings screen:

Lo and behold, this might be the simplest WordPress Toolkit screen in the product history:

Depending on user feedback, we might improve this list, including stuff like redirects to cPanel of a particular user account, and so on. For now, it does what it intends to, and we hope it will prove useful.

Underscore in Slugs

WordPress Toolkit had a long-lasting issue with plugins and themes that use underscore symbol in their slugs (technical names / IDs). Specifically, it was not possible to upload, install, or update any plugin or theme with such a symbol in its slug through WordPress Toolkit. 

For a time, this was not deemed to be a real issue since WordPress directory maintainers do not usually assign slugs with an underscore to submitted plugins and themes, so this symbol is not typically used in such context. 

However, over the years we have discovered that there are several popular plugins that feature underscore in their slugs (js_composer is the biggest culprit). The time has finally come, and we have updated a number of internal WordPress Toolkit routines to properly work with plugins and themes that have slugs with underscore symbol.

Site List Expanding Changes

In WordPress Toolkit 5.0 we have introduced a new list-based interface for sites, which brought not only new features but also new issues with it. 

One particular issue happened when users installed a new site. The interface for managing this site was often collapsed by default even if it was the only site in the list. We’ve investigated the behavior of our new list UI and introduced a number of changes in WordPress Toolkit 5.2. Now, the following logic is used:

  • After a site is installed, it is expanded by default, regardless of how many sites are in the site list.
  • After a clone is created, it is expanded by default, regardless of how many sites are in the site list.
  • If a user only has one site, it should always be expanded by default.

This is just the beginning, though. We continue to look into improving the collapse/expand behavior further in our next releases. In particular, we’d like to remember the user’s choice (which site was expanded, and which was collapsed) and improve the performance of the site list when it has a lot of sites. Both items might seem obvious but are far from trivial in terms of implementation. Therefore they will take some time to address.

CentOS 8 & CloudLinux 8 support

WordPress Toolkit v5.2 supports CentOS 8 and CloudLinux 8 on both Plesk and cPanel. Note that the CloudLinux team has not officially announced CloudLinux 8 support for Plesk and cPanel, but WordPress Toolkit works fine on it, as far as we can tell.

Web Server Rules Description

WordPress Toolkit adds specific rules to web server config files when it applies certain security measures. If you look at these rules, it’s not apparent who added them and why. To make things more transparent for admins, we have added short descriptions for each rule right in the webserver config files (except for IIS, where it’s not so easy). 

It’s a small change, but we’d like to think it can help users better understand the value brought by WordPress Toolkit and help debug things if something goes wrong.

Research, Improvements, and Bugfixes

During this release, the team did a lot of research on topics we’d like to address in the future. Here are some of the things we’ve investigated:

  • How to properly clone and copy the content of a specific WordPress site if another WordPress is located inside the first site’s subdirectory.
  • How to properly clone and copy the Elementor plugin.
  • What are the most frequent and important issues with cloning functionality?
  • Why Smart Updates sometimes provide false negatives on websites with a large number of posts.
  • How we can ship a specific version of the UI library in WordPress Toolkit for Plesk.
  • How broken WordPress Toolkit will be after we perform a very belated and very major wp-cli update.
  • What issues related to PHP module requirements might turn up if WordPress Toolkit is using ea-php or alt-php when installed in cPanel working on CloudLinux 6 & 7.
  • How to improve site list performance and WordPress Toolkit performance in general on cPanel.

Some of these research tasks resulted in an immediate item resolved in the 5.2 release. Such was the case for cPanel performance research. The team has significantly improved the performance right away in v5.2 and identified several good improvement opportunities for the upcoming WordPress Toolkit 5.3 release. 

Future Plans

Our next major release will be out in January 2021. As mentioned above, we’ll continue our efforts to fix and improve existing functionality. WordPress Toolkit 5.3 will have an increased focus on improving our cloning feature, updating wp-cli utility to the latest version, and improving site list performance on both cPanel and Plesk. 

We’re still looking into what else we fit into the next release, so expect some surprises later down the road. Thanks for reading and see you next year!

The Plesk WordPress Toolkit 5.1 Release – Backup Limits, Localization Support, and More

We’re proud to announce that the Plesk WordPress Toolkit v5.1 is now publicly available. So, let’s see what this release brings to the masses.

Discover the WordPress Toolkit 5.1

Backup Limits

Backup functionality was introduced back in WordPress Toolkit v4.10. And we have already received quite a lot of feedback about it. The most popular request was about limiting the number of available backups to prevent end-users from subtly eating up all their storage space. We’ve added the limit to Plesk Service Plans under the Resources tab:

The limit is enforced on a per-site basis for the whole subscription. So, each site on a subscription gets to create the allowed number of backups. If you set the limit to 0, the backup feature becomes unavailable to end-users. Which is handy for those admins who want to fully restrict access to the new backup feature.

cPanel changes

A month ago we released WordPress Toolkit for cPanel. And we’re striking the iron whilst it’s hot. That means we’re implementing a lot of changes specific to cPanel. Let’s quickly go through them:

Database User Management

The Database User Management feature was already available in Plesk before. Unfortunately, though, it didn’t fit into the WordPress Toolkit 5.0 schedule. Since we want WordPress Toolkit to be as identical as possible on both Plesk and cPanel, we’ve added this ability in WordPress Toolkit 5.1:

New Security Measure

The “Block directory browsing” security measure was missing in the initial release of WordPress Toolkit 4 for cPanel. This was due to certain technical issues we didn’t have the time to properly resolve back then. Now, we’ve fixed everything that needed fixing. So we’re introducing this security measure on cPanel:

Localization Support

WordPress Toolkit v5.1 now supports multiple different languages on cPanel. Whenever you change your language in WHM or cPanel, WordPress Toolkit will also switch to this language. This change affects both WHM (with server-wide locale setting) and cPanel (with user-specific language setting).

Changelog

WordPress Toolkit changelog isn’t the easiest thing to find, especially for cPanel customers. To remedy this, we’ve added the ability to view product changelog from the global WordPress Toolkit settings:

WordPress Toolkit has a single unified changelog for both Plesk and cPanel, since it’s the same product, just on different platforms. Filtering out information about the platform you need isn’t particularly easy. We’re looking into improving the changelog UI and UX in the future.

Improvements, Bugfixes, and Future Plans

Speaking of changelog, it clearly shows that WordPress Toolkit 5.1 includes more bugfixes than usual. But don’t worry – This is not caused by the sloppiness of the WordPress Toolkit dev team. We’re simply putting more focus on the stability and robustness of the product, which means fixing more bugs 🙂 

Besides improving site list performance on cPanel, we’re also planning to implement several internal enhancements. That hopefully will make WordPress Toolkit more stable and robust, leading to fewer bugs down the road. We’re also going to address a couple of other hot topics. Like adding sets for resellers by the end of 2020 – but we’ll get back to you with it when it’s fully developed. 

One of the upcoming WordPress Toolkit releases will focus heavily on addressing issues related to cloning, which should also improve Smart Updates’ performance.

…As you see, we have a lot of things in store for the future. So stay tuned for the upcoming WordPress Toolkit releases. And drop us a line in the comment section if you’d like to share your experience with us. Thank you for your attention and see you next time!

The Plesk WordPress Toolkit 5.0 Version Release

I’m glad to announce that WordPress Toolkit v5.0 is now available! This seminal release introduces major changes in the product, fully justifying the major version increase. Let’s learn what makes this release truly special.

Goodbye Onyx, Hello Obsidian

WordPress Toolkit 5.0 leaves Plesk Onyx behind, requiring Plesk Obsidian to work. This change was necessary because it was getting increasingly difficult to develop new things while having to drag along a bunch of legacy code required for WordPress Toolkit to work in Onyx 17.8. Full transition to Obsidian should allow us to avoid using many old crutches, making changes faster and with fewer bugs. It will also open a lot more UI/UX possibilities, allowing our design team to properly express their ideas.

Users on Plesk Onyx 17.8 will stay on WordPress Toolkit 4.x, receiving only critical security updates (if/when necessary). Updating to WordPress Toolkit 5.0 will require updating your Plesk installation to Plesk Obsidian. We’re also going to prepare a separate WordPress Toolkit 4.10.x release. That’s to show a special notification to users about updating to Obsidian if they want to get new stuff. Learn more about Plesk Onyx End of Life and its support policy update here.

New Website Management UI

The biggest in-product change in WordPress Toolkit 5.0 is the new UI for managing WordPress installations. It’s said that a picture is worth a thousand words.

We wanted to avoid dramatic revolutions and evolve the UI naturally. Making it more convenient and usable without requiring users to re-learn it. To achieve this, we’ve taken our true and tried website card interface and replanted it on a different set of UI elements that are also used by Dynamic List in Plesk.

Our next step was moving the update functionality to the very front. Since keeping your site up-to-date is one of the most important things the site admin is expected to do on a regular basis:

Other tools were also reshuffled a bit and placed in the expected and convenient locations. We wanted to make sure users won’t be confused and lost trying to find what they need. In the end, we’ve got ourselves a new modern-looking yet familiar interface with improved focus on important things – performance and better responsiveness.

This might not seem like a huge change, but it’s a very important one for us. Our old UI was already quite good (so no need for a drastic redesign). But it used outdated technology that was, let’s say, on life support. It was time to move the UI to a different foundation, creating a new UI platform with a huge potential for improvements and integrations.

We’ve already toyed a bit with some interesting ideas that would fit nicely in the new interface. I’m going to show you a super-secret sneak peek into some of these ideas made possible by our new UI platform:

We’d love to explore these ideas (and many others) in the future, but this is a tale for another time (and another bunch of challenges we’ll have to solve eventually).

WordPress Toolkit Lite Update

The “Lite” version of WordPress Toolkit 5.0 (also called WordPress Toolkit SE on our website) was previously limited to owners of Plesk Web Admin edition and similar low-end Plesk editions. However, the “free” part of the WordPress Toolkit required a thorough review and redesign to make it acceptable for a larger audience.

After conducting the review, we’ve come to the conclusion that the changes were required on two fronts:

  • Redesign the UI and UX of the whole process
  • Change the contents of the Lite (free) feature list

Let’s start with the UI/UX redesign. The old “Lite” interface had a lot of visual glitches, bugs, and overall inconsistencies accumulated over the years. Case in point:

Our design team came up with a new unified approach that was positively received by pretty much everyone who saw it. Powered by the new UI library, this redesign significantly improves the WordPress Toolkit Lite experience, making it consistent, unobtrusive, and pleasant to look at. I’ll let the screenshots tell the story:

The same screen, but with Lite upsell elements highlighted:

Inside a paid feature screen:

As for the contents of the WordPress Toolkit “Lite”, we’ve come up with the following rules of thumb that should be logical, reasonable, and easy to understand for both hosters and end-users:

  • Single-site operations available in the control panel or in WordPress itself should be free. Such features are either a mandatory baseline thing expected to “just be there”, or simply a nice bonus. They won’t push people to purchase paid WordPress Toolkit, but if they’re behind the paywall, it will annoy users (“I can do it in WordPress admin for free, why are you selling it?”).
  • Mass operations should require a paid version of WordPress Toolkit. They are a matter of convenience not available in WordPress itself, and they are required for any large-scale business. This makes them high value for agencies and hosters.
  • High-value operations like cloning or Smart Updates should also require a paid version of WordPress Toolkit. These features are critical for (semi-)professional level work and they are hard to carry out otherwise.

With this logic in hand, we’ve revised the list of “free” and “paid” features in WordPress Toolkit, coming to the following results.

Free and Paid Features

Features are available for free in WordPress Toolkit Lite:

  • Management of Search Engine Indexing
  • Debugging management
  • Password Protection
  • Update settings for individual sites
  • Upload of plugins & themes on the plugins & themes management screen of a particular site

Feature only available in the full (paid) version of WordPress Toolkit:

  • Mass update operations, including modification of update settings for multiple sites at once

We hope these changes will provide a better experience for all users, and we’re looking forward to introducing more features on both sides of the fence in the future.

WordPress Toolkit for cPanel and Future Plans

The team has been working on the cPanel release for more than a year, starting last September. I’m happy to say that the wait is over – WordPress Toolkit is finally available on cPanel! So, let’s go over the key points of this release.

WordPress Toolkit for cPanel is basically the same product, functionality-wise, just on cPanel. There are some minor discrepancies, but most of them will be either addressed in the next WordPress Toolkit releases or will have to wait until corresponding features are fully available in cPanel.

Unlike Plesk, WordPress Toolkit for cPanel is licensed on a per-account basis. Our first release is limited to a hand-picked selection of VIP partners, who will have exclusive access to WordPress Toolkit.

What’s Next?

Speaking about the future, our next release will be a shorter one to coincide with the cPanel v92 launch. We’ll focus on supporting the alternative licensing model for the public WordPress Toolkit 4 cPanel launch, introducing CloudLinux support on cPanel, and adding things like localization support (again, on cPanel). WordPress Toolkit 5.1 will also include customer features and bug fixes for existing Plesk customers, so don’t worry about the Plesk side of things, we’ve got that covered as well.

…So, once again, I want to thank the whole WordPress Toolkit development team for their fantastic work. And also thank you for your attention. If you have anything you’d like to share with us, let us know in the comment section below. See you next time!

 

The Plesk WordPress Toolkit 4.9 Release – What’s New?

We’re happy to announce that the Plesk WordPress Toolkit 4.9.0 release is now available for the general public. As most of you probably know, this year we’ve been pretty busy working on WordPress Toolkit for cPanel. And even though 4.9 is not a huge update in terms of customer features, it certainly brings some long-awaited surprises in store. So, let’s deep dive into details to see what’s new.

Find out more about the Plesk WordPress Toolkit

Limit the Number of WordPress Installations in Service Plans

Hosters could always limit the access to WordPress Toolkit or some of its functionality through Plesk Service Plans. However, it wasn’t possible to set a limit on how many WordPress sites any given user could manage via WordPress Toolkit. This made things unnecessarily harder for some people. Because many Managed WordPress hosters do have these site limits as a part of their business. We’ve decided to address this glaring omission in WordPress Toolkit 4.9 and added this limit on the Resources tab of a Service Plan management screen:

Now, it’s possible to directly customize a particular subscription and change the limit. Service Plan add-ons also have this limit available. So, most kinds of possible upsell scenarios are covered.

The website limit will affect the ability to install WordPress sites via WordPress Toolkit. Add new sites using the Scan feature and create clones of existing sites. Note that so-called “technical” installations – e.g. clones made by Smart Updates don’t count towards the site’s limit, as they’re not visible to users in the interface.

By default, the limit is set to Unlimited. So nothing will change for users out of the box after the update to WordPress Toolkit 4.9. Some of you may ask what happens if the hoster defines a limit that’s lower than the number of sites the customer already has at the moment. In this case, the user won’t be able to add more sites. But existing sites won’t suddenly disappear from the interface. 

However, if the user removes or detaches a site, it won’t be possible to add another site back if the limit is reached. In other words, you can reduce the number of sites as you see fit. But you can’t increase it beyond the limit set for your subscription:

Configure Default Database Table Name Prefix

WordPress Toolkit generates a random prefix for database table names every time someone installs a new WordPress. This is to alleviate the impact of automated bot attacks looking for vulnerable WordPress databases using the default table prefix. For some users – especially WordPress developers, this behavior is quite annoying. So we added the ability to configure a specific default prefix for database table names whenever someone installs a WordPress on a server:

Here comes the tricky part. Generating a random prefix for database table names is a security measure in WordPress Toolkit. That it’s applied automatically during the installation of WordPress. If you set the default prefix back to ‘wp_‘, WordPress Toolkit will respect your choice and will not change this prefix. But it will set the site security status to ‘Danger‘ to tell you that this isn’t secure. This shouldn’t be an insurmountable challenge, like any other predefined prefix (be it ‘wp‘ or ‘wp___‘, or whatever else that is not ‘wp_‘) won’t trigger the security warnings.

If users want to return to the old behavior with a randomized prefix, all they need to do is to leave this field empty. This small QoL (Quality of Life) improvement should provide a number of users with more control over their WordPress Toolkit experience.

Working on WordPress Toolkit for cPanel

We’ve been doing a lot of work on the WordPress Toolkit for cPanel front during the development of WordPress Toolkit 4.9. For instance, we’ve added the capability to update the product in cPanel. And we started to really dig into the security and performance aspects. Addressing a lot of issues that both WordPress Toolkit and cPanel teams found. 

Features like Sets and Reseller support were also added in the scope of the current release. We’re actively working on licensing and test infrastructure at the moment. And while there’s still quite a lot of stuff left to do, we can already foresee a finishing date. Our WordPress Toolkit for cPanel will be good enough to be ready for a demo very soon. And we’re already seeing a lot of interest from various partners – woohoo!

Testing Amazon AWS Infrastructure and Other Stuff

There’s another hidden but very important activity going on behind the scenes for quite some time. And that’s the initiative of moving our regression testing to Amazon AWS infrastructure for extra speed, flexibility, and on-demand availability. This should allow us to test WordPress Toolkit on cPanel as often and as thoroughly as WordPress Toolkit on Plesk. 

Using AWS for testing should also allow us to run a suite of tests per each developer commit in the future. Bringing us closer to our goal of “green master” initiative – or in other words, having a product that could be released in a production-ready state at any given time.

Speaking of improving the product, some of the security and performance improvements done in the scope of WordPress Toolkit for cPanel should also affect WordPress Toolkit for Plesk in a positive way. WordPress Toolkit 4.9 includes a number of important customer bugfixes as well.

Future Plans

Our next major release will be Plesk WordPress Toolkit 4.10, tentatively scheduled to be launched by the end of summer 2020. This upcoming release coincides with the peak of the vacation season. So we won’t have the manpower to push any groundbreaking changes – they’re reserved for the next upcoming releases. 

However, you can rest assured that WordPress Toolkit 4.10 will include some in-demand customer features, bug fixes, and other interesting stuff on top of changes required for cPanel support. We’re also planning to release a small WordPress Toolkit 4.9.1 update very soon with a couple of new CLI utilities as a part of the CLI completeness initiative. The future of the product looks very busy, so stay tuned for updates – and especially, stay healthy! 

…So that’s all for the Plesk WordPress Toolkit 4.9 release. Remember that our teams are always on the lookout for new features to implement or bugs to crash. And here’s where your feedback is essential. You can share your suggestions or ideas for new functionalities to one of our channels – Uservoice, Plesk Community Discussion Forum, and Plesk Online Community

Or while you’re here, you can also leave your feedback in the comments below – our teams have eyes everywhere! Once again, thank you for reading. And cheers from the whole WordPress Toolkit team!