WP Toolkit - Product News

[custer]

Hi everyone,

WP Toolkit v6.2 is out. Changelog:

6.2.0 (12 Apr 2023)​

• [+] Added new API methods for working with plugins and themes on an installation
• [+] (cPanel) Extended Team Manager feature support
• [+] (cPanel) Added AlmaLinux 9 support
• [+] Added help output for the updated --clear-cache CLI command
• Adjusted the logic of displaying warnings about outdated PHP versions to make sure alt-php doesn't incorrectly trigger them anymore
• (Plesk) Updated integration with Dynamic list to accommodate for corresponding changes in Plesk
• [-] WP Toolkit no longer shows Failed to find set with specified ID error when installing WordPress under certain rare circumstances. (EXTWPTOOLK-9898)
• [-] Unaccessible free trial offer is no longer displayed for Smart Updates. (EXTWPTOOLK-10312)
• [-] Once mitigated via WP Toolkit, CVE-2022-3590 vulnerability is now always properly shown as mitigated. (EXTWPTOOLK-10298)
• [-] Smart Update no longer reports certain combinations of square brackets as a false positive "broken shortcode" issue. (EXTWPTOOLK-10050)

 

[custer]

@custer

In my humble opinion, you should really consider to

1 - give a roadmap of planned future premium features that will be included in WPT Deluxe

2 - give an option for Plesk license holders and/or endusers to give the WPT Deluxe a try during a brief period of time......


I hope that you can at least share some insight into the expected roadmap of WPT Deluxe .......

Kind regards....

Hey trialotto,
1. Good point. We don't have a roadmap to share at the moment, but we should, as such transparency should help users make the decision.
2. In-product trial is definitely on the roadmap.

 

[trialotto]

@custer

I have been probably missing some of the new developments with respect to WPT, but is there any support for the wc cli (WooCommerce command line) utility that normally is supported by the wp cli (WordPress command line) utility? I could not find that in the release notes - after a very quick check.

In essence, the WPT does not update the WooCommerce database after WooCommerce updates that require WooCommerce database updates.

It would be really good if that (and other wc cli) functionality is available by default in the WPT.

Kind regards....

 

[Peter Debik]

6.2.1 (13 April 2023)​

13 April 2023

• [-] Login to WordPress from Dynamic List now properly works again. (EXTWPTOOLK-10409)

 

[custer]

@custer

I have been probably missing some of the new developments with respect to WPT, but is there any support for the wc cli (WooCommerce command line) utility that normally is supported by the wp cli (WordPress command line) utility? I could not find that in the release notes - after a very quick check.

In essence, the WPT does not update the WooCommerce database after WooCommerce updates that require WooCommerce database updates.

It would be really good if that (and other wc cli) functionality is available by default in the WPT.

Kind regards....

Hi trialotto, thanks for letting me know -- we'll look into it.

 

[custer]

Hey everyone, here's the long-awaited WP Toolkit version 6.3! Here's changelog:

6.3.0 (27 Mar 2024)​

• [+] Added integration with Wordfence vulnerability database:
  • WP Toolkit now displays combined information from Patchstack and Wordfence vulnerability databases, with links to both services
  • Some vulnerability entries might happen to be duplicates, but we're working on merging them as well
• [+] Introducing new vulnerability management UI based on WP Guardian
• [+] Added the ability to filter out vulnerabilities based on their CVSS score to reduce alert fatigue
• [+] (Plesk) Full-featured integration of WP Toolkit into Plesk Dynamic list is now available:
  • Most WP Toolkit features are now accessible directly from Dynamic list in Plesk without having to visit the separate WP Toolkit interface
  • Mass management operations are not in scope of this integration, please use the separate WP Toolkit interface for them
  • To enable this feature, add appModeFeature = on under the [ext-wp-toolkit] section of the panel.ini file
• [+] Added a link to Codeable platform for site admins:
  • Codeable provides access to WordPress experts and developers for WordPress site administrators
  • Unlike many freelancers, Codeable experts and developers will never recommend against the current host
  • To hide the link to Codeable, add codeableIntegrationFeature = off under the corresponding section of the panel.ini (Plesk) or config.ini (cPanel) file.
  • To put your company's name on the Codeable landing page, add codeableUrlCustomer = your company name under the corresponding section of the panel.ini (Plesk) or config.ini (cPanel) file.
• [+] Added API for managing WordPress backups
• [+] Added API for managing Sets
• [+] Backup file name and timestamp are now added to the corresponding meta.json file
• [+] Backup API now allows to add an arbitrary description to the corresponding meta.json file
• [+] (cPanel) WP Toolkit now works on Ubuntu 22.04
• Security improvements
• Minor assorted improvements to Maintenance Mode
• Improved WordPress installation speed on CloudLinux OS
• Reduced memory consumption when working with vulnerabilities
• (cPanel) Improved WP Toolkit performance via opcache shenanigans
• (cPanel) Improved WP Toolkit responsiveness in case of cPanel user account modifications
• [-] Fixed a bunch of PHP errors and notices appearing in server-level log files
• [-] WP Toolkit now honestly reports if a site could not be added after the scan due to improper directory ownership. (EXTWPTOOLK-9679)
• [-] Scan info message now provides info about reattaching a previously detached site. (EXTWPTOOLK-10109)
• [-] Autoupdate policies are now properly applied to plugins and themes installed via set. (EXTWPTOOLK-10699)
• [-] Mitigate action is no longer displayed for vulnerabilities that cannot be addressed by security measures. In fact, since the interface was reworked, this action does not appear at all because it was renamed to Apply security measure. (EXTWPTOOLK-11390)
• [-] Scheduled task execution no longer overlaps on servers with thousands of sites. (EXTWPTOOLK-11017)
• [-] Maintenance mode timer is now limited to a maximum of 99 days because come on, really!? (EXTWPTOOLK-11181)
• [-] (cPanel) Smart PHP Update is no longer unable to find the right PHP version on the server. (EXTWPTOOLK-10701)
• [-] (cPanel) Multiple Smart PHP Update processes can now be launched simultaneously. (EXTWPTOOLK-10958)
• [-] (cPanel) Customers can now run scan procedure without getting disappointed by the Task is not responding, error code 1 error. (EXTWPTOOLK-11184)
• [-] (cPanel) Removed banner in WHM about WP Toolkit Deluxe not being enabled in any packages. (EXTWPTOOLK-10468)

 

[lightingman2003]

Great to see the updates to the WordPress Toolkit!
Can I check one thing though, is there anymore information that can be given about the following entry:
[+] (Plesk) Full-featured integration of WP Toolkit into Plesk Dynamic list is now available

 

[burnley]

Is there any more info on how this new feature works, as I can't seem to work out where to how to apply the filter in the Toolkit or plesk notifications pages? ?

• [+] Added the ability to filter out vulnerabilities based on their CVSS score to reduce alert fatigue

 

[trialotto]

Hey everyone, here's the long-awaited WP Toolkit version 6.3! Here's changelog:

6.3.0 (27 Mar 2024)​

• [+] Added integration with Wordfence vulnerability database:
  • WP Toolkit now displays combined information from Patchstack and Wordfence vulnerability databases, with links to both services
  • Some vulnerability entries might happen to be duplicates, but we're working on merging them as well
• [+] Introducing new vulnerability management UI based on WP Guardian
• [+] Added the ability to filter out vulnerabilities based on their CVSS score to reduce alert fatigue
• [+] (Plesk) Full-featured integration of WP Toolkit into Plesk Dynamic list is now available:
  • Most WP Toolkit features are now accessible directly from Dynamic list in Plesk without having to visit the separate WP Toolkit interface
  • Mass management operations are not in scope of this integration, please use the separate WP Toolkit interface for them
  • To enable this feature, add appModeFeature = on under the [ext-wp-toolkit] section of the panel.ini file
• [+] Added a link to Codeable platform for site admins:
  • Codeable provides access to WordPress experts and developers for WordPress site administrators
  • Unlike many freelancers, Codeable experts and developers will never recommend against the current host
  • To hide the link to Codeable, add codeableIntegrationFeature = off under the corresponding section of the panel.ini (Plesk) or config.ini (cPanel) file.
  • To put your company's name on the Codeable landing page, add codeableUrlCustomer = your company name under the corresponding section of the panel.ini (Plesk) or config.ini (cPanel) file.
• [+] Added API for managing WordPress backups
• [+] Added API for managing Sets
• [+] Backup file name and timestamp are now added to the corresponding meta.json file
• [+] Backup API now allows to add an arbitrary description to the corresponding meta.json file
• [+] (cPanel) WP Toolkit now works on Ubuntu 22.04
• Security improvements
• Minor assorted improvements to Maintenance Mode
• Improved WordPress installation speed on CloudLinux OS
• Reduced memory consumption when working with vulnerabilities
• (cPanel) Improved WP Toolkit performance via opcache shenanigans
• (cPanel) Improved WP Toolkit responsiveness in case of cPanel user account modifications
• [-] Fixed a bunch of PHP errors and notices appearing in server-level log files
• [-] WP Toolkit now honestly reports if a site could not be added after the scan due to improper directory ownership. (EXTWPTOOLK-9679)
• [-] Scan info message now provides info about reattaching a previously detached site. (EXTWPTOOLK-10109)
• [-] Autoupdate policies are now properly applied to plugins and themes installed via set. (EXTWPTOOLK-10699)
• [-] Mitigate action is no longer displayed for vulnerabilities that cannot be addressed by security measures. In fact, since the interface was reworked, this action does not appear at all because it was renamed to Apply security measure. (EXTWPTOOLK-11390)
• [-] Scheduled task execution no longer overlaps on servers with thousands of sites. (EXTWPTOOLK-11017)
• [-] Maintenance mode timer is now limited to a maximum of 99 days because come on, really!? (EXTWPTOOLK-11181)
• [-] (cPanel) Smart PHP Update is no longer unable to find the right PHP version on the server. (EXTWPTOOLK-10701)
• [-] (cPanel) Multiple Smart PHP Update processes can now be launched simultaneously. (EXTWPTOOLK-10958)
• [-] (cPanel) Customers can now run scan procedure without getting disappointed by the Task is not responding, error code 1 error. (EXTWPTOOLK-11184)
• [-] (cPanel) Removed banner in WHM about WP Toolkit Deluxe not being enabled in any packages. (EXTWPTOOLK-10468)

@custer

Two questions :

1 - any update on wc cli (WooCommerce command line utility) integration?

2 - can you have a look at migration consistency?


With respect to question 2, please note that migration of a WPT managed WP instance to a target server CAN result in notifications (on the target server) of

Website "" (<full path>): Failed to reset cache for the instance #8: Error: This does not seem to be a WordPress installation.
The used path is: <path>
Pass --path=`path/to/wordpress` or run `wp core download`.

even in the case that these messages are not showing on the source server.

This is unpredicted migration behavior, very likely to be the result of how WPT manages and shows issues on both source and target server.

Moreover, it is "dangerous" behavior, since the migrated WP instance might not or often does not work as expected within WPT on the target server.

Could you be so kind as to have a look?


Kind regards.....

 

[Kaspar]

Great to see the updates to the WordPress Toolkit!
Can I check one thing though, is there anymore information that can be given about the following entry:
[+] (Plesk) Full-featured integration of WP Toolkit into Plesk Dynamic list is now available

A picture says more than a thousand words. Two screen shots for comparison.

Old WP Toolkit integration into Plesk Dynamic list


New (Full-featured integration of WP Toolkit into Plesk Dynamic list)

 

[Kaspar]

Is there any more info on how this new feature works, as I can't seem to work out where to how to apply the filter in the Toolkit or plesk notifications pages? ?

• [+] Added the ability to filter out vulnerabilities based on their CVSS score to reduce alert fatigue

Open the WP toolkit and open the Settings to adjust the CVSS score.

 

[burnley]

@Kaspar
We have set a default via settings but it doesn't appear the filter is applied. Seems to be off by default for all users? I'd assumed when set it would be applied to all, perfectly happy for them to be able to change it up / down to taste. I couldn't see a toggle to enable filtering by default.

Side note: When a filter is applied and there are no CVSS above the threshold it says 'No vulnerabilities found' this is perhaps misleading and could be improved to indicate some were filtered out as I could easily see many not being aware. Especially if they cranked it up really high.

Otherwise I really think this is a great improvement.

One last suggestion, have you considered making it possible to compare plugins and theme checksum with source similar to what you have for the WordPress core?

 

[Kaspar]

@Kaspar
We have set a default via settings but it doesn't appear the filter is applied. Seems to be off by default for all users? I'd assumed when set it would be applied to all, perfectly happy for them to be able to change it up / down to taste. I couldn't see a toggle to enable filtering by default.

I've only briefly played with the CVSS filter and hadn't noticed this yet. I also would have assumed that the filter setting would be applied to all instances.

View attachment 25862
Side note: When a filter is applied and there are no CVSS above the threshold it says 'No vulnerabilities found' this is perhaps misleading and could be improved to indicate some were filtered out as I could easily see many not being aware. Especially if they cranked it up really high.
Otherwise I really think this is a great improvement.

Hmm, yeah agreed. @custer?

One last suggestion, have you considered making it possible to compare plugins and theme checksum with source similar to what you have for the WordPress core?

No really to be honest. I am not on the Plesk team nor employed by Plesk. Good suggestion though.