• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question WP Toolkit: How does it apply the Security Suggestions?

H

hotdog

New Pleskian
Server operating system version
Debian 12
Plesk version and microupdate number
18.0.6.2 #1
1) I imported a WordPress site from another server.
2) I ran the WP Toolkit sync, which added the site to WP Toolkit.
3) I went through WP Toolkit's Security Suggestions, and applied many of them (all of which were "can be reverted later" type).
4) Later, I had to test something unrelated, and I deattached this WordPress site from WP Toolkit.
5) After, I removed the .wp-toolkit-ignore file, and did the WP Toolkit sync again.
6) The WordPress site now appeared in WP Toolkit again, as expected. But all those Security Suggestions that I had applied in 3) were no longer applied, according to the WP Toolkit. So I had to re-apply them.

So this made me think, when you deattach a WordPress site from WP Toolkit, does it then automatically revert those Security Suggestions you had applied before, while the WordPress site was under the care of WP Toolkit? It appears so according to my testing. This is good to know for future, because I thought those Security Suggestions you had applied would stick even if you did deattach a site from WP Toolkit.
 
Hi, we had a similar question via support recently.

Some security measures require the WP Tookit to be used, such as the bot protection. Which only works when the site attached. Other security measures are applied to files (permission changes) or the Wordpress configuration. For example the "Block access to wp-config.php" and "Disable scripts concatenation for WordPress admin panel" measures.
These aren't reverted on when detaching a Wordpress site.

The status of these measures isn't kept when de site gets detached. So when re-attracting a site and re-scanning the security measures, these masseurs show up as available as a precaution to be applied again (even when these measures al ready applied). Confusion is understandable, I hope that clarifies it a bit.
 
You must log in or register to reply here.

Similar threads

carlsson
Resolved Panic! Site crashed and restoring backup fails
Replies
18
Views
1K
carlsson
carlsson
D
Issue Sporadic Site not Found message for newly installed WordPress pages
Replies
7
Views
768
darktime
D
D
Resolved WP Toolkit Unable to download package from wordpress.org
2
Replies
24
Views
9K
Kaspar@Plesk
Kaspar@Plesk
Bitpalast
Resolved Wordpress not downloadable/installable in different versions on several servers [due to rate-limiting on WP side]
Replies
15
Views
1K
Bitpalast
Bitpalast
D
  • Locked
New WordPress installation random Site not found
Replies
1
Views
427
Peter Debik
P
Back
Top