Plesk WordPress Toolkit 5.4 Release: Action Log, wp-cron Management Workflow, SSL Support, and More

WordPress Toolkit 5.4 Release - Plesk

WordPress Toolkit v5.4 has been in development for over two months, during which the team has produced four minor product updates. Now, it’s time to present the second major release of WordPress Toolkit in 2021 to the public. Read on to find out more. 

WordPress Toolkit Action Log

A lot of things can go wrong with your WordPress installation for a variety of reasons. Having a detailed log of events that happened to your site could be very helpful if things ever go south.

WordPress Toolkit now saves a log of essential actions it performs on all managed websites to address this need. Logs are written in plain text for each individual WordPress installation. They have a particular naming pattern that uses internal site UID and are stored in a separate folder: 

$HOME/logs/wpt_action_logs/action_log_#SITE_UUID#.log (where $HOME is the home directory of your domain).

For example, in Plesk, you can find the log here:

/var/www/vhosts/mywebsite.net/logs/wpt_action_logs/action_log__4d4a10e8-84b2-423e-8539-b43c97b692ae.log

On cPanel, the same log would be stored here:

/home/admin/logs/wpt_action_logs/action_log__4d4a10e8-84b2-423e-8539-b43c97b692ae.log

 

Log files are accessible via File Manager of your control panel or via ‘Logs‘ link on the site card that opens the corresponding log file in the Log Browser (on Plesk) or File Manager (on cPanel). For convenience, the ‘Logs‘ link is also available as an icon in the site title, so you can quickly open the log for any site in a collapsed site list:

WordPress Toolkit 5.4 Release - WordPress Toolkit Action Log - Plesk

Note that Log Browser in Plesk cannot properly parse the WordPress Toolkit log right now. We will rectify it in the next WordPress Toolkit release.

WordPress Toolkit 5.4 Release - WordPress Toolkit Action Log 2 - Plesk

Not all events are logged at the moment, just the most important ones, but we will expand the list in the next WordPress Toolkit release to ensure that everything WordPress Toolkit does could be found in the log files. We will also introduce the interface for viewing correctly parsed logs in the same Toolkit release. We hope that this feature will help site admins troubleshoot their sites and reduce the number of support tickets we (and our partners) receive.

New wp-cron Management Workflow

The ability to turn off default wp-cron behavior was introduced one year ago in WordPress Toolkit v4.7. Since then, we’ve collected a lot of feedback on this feature, and it was time to put this feedback into action.

First, the option was renamed to ‘Take over wp-cron.php‘. This was done to avoid the classic “enable to disable” confusion, where you are prompted to enable something that says “disable,” and you’re like “ehhh??” 

Second, you now can explicitly choose if a replacement cronjob should be created or not via the ‘Create a replacement task when a takeover is initiated‘ switch:

WordPress Toolkit 5.4 Release - - New wp-cron Management Workflow - Plesk

If you toggle this switch after ‘Take over wp-cron.php‘ is already enabled, it will create or remove the replacement cronjob correspondingly. If the switch is toggled before the takeover is initiated, then the replacement cronjob will be (or won’t be) created when the user enables the takeover.

Speaking of replacement cronjobs, they are now way less strict when it comes to user modifications like task execution frequency. Basically, you can modify every aspect of the cronjob without being afraid that WordPress Toolkit will overwrite the changes. If WordPress Toolkit cannot find its own cronjob, it will not try to recreate the cronjob, concluding that it was knowingly modified or removed by the user. If the user has butchered or removed the replacement cronjob by mistake, it can be recreated by switching off and on the corresponding ‘Create a replacement task…‘ switch.

SSL/TLS Support Status

WordPress Toolkit has been showing the SSL/TLS status on the site card for quite some time, but this status was not particularly helpful, as it merely showed which protocol was used in the WordPress site URL. We’ve redesigned this behavior to be more beneficial to site administrators. Now, the site card features the actual status of what’s going on with SSL/TLS certificates on your site. In particular, WordPress Toolkit now detects and helps address the following situations:

  1. If SSL/TLS support is turned off on your hosting
  2. If there’s no SSL/TLS certificate installed for the domain name used by your WordPress site
  3. If SSL/TLS certificate you’re using is self-signed
  4. If SSL/TLS certificate you’re using is expired
  5. If SSL/TLS certificate you’re using was not issued for the domain name used by your WordPress site
  6. If permanent SEO-safe 301 redirect from HTTP to HTTPS is turned off on your hosting
  7. If SSL It! extension is not installed in Plesk
  8. If SSL/TLS feature is turned off for your account in cPanel
  9. If there’s a protocol mismatch (HTTP to HTTPS redirect is enabled, but WordPress still uses HTTP)

Example of situation #5 from the list above:

WordPress Toolkit 5.4 Release - SSL/TLS Support Status - Plesk

… and, obviously, we’ll also let you know if everything’s OK with your site in terms of SSL/TLS, displaying your certificate name:

WordPress Toolkit 5.4 Release - SSL/TLS Support Status 2 - Plesk

If you don’t have a certificate, the Toolkit will gently nudge you towards issuing a Let’s Encrypt cert or buying a cert.

WordPress Toolkit 5.4 Release - SSL/TLS Support Status 3 - Plesk

New Cloning Backend

When it comes to cloning, many WordPress-related tools and services claim that they clone WordPress sites. However, the question today isn’t “which tool can do it,” the question is “which tool does it best” – after all, both BMW Isetta and BMW i8 are German cars that can drive on your average road, but there’s a world of difference between them in terms of performance. Our cloning mechanism has been quite complicated (to put it mildly) since its inception. This complexity made things difficult to maintain and improve, so we decided to update it. Specifically, our goals were:

  1. Easier maintainability (a single backend for all supported platforms instead of multiple different algorithms)
  2. Better security
  3. Improved performance
  4. Enhanced reliability

It took us quite some time, but we got it done, and WordPress Toolkit now boasts a new backend that meets all our expectations. We have even managed to test it in battle conditions: a cPanel customer was experiencing weird slowdowns during cloning, so we’ve decided to replace the cloning backend on the affected server to see what happens. The experiment was a resounding success, speeding up the procedure dramatically. Even so, such change could be quite risky when applied on all WordPress Toolkit servers at once, so we’re planning to introduce it gradually – more about that in the next paragraph.

Other Improvements & Bugfixes

WordPress Toolkit v5.4 includes a lot of other minor improvements and multiple bugfixes. Some of the highlights include:

  • AlmaLinux support on both cPanel and Plesk
  • Integration with WHM / cPanel was redesigned and simplified for improved reliability
  • WordPress Toolkit now ships with its own version of UI library on Plesk to make sure that all the latest changes and bugfixes are available to our users as fast as possible
  • Progress display in windows was standardized and unified for better user experience
  • Various warnings and notifications related to problematic PHP versions were improved and made more consistent
  • Minimal WordPress version that can be installed via WordPress Toolkit was increased to WordPress v4.9 (the last major release without Gutenberg for those who refuse to use it)

Finally, the output of ‘–info‘ CLI command now includes the WordPress installation state:

WordPress Toolkit 5.4 Release - Improvements & Bugfixes - Plesk

More Updates on cPanel

E-mail notifications on cPanel

E-mail notifications about updates and quarantined sites are now finally available on cPanel. There’s no UI for managing them now, so they are disabled by default to avoid making users unhappy. To enable the notifications, server administrators need to put the corresponding option in their config.ini file and set its value to true:

cpanelAdminSuspiciousInstanceNotificationEnabled‘ – sends a notification about new suspicious instances to server administrator.

cpanelResellerSuspiciousInstanceNotificationEnabled‘ – sends a notification about new suspicious instances to each reseller.

cpanelClientSuspiciousInstanceNotificationEnabled‘ – sends a notification about new suspicious instances to each client.

cpanelAdminAutoUpdatesNotificationEnabled‘ – sends a digest of newly available and installed updates (WordPress core, plugins, themes) to the server administrator.

cpanelResellerAutoUpdatesNotificationEnabled‘ – sends a digest of new available and installed updates (WordPress core, plugins, themes) to each reseller.

cpanelClientAutoUpdatesNotificationEnabled‘ – sends a digest of new available and installed updates (WordPress core, plugins, themes) to each client.

We’re planning to introduce the UI for managing these notifications in the next major WordPress Toolkit release, at which point we’ll enable all these notifications by default. Until that, hosters and server administrators will have to rely on config file modification to receive helpful information from WordPress Toolkit in their mailboxes.

Leika for cPanel

For those who don’t know yet, we have a service called Leika for rolling out gradual changes and conducting various experiments. This service offers tremendous help controlling the spread of potentially dangerous changes and experimenting with ideas that could positively affect user experience.

Until now, Leika only worked for Plesk, But not anymore as we’ve just made it available for WordPress Toolkit on cPanel too. The cloning backend change described earlier is one of many WordPress Toolkit features to undergo gradual rollout for the whole audience – and it’s the first one (but not the last one) on cPanel.

Future Plans

Many of the plans for the next release were already mentioned above:

  • Add UI for action logs
  • Add the rest of the actions to logs
  • Add UI for e-mail notifications on WHM/cPanel

In addition to these things, we are looking into improving how we handle popular caching plugins during cloning. There’s more exciting stuff coming in v5.5, but I’ll have to keep that under wraps for now – after all, we should always keep some pleasant surprises in store for you 😉

With that said, see you soon, and thank you for your time!

Top 10 PHP CMS Platforms For Developers in 2021

Top CMS platforms Plesk blog

If you didn’t already know, CMS is short for Content Management System. There are many different types available and they all exist to make creating websites easier for people who didn’t learn to program. Some of these systems are aimed at customers with at least some understanding of code, but the majority are pitched at website owners who just want to get their sites built fast and maintenance to be easy. Since there are so many choices, this article explores a few of the criteria to keeping mind when choosing between the different PHP CMS platforms that are available. 

What’s a CMS?

A CMS is an application design to make website building easy, so you can add different features and manage whatever content you want to populate your site with.

Webpages are usually put together by developers using various languages and technologies like PHP, ASP, HTML, JavaScript, and CSS. A CMS platform does use languages like these, but the website creator doesn’t necessarily need to see them or understand them, because there’s an interface that simplifies all of the stuff that goes on “under the hood”. You can still get your hands dirty with coding if you want to, but if you’re a beginner who just wants to build a blog or a shop for yourself, a CMS will let you do that just by dragging and dropping the various elements into place.

Choosing the Right CMS Platform for Your Website

Before you look for a new car it’s good to make a list of the features that are important to you, and shopping for a CMS is no different. 

User-Friendliness

Your ideal CMS should be intuitive, with an interface that does not require you to have a degree in software engineering before you can pick it up. You should be able to understand it quickly so that in no time you’re able to add images, audio clips, and text (along with other things). The interface should allow you to make changes easily, and the tools should be self-explanatory.

Design Templates

One of the strengths of PHP CMS software is the availability of design templates. Some CMSs can offer whole galleries of pre-existing examples which means that you don’t have to build them yourself. But it does help if you can customize them without too much trouble too (which in this case means “not needing to know any code”).

Data Portability

You might not stay with the same host forever so, your ideal platform should come with tools that let you manage your data and move it wherever you need to put it next with relative ease.

Optional Extras

Websites come in all shapes and sizes to suit all pockets and purposes. That’s why there isn’t a one size fits all CMS platform that will suit every single website.  One way around this is with extensions and add-ons. These are additional apps that can add to the basic set of features that come with the CMS software. If you think of this as a Swiss army knife, then extensions and add-ons are like extra blades that you can add to it to make it do more. 

User Support

While a good CMS platform will be straightforward to use and easy to pick up in the first place, you’re always going to have questions at some point. Some platforms have very large and loyal fan bases, and you might find that you can pick up all the help you need by consulting with existing users on forums. These good people will usually be only too happy to share their knowledge and experience to benefit others in the community. 

Of course, a really good CMS provider will also offer around-the-clock official support too.  

Pricing considerations

Some CMS platforms are totally free, while others charge you by the month. But even with the free ones, you’re probably going to have to part with some cash for the add-ons and templates. If you don’t want to leave your website at the mercy of the provider, then your web hosting services will also cost something too. That shouldn’t worry you though, because thanks to CMS platforms it’s never been cheaper and simpler for non-experts to get their website off the page and onto the web.

So, keep all of these points we’ve mentioned in mind and you should be able to start tracking down the perfect PHP-based content management system for your needs. Please find our TOP 10:

These CMS platforms make traditional development work a lot less of a chore for the developer. Dynamic web sites can swell up to include thousands of pages, and when they do it’s much easier to manage the process with the best PHP CMS platform as it can streamline development work in clever ways.

WordPress

WordPress has risen to become one of the best known and most widely used open-source PHP CMSs. It can accommodate lots of apps and is flexible enough to handle a wide range of different user scenarios. It’s as good at providing the foundation for a basic blog as it is a large e-commerce store, and you only have to look to the 75 million currently active websites that rely on it for confirmation of how universally popular it is.

Since WordPress is an open-source platform, it’s benefited from the ongoing attention of thousands of developers. This is one of the biggest reasons for its rapid evolution and why it’s turned into the preferred choice of many web app developers. It offers the widest selection of additional widgets, themes, and plug-ins, and it can be readily tailored and turned to almost any end.

It also ships with a suite of integrated SEO tools to optimize search engine visibility, and that’s one of the reasons why developers rate it so very highly.

Details

  • WordPress accounts for 76.4% of the CMS market
  • It supports over 68 languages
  • Plug-ins have been downloaded 1.48 billion times
  • WordPress powers many government websites around the world

Pros

Cons

  • Themes and plugins can require annoyingly frequent updates
  • Open source can mean ‘more open to hackers’
  • Customization requires a deep level of understanding

Joomla

Joomla is another one of the best PHP CMS platforms and it’s garnered a reputation for being good for portfolio and blogging websites. It may sit somewhat in the shadow of WordPress, but it still comes with enough high-quality features to create effective blogs and dynamic websites. It meshes well with a few versions of SQL, which means database integration should not be a problem.

This PHP CMS can integrate the site with its hosting provider in just one click and makes the creation of responsive websites a breeze. Its multitude of available designs and extensions make it easy to add extra features to any web apps that you may be designing. As one of the best PHP CMS platforms, Joomla has proved to be popular among big names that include eBay, Barnes & Noble, IKEA, and many others.

Details

  • 6% of all websites rely on Joomla
  • 2 million sites and counting
  • One of the top three CMSs which offer free plug-ins and themes
  • Supports over 64 languages

Pros

Cons

  • Not as SEO enabled as some PHP CMSs
  • Difficult for non-developers to add custom designs
  • Not many modules for sale
  • Some plug-ins not completely compatible without modification

Drupal

Drupal is one of the best PHP CMS platforms on the market. It’s open-source and well-suited to eCommerce stores, beginning its life initially as a message board but then evolving into one of the most popular PHP based content management systems. Drupal makes it easy for developers to build enhanced online stores thanks to its rich feature set. It’s ideal for developing modern apps which is one of the reasons why many developers are drawn to it.

While WordPress functionality can be extended further with plugins, Drupal refers to its add-ons as modules, although it already comes with many features and options. Top companies like NBC, Harvard University, Tesla, Princess Cruises, and MTV UK rely on Drupal for their web operations. It also benefits from active community support.

Details

  • Drupal has around a million users
  • It’s available in over 90 languages
  • Many American government websites are Drupal-powered
  • Acquia spent half a million dollars to accelerate the migration of Drupal 7 modules to Drupal 8
  • Drupal powers around 1 million websites

Pros

  • The platform can be greatly expanded upon
  • Frequent patches and updates enhance platform security
  • Drupal is well-suited to eCommerce
  • Best PHP CMS for websites with lots of traffic

Cons

  • Hard to understand for non-developers
  • Not well suited to blogs or other publications
  • Installing custom modules is not easy

OctoberCMS

OctoberCMS is a free, open-source PHP CMS that a great many company websites have been built on. The CMS is flexible, simple, and ready to deliver retina-ready websites and apps.

OctoberCMS is a self-hosted open-source PHP CMS and you can install it on your hosting service if you want to. It integrates well with third-party apps and features more than 700+ plugins and themes. It has a large and supportive community.

Details

  • Own community
  • Ecosystem of plugins & themes
  • Based on Laravel framework

Pros

  • Open source and free
  • Versatile and extendable
  • Many and varied themes and plugins

Cons

  • Requires developer input to customize
  • Fewer users than WordPress

Opencart

Opencart is another of the PHP based content management systems that are ideally suited to the creation of eCommerce websites. It’s open-source so PHP developers can easily add their own updates, and for users, it’s not hard to get to grips with thanks to its intuitive UI. The platform caters to a great many languages and offers unlimited product categories for the biggest inventories out there. Opencart is a well-featured PHP CMS that gives plenty of scope to developers while keen to create comprehensively featured online stores.

Details

  • Opencart allows more than 20 ways to pay
  • 12k+ extensions on offer
  • Powers 790k+ websites
  • 95k+ forum members

Pros

  • Easy to set up and get started
  • Free themes in abundance
  • Thousands of available modules and extensions
  • Makes it easy to set up sites in different managers

Cons

  • Some technical knowledge needed for customization
  • Not very SEO-friendly
  • Bogs down when web traffic spikes
  • No event system so users can’t set up tasks from within modules

ExpressionEngine

ExpressionEngine is one of the best PHP based content management systems for sites that need to handle large amounts of content. It is an excellent PHP based CMS with an architecture that can be modified with custom scripts to introduce additional functions.

Any newly added content becomes visible to the customer straight away. ExpressionEngine is versatile enough that when it creates pages, it does so by pulling content from the database and then formatting it so that every user gets the best available view for their device. This dynamic approach to content generation makes it very flexible.

Pros

  • Custom edit forms are available. You can navigate and fill them out easily
  • HTML agnostic template system
  • Preview window the cheque work before saving changes
  • Integrated SEO for content
  • Excellent security

Cons

  • Some content boxes in certain templates don’t expand, making navigation and editing difficult
  • Poor developer network support
  • Fewer 3rd party add-ons and plugins

PyroCMS

PyroCMS is one of the best PHP CMSs and it’s powered by the Laravel framework. Popularity has been growing thanks to its intuitive backend design and lightweight modular architecture. Was designed to be simple, flexible, easy to learn, and easy to understand. PyroCMS’s modular design gives developers plenty of scope to bring together the right components to suit any given project.

Pros

  • Versatile PHP CMS can be adapted to any project
  • Readily accommodates third-party APIs and apps
  • Easy to install and learn

Magento

Magento was designed with eCommerce applications in mind, and it’s now the preferred platform for building innovative online stores. Brands such as Ford, Nike, Foxconnect, and many others rely on Magento’s extremely capable eCommerce features to power their sites. The major advantage of using Magento is that it’s tailor-made for designing rich and varied online shopping experiences for customers.

Another part of Magento’s appeal is its great emphasis on security. It uses hashing algorithms for maximum security password management and has additional defenses to defend apps from attackers. Also, Magento benefits from an active developer community which frequently contributes with numerous updates and patches. With Magento 2 the platform has benefited from a variety of enhancements to further strengthen its position as one of the best PHP-based content management systems for online retail.

Pros

  • The platform is feature-rich enough to power modern eCommerce stores
  • Magento is very accessible
  • The community regularly develops plug-ins and extensions
  • The platform is very scalable and can accommodate big apps

Cons

  • The premium and enterprise versions are pricey
  • Slightly slower to load than other platforms
  • Only works with dedicated hosting
  • Product support is quite pricey

Craft CMS

Craft is one of the more recent PHP-based content management systems but its low user account shouldn’t put you off though because it’s tailored towards pleasing developers. If you’re a user that may be a point against it, but from a developer’s point of view it’s easy to work with.

Craft gives users the scope to create their own front ends, or at least it does in principle because doing so requires a knowledge of HTML and CSS. Despite that, it offers a clean backend, so it’s relatively easy for content editors to easily find their desired features and publish content frequently.

Pros

  • Lightweight
  • Commercial features
  • Developer-centric
  • Highly functional
  • Performs well
  • Effective security

Cons

  • Pricey
  • More for advanced users
  • Not so many plugins
  • Not open source

TYPO3

TYPO3 is one of the best PHP CMS platforms available. It works on various operating systems including Windows, Linux, macOS, FreeBSD, and OS/2. It’s best suited to powering the portals and eCommerce platforms of large companies and it’s supported by a sizeable community for ongoing support and discussion.

Content and code are handled separately which makes TYPO3 a very flexible proposition for users. With support for over 50 languages and integrated localization built-in, it will fit in with users no matter where they may be in the world. Installation can be completed in just a few steps.

Pros

  • Sizeable community
  • Flexible with lots of functions
  • Enterprise-level

Cons

  • Hard to configure
  • Entry-level training is hard to find

The Plesk WordPress Toolkit 5.3 is Now Available

WordPress Toolkit update 5.3 blog Plesk Header

The first WordPress Toolkit release of 2021 is now publicly available — please welcome WordPress Toolkit v5.3  This release is focused on fixing issues reported by customers, improving performance, and making sure we can properly handle working with both outdated PHP versions and the latest PHP 8. 

Read on to learn what’s new:
 

Updated wp-cli & PHP 8 Support

 

PHP 8 was released two months ago, and already many of you trying to use it for hosting WordPress sites. So, to support this release, we needed to explore the outdated wp-cli component used for managing many aspects of WordPress sites. 

In v5.3 of the WordPress Toolkit, the team has updated  from the previously used (and quite outdated) version 1.4.0 to the latest available version 2.4.1, which finally allows WordPress Toolkit to manage sites working on PHP 8. Note that PHP 8 support in this  version is still kind of experimental (or “beta”, if you wish), so customers are advised to be more vigilant than usual when using PHP 8. As soon as  team announces full and proper PHP 8 support, we’ll immediately work on including the corresponding  update in WordPress Toolkit.

WordPress Toolkit 5.3 Plesk

Identifying Outdated and Unsupported Sites

 
Updating wp-cli resulted in certain unfortunate consequences: WordPress Toolkit now cannot manage sites working on PHP 5.2 (End of Life on 6 Jan 2011, 10 years ago) and PHP 5.3 (End of Life on 14 Aug 2014, 6 and a half years ago). To accommodate for this change, WordPress Toolkit can now identify websites using unsupported version of PHP and display corresponding information in the interface:
WordPress Toolkit Plesk v5.3
 
If your PHP version has reached End of Life but still supported by WordPress Toolkit, you will be notified about this as well:
 
WordPress Toolkit v5.3 Plesk blog

 

Since we’ve started to better differentiate between various site states, WordPress Toolkit now also properly notifies users if their WordPress version is way too old:
 
WordPress Toolkit v5.3 Plesk

 

We’ve also added an extra notification about outdated WordPress core, since some people have complained that existing notifications are not visible enough:
 
Plesk WordPress Toolkit 5.3

 

To avoid scaring users, WordPress Toolkit now tries its best to create screenshots even for sites with unsupported PHP or WordPress versions. We hope that seeing a site screenshot will help customers understand that the site itself is working fine, but WordPress Toolkit cannot manage it because it’s so ancient that it should be surveyed by a team of archeologists first.
 

New Autoupdate Defaults in WordPress 5.6

WordPress 5.6 has introduced new default settings for WordPress core autoupdates. New WordPress installations are now configured to automatically install both minor and major updates by default. Existing WordPress installations updated to v5.6 will keep their previous autoupdate settings.
 
WordPress Toolkit now supports this change, so when you install WordPress 5.6 or newer via WordPress Toolkit, the autoupdate settings will be automatically set to “Both major and minor updates“, as opposed to “Only minor updates” option, which was the default before v5.6.
 
 
Due to the new defaults mentioned above, we have also changed the way WordPress Toolkit manages WordPress core autoupdate settings. Previously WordPress Toolkit was using the WP_AUTO_UPDATE_CORE constant in wp-config.php file to help WordPress understand how it should behave. With changes brought in WordPress 5.6, we have decided to avoid using this constant and use the get_site_option( ‘auto_update_core_major’ ) parameter stored in the WordPress database instead. This parameter is utilized by WordPress itself when site admin switches between “major & minor” and “minor only” autoupdates in WordPress admin area. Using this parameter makes WordPress site management via WordPress Toolkit more natural, transparent, and non-obtrusive for advanced site admins.
 
Existing WordPress installations updated to v5.6 will keep the WP_AUTO_UPDATE_CORE constant in wp-config.php file until autoupdate settings are changed by the site admin. Note that WordPress Toolkit will still have to use the WP_AUTO_UPDATE_CORE constant if site admin decides to completely disable all autoupdates.
 
An additional fix related to WP_AUTO_UPDATE_CORE constant was also included in WordPress Toolkit v5.3: the constant is no longer added automatically when WordPress Toolkit checks for availability of updates. It can only be added if customer explicitly saves or changes autoupdate settings.

Cloning with defined DEFINER

 
WordPress Toolkit creates a database dump when it clones a site. In certain cases, this dump includes a defined DEFINER clause, which leads to failure of the cloning procedure. You can now rest easy that this problem is finally fixed.
 
Since every site is different, this may not be convenient for you. Therefore, it is possible to turn off the application of this fix by adding the following option to the config file:
 
fixDatabaseDumpDefiner = false

 

Upsell Links Configuration in cPanel

 
WordPress Toolkit on cPanel has two Deluxe upsell links: one in WHM, one in cPanel. Hosters can configure these links in Manage2 or modify WordPress Toolkit config file on the server. To make things easier, we have added the ability to customize these links on the global “Settings” screen in WordPress Toolkit. We’ve also updated the default WordPress Toolkit upsell link to make sure it is pointing to a proper destination.
 

 

For reference, here’s the priority of link customizations: links in UI overrule the links in config file, which overrule links provided by Manage2, which in turn take precedence over the default links shipped with WordPress Toolkit.

Research, Improvements, Bugfixes

 
Based on the research performed in December, we have increased the site list loading speed on Plesk. We have also tested the performance of Smart Updates and regular updates to better understand where and how we can improve our product. 
 
As for bugs, the v5.3 release includes a number of customer-requested bugfixes, particularly those that address cloning-related issues.
 

What’s Next? 

 
We’re also working on a number of exciting new features to continue improving the WordPress Toolkit, based on your feedback and usage. Have you got the latest version yet? What has been your experience with the Toolkit? Let us know in the comments or via your partner account manager!

Wordfence vs Sucuri – WordPress Security Plugins Comparison

Wordfence vs Sucuri comparison - Plesk

Sucuri vs Wordfence – which plugin ensures full WordPress security? This is a question that lots of WordPress website owners find themselves pondering. In these days of state-sponsored attacks, organized crime gangs, and bedroom hacktivists, getting watertight cybersecurity for your WordPress website has never been more important. 

New and more sophisticated hacks and exploits happen every single day, around-the-clock, and after the Solar Winds breach came to light it’s apparent that even governments and multinationals are not as safe as they thought. 

So for the humble WordPress site owner, it’s important to find the most effective means of keeping malign intruders out. Any weaknesses are almost certain to be exploited by criminals (eventually), so it’s essential that you settle on the most effective security plug-in you can get your hands on to thwart nefarious actors. 

Site owners often wonder about choosing between Wordfence or Sucuri, simply because this pair is among the most well-known and prominent of plugins for comprehensive WordPress website protection, and so it’s difficult for many site owners to differentiate between the different offerings and identify the superior example. 

Sucuri or Wordfence: what do you need to consider?

Sucuri vs Wordfence is a tricky question to answer because both have the capacity to keep your WordPress site safe from data breaches, bot-net infections, and other unwanted security risks. 

Another criterion must be that it’s easy to use, because the less time you waste on activities that don’t contribute to selling your digital wares, the better. You don’t want to waste time becoming a security expert just so that you can run a plug-in that keeps your website safe. If that’s what’s required then it’s probably not worth investing in.

Sucuri vs Wordfence: user-friendliness

You shouldn’t need to know how the internal combustion engine functions just to stop your car from being stolen, so you also shouldn’t need to become an expert in cybersecurity to keep your website safe with Wordfence or Sucuri

Wordfence

After installation, you’ll need to confirm that you accept the terms and conditions, and then you’ll be asked for the email address where you want your security updates to be sent. 

The setup wizard that follows will walk you through the basics of the application, including where to find notifications and the results of scans.

Wordfence opens your web app firewall in learning mode and performs a scan in the background. This may take a while if you have a large website but it will let you know as soon as it’s finished.

Click the dialogue box when it’s got to the end and you’ll see what the scan discovered along with suggestions for what to do with any positive hits. If you’re lucky, it won’t find any threats, but it still might recommend useful security-related suggestions, like that you update to the newest version of your chosen theme.

The standard way that the firewall runs is as a WordPress plugin, which isn’t the ideal way of doing things in this instance. Wordfence will let you configure it to work under extended mode for enhanced security, but this requires manual configuration. 

Unfortunately, first-time users of the Wordfence UI will probably find it as difficult to understand as we did. It’s true that it doesn’t ask you to do very much in its basic configuration, so that may not be a problem, but beginners wishing to explore the different possibilities it offers may feel that it’s an uphill struggle. 

Sucuri

There’s no such trouble with Sucuri’s GUI. It isn’t cluttered by unnecessary notifications and your scan results will appear in the plug-in panel. It’s also worth mentioning that its website application firewall (WAF) is based in the Cloud and as a remote resource it doesn’t require any horsepower from your own server that would slow it down.

To set up your hosting server behind the firewall you’ll need to give it your API key and configure the DNS settings for your domain name. Once you’ve installed it, you’re done. It’s a case of “set it and forget it” because updates and maintenance are all taken care of. Also, when Sucuri gives you security recommendations you only need to click once to apply them all. 

The UI is certainly a step up from Wordfence’s design, but some options are still buried in the guts of it and will require some digging.

One hurdle that less technical users may find difficult to overcome when they’re configuring a Sucuri firewall is how to update a domain name server with their domain registrar. It may be helpful in this case to ask the registrar for some help.

Sucuri vs Wordfence: Web Application Firewall (WAF) 

It’s possible to run a firewall in one of two ways. You can run it as an application on your own server or use a cloud-based WAF solution. 

WAFs are useful for blocking website threats, and we believe that cloud-based ones are the superior option for reasons of efficiency and reliability. They constantly keep an eye on incoming web traffic, flagging and blocking issues as they appear. In the case of Wordfence vs Sucuri, both have this capability.

Wordfence

Wordfence features a WAF that keeps an eye on malicious web traffic. The fact that it’s application-based, running as a WordPress plugin, is something of a disadvantage because it means that WordPress needs to load before it can detect and respond to malicious activity. 

You’ll need to configure Wordfence’s firewall manually in expansion mode so that it can monitor traffic before it has a chance to get to your WordPress installation. 

Wordfence’s endpoint firewall only filters bad traffic once it’s reached the hosting server, and once it does, all of its resources will be stretched as it responds to the attack.

Sucuri

Sucuri’s firewall is a remote cloud resource. That means that it can trip up malicious traffic before it gets anywhere near your hosting server. Sucuri also has content delivery network (CDN) servers distributed across various regions, so this should also help to increase the speed of the response.

To use a firewall, you’ll need to change the DNS settings of the domain name. This will route your traffic through Sucuri’s server. 

Sucuri doesn’t have a basic or extended mode. As soon as the installation has finished, Sucuri’s WAF starts protecting your site straightaway.

When you’re choosing between Wordfence or Sucuri you might want to bear in mind that Sucuri uses highly effective machine learning algorithms to cut down on false positives, and its DDoS defences automatically block fake traffic and nefarious bot requests without slowing down bona fide traffic sources.

Security Monitoring and Notifications 

Downtime is money, so a security early warning system is essential for any website owner. To get notifications you’ll need to check that you can pick up emails from your WordPress site using SMTP. Let’s look at how well Sucuri vs Wordfence keeps you informed about attacks.

Wordfence

Wordfence does a decent job of telling you about any problems with elicit intrusions and the like. They show up both in the Control Panel and the Wordfence menu in the WordPress administration sidebar, with different highlights indicating their respective significance. Selecting each one will pull up options for how you deal with them, but you can only see them after logging into the WordPress dashboard. 

If you’d like to be alerted about security issues via email, then you can fairly easily do that in the Email Alert Preferences section on the Wordfence options page. You can also further explore them on this page too. 

Sucuri

It can be very distracting to be constantly interrupted by security alerts, so if you want to tell Sucuri to only bother you with the more serious cases, that’s easily done, and you can also tell the software to send them to your control panel as well. 

Look towards the upper right-hand part of the screen to explore the status of the main WordPress file. This includes the audit log and site status. 

To access the alert management system open the Sucuri security settings page and then the Alerts tab and enter the email address where you want to receive your notifications. 

You can tune the type of event notifications you get and also put a ceiling on their numbers. Your WAF will also send important alerts to your email address. 

Sucuri or Wordfence – Scanning for malware

Both of our contenders feature malware detection. They can also look for files that have been changed and snippets of code that may be up to no good. Out of Wordfence vs Sucuri, which will do the better job here? 

Wordfence

Wordfence’s malware scanner can be tweaked to meet your particular hosting and security needs. Scanning has default limitations to conserve resources.

Wordfence generates your analysis schedule automatically, but you are able to change this. With scanning, you only have access to some options if you’ve opted for advanced versions of the plug-in. Wordfence’s scanner can also check your themes and plug-ins in line with the appropriate repository version. 

Sucuri

Sucuri’s site check API assists the Sucuri scanner in its hunt for unwelcome code. It’s quite clever in that it uses secure browsing APIs to ensure that your WordPress site hasn’t been blacklisted. 

Sucuri has an automated way of checking that your core WordPress files haven’t been tampered with, but you can change any of your settings by clicking on the scanner tab on the security settings page.

The scanner isn’t specific to WordPress, which you’d think would make it less adept at dealing with WordPress security issues but in fact, the result is that it can scan for any kind of intruder. Another aspect in its favour is that it’s relatively lightweight and doesn’t impinge too much on your server resources. 

Cleaning Up Your Website

Getting hacked is no fun, and the cleanup operation that comes after your WordPress site has hosted unwelcome intruders is even less cause for celebration. Trojans and viruses can burrow into files, drop unwanted links, and who knows what else.

Unless you’re an expert you may find it beyond your ability to track down and eliminate every bit of damage that’s been done. Luckily, Wordfence vs Sucuri can do it for you, but which one is going to do the better job?

Wordfence

You’ll need to buy your cleaning solution separately from your Wordfence subscription because it isn’t something that they include in their free or paid packages. Once you’ve signed up though, it’s a fairly straightforward process to get your site analyzed and cleansed of bots and Trojans. Not only that, you’ll also get a compressive rundown of what was cleaned and advice on how you can limit the likelihood of this kind of intrusion occurring again in the future.

Sucuri

If you pay for a Sucuri plan then site cleaning will be included. Just open a support ticket and the service will get underway attending to blacklist removal, remedying SEO spam, cleaning the site, and WAF to avoid such occurrences in the future. 

Sucuri is pretty good at cleaning up viruses and other dodgy intrusions, spammy code injections, and backdoor access files. 

The team assisting you with the clean-up will use FTP/SSH access login details to get in, and they’ll be careful to back-up every file that they interact with to ensure that nothing is damaged or lost. 

Sucuri vs Wordfence – Who Is The Winner?

Wordfence vs Sucuri is a matchup between two seasoned and respected security heavyweights, but in our opinion, it’s Sucuri that crosses the finish line in first place. Its use of WAF in the Cloud is a definite plus point. Wordfence is a competent performer, but its server-side scanner and firewall can’t match Sucuri’s for security. 

Best WordPress Caching Plugins Comparison

WordPress Caching Plugins Plesk

WordPress caching plugins is a complex topic for many people (especially newcomers), and there’s a lot to cover in any guide. A comprehensive exploration of WordPress caching might even demand a whole book — which we obviously don’t have the space or time to create here. But we can make the essentials of WordPress caching easier to understand, and that’s exactly what we’ll do below.

First, let’s start by looking at caching it as if it were a fairly straightforward math problem to be solved. Most of you reading this would have no problem multiplying, say, eight by eight to get 64. That’s a simple sum countless children learn in school every year. And they — and you — know the answer because you’ve memorized it. You might run a brief calculation in your head, but it should seem as if you can pull the solution out of your memory as naturally as recalling your own name. So, this form of memorization can be compared to website caching, even though it is a major simplification of the process. This example helps to visualize caching and illustrates why WordPress caching plugins are so important for a quality user experience.

Your website is required to present the same (or similar) content again and again, no matter how many visitors you receive per day. Even if you only attract a few dozen people, your site is still bringing the same content up repeatedly over weeks and months. Wouldn’t it be fantastic if the server was able to remember the necessary files required to present your website as it needs to every single time more efficiently, as you can when solving simple calculations?

Explaining the Caching Process

Basically, any page a visitor navigates to on your website requires a server request, and processing by that same server (along with database queries). Next, a final result will be sent from the server to the visitor’s browser, which enables them to view your website with all the elements and files essential for forming its complete design. These include menus, blog posts, images, videos, etc.

As the server is expected to process each of these requests, and to do so as quickly as possible, delivering a full web page to users can be a surprisingly time-consuming process. Particularly for bigger websites or those best described as “clunky”.

But this is where WordPress caching plugins prove helpful. The caching plugin is designed to tell the server to keep some of the files stored to RAM or disk (based on your specific configuration). That means the server can remember content it’s served in the past and duplicate it for the user. Web pages will load far faster from the cache directly, and the amount of work needed to generate a pageview is reduced significantly.

That’s the power of caching.

When You Need WordPress Caching Plugins

We’ve already covered how caching can increase the speed of web pages, but is it always essential to install WordPress caching plugins? And are there any other advantages to caching you should know about? For anyone responsible for managing their own servers or using shared hosting, caching plugins are generally a fantastic idea.

But there are times when you won’t actually need a caching plugin. If you were to work with a trustworthy managed WordPress host, for example, they would handle the caching on your behalf. This would be performed at server-level and much quicker, in a lot of cases. Server-level caching demands no knowledge, expertise, or time-intensive configuration to achieve the best speeds. It will be fast all the time — that’s it.

Often, top managed WordPress hosts don’t utilize caching plugins on their platforms as they may affect performance quality. Some things can go awry if you don’t know what you’re doing with plugins, which is where a little expert management can be a big help.

Why Some Caching Is Always Necessary

No matter if you choose server-level caching or opt for a plugin instead, you’ll always find some type of caching necessary. Here are some of the main benefits of caching to consider:

  • Deliver a faster browsing experience for users — we’ve already addressed how WordPress caching plugins can boost your site’s speed, but it’s a core advantage so deserves to be on this list!
  • Provide a better user experience overall — as your website will run more quickly, users will be more likely to stay and explore. Faster sites are known to have lower bounce rates, reducing the risk of people becoming frustrated and clicking away after waiting for more than 10 seconds or so for pages to load.
  • Servers rely on fewer resources — fewer resources contribute to a quicker website, and place less strain on servers. This is crucial for highly-dynamic websites (e.g. membership sites) and for determining what can or can’t be served from cache.
  • Potential SEO improvement — a faster speed and better user experience can inspire search engines to recognize that your website is worthy of a higher ranking. This makes caching a helpful addition to your search engine optimization strategy.
  • Lower time to first byte (TTFB) — using WordPress caching plugins is one of the simplest ways to reduce your TTFB, by as much as 90 percent in some cases.

How Does Caching Compare Against No Caching?

To show you how much difference caching versus no caching makes, we decided to run a few simple server-level caching speed tests.

First, we ran five Pingdom tests with no caching activated and measured the average, and then did the same with caching enabled. The average load time without caching was 677 ms, and the average with caching was 521 ms!

So, caching decreased our page load time by more than 23 percent, with no additional work required. We used a fairly well-optimized site for the speed tests, which means websites with less optimization will run even more quickly.

TTFB with no caching

Remember when we discussed how caching can affect your TTFB above? Well, we ran some more tests to identify how well caching can reduce TTFB.

We found that TTFB with no caching was more than 200 ms, but this dropped to under 40 ms when we enabled caching. That’s a huge difference.

It’s clear, then, that enabling WordPress caching plugins can decrease your TTFB substantially. And, again, that means better performance overall.

What Are the Best WordPress Caching Plugins Available?

Below, we’ll explore the best WordPress caching plugins to try if you plan to manage your own server or use shared hosting. While some may be more intuitive, they’ve all earned fantastic reviews from users. A lot of posts published online will attempt to compare caching plugin speeds and sell you the one they consider the best. But this is almost impossible, as plugins will perform differently depending on your choice of server, resources, configuration, and location.

Yes, we find speed tests as helpful as anyone else, but dubbing one plugin “the quickest” is frankly unfair. Why? Because what works brilliantly for one user might not be so effective for another. And that’s not to mention that there hundreds of different settings may be available to enable or disable.

With all this in mind, we feel it’s best that you always test WordPress caching plugins yourself to determine which work best for you.

We’ve collated a concise list of the top WordPress caching plugins to help you make an informed decision. You’ll find more detailed insights for each one further down, covering pricing, benefits, and more.

Our list:

We’ve found that it’s ideal to experiment with a minimum of two or three WordPress caching plugins before committing to any one option. You might find that you love the user interface and design in some caching plugins, but find others much easier to use overall.

Another recommendation from our experts is to run a speed test with a dedicated tool, such as GTMetrix or Pingdom, once you’ve implemented each plugin. This will enable you to check the impact the plugin has on your site’s performance.

But be sure to run a number of speed tests to make sure plugins are serving from cache. When you clear your WordPress website’s cache, it needs to rebuild. Helpfully, some plugins include an option to preload (or “warm”) the cache once it’s been cleared.

Be aware, though, that caching plugins can lead to issues while they’re helping your website run faster. There’s a particular error to watch out for when using caching plugins: “No update required. Your WordPress database is already up to date”. Keep that in mind, though it certainly shouldn’t put you off!

So, onto our in-depth look at the top WordPress caching plugins for your site!

WP Rocket

This is a premium WordPress caching plugin, offering three payment plans. You can pay a one-time fee, but if you keep your payments running, support and updates will be included. WP Rocket lists caching for a single website as $39, while support for three sites is just $99. For $199, you can get caching for an unlimited number of websites. Free plugins are available, but these rates are impressive considering WP Rocket is one of the market’s most feature-rich WordPress caching plugins.

There’s no free version or free trial for the WordPress caching WP Rocket plugin, but WP Rocket’s developers provide a 14-day money-back guarantee to ensure your satisfaction.

One of the main advantages of WP Rocket is its user-friendly interface and fast, hassle-free setup. This is a caching plugin for WordPress with the power to help your website run much faster, and yet any newcomer would find it easy to grasp the majority of the settings from the start.

Another top reason for WP Rocket to be worth a consideration is that it’s designed to run nicely on eCommerce sites. That’s ideal as, most often, those require better caching speed the most.

On the whole, you might ask why you should pay any cash for a WordPress caching plugin at all when there are some competitors giving theirs away for free. Well, that’s because WP Rocket offers a wealth of solid features and is simpler to use overall.

For example, WP Super Cache provides users with page caching, yet browser caching is unavailable. WP Rocket, on the other hand, delivers both.

And Hyper Cache is missing lazyload, whereas that’s just another part of the WP Rocket package.

We could go on and on like this, comparing WP Rocket with the competition, but the main point to remember is that $39 is a modest rate to pay for the sheer variety of features included.

Reasons this is one of the top WordPress caching plugins

  • WP Rocket delivers a developer-friendly package, with a great dashboard to help newcomers feel at ease. Developers rarely have so much to experiment with in caching plugins, and others can make it far too complex for first-timers too.
  • The setup process is highly accessible for users of all experience and skill levels.
  • You can use the included database optimization to clean up your WordPress database, as well as decreasing the amount of resources used.
  • You can use WP Rocket to lazyload media, so that images don’t load on your site until a user actually scrolls over them. That means the server won’t need to do the work until it’s absolutely necessary.
  • You can increase your website’s speed even more with WP Rocket’s CloudFlare compatibility.
  • Multisite compatibility is also available through this plugin.
  • You can preload your cache.
  • Tools for minification and concatenation are included.
  • One of the most distinctive features is the Google Fonts optimization. I haven’t seen this included as part of another caching plugin so far.
  • Support available for object caching.

Take a look at the official WP Rocket documentation for help when configuring and experimenting with this plugin on your WordPress website.

Cache Enabler

Cache Enabler is an open-source, free caching plugin from KeyCDN (known for powering the Kinsta CDN). The disk caching engine’s performance is quick and dependable, while the multisite support is a benefit for users operating networks of sites.

The WordPress caching Cache Enabler plugin is a quality option without a hefty price tag: you may not be receiving the comprehensive range of features you would in WP Rocket, but Cache Enabler is still a terrific alternative if you’re on a tighter budget.

Cache Enabler’s big claim to fame is that it was the first WordPress plugin designed to help you serve WebP images with no need to use JavaScript. Sounds like senseless technical jargon to you? All you need to know is that while JavaScript is an important coding language, it can disrupt website speed in some cases.

Combining Cache Enabler with ShortPixel, EWWW, or Optimus plugin enables you to utilize this more recent image format properly. That’s a fantastic option for anyone running an online business, as most websites include dozens or hundreds of images, such as eCommerce sites or blogs.

Finally, Cache Enabler’s settings are simple and concise. They ask for such things as caching behavior preferences and cache expiry behind the scenes, the settings page offers explanations, and the number of settings is fairly low overall. As a result, most people will find this a confusion-free zone.

Reasons this is one of the top WordPress caching plugins

  • Cache Enabler provides a unique way to serve WebP images: you can convert pictures to WebP format via ShortPixel, Optimus, or EWWW Cloud (the cloud version is recommended for its solid performance).
  • Cache Enabler WordPress caching plugins include a user-friendly, streamlined interface for maximum convenience. This is one of the simplest plugins to set up, and users at all levels of experience should find it a pleasure to handle.
  • Actual cache size is presented on the dashboard, to help you understand the amount of space the cache consumes. This is a fast, efficient caching program, offering manual and automated clearing options.
  • Minification for inline JavaScript and HTML is available.
  • This combines with the Autoptimize plugin to bring you additional features, such as injecting CSS into page heads.

Take a look at the official Cache Enabler documentation for help when you configure and test this plugin on your website.

WP Super Cache

WP Super Cache is a terrific example of an open-source WordPress caching plugin boasting installation numbers in the millions. When you search for caching plugins, WP Super Cache and W3 Total Cache (see below) will appear high on the list most of the time.

While it’s unfortunate that these plugins have such similar names, they are very different. It’s best to install both and try them separately to identify the right one for your site. You might prefer to install WP Super Cache first purely because it’s the work of the Automattic team, but both are worth considering.

Regardless, WP Super Cache is an open-source, free plugin with zero upgrades required once you’ve installed it. This performs efficiency by building static HTML files and serving these instead of the weighty WordPress PHP scripts.

Three caching modes are available, which is one of the WordPress caching WP Super Cache plugin’s most appealing features. One is titled Simple Mode: the average WordPress user would choose this as it poses the least risk. But another of the modes, Expert Mode, enables you to super cache files with various modifications to the .htaccess file. This is great for seasoned developers who prefer greater control over their site’s caching process.

The Simpler mode makes WP Super Cache simple to set up (as the name suggests!). This enables you to compress pages, and offers easy caching, CDN support, as well as cache rebuilding. On top of all this, you can identify known users and choose to not cache pages for them if necessary.

Additional homepage checks can be helpful too, when you want to make sure your site’s primary page is as optimized as it can be.

One of the core advantages of WP Super Cache is its garbage collecting: your cache directory fills up and can leave your site running slowly over time. WP Super Cache runs automated garbage collections regularly to clean older files out and maintain your site’s optimization.

Reasons this is one of the top WordPress caching plugins

  • WP Super Cache boasts a positive reputation and track record, so you can expect its caching services for one or more of your sites to be of a high standard (no matter how big they may be).
  • This is an open-source, free product from Automattic — this means updates are regular and WP Super Cache is unlikely to disappear without warning.
  • In WP Super Cache’s backend interface, a lot of the settings you require are already filled in. As a result, it’s fairly easy to understand and put to work, even if you’re a total novice.
  • WP Super Cache utilizes a garbage collection process, clearing your older files out of the cache to prevent slowdown. This helps your site run faster and more smoothly.
  • This is integrated with a unique CDN setup, distributing your files better.
  • You can select from three caching modes, including Simple and Super Caching. This makes WP Super Cache a top option for diverse skill levels: the Simple cache option is great for the average user, while the Super Cache mode enables more advanced users to boost their site’s speed substantially.
  • WP Super Cache includes a unique feature known as Cache Rebuilding. Your blog’s cache won’t be cleared whenever a visitor posts a comment: the cache will be rebuilt and the old page will be served to other users instead.

While WP Super Cache has no official documentation online, the repository page carries a wealth of information.

 

Comet Cache

Comet Cache has one of the coolest names of all the WordPress caching plugins, and it has a solid reputation too. You can choose from a free or paid version.

The paid version is available from $39 to $139, as a one-time charge. However, you can opt to pay extra fees if you would prefer more extensive customer support with the WordPress caching Comet Cache plugin.

Comet Cache includes similar features to the caching plugins we’ve explored above, but it stands out for its incredible documentation. Even the regular WordPress plugin page offers lots of FAQs and links to help you learn about caching.

The Comet Cache website is home to a complete knowledge base and insightful blog. There’s plenty of information on the free and premium versions, with comparisons to help you choose.

A key reason for upgrading is Comet Cache’s automation: you can set this up and forget about it while the plugin does the majority of the work on your behalf.

The free version is capable of accomplishing many of the same tasks, but you will need to complete them yourself manually at times.

The client-side browser caching is helpful, too, as you’re basically double caching: the server is on your end and the browser is on the user’s. Crucially, it’s fairly simple to install the Comet Cache plugin and the dashboard is easy to navigate.

Reasons this is one of the top WordPress caching plugins

  • With Comet Cache, you can take advantage of a quick setup and decent backend, so configuring the cache takes a matter of minutes.
  • You can cache on pages, posts, categories, and tags.
  • With the paid version of Comet Cache, you can try intelligent and automatic cache clearing. This allows you to establish caching preferences when you install it and forget about them for a while.
  • You can cache RSS feeds to avoid delays in your content syndication.
  • The plugin gives most of its main features away free, so you might not need to upgrade.
  • The paid version is similar to what you would receive from WP Rocket, so we’d advise that you test both to see which suits your goals best.

Browse the Comet Cache official documentation and community forum for help when configuring or testing this plugin on your website.

Hyper Cache

The WordPress caching Hyper Cache plugin runs on PHP only, so it’s simple to set up with no complicated configurations to worry about. This is also compatible with WordPress blogs of any kind.

A main benefit of Hyper Cache is that it’s aware of mobile environments. As a result, the caching continues to run when a user visits your site on their smartphone or tablet. This ensures your website remains fast and performs smoothly across devices, for total user convenience.

As Hyper Cache is open-source, there’s no need to pay or stress about future upgrades either. If you want to support the developer and compensate them for their work, though, you can make a donation.

The installation process for Hyper Cache is quick and easy. That’s ideal for newcomers and unskilled users of WordPress who might feel overwhelmed by extensive caching settings.

Furthermore, the compression caching optimizes bandwidth and boosts page speed brilliantly. This plugin is also intended to work with bbPress well, so if you want to run a forum, Hyper Cache is a fantastic option for caching its pages.

Perhaps Hyper Cache’s biggest advantage is its simple configuration. You can almost set it up and forget about it, with no reason to worry about its function following installation.

Admittedly, some of the settings have been assigned unexpected names or can seem somewhat tricky at first. But they generally include recommendations to help you understand what to enable and how they work.

Reasons this is one of the top WordPress caching plugins

  • There are no payment plans for Hyper Cache: this is a free, open-source plugin, and all features are included with initial download.
  • Hyper Cache is mobile-aware, so caching runs on mobile devices too.
  • This plugin includes CDN support, enabling you to tap into larger networks of servers and increase your website’s speed further.
  • Hyper Cache provides options for serving cached pages to visitors writing comments on your blog. You can cultivate more discussions on your posts without worrying about them affecting its speed.
  • Compression will be managed via the Hyper Cache plugin, for non-cached pages too.
  • Hyper Cache is designed to detect if a site’s theme has changed to its mobile version, for a better user experience.
  • This plugin will relocate the cache folder beyond your blog, and the cache folder won’t be included in your website backups. That means you can make smaller backup files while saving space.

Take a look at the official Hyper Cache documentation and visit the community forum to learn more when setting this plugin up on your site.

WP Fastest Cache

WP Fastest Cache’s name is obviously similar to some of the other WordPress caching plugins on this list, but don’t be fooled: this has a number of features that make it stand out.

You can get started with a free version of the WordPress caching WP Fastest Cache plugin, though a premium one is available for purchase through the settings module if you want to upgrade.

With the premium version of WP Fastest Cache, the fee is one-time only, and you’ll get access to a varied selection of tools that are unavailable in the free version. But generally, the majority of websites will be satisfied with the free plugin, as it features desktop caching, combination options for CSS and JavaScript, as well as HTML minification.

You’ll also have access to GZIP tools and browser caching in the free WP Fastest Cache plugin. Overall, this plugin can help to make websites’ performance much faster and smoother compared to sites using no caching plugin whatsoever.

The settings basically consist of a checkbox list, which makes it one of the simpler settings pages to explore. Information boxes are also included, offering clear explanations to guide your choices. You can switch between tabs for managing key items, such as imagine optimization, the CDN, and the cache timeouts.

Reasons this is one of the top WordPress caching plugins

  • The free version of WP Fastest Cache can prove useful for the majority of sites, and it appears to serve sites more quickly than a lot of the competitors.
  • The settings comprise a list of checkboxes alongside easy-to-follow information points, so it’s simple to use.
  • You can upgrade from the free to the premium version in the WordPress dashboard for maximum convenience. You don’t have to download a plugin from the developer’s site.
  • CSS and JavaScript can be combined and minified.
  • You can integrate CDN without too much configuration required.
  • Optimization of images is performed separately from the caching process, so you can see the amount of space saved with one of your biggest resource-consumers.
  • A feature is included for creating a cache for a mobile theme specifically. You can also opt to not serve a cached version for the desktop to your mobile users.

While WP Fastest Cache has no official documentation in one place, you can still find a wealth of tutorials on configuring WP Fastest Cache on your WordPress website on their blog.

W3 Total Cache

You might be aware of W3 Total Cache, as it’s one of the most popular WordPress plugins available. The WordPress caching W3 Total Cache plugin is a decent free, open-source solution, though we can’t pretend that it’s the ideal option for any website.

One of its main disadvantages is that its backend settings can be extensive and, sadly, hard to grasp. The development team can complete the proper settings for you efficiently, though newcomers may still feel confused.

Despite this issue, W3 Total Cache has managed to achieve millions of installations. It can be integrated with a CDN, and works for mobile and desktop websites nicely. It’s also recommended as a helpful companion for sites holding SSL certificates, which means eCommerce websites in particular might benefit from installing it.

The free version of the W3 Total Cache plugin includes all the features, and there are no prompts designed to push you into upgrading. The plugin can also help you make savings on bandwidth, thanks to HTTP compression, feed optimization, and minifications.

Yes, it doesn’t have the best backend configuration we’ve ever seen, but that could be down to our personal taste. Nevertheless, W3 Total Cache is still sure to help your website’s performance improve and, in turn, increase conversions.

Reasons this is one of the top WordPress caching plugins

  • W3 Total Cache is free, and most of the caching plugins you’ll need to boost your site’s speed and optimization are included.
  • Popularity can be considered an indication of a plugin’s quality,thanks to its millions of installations, though we don’t recommend you base your decisions on that alone. Take the time to browse the many positive reviews to learn more about W3 Total Cache before you commit.
  • W3 Total Cache is compatible with various hosting options, including shared hosting, clusters, and dedicated servers.
  • You can use caching for any mobile environment, so that when a user visits your site on a smartphone, they’ll still benefit from caching as they would on their computer.
  • W3 Total Cache provides SSL support, to help your online store run more quickly and efficiently. That can improve the customer experience overall.
  • As the CDN works with the media library, you can check the quality of your images’ optimization easily.
  • You’ll have access to compression and minification, as well as caching of databases, objects on your disk, and posts.
  • Object caching is supported with W3 Total Cache.

You can get started with help from the in-depth documentation for W3 Total Cache available

Alternative Approach To Caching

Instead of using caching solutions on web app level you may think about NGINX – it can proxy requests to other web servers or apps. The outcome here – performance increase for serving static files.  Another important feature – NGINX can sit ‘in front’ of web servers where it acts as a gateway to other applications or servers. Additionally, it can also cache the results of requests proxied to FastCGI and uWSGI processes, as well as to other HTTP servers.

NGINX is fully supported by Plesk and can be configured/tuned up easily via Plesk interface. And if you consider to user NGINX with Plesk for caching – think also about WordPress Toolkit, which will help you a lot to manage WordPress routine tasks.

Conclusion

We hope we’ve helped you understand why website caching is so important, but the functions that make caching work can be incredibly difficult for the average WordPress user to understand initially. That’s why you might struggle to determine which settings in a caching plugin will be right for you at first.

Again, if you choose managed WordPress hosting, you won’t need to organize your own plugins. The host will do that for you, and caching will take place on the server. But caching plugins are essential if you’re using shared or self-managed hosting.

Now that you’ve reached the end of this guide, we hope you’ll find picking the best plugins for your WordPress website easier. Focus on learning as much as you can about any of the WordPress plugins that appeal to you most, to help yourself make the most well-informed decision.

An Overview of PHP Vulnerabilities – WordPress Perspective

WordPress PHP vulnerabilities Plesk

You probably already know that WordPress websites are vulnerable to brute force attacks, called so because they just try over and over again to guess your username and password combination. But in the never-ending arms race between hackers and site owners there is also the problem of much more sophisticated bots that will try to worm their way into weaknesses in your website’s PHP code, too. Both of these hacks are popular ways of testing your defenses and they both underline the need for constant vigilance on the part of site owners and admins. To that end, you need to consistently upgrade your WordPress so that it’s always one step ahead of potential PHP vulnerabilities and you also need to make sure that you only use the most up-to-date versions of your plugins and themes.

If you didn’t already know, your WordPress website, themes, plug-ins, and apps such as PhpMyAdmin rely on a language called PHP to work properly. Now, the developers who write all of that stuff are not lazy and they aren’t deliberately leaving doors open for hackers to slip in through. The truth is, it’s hard for developers to write code that anticipates every single way that a bad actor might choose to attack. They do their best, release the software, and then it’s often only through everyday use that any holes in the defenses become apparent. Users’ experiences with attacks help to inform the process making everything secure. It’s a case of building it as best you can and testing it ‘in the wild’, responding to each new security alert as fast as possible, and then bracing for the next. It will become clear as you read that the majority of the PHP vulnerabilities shown here come about because of unsafe user input, meaning that someone has fed malevolent code to the web app or moved it to a section of the app in such a way that a vulnerability is created. This highlights why it’s important to pay special attention to all situations where user input can either deliberately or inadvertently introduce dangerous code to the system. These are always the leakiest parts of any WordPress ship.

There are a few different classifications of PHP vulnerabilities. We’ve include a few of the most frequently encountered ones with a basic explanation for each of them, but we haven’t included any PHP code as we’re aiming this to be an overview for people like admins rather than an exhaustive report for developers.

RCE – Remote Code Execution

Remote Code Execution (RCE) is just like it sounds. It happens when someone attacks and manages to upload code to your website and then runs it. A problem with a PHP application might let a user enter code which it then treats as PHP code, which might subsequently make it possible for the hacker to do various things. It could allow them to create a new file containing code that gives them full access to your website, for instance. This opportunity to remotely run malicious code is referred to as an RCE vulnerability. As you can imagine, the ability to do whatever they want with your website makes remote code execution an extremely dangerous kind of attack.

SQL Injection or SQLi

SQL Injection is similar, it’s when the hacker can get your database to run their own instructions. Anytime a PHP developer invites data input from a website visitor they should only pass it to the database after they’ve checked it to make sure that it isn’t trying to sneak in any dangerous code. SQL Injection gives a hacker free rein with the data on your website, which means they could create new data in your database including links to spammy or equally undesirable URLs. Hackers might also want to create their own admin level user account, to give themselves full access to and control of your website. It’s easily done with SQL injection. It’s another very serious security vulnerability because again, it hands the hacker the keys to your site.

Authentication Bypass

Sometimes a PHP developer might believe that they are properly validating that a site visitor has the right access level before performing an action, but they’ll actually be checking the wrong thing.
This problem can insinuate itself into WordPress apps via a mistake that WordPress developers frequently make where they use the ‘is_admin()’ function when trying to confirm that someone is indeed an admin. The problem is that this function only tells you if someone is viewing an admin page, but it doesn’t prove that a site visitor is actually an administrator. If a developer inadvertently uses this function, then they are handing admin level features to users who aren’t really admins.
There are other examples in the same vein, and they occur most often when a developer doesn’t check to make sure that the user is permitted this kind of access before they allow a function to be executed.

PHP Object Injection

A PHP object Injection attack is more sophisticated because a PHP app passes input from the user to a function called ‘unserialize()’. This takes a stored object and puts it in memory. Although this seems complex, the main thing to remember with PHP object Injection is that it happens when a developer doesn’t do the right kind of gatekeeping and allows unsafe input from the user to enter a PHP application.

Cross-Site Scripting (XSS)

This is when a hacker causes a website visitor’s browser to load and run dangerous code, which might then (for example) grab their cookies and hand administrator-level access to the intruder, meaning that Bell once again be able to do whatever they like.
Cross-Site Scripting comes in two flavors – Stored and Reflected. A Stored Cross-Site Scripting vulnerability is one where the hacker tricks the website into allowing in dangerous code which later gets sent to and run in a visitor’s web browser. This kind of thing often happens when a comment is posted on your WordPress website that contains dangerous code. It then steals user cookies and passes them on to the hacker.
Reflected Cross-Site Scripting happens when a hacker puts dangerous code in a link. If it then gets loaded into a browser, the website serves it up along with the content. This code then runs in the visitor’s browser and it can steal cookies or perform other nefarious tasks. One example of a Reflected Cross-Site Scripting attack is a WordPress search results page that includes the search query included in the URL and is not cleaned properly. The page then serves up the search results as well as the initial query, which could be dangerous code that runs within the visitor’s browser. Hackers could use Reflected Cross-Site Scripting to compromise a website by creating a link to a page of search results with dangerous code in it, and they could then send that to the site administrator to steal their cookies.

Cross-Site Request Forgery – CSRF

A Cross-Site Request Forgery (CSRF) refers to when someone creates a link and manages to get a site admin (or in fact anybody with high-level access) to follow it, and this causes the site to perform an action. So, for instance, if somebody built a link that creates a new admin with a known password when a site admin clicks on it, this would be an example of a Cross-Site Request Forgery attack. It’s not all plain sailing though. The difficult part for the hacker is finding a way to convince the site admin to follow the link, and then set up the new admin with one of the currently used passwords which the bad guys hope to steal. WordPress does already have a way of protecting itself from this kind of approach. It uses a security token (just a number) known as a “nonce” which is granted to the admin each time they log in, and this number is included every time the WordPress site admin does something of the sensitive nature. If a hacker takes the approach we’ve described, trying to use a link in a Cross-Site Request Forgery attack, they also need to know the nonce to send with it. Since this number changes every day, successfully executing a Cross-Site Request Forgery attack becomes much more difficult, if not impossible. With that in mind, it should be the case that every developer knows not to build themes and plug-ins that don’t use nonces for request verification, but not everyone is as diligent as they should be. But they can put it right after the fact, and for an easy remedy they just need to use code to access WordPress’s native nonce feature.

Remote File Inclusion (RFI) and Local File Inclusion (LFI)

Remote File Inclusion or RFI happens when a PHP app passes user input to a function that loads a file. If the file turns out to be a URL, the function would then load PHP code from the hacker’s specially built website to attack your website. Including a remote file in a URL is called Remote File Inclusion or RFI. If the file a hacker passes is a local file, the application might send its contents to the screen. This is an approach frequently used by hackers to help them break into a WordPress website’s wp-config.php file. This approach is known as Local File Inclusion or LFI. Functions vulnerable to RFI and LFI in PHP are: include, include_once, fopen, file_get_contents, require and require_once.
All of these functions load PHP code or content from a place that the developer decides on. If they don’t configure the website’s PHP installation in the safest way, a hacker can then load a dangerous file as PHP code or content and use it give them access to your site. The majority of PHP installations keep you safe from RFI attacks which load remote URLs by restricting where files can be included from. But it’s not uncommon for PHP developers to inadvertently produce code that lets a hacker access a local file like wp-config.php. This helps to explain why Remote File Inclusion vulnerabilities happen less often than Local File Inclusion vulnerabilities.

Conclusion

We hope this overview of frequently seen PHP vulnerabilities and their creation has helped you in your role as a WordPress administrator. You might have seen a few of them on your security updates. We hope that the insights that we’ve shared about what they do will help you to stay vigilant and deal with them more effectively. This knowledge should make you better able to ask questions of developers and better able to see how vulnerabilities work before you deal with them.

Most Widely Used Plesk Extensions and Toolkits This ‘HoliDeals’ Season (Part 2)

If you enjoyed the first HoliDeals announcement, this blog post will definitely perk you up. The world is running on Cloud today. Especially businesses that have to host their websites. Plesk has emerged as a great web hosting control panel that can make things way too easy for you. And you can make your Plesk control panel even more efficient with the right extensions, feature-rich packs, and toolkits. This way you not only increase productivity but reduce operating costs too.

But don’t worry – we got you sorted. As they say, ’tis the season to be jolly. And we want to make your holidays even more special with our Plesk HoliDeals Calendar. For 24 days, starting from December 1st, 2020, you’ll get exclusive discounts on top Plesk extensions, feature packs, toolkits, and licenses to make your toolbox jingle all the way!

So, enough chitchat – Let’s reveal the next 12 extensions and discuss their major benefits and features!

#13 Teamspeak Interface

It’s Tea(m) Time! This extension is a multifunctional web interface that allows you to install Teamspeak Interface and add-on modules with just a single click. With this extension, you can manage TeaSpeak and Teamspeak 3 Voice Server and other existing instances.

It provides you with an extensive set of user management options and roles, customized according to your customer needs or the co-administrators’ needs.

Teamspeak Interface extension is an ideal solution that enables you to control TeaSpeak and Teamspeak 3 servers through the web. There are two available license packages with Teamspeak Interface – Basic Starter and Pro Starter.

The Basic Starter pack comes with:

  • 100 additional user accounts.
  • Manage up to 3 voice server instances.
  • Includes extensions like Server File Management and Icons, Server Group Management, Channel Group Management, Client and Permission Management, TS Bots, and API.

The Pro Starter pack comes with:

  • 300 additional user accounts.
  • Manage up to 10 voice server instances.
  • Includes extensions like Reseller Management, Server File Management and Icons, Server Group Management, Channel Group Management, Client and Permission Management, TS Bots, and API.

We are offering an exclusive discount on this extension through HoliDeals. Make sure you grab the opportunity before it’s too late.

#14 Joomla! Toolkit

Joomla! Toolkit is a powerful toolkit for Joomla! users that allows them to secure and mass manage Joomla templates, extensions, and instances running on the Plesk server. The toolkit comes with a single dashboard for easy management, safety, and creation of Joomla instances.

All it takes is a single click to download, initialize, and configure the toolkit for hassle-free operation. We have created Joomla! Toolkit to enhance the security aspects of your content management system. There is no security expertise requires – the toolkit hardens your website by default, and with its security scanner, you can ward off any potential threats.

It is an all-inclusive toolkit for Joomla! as you can update templates, extensions, and instances from a single place. Also, you can monitor the performance of your Joomla websites from a single dashboard.

#15 KernelCare

Those who have Linux servers installed always experience system vulnerabilities and security flaws. To cope with this issue, we have launched the KernelCare extension that protects your Linux server against critical issues and downtime.

It is a paid extension and is probably one of the best security and server tools. During the HoliDeals, you have the opportunity to purchase the subscription at the best value.

The extension installs kernel updates within a matter of minutes without needing to reboot your Linux server. In this updated version of KernelCare, we have fortified the extension with the following benefits:

  •   Displays the server uptime.
  •   Enables roll back changes.
  •   Support automatic and manual updates.
  •   Check for updates every four hours.

#16 Cloudplan

You can use Cloudplan on your Plesk server to host folders and files, synchronize them between all your devices and share them on the go. We have designed Cloudplan to be a PCaaS (Private Cloud as a Service) solution that you can install on all on-premise servers, cloud servers, and even hybrid clouds.

The primary objective of Cloudplan is to provide users with a complete private cloud solution with full control over data. With this extension, you can connect all the possible nodes available, including cloud and on-premise servers, mobile devices, PCs, and laptops, among others.

They all can be connected automatically with end-to-end encryption. You will be provided with a centralized web portal to control and monitor the whole private cloud network.

#17 Sitejet

Sitejet is a web design platform for agencies that allows you to collaborate with your team and customers with ease and create, manage, and launch quality websites. It comes with a high-performance content management system (CMS), which you can use to create responsive websites.

It is designed and developed by a team of experienced web designers looking at cost-effective results for web developers. With Sitejet, you can streamline your web development process.

The extension comes with intelligent workflow automation, file management system, time tracking, to-do, and a ticket to make the design process less complicated and less time-consuming. Some of its salient features include:

  •   Customer collaboration.
  •   Whitelabel platform.
  •   Multi-user and permissions.
  •   Scale your agency.
  •   Manage customers efficiently.
  •   More time for creativity.
  •   Complete design flexibility.
  •   Save management and design time.

#18 Virusdie

Virusdie is a Plesk website antivirus extension for Windows and Linux servers that lets you keep your websites free from viruses with just a single click. The extension comes with features like email alerts, patch management for plugins and CMS, an in-built file editor with malicious code highlighting, automatic malicious code deletion, and an accurate threat scanner.

The best part is that we have designed Virusdie to be compatible with a selection of content management systems, including PrestaShop, DLE, Drupal, Joomla, and WordPress, among other popular methods.

We are offering Virusdie services for both free and paid. In the free version, you get features like:

  •   Email notifications
  •   Automatic antivirus database updates every 6 hours
  •   Full description of viruses
  •   Automatic site scans for vulnerabilities.

In the premium version, you get:

  •   Scheduled scans – daily and weekly
  •   Vulnerability manager
  •   Malicious code highlighting
  •   Safe and accurate malicious code deletion
  •   Scheduled scans – daily and weekly
  •   Vulnerability manager
  •   Malicious code highlighting
  •   Safe and accurate malicious code deletion

#19 Smart Updates for WordPress Toolkit

If you have a WordPress content management system that you want to keep updated and secure all the time, then you should download our Smart Updates for WordPress Toolkit. We have designed this extension to help you determine the required updates to keep your websites up-to-date.

We are offering a one-month free trial of Smart Updates for WordPress Toolkit, in which you get smart, automated tests, and you will always remain in charge of the operations.

Make use of the free trial to understand how the extension might be helpful, and if you like it, you can always purchase it. As we are currently in the middle of the Plesk HoliDeals Calendar, there is a high chance that you might get a good deal on Smart Updates for WordPress Toolkit.

The prominent features that will make you install this extension are:

  •   Smart Updates available for WordPress themes, plugins, and core.
  •   Production website is not affected during both manual and automatic updates.
  •   Smart Updates service determines the changes, analyzes the update, and concludes whether the update needs to be performed on the production site.
  •   Automatic and manual updates are available.
  •   We are providing Smart Updates for WordPress Toolkit on a per-site basis.

#20 Statistics and Usage Manager

This is an extension for Plesk that enables you to manage and view disk usage and traffic of your Linux OS subscriptions. The best part is that Statistics and Usage Manager allows you to do this all in real-time.

With Statistics and Usage Manager, you can sort your subscriptions by disk space statistics or traffic. You are also provided with a custom button to manage and view the statistics of all your subscriptions. As an admin, you can disable or enable this function.

This is an excellent extension for web managers looking to gain insight into how their websites are performing. You can use the Plesk HoliDeals currently available to grab this extension at the best possible price.

#21 Google PageSpeed Insights

Google PageSpeed Insights provides you with increased visibility in search engines by suggesting specific improvements and providing you with tools to design and develop fast and fully optimized websites.

The extension allows you to analyze your website content and its performance to determine what can be improved. With Google PageSpeed Insights, you can:

  • Analyze the performance of your website.
  • Rate the website based on its desktop and mobile performance.
  • Make use of the suggestions to optimize your website.
  • Access extension UI like mod_pagespeed Apache module to enhance website performance.
  • Reduce the size of static files.

#22 Bitninja

Bitninja is a Plesk extension designed for companies who are looking to bulletproof their server security. This extension provides a proactive and unified system that prevents 99% of all types of malicious attacks, safeguarding your company from reputation loss.

It comes with nine defense modules, namely:

  • Port Honeypot.
  • IP Reputation.
  • DoS Mitigation.
  • Web Application Firewall.
  • Log Analysis.
  • Web Honeypot.
  • Malware Detection.
  • Outbound WAF.
  • SSL Terminating.

These defense modules save you at least 12 hours of troubleshooting every day.

#23 Additional Language Pack

Plesk includes language packs for the translation of UI into different languages. While all the supported languages are installed during Plesk installation, you can download the Additional Language Pack extension if you want additional languages.

The number of languages you can install and download will depend on the Plesk license you have bought.

Suppose your site operates globally, and you want to reach out to the local community by offering your website in their native language. In that case, you can do so with Additional Language Pack.

#24 Web Host VPS or dedicated

Finally, here’s our last but not least HoliDeals offer. The growing need for customer self-administration can be quickly taken care of by Web Host VPS or dedicated. This Plesk edition proves to be an optimal solution that can fully customize your business, allowing you to increase profit and service offerings. 

When you install Web Host VPS or dedicated, you get several benefits, such as:

  •   Improved supportability.
  •   Turnkey application storefront for resale of services and applications.
  •   Instant high-end website creation and design.
  •   Improved audience focus for agencies, content teams, and website developers.
  •   Customize your service offering.

Don’t Miss a Gift!

Did you know you can add your daily reminders to your personal calendar? Or you can also subscribe now to receive fresh updates to your mailbox. Check here if you want to know more!

So… these above are some super hot extensions that you would want to install to boost your Plesk server performance. So, you would want to make use of the Plesk HoliDeals Calendar

Based on their popularity, we have managed to list these 24 Plesk extensions and toolkits. If you think that you need offers on some other Plesk products and services, let us know in the comments. Happy HoliDeals!

The Plesk WordPress Toolkit 5.2 is Now Available

The Plesk WordPress Toolkit 5.2 is now publicly available! This release focuses on catching up on popular customer requests and fixing various nagging issues. The 5.2 update has something for everyone, so let’s take a look at what’s new!

Sets for Resellers

Allowing resellers to have their own sets is the most popular feature request in the WordPress Toolkit section of Plesk Uservoice. It’s requested not only by legit resellers but also by those who are using reseller accounts as limited Plesk server administrator accounts. Anyway, this feature is finally here:

Here’s what you need to know about this feature:

  • Resellers get the same default sets as server administrators.
  • Resellers can only access and manage their own sets.
  • Customers of resellers can see the sets of their resellers when installing WordPress. They do not see server administrator sets.
  • The global option “Allow customers to use sets when they install WordPress” will also affect reseller sets. If this option is switched off, resellers’ customers won’t see any sets when installing WordPress.
  • Reseller service plans actually include additional services with automatic installation of WordPress (alone or with any of the reseller sets).

Theme Activation in Sets

Another thing that’s been requested a lot recently is the ability to choose which theme should be activated in a set when this set is installed on a WordPress site. This feature allows hosters and web studios to provide more turnkey added value in their WordPress service offerings. So we made it happen.

As a reminder, you can install sets in one of the following ways:

  1. Provision a subscription-based on a service plan with a specific Additional Service that installs WordPress with a particular set.
  2. Install a set together with WordPress when you install a new WordPress site.
  3. Install a set on an already existing WordPress site via Sets tab functionality.

All these ways are available both via GUI and CLI. Your selection of a particular theme that should be activated in a set will be applied regardless of which way the set is installed.

Important notes:

  • This is not the final UI we’re aiming at. We’re planning to redesign the whole Sets tab next year to make it more convenient and user-friendly, and this feature will be a part of the redesign.
  • This ability is also available as a new operation of the –sets CLI command. Usage example: plesk ext wp-toolkit –sets -operation activate-theme -set-id ID -theme-id THEME_ID
  • By the way, plugins in a set can also be configured to be activated or deactivated upon the installation of the set. Since plugins are activated by default, the activation feature is more of a deactivation feature, so it’s not as important (most people would like their plugins to be active right away). Anyway, it was easy to do, so we threw it in as a bonus.
  • Activating and deactivating plugins in a set via CLI is also supported.

Pending Smart Update Notification

Looking at Smart Updates, cPanel team has noticed that there’s no way for users to learn that Smart Updates wasn’t applied automatically due to some issues and that they needed user attention. This happens because WordPress Toolkit is not yet integrated with email notifications in cPanel (something we’re planning to remedy soon). 

It also became clear that the problem is bigger than this. Users who’ve launched Smart Updates but closed the Update window without making a decision could also forget that they needed to either apply the update or reject it. To fix this problem, we have added a visual marker notifying about a pending Smart Update on a site card:

This notification will be displayed whenever there’s a finished Smart Update test run that needs to be reviewed and either applied or rejected by the user. To open the Smart Updates window, users will be asked to click on the Check Updates button.

WordPress Toolkit Deluxe Dashboard… Lite

After the introduction of the second licensing type in WordPress Toolkit for cPanel, we realized that there’s no quick and convenient way for the server admin to check who exactly has access to the paid WordPress Deluxe features. Depending on how the hoster’s packages and feature lists are organized in WHM, this task can range from trivial to quite challenging. 

To make things a bit easier, we’ve added a very basic screen that lists all accounts on a server with access to WordPress Toolkit Deluxe. It can be accessed via a link on the Settings screen:

Lo and behold, this might be the simplest WordPress Toolkit screen in the product history:

Depending on user feedback, we might improve this list, including stuff like redirects to cPanel of a particular user account, and so on. For now, it does what it intends to, and we hope it will prove useful.

Underscore in Slugs

WordPress Toolkit had a long-lasting issue with plugins and themes that use underscore symbol in their slugs (technical names / IDs). Specifically, it was not possible to upload, install, or update any plugin or theme with such a symbol in its slug through WordPress Toolkit. 

For a time, this was not deemed to be a real issue since WordPress directory maintainers do not usually assign slugs with an underscore to submitted plugins and themes, so this symbol is not typically used in such context. 

However, over the years we have discovered that there are several popular plugins that feature underscore in their slugs (js_composer is the biggest culprit). The time has finally come, and we have updated a number of internal WordPress Toolkit routines to properly work with plugins and themes that have slugs with underscore symbol.

Site List Expanding Changes

In WordPress Toolkit 5.0 we have introduced a new list-based interface for sites, which brought not only new features but also new issues with it. 

One particular issue happened when users installed a new site. The interface for managing this site was often collapsed by default even if it was the only site in the list. We’ve investigated the behavior of our new list UI and introduced a number of changes in WordPress Toolkit 5.2. Now, the following logic is used:

  • After a site is installed, it is expanded by default, regardless of how many sites are in the site list.
  • After a clone is created, it is expanded by default, regardless of how many sites are in the site list.
  • If a user only has one site, it should always be expanded by default.

This is just the beginning, though. We continue to look into improving the collapse/expand behavior further in our next releases. In particular, we’d like to remember the user’s choice (which site was expanded, and which was collapsed) and improve the performance of the site list when it has a lot of sites. Both items might seem obvious but are far from trivial in terms of implementation. Therefore they will take some time to address.

CentOS 8 & CloudLinux 8 support

WordPress Toolkit v5.2 supports CentOS 8 and CloudLinux 8 on both Plesk and cPanel. Note that the CloudLinux team has not officially announced CloudLinux 8 support for Plesk and cPanel, but WordPress Toolkit works fine on it, as far as we can tell.

Web Server Rules Description

WordPress Toolkit adds specific rules to web server config files when it applies certain security measures. If you look at these rules, it’s not apparent who added them and why. To make things more transparent for admins, we have added short descriptions for each rule right in the webserver config files (except for IIS, where it’s not so easy). 

It’s a small change, but we’d like to think it can help users better understand the value brought by WordPress Toolkit and help debug things if something goes wrong.

Research, Improvements, and Bugfixes

During this release, the team did a lot of research on topics we’d like to address in the future. Here are some of the things we’ve investigated:

  • How to properly clone and copy the content of a specific WordPress site if another WordPress is located inside the first site’s subdirectory.
  • How to properly clone and copy the Elementor plugin.
  • What are the most frequent and important issues with cloning functionality?
  • Why Smart Updates sometimes provide false negatives on websites with a large number of posts.
  • How we can ship a specific version of the UI library in WordPress Toolkit for Plesk.
  • How broken WordPress Toolkit will be after we perform a very belated and very major wp-cli update.
  • What issues related to PHP module requirements might turn up if WordPress Toolkit is using ea-php or alt-php when installed in cPanel working on CloudLinux 6 & 7.
  • How to improve site list performance and WordPress Toolkit performance in general on cPanel.

Some of these research tasks resulted in an immediate item resolved in the 5.2 release. Such was the case for cPanel performance research. The team has significantly improved the performance right away in v5.2 and identified several good improvement opportunities for the upcoming WordPress Toolkit 5.3 release. 

Future Plans

Our next major release will be out in January 2021. As mentioned above, we’ll continue our efforts to fix and improve existing functionality. WordPress Toolkit 5.3 will have an increased focus on improving our cloning feature, updating wp-cli utility to the latest version, and improving site list performance on both cPanel and Plesk. 

We’re still looking into what else we fit into the next release, so expect some surprises later down the road. Thanks for reading and see you next year!

The Plesk WordPress Toolkit 5.1 Release – Backup Limits, Localization Support, and More

We’re proud to announce that the Plesk WordPress Toolkit v5.1 is now publicly available. So, let’s see what this release brings to the masses.

Discover the WordPress Toolkit 5.1

Backup Limits

Backup functionality was introduced back in WordPress Toolkit v4.10. And we have already received quite a lot of feedback about it. The most popular request was about limiting the number of available backups to prevent end-users from subtly eating up all their storage space. We’ve added the limit to Plesk Service Plans under the Resources tab:

The limit is enforced on a per-site basis for the whole subscription. So, each site on a subscription gets to create the allowed number of backups. If you set the limit to 0, the backup feature becomes unavailable to end-users. Which is handy for those admins who want to fully restrict access to the new backup feature.

cPanel changes

A month ago we released WordPress Toolkit for cPanel. And we’re striking the iron whilst it’s hot. That means we’re implementing a lot of changes specific to cPanel. Let’s quickly go through them:

Database User Management

The Database User Management feature was already available in Plesk before. Unfortunately, though, it didn’t fit into the WordPress Toolkit 5.0 schedule. Since we want WordPress Toolkit to be as identical as possible on both Plesk and cPanel, we’ve added this ability in WordPress Toolkit 5.1:

New Security Measure

The “Block directory browsing” security measure was missing in the initial release of WordPress Toolkit 4 for cPanel. This was due to certain technical issues we didn’t have the time to properly resolve back then. Now, we’ve fixed everything that needed fixing. So we’re introducing this security measure on cPanel:

Localization Support

WordPress Toolkit v5.1 now supports multiple different languages on cPanel. Whenever you change your language in WHM or cPanel, WordPress Toolkit will also switch to this language. This change affects both WHM (with server-wide locale setting) and cPanel (with user-specific language setting).

Changelog

WordPress Toolkit changelog isn’t the easiest thing to find, especially for cPanel customers. To remedy this, we’ve added the ability to view product changelog from the global WordPress Toolkit settings:

WordPress Toolkit has a single unified changelog for both Plesk and cPanel, since it’s the same product, just on different platforms. Filtering out information about the platform you need isn’t particularly easy. We’re looking into improving the changelog UI and UX in the future.

Improvements, Bugfixes, and Future Plans

Speaking of changelog, it clearly shows that WordPress Toolkit 5.1 includes more bugfixes than usual. But don’t worry – This is not caused by the sloppiness of the WordPress Toolkit dev team. We’re simply putting more focus on the stability and robustness of the product, which means fixing more bugs 🙂 

Besides improving site list performance on cPanel, we’re also planning to implement several internal enhancements. That hopefully will make WordPress Toolkit more stable and robust, leading to fewer bugs down the road. We’re also going to address a couple of other hot topics. Like adding sets for resellers by the end of 2020 – but we’ll get back to you with it when it’s fully developed. 

One of the upcoming WordPress Toolkit releases will focus heavily on addressing issues related to cloning, which should also improve Smart Updates’ performance.

…As you see, we have a lot of things in store for the future. So stay tuned for the upcoming WordPress Toolkit releases. And drop us a line in the comment section if you’d like to share your experience with us. Thank you for your attention and see you next time!