• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question WP Toolkit: How does it apply the Security Suggestions?

H

hotdog

New Pleskian
Server operating system version
Debian 12
Plesk version and microupdate number
18.0.6.2 #1
1) I imported a WordPress site from another server.
2) I ran the WP Toolkit sync, which added the site to WP Toolkit.
3) I went through WP Toolkit's Security Suggestions, and applied many of them (all of which were "can be reverted later" type).
4) Later, I had to test something unrelated, and I deattached this WordPress site from WP Toolkit.
5) After, I removed the .wp-toolkit-ignore file, and did the WP Toolkit sync again.
6) The WordPress site now appeared in WP Toolkit again, as expected. But all those Security Suggestions that I had applied in 3) were no longer applied, according to the WP Toolkit. So I had to re-apply them.

So this made me think, when you deattach a WordPress site from WP Toolkit, does it then automatically revert those Security Suggestions you had applied before, while the WordPress site was under the care of WP Toolkit? It appears so according to my testing. This is good to know for future, because I thought those Security Suggestions you had applied would stick even if you did deattach a site from WP Toolkit.
 
Hi, we had a similar question via support recently.

Some security measures require the WP Tookit to be used, such as the bot protection. Which only works when the site attached. Other security measures are applied to files (permission changes) or the Wordpress configuration. For example the "Block access to wp-config.php" and "Disable scripts concatenation for WordPress admin panel" measures.
These aren't reverted on when detaching a Wordpress site.

The status of these measures isn't kept when de site gets detached. So when re-attracting a site and re-scanning the security measures, these masseurs show up as available as a precaution to be applied again (even when these measures al ready applied). Confusion is understandable, I hope that clarifies it a bit.
 
You must log in or register to reply here.

Similar threads

G
Wp toolkit question
Replies
1
Views
595
Sebahat.hadzhi
Sebahat.hadzhi
W
Resolved Popup message from WP-Toolkit hangs, no X, restart without change
Replies
3
Views
487
Raul A.
R
S
Issue WordPress page in subdirectory does not work - forwarding to root
Replies
1
Views
268
Sebahat.hadzhi
Sebahat.hadzhi
T
Issue WP Toolkit incorrect vulnerability and version reports
Replies
4
Views
779
TurnRound
T
Apoxe
Issue Wp-toolkit Failed to detect owner of WordPress instance WordPress installation
Replies
6
Views
1K
Apoxe
Apoxe
Back
Top