• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question WP Toolkit: How does it apply the Security Suggestions?

H

hotdog

New Pleskian
Server operating system version
Debian 12
Plesk version and microupdate number
18.0.6.2 #1
1) I imported a WordPress site from another server.
2) I ran the WP Toolkit sync, which added the site to WP Toolkit.
3) I went through WP Toolkit's Security Suggestions, and applied many of them (all of which were "can be reverted later" type).
4) Later, I had to test something unrelated, and I deattached this WordPress site from WP Toolkit.
5) After, I removed the .wp-toolkit-ignore file, and did the WP Toolkit sync again.
6) The WordPress site now appeared in WP Toolkit again, as expected. But all those Security Suggestions that I had applied in 3) were no longer applied, according to the WP Toolkit. So I had to re-apply them.

So this made me think, when you deattach a WordPress site from WP Toolkit, does it then automatically revert those Security Suggestions you had applied before, while the WordPress site was under the care of WP Toolkit? It appears so according to my testing. This is good to know for future, because I thought those Security Suggestions you had applied would stick even if you did deattach a site from WP Toolkit.
 
Hi, we had a similar question via support recently.

Some security measures require the WP Tookit to be used, such as the bot protection. Which only works when the site attached. Other security measures are applied to files (permission changes) or the Wordpress configuration. For example the "Block access to wp-config.php" and "Disable scripts concatenation for WordPress admin panel" measures.
These aren't reverted on when detaching a Wordpress site.

The status of these measures isn't kept when de site gets detached. So when re-attracting a site and re-scanning the security measures, these masseurs show up as available as a precaution to be applied again (even when these measures al ready applied). Confusion is understandable, I hope that clarifies it a bit.
 
You must log in or register to reply here.

Similar threads

carlsson
Resolved Panic! Site crashed and restoring backup fails
Replies
18
Views
1K
carlsson
carlsson
D
Issue Sporadic Site not Found message for newly installed WordPress pages
Replies
7
Views
886
darktime
D
D
Resolved WP Toolkit Unable to download package from wordpress.org
2
Replies
24
Views
9K
Kaspar@Plesk
Kaspar@Plesk
Bitpalast
Resolved Wordpress not downloadable/installable in different versions on several servers [due to rate-limiting on WP side]
Replies
15
Views
1K
Bitpalast
Bitpalast
D
  • Locked
New WordPress installation random Site not found
Replies
1
Views
510
Peter Debik
P
Back
Top