About WPCloudDeploy

WPCloudDeploy is a WordPress plugin that allows you to easily deploy servers at major cloud-server providers and then install apps (such as WordPress) on those servers. And it does it from inside the familiar wp-admin.

The plugin makes it easy to deploy servers at well-known providers such as DigitalOcean, AWS and more. However, the core plugin only includes support for DigitalOcean.

You can add additional support for EC2, LIGHTSAIL, LINODE, VULTR, UPCLOUD, HETZNER, EXOSCALE, GOOGLE, AZURE and ALIBABA by purchasing a premium subscription.

It is primarily used to install and manage WordPress servers and applications. But it also includes sample apps for just basic servers (i.e., servers with no additional apps) and OpenVPN servers.

Its extensible model sets it up for developers to add new apps that can be deployed in the future.

All management features are available inside of wp-admin on your WordPress site. Apart from the server providers, you do not need a 3rd party SaaS service to manage your servers and apps.

View a full list of WordPress-focused features

Getting Started

Download the zip file from this site and install it like you would any other WordPress plugin.

Then, to install WordPress servers and sites, follow the getting started documentation on the WPCloudDeploy site

Documentation

Full documentation is located on the WPCloudDeploy website.

Commonly used documentation

All documentation

Plugin Features

Features of the plugin include:

APP: WordPress - EXTENSIVE support for deploying and managing WordPress servers and sites from inside the WordPress admin dashboard. This is the primary app type that this plugin supports.
APP: OpenVPN - includes front-end purchase and management.
Integrated DigitalOcean Cloud Provider.
Extensible server provider model supports EC2, LIGHTSAIL, LINODE, VULTR, UPCLOUD, HETZNER, EXOSCALE and other cloud providers via additional plugins.

Roadmap

View the official roadmap on Trello

Requirements

WordPress 5.6 or later
PHP 7.4 (8.0 is not supported)

Once the plugin is installed please view additional changes required to PHP and web server execution timeout values under the WPCLOUDDEPLOY->SETTINGS->GENERAL SETTINGS tab. You can also view all requirements at the bottom of our getting started documentation or in the requirements documentation

How To Contribute

Have a change you would like to see incorporated? Then create a PR (pull request) against the dev branch.

Premium Versions

A premium version of this plugin is available on the WPCloudDeploy website. You can view the additional features offered on the pricing page.

Premium features include:

WP Multisite support
REDIS support for WP
Bring your own server
Sell server subscriptions with WOOCOMMERCE
Sell WP Site subscriptions with WOOCOMMERCE
Virtual Providers (support multiple accounts on each cloud server provider)
Server Sync
Support for additional cloud server providers: EC2, LIGHTSAIL, LINODE, VULTR, UPCLOUD, HETZNER, EXOSCALE, GOOGLE, AZURE and ALIBABA

Creating Extensions

Articles on creating WPCD extensions

Plugin History

Development was started in 2019 and the first release to the public became available in March 2020. Since then there have been numerous updates, with an average pace of one update per month. The plugin was always open-source but until October 2021, the source was only available to purchasers.

In October 2021, Version 4.10.8 was pushed to a public Github repository. Now, anyone can just install the core plugin and immediately get WordPress server management functions that rival SaaS systems.

Note: Even though the entire git development history isn't available on github, the changelog below still reflects the full release history.

Release Notes

Friendly Release Notes

Change Log

4.10.8

Fix: WPAPP - A few strings were not being sent through the translation functions.

4.10.7

Fix: WPAPP - An issue where mismatched data types prevented deleting a server or app post if the user was not an admin. Fix: WPAPP - A few strings were not being sent through the translation functions. Fix: WPAPP - Site Sync - Some domains were not being synced on a schedule even when configured to do so.

4.10.6

Hotfix: Resolve a Network Activation Issue.

4.10.5

New: WPAPP - Add option to schedule a daily site sync to a destination server.
New: WPAPP - Add count of notes to server and app list.
New: WPAPP - Add options to control who can see and use individual taxonomy items in server and app groups.
New: WPAPP - Add global defaults for the smtp gateway
New: WPAPP - Filters to make it easier to search the pending-task log.
New: WPAPP - Pending task log / background log items will be automatically tagged as failed after 4 hours.
Tweak: WPAPP - Better logging of errors if we can't get sshkey details (or server details while attempting to get sshkeys.)
Fix: WPAPP - invalid variable when installing callbacks via the bulk actions menu.

4.10.1

Tweak: WPAPP - Force a services status refresh whenever the UFW firewall toggle is flipped.
Fix: Logic errors introduced with strict equality tests.
Other: Clean up text on the cache tab for sites. Resolve some phpcs linting issues.
Other: Updated the EDD license class to the latest version.

4.10.0

New: WPAPP - Can now copy a site to another site, overwriting it. Provides the basis for "staging" sites.
New: WPAPP - Nightly callbacks now push the number of themes and plugin updates pending for each site.
Enh: WPAPP - Added global theme and plugin exclusions when updating sites.
Enh: WPAPP - After sites are updated, check to see if certain well-known cache plugins are installed and activated. If so, attempt to use their wp-cli commands to flush their caches.
Enh: WPAPP - Better support for copying sites between 'root' and 'sudo' logins. Eg: from to/from aws server with "ubuntu" users and digital-ocean servers with "root" users.
Tweak: WAPP - Add confirmation prompts to all custom bulk actions on server and site list screens.
Tweak: WPAPP - Started the process of removing extraneous text from tab screens, especially above buttons. Only a couple of tabs have been done in this version. We'll do additional ones in future versions.
Tweak: WPAPP - Update list of WP versions to show the latest minor versions.
Fix: WPAPP - An issue when listing backups and there was no backup folder created yet.
Fix: WPAPP - Site Sync tab would throw an sprintf error when we were trying to log errors
Fix: WPAPP - When searching and replacing using wp-cli, force search of ALL tables with the wp prefix instead of just the ones registered with wpdb.
Fix: WPAPP - Remove reference to an undeclared variable in a tab file.
Fix: WPAPP - An issue where the server name in the filter on the server and site screens did not show the proper provider name when an alternate name was set up in the provider settings screen.

4.9.0

New: WPAPP - Options to update plugins and themes on sites including under the bulk actions menu.
Tweak: WPAPP - include the MYSQL diskspace used when showing diskspace used in a site's statistics tab.
Tweak: WPAPP - change the format of the output string used when showing diskspace used in a site's statistics tab.
Tweak: WPAPP - store the last value used when manually pruning backups at the server level.
Tweak: WPAPP - logic when showing/hiding the BULK TRASH option for sites (needed as part of the option to bulk update themes and plugins on sites)
Tweak: Add bulk options to pending log list to change state.
Tweak: WPAPP - Remove a header on the FAIL2BAN tab to free up a bit of real estate on the screen.
Fix: WPAPP - resolve references to some stray domain variables in the server services.php file.
Fix: Add WPAUTOP to body fields in command log and error log screens.
Fix: WPAPP - The pending log CRON loop needed to be smarter about identifying and handling events on server posts vs app posts.
Fix: VPN & BASIC SERVER - Some text fields in settings would overflow the container. Now set to 100% max width by default.

4.8.2

New: WPAPP - Options to turn off and turn on a server.
Dev: WPAPP - Return the snapshot id to the calling program when a snapshot is registered.
Dev: WPAPP - Add internal option to register the web server used on new server records.

4.8.1

New: Add concept of "Feature Flags" for server providers. Current feature flags relate to backups, snapshots and tags.
Tweak: WPAPP - Show the number of non-security updates to health column on server list screen.
Fix: WPAPP - Correct the spelling of a word in a message shown when deploying new servers.
Dev: Add New Filter to allow devs to hook into the MISC tab on the settings screen: wpcd_settings_after_misc_tab.

4.8.0

New: Support for snapshots in the core provider and implemented in the DigitalOcean provider. Other providers will be supported at a later date.
New: WPAPP - Allow downloads of additional server logs related to upgrades / unattended upgrades.
New: WPAPP - Give user the option to run server updates almost immediately by scheduling a one-off cron process to run updates within 1 minute of the user's request.
New: WPAPP - Add option to install callbacks from the server list BULK ACTIONS drop-down.
New: WPAPP - Add option to soft reboot servers from the server list BULK ACTIONS drop-down.
New: WPAPP - Add option to remove the Malware Scanner Metas.
Tweak: WPAPP - The RUN NOW feature on the server callback tab has been modified to schedule a background process to run within 1 minute of the user's request. This avoids the user having to potentially experience an AJAX error.
Tweak: WPAPP - When removing CALLBACKS, make sure to remove the associated META as well.
Tweak: WPAPP - Added server dates to the output at each feedback point when installing a new server.
Tweak: WPAPP - Added checkpoint groups in BASH script #1 to help when the script runs multiple times on the same server.
Fix: WPAPP - some logic errors when showing/hiding the BULK TRASH option for servers
Fix: Allow admin to increase timeout used when provisioning a server on very very slow VMs (such as AWS Lightsail in Mumbai).

4.7.2

Fix: An issue with SITE SYNC scripts that prevented sites from working when pushed to a server (#233)
Fix: Spelling of the WPCloudDeploy product name in certain source code files
Tweak: Add special validation rules for the server name when using the HiVelocity Servers

4.7.1

Fix: WPAPP - (Security) Escape link and link description fields on app screens.
Fix: WPAPP - (Security) Validate some URL fields to be valid URL format on the front-end.
Fix: WPAPP - (Security) Make sure to validate SLACK's SSL certificate.
Fix: WPAPP - (Security) Prevent a password from being entered into the log tables.

4.7.0

Fix: WPAPP - Cloning a domain did not include all the new NGINX directives we added to new sites in V4.6.x
Fix: WPAPP - Adding a new subsite domain (in multisite) did not include all the new NGINX directives we added to new sites in V4.6.x
Fix: WPAPP - Changing a domain from a TLD to a subdomain would mangle the PHP configuration files.
Fix: WPAPP - server and site owners could not be updated unless the advanced metaboxes option was turned on.
Fix: WPAPP - resolved an issue where auto-ssl wasn't toggling the meta values on the post record even though ssl was successful. The SELL SITES WITH WOOCOMMERCE plugin needs to be updated as well to be compatible with this fix.
Fix: WPAPP - capitalization issue on a message on the CREATE NEW WORDPRESS SITE popup screen.
Fix: WPAPP - A minor issue with the server crm notifications
Fix: WPAPP - An issue when users try to logout from a wpapp they would get an error. Resolved by increasing the amount of login page visits allowed in 1 second. Applies to new sites only but NGINX config can be updated manually on existing sites if desired.
Fix: WPAPP - An issue when creating a new server that threw a "no such file or directory" error in the bash script. (#229)
Fix: WPAPP - An issue where a password error thrown when creating an sFTP user was not being trapped properly by a bash script. (#230)
Fix: VPNAPP - An issue where the WooCommerce module in the prototype VPN APP was affecting the output of the WC WPAPP CART if the VPN APP was also enabled.
Dev: Update PHPSecLib to latest major version - now using the 3.x branch instead of 2.x.
Dev: Reformat files using PHPcs and fix some of the more basic formatting and wp standards issues that were identified.
Dev: Add ability to cache other items in server providers via filter. Started process of standardizing caching functions in server providers by introducing new functions in the parent provider class.
Misc: WPAPP - Update list of WP versions.

4.6.7

Tweak: WPAPP - Remove the "Show Old Logs" dropdown from the server list. Can still be shown by turning on an option in settings.
Tweak: WAPPP - Remove the "Install WordPress" link under the title column. It's redundant. But it can still be shown by turning on an option in settings.
Fix: WPAPP - Fail2ban - check an array to make sure it's not empty before attempting to iterate through it - this prevents a PHP warning in debug.log
Fix: WPAPP - An issue with restarting NGINX with wildcard certificates
Fix: VPNAPP - Call the proper function to get the list of providers
Fix: BASICSERVER - Call the proper function to get the list of providers

4.6.6

Fix: WPAPP - Enabling Memcached was causing websites to crash.
Fix: WPAPP - Sending emails from the server and site screens was allowed even if the FROM name and reply-to email addresses were blank.

4.6.5

Tweak: WPAPP - Minor descriptive text update on the LetsEncrypt SNAP upgrade screen.
Fix: WPAPP - An upgrade process reported failure even when it was actually successful.

4.6.4

Tweak: Better text and prompts when scheduling emails from the servers and sites.
Tweak: Warn when sending emails from servers and sites and the reply-to email address or recipient name is blank.
Fix: WPAPP - Hide an irrelevant error message that was displayed during the 7G upgrade process when a file wasn't present.

4.6.3

New: Add option to remove Digital Ocean as a provider.
New: WPAPP - 7G Firewall
Tweak: WPAPP - Add upgrade routine to make sure that the 7G firewall files are installed.
Fix: WPAPP - Make sure that the NGINX server can still restart after a site has been added even if the 7G files aren't yet present.

4.6.2

Tweak: WPAPP - Do not disable ignore_user_abort php function on new installs.
Tweak: WPAPP - Some nginx zip parameters related to caching.
Dev: Add the bash scripts for the 7G Firewall. UI to come later.

4.6.0 / 4.6.1

New: WPAPP - Basic support for multisite with subdirectories (requires new version of MULTISITE add-on).
New: WPAPP - Basic support for wildcard ssl for multisite (requires new version of MULTISITE add-on).
New: WPAPP - New backup option to schedule periodic backups of important configuration files every four hours.
New: WPAPP - Option to set up simple URL redirection rules for sites.
New: WPAPP - Option to enable HTTP2 for sites.
New: WPAPP - Admins now have the option to change PHP workers without logging into the server via ssh.
New: WPAPP - A UI is now provided for many commonly used NGINX tweaks.
New: WPAPP - Option to install GoAccess.
New: WPAPP - Option to set a root password.
New: WPAPP - New permissions for 5 server tabs - fail2ban, upgrade, ssh_console, users & sshkeys.
New: WPAPP - WP-CONFIG option to remove certain server tabs from the screen even when the user is an author. This helps in SaaS situations where the post author is the buyer but you still don't want them to access those tabs.
New: WPAPP - Add option to hide the NOTES column in general tab in the SERVER screen.
New: WPAPP - Add option to hide the instance id from the server list screen. Useful for SaaS situations where you don't want the customer to know the ID for security reasons. Will still always show for admins.
New: WPAPP - Show initial user id and password under the SITE MISC tab.
New: Add admin-only notes section for servers so that non-admin users can have notes as well.
Tweak: WPAPP - If a site is disabled, show a disabled message in most site tabs instead of allowing the admin to perform operations that might fail because of missing nginx config files.
Tweak: WPAPP - Add option to select drop-down for WP 5.6.2
Tweak: WPAPP - Make sure domain names are always lowercase when changing domains or cloning a site.
Tweak: WPAPP - Lock down the ability to change advanced php.ini options to system admins.
Tweak: WPAPP - Lock down the ability to reset the restricted set of PHP functions to system admins.
Tweak: WPAPP - When setting a "common" php option, validate it against a known good list.
Tweak: WPAPP - Hovering over the "Install WordPress" button now has a better background color that matches the WPCD brand.
Tweak: WAPPP - Make the Apps On Server link on the app screen a button instead of just a link.
Tweak: WPAPP - Add option to remove the email gateway.
Tweak: Better error reporting from DigitalOcean when a machine size is not available in a region.
Tweak: Make sure that non-admin users can see the description, links and other similar tabs on the server screen.
Tweak: Add disk size to the digital ocean sizes select drop-down.
Fix: WPAPP - Sometimes a required entry for page caching was not automatically added to the wp-config.php file.
Fix: WPAPP - Prophylactic code added to the bash scripts to prevent user names from being greater than 32 chars
Fix: WPAPP - A function was returning incorrect data about the existence of a domain
Fix: WPAPP - The primary server callback might sometimes fail if there's a space in the UPTIME data.
Fix: WPAPP - The toggle for turning on and off the UFW firewall never really worked - the toggle logic was actually inversed.
Fix: WPAPP - Silly bug in the push-commands.php file where we used add_action instead of do_action.
Fix: WAPP - When changing the PHP version on the SERVER TOOLS tab, we never set a meta that showed the new version.

4.5.5

Tweak: WPAPP - Add option to control whether or not to automatically delete DNS entry at Cloudflare when a site is deleted.
Tweak: WPAPP - Add option to select drop-down for WP 5.6.0 (instead of just 'latest')
Fix: WPAPP - An edge case where the DNS entry at Cloudflare was not being deleted when a site was deleted.

4.5.4

Tweak: Always clear ALL provider caches when saving settings. This can help prevent confusion after entering invalid api keys but can slow down refreshing the settings screen if there are a lot of providers..

4.5.3

New: WPAPP - Add option to restart PHP services for the server.
Tweak: WPAPP - Delete DNS from cloudflare when deleting site from the site list.
Tweak: WPAPP - Added up_time and cpu_usage (since server start) to the push data received from the server every 24 hours. Requires re-installation of server callbacks but is not mandatory if you do not need these meta items.
Fix: WPAPP - Another edge case fix for downloading log files.

4.5.2

Fix: WPAPP - fix issue where domain change would mangle the new domain nginx configuration files in certain edge cases.

4.5.1

New: Option to change the description of a provider
New: WPAPP - Functions to allow deleting DNS entries at cloudflare - used by the WC add-ons.
Dev: WPAPP - Action hooks before deleting a site.

4.5.0

New: WPAPP - Cloudflare integration for temporary domains
ENH: Unlimited Server "Size" Labels
Dev: Internal Support For Additional WC Related Functions
Dev: Added support for background pending tasks
Fix: WPAPP - Some servers would not notify the plugin after a reboot because network services were not started.

4.4.2

Fix: WPAPP - cron processes weren't loading plugins which meant that some wp crons ran only once and then exited.
Fix: WPAPP - domain change sometimes left some stray ssh related folders around.

4.4.1

Dev: Make a private function public so that it can be called from certain add-ons.
Dev: Remove a WC related JS file that was no longer needed - moved it to its add-on instead.

4.4.0

New: WAPPP - Add option in a SERVER's POWER tab to schedule a soft server restart.
Tweak: WPAPP - When downloading log files use .txt extensions instead of .log. Some server configurations and firewalls block files with .log extensions.
Fix: WPAPP - An issue with the backupV2 script caused the restore process to not work properly.
Fix: WPAPP - Number of parameters in an action hook was incorrect.
Fix: WPAPP - Extraneous error message when a non-admin performed an action on a site without having permissions to the server.
Fix: WPAPP - Remove an extraneous message in debug.log when no teams were set up.
Fix: WPAPP - Fix REST PERMISSIONS CALLBACK warning introduced in WP 5.5.
Other: WPAPP - Breakout the WooCommerce functionality into it's own add-on to reduce the code size of the core plugin.
Other: WPAPP - Add code to support certain future WooCommerce enhancements.

4.3.0

New: WPAPP - Healing/Monit
New: Centralized notifications
New: Preliminary support for Ubuntu 2004 LTS
New: WPAPP - Add option to allow each server to connect with a custom ssh key-pair after being provisioned.
New: WPAPP - Simple db search and replace
New: WPAPP - Install PHP 8.0 on new servers and make sure related scripts account for it.
New: WPAPP - Add an option to the SITE Backups tab to delete all local backups for the site
New: WPAPP - Add an option to the SITE Backups tab to prune local backups for the site
New: WPAPP - Add options to restore just wp-config or the nginx configuration file.
New: WPAPP - Add an option to never save local backups. While this is not a recommended practice, some users have requested it to save disk space.
New: WPAPP - Add an option to the SERVER Backups tab to delete all local backups for all sites on the server
New: WPAPP - Add an option to the SERVER Backups tab to prune local backups for all sites on the server
New: WPAPP - Add disk-free, free-ram, restart status, malware scan results & security updates information to the server list
New: WPAPP - Add a "System Users" tab to allow SERVER admins the ability to set a password/key and break them out of their jails
New: WPAPP - Add an option under the server tools tab to test REST API callbacks into the plugin.
Tweak: Certain metaboxes should not be editable by regular users - only admins should be able to edit them.
Tweak: Add drop-down filter fields to the VIRTUAL PROVIDERS screen.
Tweak: Prevent certain data from being logged to debug.log. Prior to this change we were only cleaning the data before logging it to the logs in the database).
Tweak: Moved the help screen to its own dedicated menu option.
Tweak: WPAPP - Warn when using problematic characters in passwords and other fields while deploying new servers and sites.
Tweak: WPAPP - Limit domain names to 32 chars to prevent some nasty side-effects related to usernames in the bash scripts. Will need to rework some things for longer domain names in the future.
Tweak: WPAPP - Added additional feedback points for when the server provisioning process might have failed or is taking an inordinately long time.
Tweak: WPAPP - Added new action hooks that are available after a server is deployed or a site is provisioned.
Tweak: WPAPP - Modify the reboot server option to explicitly shutdown the MYSQL service first before rebooting.
Tweak: WPAPP - Better column wrapping on server and site detail screens below 1600px width.
Dev: Quite a few new hooks and filters as well as a type of "custom fields" function to make linking front-end and back-end bash scripts easier for 3rd party developers.
Fix: WPAPP - Make sure that when a user requests an operation on an sFTP user, that the user belongs to the designated site (security)
Fix: WPAPP - Deal with consistent false positives on 3 files in the malware scanner
Fix: WPAPP - Make sure new servers have UFW installed on it before attempting to configure it.
Fix: WPAPP - Fixed an issue where we weren't detecting when a particular cron was inactive and failed to warn the user about the potential issue.
Fix: WPAPP - Sometimes deleting an sFTP user left stray metas behind which caused them to still show up in certain drop-downs.

4.2.1

Fix: WPAPP - link was getting duplicated in the settings screen.
Tweak: WPAPP - Added a filter for said link - wpcd_cloud_provider_settings_important_private_key_notes

4.2.0

New: WPAPP - Add option to reset file permissions for a site.
New: WPAPP - Added a new POWER tab to allow restarting of servers without needing to log into the providers' console.
New: WPAPP - Added charts to the server statistics tab.
Tweak: Update the EDD software licensing class library to the latest version to support WP native auto-updates and tweaked our code to work with the new class library.
Tweak: Add warning if default permalinks are in use.
Tweak: Add option to hide the "local host" warning.
Tweak: WPAPP - Show the monthly cost and other additional information in the server sizes dropdown for digitalocean.
Tweak: WPAPP - Do NOT show digitalocean server sizes that are marked as "unavailable".
Tweak: WPAPP - Change the size of the default PHP buffers for new sites.
Tweak: WPAPP - Change the version numbers in the drop-down list for WordPress when creating a new site.
Tweak: WPAPP - Update the description for the private key in the settings screen.
Tweak: WPAPP - Add the --skip-plugins argument to many of the wp cli calls. This prevents plugins from loading and reduces conflicts that could cause wp-cli to fail. Most wp-cli commands don't need the plugins loaded.
Tweak: WPAPP - Add additional internal fields to the internal data metabox on the SERVER detail screen so that we can easily re-create a server record if it's accidentally deleted.
Fix: Weird conflict with WooCommerce. If WC was installed BEFORE WPCD, activating WPCD resulted in a WSOD because the "rwmb_meta" did not exist.
Fix: WPAPP - When changing domains or cloning a site, make sure that database is set to use HTTP if certificate cannot be automatically issued.
Fix: WPAPP - An issue where we were not checking to see if a valid array or object was returned from a function call before using said object/array.
Security Fix: WPAPP - Prevent logging of sFTP passwords to database logs

4.1.0

New: Enforce requirement for PHP 7.4.
New: WPAPP - Option to select language when installing WordPress
Tweak: Security - improve encryption algorithm by randomizing the initialization vector.
Tweak: Remove delete links from virtual cloud provider screens if the virtual provider is in use on any servers.
Tweak: Add warning on settings screen to any provider that is in use by a server.
Tweak: Make a virtual cloud provider title a required field.
Tweak: Security - warn user if they are using the example security key from our documentation.
Tweak: WPAPP - security - Check for permissions before popping up form for creating server and site. Before we would check security after the form was submitted.
Tweak: WPAPP - security - Check for basic level permissions earlier in the ajax_app() function.
Tweak: WPAPP - Make sure that, when installing REDIS we request version specific php modules instead of the meta package (which could install unwanted packages).
Tweak: WPAPP - Make sure that the INSTALL WORDPRESS buttons do not show up on records that are in the Trash.
Tweak: WPAPP - Make sure that the INSTALL WORDPRESS buttons do not show up on records that are in the Trash.
Fix: Security - Escape output when viewing ssh logs to prevent potential Unauthenticated Stored Cross-Site Scripting exploits.
Fix: Security - Escape output when viewing error logs to prevent potential Unauthenticated Stored Cross-Site Scripting exploits.
Fix: Security - Escape output when viewing command logs to prevent potential Unauthenticated Stored Cross-Site Scripting exploits.
Fix: Security - Escape certain output on the app detail screen to prevent potential Unauthenticated Stored Cross-Site Scripting exploits.
Fix: Security - Check ajax permissions when purging logs.
Fix: Security - Remove passwords from log tables.
Fix: Use the function get_active_providers in place of get_providers in a number of places across all apps.
Fix: Wrapped various output vars in certain template files with esc_url and esc_html commands.
Fix: A few text strings were not wrapped in translation function calls.
Fix: WPAPP - security - wrap all the fields used for creating a new site with escapeshellargs.
Fix: WPAPP - Security - use escapeshellargs on all sftp parameters.
Fix: WPAPP - When copying a site to another server, remove any app post records for that server that references that site. This prevents duplicate app records for the site that point to the same server.
Fix: WPAPP - Remove extra request for the mbstring php module when installing new servers.
Fix: WPAPP - Misc fixes to the 08-backup.sh bash script for removing orphaned backups and showing orphaned backups.

4.0.1

New: WPAPP - Add server-level tool to remove php 8.0 RC01 and update image magic php module to use php version-specific packages.
New: WPAPP - Add server-level tool to reset default PHP version for the server.
Fix: WPAPP - Update 72-destination BASH script to use php version-specific packages for imagick module.

4.0.0

New: WPAPP - Allow admins to configure purchases of WP cloud servers in WooCommerce & WooCommerce Subscriptions (Experimental)
New: Introduction of Cloud Provider Aliases (Experimental)
New: Introduction of CUSTOM SERVER feature (Experimental)
New: Added Malware scanning with LMD and CLAMAV
New: Fail2Ban Command Line Script
New: WPAPP - Infrastructure to handle server callbacks. First callback implemented that pushes data from the server to the console daily - reporting on updates that might be needed and whether the server requires a reboot.
New: WPAPP - The server list screen now shows up to four sites that is located on the server.
New: WPAPP - The server detail screen has a new tab that shows the list of sites on the server.
New: WPAPP - The site list now offers options for filtering by app groups, whether the site is enabled/disabled, page cache status, object cache status and the version of PHP in use.
New: WPAPP - The WordPress user profile now shows the list of servers and apps that a user is assigned to (if they are part of a team).
New: The teams list now shows team members and their permissions directly in the list.
New: The settings screen has a TOOLS tab with a couple of options that can be triggered when directed by technical support.
New: WPAPP - Teams now have a new permission that controls whether a user can update site PHP options.
New: WPAPP - Add a link next to the trash link in the apps list to remove a site.
Tweak: WPAPP - Remove data input fields from the screen after the server deployment process has started.
Tweak: WPAPP - Remove data input fields from the screen after the wpapp deployment process has started.
Tweak: WPAPP - Do not allow the install button to be clicked until all fields have been filled in (when deploying a new wp site).
Tweak: WPAPP - Searching now searches the long and short server descriptions.
Tweak: WPAPP - Server and app groups now show the colors in the main list.
Tweak: WPAPP - JS scripts now check to make sure that fields contain valid information before attempting to creating a new WP site.
Tweak: WPAPP - If the folder that contains the bash scripts cannot be accessed via http calls, a message is usually displayed. Admins can now immediately ask for a recheck instead of waiting 12 hours for it to be done automatically.
Tweak: WPAPP - When pushing a site to a new server, add some interim feedback messages.
Tweak: WPAPP - When changing the domain for a site, we now backup the database, make the domain change in the database and rename among other things just to prevent conflicts in the future.
Tweak: WPAPP - Applications filter bar now spans two lines since we have so many filters.
Tweak: WPAPP - The server name at the top of the application screen metabox is now a link that takes you directly to the server.
Tweak: WPAPP - There is now a new link at the top of the application screen metabox that takes you directly to the apps on the server.
Tweak: WPAPP - Added another backup check for NGINX status when using the REFRESH SERVICES STATUS button.
Tweak: WPAPP - Add warning when restoring a server from trash.
Tweak: WPAPP - If a server has been restored from trash, add a message to the server list indicating that there is no live server and the link has been broken between the post and the server.
Fix: The app record could not be deleted when the Trash link was used.
Fix: WPAPP - The data in the drop-downs on the filter bar for servers and sites did not respect the teams restrictions.
Fix: WPAPP - an issue where an extra comma caused an error in PHP 7.2 and earlier (it worked in PHP 7.3 and later).
Fix: WPAPP - added check in bash script #2 to ensure that no fields were left blank before attempting to create a new wp site.
Fix: WPAPP - added check in bash script #6 to ensure that no required fields were left blank before creating or modifying sftp users.
Fix: WPAPP - a few strings were not being wrapped with the WP translation functions.
Fix: WPAPP - incorrect team showing in app list if the team array meta is empty (vs not being present which worked just fine). The team array meta could be present but empty if a site is cloned.
Fix: WPAPP - Cloning multisite WP installs did not copy the multisite meta indicator.
Fix: WPAPP - When pushing a site to a new server, an IPV6 bug with certbot needed some special processing to workaround. Without this work-around, NGINX servers failed to restart when sites were pushed to an existing server with existing sites.
Fix: WPAPP - Do not allow sites to be cloned over to an existing site.
Fix: WPAPP - Do not allow domain changes that matches an existing site.
Fix: WPAPP - Make sure that NGINX restarts when the server restarts - in the past this was not always the case.
Fix: WPAPP - Prepare the MONITORIX script for Ubuntu 20.04.
Dev: New filter hooks in the settings screen required to support new providers such as UpCloud.

3.0.2

New: WPAPP - Added tool to clean up metas on server records if a process ever gets "stuck".
Tweak: WPAPP - Add WordPress 5.5.1 to the drop-down list of WordPress versions.
Fix: WPAPP - Do not allow blank data to be used when creating a WP site.

3.0.1

Fix: Updated the POT file.
Fix: WPAPP: Remove the use of the word "Provisioning" and replace with "Deploy".
Fix: WPAPP - The Install WordPress link under the TITLE in the servers list needed to be removed while the server was being deployed or otherwise engaged.

3.0.0

New: Add option to reset the list of restricted php functions for a site.
New: Add option to remove the general settings tab. This helps make the first tab the CLOUD PROVIDERS tab.
Tweak: Numerous styling changes to the settings screen. Make the FIRST WORDPRESS SITE section more prominent.
Tweak: Do not show the server sizes drop-down in the settings screen if the api key field is blank and if certain wp-config vars are not set.
Tweak: Add an animated loader icon to the server and site provisioning screens while waiting for the install process to get started.
Tweak: WPAPP - Numerous changes to the UI including the introduction of vertical tabs on the SITE detail screen as the default view.
Tweak: WPAPP - Do not show the INSTALL WORDPRESS button while the server is being provisioned.
Tweak: Remove the additional "handlebars" that WP 5.5 added to the metaboxes on the settings screen.
Tweak: Remove permission list from the screen. This isn't really necessary for your average admin to see. Can be re-enabled with a WP-CONFIG entry.
Security: WPAPP - Updated the list of restricted PHP functions - added new ones and removed a couple that popular plugins rely on.
Tweak: WPAPP - remove setting the php session.name and sessions.referer_check as part of our default installation. Too many plugins didn't like it.
Fix: Missing translation text on the settings screen.
Fix: WPAPP - an error that was showing up as raw html during the site creation process is now handled better.

2.9.0

New: WPAPP - add option to scheduled backups that automatically deletes remote backups when local backups are deleted.
New: Now includes a pre-built POT file for language translations.
New: Load language translations from the plugin languages folder if a language mo file does not yet exist under the standard WP folder.
Tweak: WPAPP: Lock down PHP further by disallowing some functions.
Tweak: WPAPP: Change the way we detect if a crucial folder is readble - remove use of 'exec' function.
Fix: Digital Ocean API now requires a waiting period after starting up a server image in order to stabalize before sending any ssh commands.
Fix: WPAPP - Security - PHP OPENBASEDIR was not being set in some instances.
Fix: WPAPP - Respect team settings when populating the destination server under the COPY TO SERVER tab.
Fix: WPAPP - Make sure that no servers show up under the COPY TO SERVER tab if the user isn't on a server team.
Fix: WPAPP - Error out if the target server and source server are the same when using the COPY TO SERVER function.
Fix: WPAPP - Error out if the destination server or source server is one where the user is not allowed access when using the COPY TO SERVER function.
Fix: WPAPP - Copying a multisite installation to a new server did not copy all the ssl certificates.
Fix: WPAPP - Changing a domain did not change all the folder permissions for the new nginx user which left them inaccessible.
Fix: WPAPP - Cloning a site did not carry over the teams information.
Fix: WPAPP - Copying a site to a new server did not carry over the team information.
Fix: WPAPP - Enabling the native LINUX cron did not fire cron for all the subsites.
Fix: WPAPP - Remove PHP 7.0 as an option since those files aren't even being installed on new servers.
Fix: WPAPP - Empty labels for fields in tabs were throwing notice/warning errors in the error log.
Dev: WPAPP - Add extensible upgrade infrastructure so that when upgrade scripts are written they can be easily integrated into the codebase.
Dev: Stamp the server and app records with the plugin version.

2.8.0

Skipped.

2.7.0

New: WPAPP - Added option to remove site and all its local backups. Before, removing a site did not remove the associated local backups.
New: WPAPP - Updated backup bash script with new functions for pruning backups without running a backup process. Command-line only functions (no UI).
New: WPAPP - Updated backup bash script with new functions for identifying backups that exist without a corresponding site and for deleting those backups. Command-line only functions (no UI).
New: WPAPP - Updated backup bash script with option to delete all local backups for a site or for all sites. Command-line only functions (no UI).
New: WPAPP - Added server option to install Monitorix.
New: WPAPP - Add an nginx rule to block brute force attempts on the wp-login screen. Only applies to new sites - older sites will need to have the rule manually added.
New: WPAPP - Add some security related nginx rules to prevent access to .log files, files whose name start with a period, executing non-php scripts, executing php scripts in the upload folder, downloading files from an updraft folder if present. Only applies to new sites - older sites will need to have the rules manually added.
New: WPAPP - Add option to remove MemCached from the server if it's been installed. Before you could only restart it or clear the cache - now you can remove the entire thing if it's no longer being used.
New: WPAPP - Added the PHP version to the app list.
New: WPAPP - Added a statistics tab to the server where a single button will run the df (disk free), vnstat and top command and display the results in a tab.
Tweak: Hide sensitive passwords/ids in the settings screen by default. User can click icon to display existing passwords.
Tweak: WPAPP - Added the PHP version to the app list.
Tweak: WPAPP - Added cache status to the app list.
Tweak: WPAPP - A few of the bash scripts needed to be tweaked to accomodate a future monit integration.
Tweak: WPAPP - Added new WPCD logo to the popup used when adding a server or site.
Tweak: WPAPP - Tightened up the conditions for showing a button on the SSH tab on the server screen.
Tweak: WPAPP - Change the text of the ADD NEW button at the top of the apps list to say ADD NEW APP RECORD so that users don't believe that they can use it for a new WP install there.
Tweak: WPAPP - Added new button on the settings welcome screen to link to quick-start documentation.
Tweak: WPAPP - Show the provider at the top of the the main app metabox
Tweak: WPAPP - Change the redis plugin used - now using the Till Kruss plugin.
Tweak: WPAPP - Updated the list of WP versions
Tweak: WPAPP - Remove VNSTAT statistics from the APP screen since it's data is aggregated server level data. But we also added an option in the settings screen to put it back there if you wish.
Fix: WPAPP - Enabling multisite SSL would always show as successful even when it sometimes failed.
Fix: WPAPP - Email gateway would not show error message if a test email failed to be sent.
Fix: WPAPP - The page cache confirmation message always said "cache has been disabled" even when the action was to "enable" it.
Fix: WPAPP - Typo on the Email Gateway screen - extra parentheses.
Fix: WPAPP - Issue with storing custom bucket names for the all-sites backup.
Fix: WPAPP - Issue with storing retention days for the all-sites backup.
Fix: WPAPP - PHP Warning about invalid commands or index for certain backup operations - it didn't hurt anything but was just annoying to see in the log files.
Fix: WPAPP - Fixes an issue with the 6G firewall where if there's a colon in the URL you get an http forbidden error. This would affect common scenarios where you have redirects in the url such as this: http://video02.wpvix.com/logout?redirect_to=http://video02.wpvix.com/login.
Fix: WPAPP - Issue in a server-sync script where when the script failed it would leave behind a lock file instead of cleaning it up - this prevented future syncs from running.
Fix: WPAPP - Make sure sudo is used when running the VNSTAT command on a site.
Dev: WPAPP - Added filter to allow logo to be replaced when adding a server or site - wpcd_popup_header_logo

2.6.0

New: Add custom links to servers and sites. This is useful if you want one-click access from the dashboard to related assets such as those located in manageWP, MainWP or even your git systems.
New: WPAPP - Add an SSH command tab to the server detail screen.
New: WPAPP - Add an option on the server screen to install an email gateway. Helps with sending emails when no email plugin is installed on WordPress sites. (Experimental Feature)
New: A label is now added to the server and app title columns when deletion protection is turned on.
New: WPAPP - Added new wp-config option to hide help tab in the settings screen (WPCD_HIDE_HELP_TAB).
Improved: Free up space on the application list by moving the data in the ip, provider and region columns to the server column. Added settings option to split out into their own columns for users that prefer that.
Improved: Add option to show the TEAMS column on the servers and site lists. Now the default is to NOT show them since most users do not use teams.
Improved: Added real links to documentation on the help tab on the settings screen.
Tweak: WPAPP - Add our specific styling to the INSTALL WORDPRESS button so that when admin skins are applied to wp-admin, they button does not look grayed out. The default is now white on green.
Fix: WPAPP - Throw an error if adding an sFTP user that already exists in another site.
Fix: WPAPP - The disabled label was not showing up on the site list unless the option to show the app description label was also turned on.
Dev: WPAPP - New filter hook wpcd_settings_help_tab_text
Doc: Added Documentation Item: Bootstrapping A WordPress Server With Our Scripts

2.5.0

New: Notes and descriptions for servers and apps.
New: Add custom WP STATES for the servers and apps.
New: Show the server type as a state label on the server list screen if the server type is a WordPress server.
New: Remove the "private" wp state label from the servers and apps list to make space for additional states.
New: WPAPP - Copy sites between servers with root access
New: WPAPP - Full server backup - setup a backup of all sites on the server. This means that new sites will automatically be backed up.
Improved: WPAPP - Manual backups can now be sent to a different bucket or folder.
Improved: WPAPP - When the linux cron is enabled, it now applies to each subsite in a multisite installation.
Improved: WPAPP - Added some third party repositories to unattended upgrades process.
Improved: WPAPP - Remove teams from certain tables if a team is deleted.
Improved: WPAPP - Add better error messages when certain things fail during server provisioning
Improved: WPAPP - Remove error message about "send mail not installed" when installing a WordPress site - this was just annoying even though it didn't hurt anything.
Fix: WPAPP - The "Save Team" text was showing up in some unexpected places.
Dev: WPAPP - Added a couple of new filters: wpcd_wpapp_show_install_wp_link & wpcd_wpapp_show_install_wp_link

2.4.0

New: Teams Feature
New: Add option to remove the OWNERS column from the apps screen - helps save real estate when there aren't multiple owners
New: Multisite - add a column on the SITES screen so that admins can quickly see how many servers a sub-site has deployed.
New: APP deletion protection
New: Server deletion protection
New: Add BACK TO LIST buttons on the detail custom post type screens - applies to servers, apps, teams, logs.
New: WPAPP - Now includes a health check to make sure that certain critical files are accessible. Otherwise a warning is shown.
New: WPAPP - New installs now create default entries for server groups and app groups
Tweak: WPAPP - Set better line heights on input elements on popup screens so that when they wrap on smaller screens they don't smush against the elements above them.
Tweak: WPAPP - Strip 'www', 'http', 'https' prefixes when they are entered as part of the domain name. Affects site creation, cloning and domain name changes.
Tweak: WPAPP - Make the WordPress version number a dropdown list when installing a new WordPress site.
Tweak: Add a WP state label showing the application type next to the app title.
Tweak: Allow for editing of the post title on the server custom post type screens.
Tweak: Allow for editing of the post title on the app custom post type screens.
Fix: WPAPP - Bug where firefox and other browsers could not be used to deploy a new site.

2.3.0

New: Add notes fields on the provider settings screen - sometimes you just need to have a reminder about which api key you're using or which ssh key you're using.
Tweak: Some web server configs did not like the use of colons in command names or file names so replaced those with three dashes instead.
Tweak: WPAPP - add password instructions to install wordpress popup
Fix: Command log screen - Need to check to make sure the parent post is valid before attempting to retrieve values from it.
Fix: Make sure a returned item is an object before attempting to call a method on it.
Fix: WPAPP - Column name being returned from an action hook function was incorrect.
Fix: WPAPP - JS script not loading because it was attempting to load a 'select2' dependency that didn't exist.
Fix: WPAPP - Remove SENDMAIL install from scripts because it was not interfacing properly with WordPress.
Fix: WPAPP - check to see if an array var is set before attempting to use it. Set a default value if its not set.
Dev: Updated required plugins from metabox.io

2.2.0

New: WPAPP - Add support scripts for the Multisite add-on
New: WPAPP - Add links to wp-admin and the front-end directly in the site list
New: WPAPP - Updated bash scripts
Tweak: Encrypt API key when its stored at rest in the database. (Before we were only encrypting ssl keys).
Tweak: Functions and options to only show (in relevant places) providers that have been configured with their api keys.
Tweak: Add options for entries in wp-config to override some labels and items on the screen when running on multisite.
Tweak: WPAPP - Style INSTALL buttons.
Tweak: Don't show Digital Ocean backup provider unless configured in wp-config.
Tweak: Add a series of wp-config options to show / hide items - see wp-config documentation on our site for more info.
Fix: WPAPP - Command name when creating a new WP site was being duplicated when the domain name was the same.
Fix: Error being thrown in the debug.log file about a missing title.
Fix: Some menu item strings were not being translated.
Fix: Updated a BASH script for server sync. Some cloud server providers left the authorized keys files with weird line endings which caused issues when we tried to add additional keys to that file.
Fix: A couple dozen minor fixes related to terminology, variables and such.
Dev: WPAPP - Add new filter wpcd_app_type_column_contents.
Dev: WPAPP: - Add new filter wpcd_private_ssh_key_settings_desc.

2.1.0

Numerous improvements and bug fixes to the WP APP.
First PUBLIC release of the plugin.

2.0.0

New App: Deploy WordPress servers and applications
Numerous fixes and improvements to code and infrastructure

1.3.0

Added SSH Log screen
Added error log screen
Set scripts version at the product subscription level
Move all items into its own menu (partial)
New app: Basic Server
Revamp how applications get installed on the server after its provisioned.
Lots and lots of code cleanup.

1.2.0

Added basic versioning to the VPN app.

1.1.0

Some code cleanup and rationalization

1.0.0

Initial internal release.

Third Party Plugins & Libraries Used

Metabox.io (required_plugins)
EDD Software Licensing (vendor)
PHP Sec Lib (vendor)
Chart.js (assets/js)
Select2 (assets/js)
magnific-popup (assets/js, assets/css)

Hi,

Thank you for OLS beta. Appreciate all the effort and something I was looking forward to for a long time

However, in its current form, I find the utility of this much-awaited release rather limiting.

Edit 17 October 2022:

Specifically, the three listed PHP Overrides are restrictive:

php_admin_value open_basedir "/var/www/ols.testdomain.com/html:/tmp/"
php_admin_flag log_errors On
php_admin_value error_log logs/php_error_log

I cannot fully use popular monitoring plugins because they cannot read the PHP log file defined by WPCD. Although there are likely to be more incompatible plugins, the ones I have tried unsuccessfully include:

Erro Log Viewer (https://wordpress.org/plugins/error-log-viewer/)
Error Log Mointor (https://wordpress.org/plugins/error-log-monitor/)
BulletProof Security (https://wordpress.org/plugins/bulletproof-security/)
Database Cleaner & Optimizer- PHP Error Log Feature (https://wordpress.org/plugins/database-cleaner/)

Moreover, the use of php_admin_value does not allow admins to override the configuration using a custom php.ini file.

This approach is somewhat surprising because WPCD's earlier webserver (NGINX) allowed admins to set their own location for error logs.

Here's a snippet (taken from the OLS manager) of what PHP overrides section for a Virtual Host limits:

### Insert common phpIni
**php_admin_flag log_errors On**
**php_admin_value error_log logs/php_error_log**
**php_admin_value open_basedir "/var/www/sub.domain.com/html:/tmp/"**
php_admin_value disable_functions "dl, exec, fpassthru, getmypid, getmyuid, highlight_file, link, opcache_get_configuration, passthru, pcntl_exec, pcntl_get_last_error, pcntl_setpriority, pcntl_strerror, pcntl_wifcontinued, phpinfo, popen, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, source, system, virtual"
php_admin_flag allow_url_fopen Off
php_admin_value session.use_strict_mode 1
php_admin_value session.cookie_httponly 1
php_admin_value session.use_cookies 1
php_admin_value session.use_only_cookies 1
php_admin_value session.use_trans_sid 0
php_admin_value memory_limit 128M
php_admin_value post_max_size 25M
php_admin_value upload_max_filesize 25M
php_admin_value max_execution_time 7200

Of course, this can be modified manually by accessing OLS manager for a site and then removing the unwanted lines. Doing so for a number of sites and everytime a new site is deployed just calls for unnecessary administrative overhead.

While the rest of the configuration is just fine, my specific request is to consider dropping /commenting out the line items of php_admin_flag log_errors On, php_admin_value error_log logs/php_error_log, and php_admin_value open_basedir "/var/www/ols.testdomain.com/html:/tmp/" from the above section, This should allow admins the flexibility to use plugins of choice and / or define their own PHP ini values.

Once again, thank you for all the amazing work and just this minor modification would make it a lot easier to transition to OLS.

TIA

Kind regards,

enhancement

V5 NGINX | PHP 8.x Function phpinfo()

Version: WPCD V5 Beta 10 | Linode | NGINX Server

On a new NGINX site using PHP 8.1, I recently encountered fatal errors while accessing the plugins page. When I switched to PHP 7.4, things work normally. I traced the source of these errors to the WPVivid backup plugin. Their support team has confirmed their plugin to be compliant with PHP version 8.x and suggested to enable the function phpinfo() on the server while using PHP 8.x.

Error text below:

[09-Nov-2022 18:43:29 UTC] PHP Fatal error:  Uncaught Error: Call to undefined function phpinfo() in /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/methods/Math/BigInteger.php:263](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/methods/Math/BigInteger.php:263)
Stack trace:
#0 /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/methods/Crypt/RSA.php(555)](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/methods/Crypt/RSA.php(555)): Math_BigInteger->__construct()
#1 /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-crypt-addon.php(30)](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-crypt-addon.php(30)): Crypt_RSA->__construct()
#2 /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-connect-server.php(592)](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-connect-server.php(592)): WPvivid_Dashboard_Crypt->__construct()
#3 /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-updater.php(372)](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-updater.php(372)): WPvivid_Dashboard_Connect_server->get_download_link()
#4 /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-updater.php(397)](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/includes/class-wpvivid-updater.php(397)): WPvivid_Updater->get_version()
#5 /var/www/[domain.com/html/wp-includes/class-wp-hook.php(310)](http://domain.com/html/wp-includes/class-wp-hook.php(310)): WPvivid_Updater->pro_update_row()
#6 /var/www/[domain.com/html/wp-includes/class-wp-hook.php(332)](http://domain.com/html/wp-includes/class-wp-hook.php(332)): WP_Hook->apply_filters()
#7 /var/www/[domain.com/html/wp-includes/plugin.php(517)](http://domain.com/html/wp-includes/plugin.php(517)): WP_Hook->do_action()
#8 /var/www/[domain.com/html/wp-admin/includes/class-wp-plugins-list-table.php(1357)](http://domain.com/html/wp-admin/includes/class-wp-plugins-list-table.php(1357)): do_action()
#9 /var/www/[domain.com/html/wp-admin/includes/class-wp-plugins-list-table.php(695)](http://domain.com/html/wp-admin/includes/class-wp-plugins-list-table.php(695)): WP_Plugins_List_Table->single_row()
#10 /var/www/[domain.com/html/wp-admin/includes/class-wp-list-table.php(1444)](http://domain.com/html/wp-admin/includes/class-wp-list-table.php(1444)): WP_Plugins_List_Table->display_rows()
#11 /var/www/[domain.com/html/wp-admin/includes/class-wp-list-table.php(1371)](http://domain.com/html/wp-admin/includes/class-wp-list-table.php(1371)): WP_List_Table->display_rows_or_placeholder()
#12 /var/www/[domain.com/html/wp-admin/plugins.php(773)](http://domain.com/html/wp-admin/plugins.php(773)): WP_List_Table->display()
#13 {main}
  thrown in /var/www/[domain.com/html/wp-content/plugins/wpvivid-backup-pro/methods/Math/BigInteger.php](http://domain.com/html/wp-content/plugins/wpvivid-backup-pro/methods/Math/BigInteger.php) on line 263

Could you please advice whether I might be missing something here with the configuration of a newly deployed server and site? Thanks

Pending Close Under Investigation

opened by unakriti 13

OLS | PHP Error Log Location
Hi,

Thank you for this beta version.

I am testing compatibility of OLS stack with some plugins I use regularly including BPS Pro, a security plugin.

Immediately after activating BPS Pro with a license key, the plugin sets up a few ini directives inside wp-config.php to define the error log path, and then it starts to throw up a WP dashboard message about error log location. Since I did not notice this issue earlier on Apache or even with WPCD's NGINX servers, I am pursuing the issue with the plugin author too.

Meanwhile, the OLS server does not see the FULL PATH to the error log location. So, on a fresh installation, I opened the httpd_config.conf file at /usr/local/lsws/conf/ and found this errorlog block

errorlog logs/error.log { logLevel DEBUG debugLevel 0 rollingSize 10M keepDays 35 compressArchive 1 enableStderrLog 1 }

As you'd notice, it is not a full path (logs/error.log).

On most OLS-specific documentation, I noticed this directive in a format such as $SERVER_ROOT/logs/error.log that resolves to a full path. So, my question is whether errorlog block (in httpd_config.conf file at /usr/local/lsws/conf/) needs a fix?

Kind regards,
opened by unakriti 13
V5 Default PHP Version

Hi,

After a deployed a new Linode server, I set the default PHP version to 8.1. Screenshot below

However, when I installed an app on that server, the app defaults to version 7.4

Is this expected behaviour for apps to not inherit the PHP version from the server? If so, how to set PHP default version to 8.1 all across for new deployments?

Reference: https://wpclouddeploy.com/documentation/more/php-8-0-8-1-notes/

Kind regards,
Pending Close

opened by backpackingseries 10
Frontend | Duplicate Icons with Blocksy & Astra Themes

Hi,

I just noticed some of the server tabs have duplicate icons as highlighted in the frontend screenshot for (Blocksy theme) and also with Astra theme. Such duplicate icons are visible on all layouts - Vertical, Horizontal, or Boxed.

On the Twenty-Twenty Two theme and on the WPCD backend admin it looks okay but, if you suggest, I can check with the respective theme authors. Because it is only impacting styling of specific tabs (and not all), I thought to ask here first to see whether its a known issue or if there's something I might be missing.

PS: File I am testing is https://github.com/WPCloudDeploy/wp-cloud-deploy/archive/refs/heads/dev.zip

Kind regards,

opened by unakriti 9
Feat: Allow updating with git-updater

Adds GitHub Plugin URI to plugin header to allow for optionally tracking with the development of the plugin on github and updating directly from the WordPress backend.

See: https://github.com/afragen/git-updater

opened by batonac 8
V5 OLS | Browser Console Error - Failed to set referrer policy

Edit: Version used Beta 08

Hi,

I am using the default Security Tweaks for a website on a new OLS server. Screenshot below:

When I view either the frontend or the backend of the newly deployed site, there's this browser console error. Screenshot below:

Failed to set referrer policy: The value 'strict-origin-when-cross-origin, no-referrer, strict-origin-when-cross-origin;' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.

Is this expected behaviour?

Thanks,
Pending Close

opened by unakriti 7
Allow for ARM64 AWS CLI

This patch detects if we're running on an ARM server and grabs the appropriate AWS CLI version from the official Amazon repository.

Admittedly, I switched both AWS CLI sources to the official Amazon URLs. Not sure why there was a different CloudFront URL there...
enhancement

opened by batonac 6
error when deploying new server with new version of fronted

I am testing the new front version and if I create a server as an administrator it works fine but if I create a server with the woocommerce plugin it is not created correctly. It gets stuck in the process. I have tried it several times. Tomorrow I will try to do it with a clean installation of wp.

opened by angelmagico 6
V5 | root user password

Problem When creating a LiteSpeed server using version 5.0.0 Beta07 and trying to activate the root user by setting the password, it doesn't work. In this same version try to create a Nginx server and activate the root password from the panel, the same error happened.

Simulate To simulate the error, use version 5.0.0 Beta07, create a server with Nginx or LiteSpeed, access the server, go to the users tab and activate the root password, try to login with the generated password.
non-reproducible

opened by osidney 5
Woo Addon | Resubscribe Error

Hi

Once an order status is set to Cancelled, a customer sees a Resubscribe button in the My Account Dashboard.

And, when that Resubscribe button is clicked, the process errors out because a region is not set (screenshot below):

It kind of breaks the customer's workflow inside Woo.

PS: Files I am using are the beta version of WPCD Core v5 and Woo Addon v3

Kind regards,
bug

opened by unakriti 5
V5 Core | LS Cache Plugin

Hi,

I do not want any plugin to be installed during new site deployments and therefore have disabled the LS Cache option as shown below:

However, during new site deployment, the installer continues to install the LS cache plugin

When I login to the new site, the LS Cache plugin is not seen! It makes me think - (1) either the installer messages are erroneous or (2) the plugin is actually installed and then removed which is not efficient anyway.

Kind regards,
Pending Close

opened by unakriti 4

New Tweak: Restore Cloudflare Client IP

NGINX needs the following config in order to restore the original visitor IP when the site is behind Cloudflare:

set_real_ip_from 173.245.48.0/20
set_real_ip_from 103.21.244.0/22
set_real_ip_from 103.22.200.0/22
set_real_ip_from 103.31.4.0/22
set_real_ip_from 141.101.64.0/18
set_real_ip_from 108.162.192.0/18
set_real_ip_from 190.93.240.0/20
set_real_ip_from 188.114.96.0/20
set_real_ip_from 197.234.240.0/22
set_real_ip_from 198.41.128.0/17
set_real_ip_from 162.158.0.0/15
set_real_ip_from 104.16.0.0/13
set_real_ip_from 104.24.0.0/14
set_real_ip_from 172.64.0.0/13
set_real_ip_from 131.0.72.0/22
set_real_ip_from 2400:cb00::/32
set_real_ip_from 2606:4700::/32
set_real_ip_from 2803:f800::/32
set_real_ip_from 2405:b500::/32
set_real_ip_from 2405:8100::/32
set_real_ip_from 2a06:98c0::/29
set_real_ip_from 2c0f:f248::/32
real_ip_header CF-Connecting-IP;

The IP addresses need to reflect the lists from https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6. There's a nice, scripted mechanism for this available here.

It seems to me that a toggle switch under the Tweaks tab would be a great place to enable this per site. Perhaps this is too vendor-specific to warrant such precedent, but Cloudflare is fairly ubiquitous...

enhancement good first issue

opened by batonac 1

Feature Request: Cloudflare Tunnel Support

Hey team, congrats on making it to 5.1!

Okay, this might be a bit "far out", but I've known this team to be ambitious, so here goes...

Cloudflare Tunnels are free. This allows a server to serve websites directly through Cloudflare without allowing any other ingress HTTP/HTTPS traffic. This translates to no direct external traffic to your machine that doesn't first pass through Cloudflare WAF (with the exception of SSH for WPCD, of course).

Additionally, this provides a secure way for the web the server to serve to Cloudflare using HTTP rather than HTTPS, avoiding the overhead of SSL, and the maintenance liability of certificate management and renewals. Cloudflare provides and manages public-facing certificates on your behalf, so no problems there.

Taken a step further, both the webserver* and the Cloudflare Tunnel* could be configured to connect to each other through a Unix socket, further eliminating overhead and latency caused by the TCP/IP stack.

By my estimations, this should be the most efficient way to run a web server behind Cloudflare, and should be a boon for both server performance and security.

I doubt that any other competing solutions are doing this, and probably wouldn't for some time (if ever). This could be a real differentiator for WPCD!

-- *Nginx, at least, can be configured to serve to a unix socket instead of a port with syntax like listen unix:/tmp/site-name.sock;. I'm not sure about OLS. *The syntax for connecting a Cloudflare Tunnel to a unix socket can be found here.
enhancement

opened by batonac 7
V5 | Plugins that do not work out of the box
Hi,

This post is to track a list of plugins that do not work with V5 out of the box. You may add your findings to this list.

Since WPCD PHP Restrictions are implemented using php_admin_value and php_admin_flag instead of php_value and php_flag respectively, you cannot override these using a standard php.ini file. So if you intend to use any of the following plugins, you will need to drop to a shell terminal and edit PHP configuration files directly.

WPVivid Pro (Dependency on function phpinfo()): Tested with WPCD V5 Beta10, PHP 8.x, Ubuntu 20.04 / 22.04, NGINX and OLS

Problem: Discussed here. WPVivid Pro Plugin throws a fatal error when accessing the Plugins page

Notes: As a security measure, assuming a shared hosting scenario, WPCD disables the function phpinfo(). WPVivid Pro, reportedly, has a dependency on this function.

Workaround/s: (a) Downgrade site to PHP version 7.4. OR (b) As per this document, on NGINX sites, update the file /etc/php/8.1/fpm/pool.d/domain.conf to re-enable the phpinfo function and then restart the PHP service, OR (c) ~~Migrate to OLS~~ Edit 19 Nov 2022 - on OLS sites, update the file at /usr/local/lsws/lsphp${phpver}/etc/php/${phpver2}/litespeed/php.ini to re-enable phpinfo

Updraft Plus Plugin (Dependency on PHP functions): Not tested personally but WPCD has it documented on this page as something that may work with current PHP restrictions. But if it throws errors, you will need to remove the conflicting PHP directives manually. Screenshot below:

DB Cleaner, Error Log, and Security Plugins (Dependency on PHP directives of error_log, log_errors, open_basedir): Tested with WPCD V5 Beta10, PHP 8.x, Ubuntu 20.04 / 22.04, OLS

Plugins tested: (a) Error Log Viewer, (b) Error Log Mointor, (c) BulletProof Security, (d) Database Cleaner & Optimizer- PHP Error Log Feature

Problem: Discussed here. Any plugin that wants to read PHP log file cannot do so out of the box

Notes: Since WPCD defines a location for PHP Error Log file using a set of php_admin_value and php_admin_flag directives, it cannot be overridden with a PHP.ini file

Workaround/s: If you need such plugins to work normally, you should either (a) Migrate your site from OLS to NGINX OR (b) drop to a shell terminal and edit PHP configuration files, OR (c) install the OLS Manager and use the OLS Dashboard UI to edit this configuration

Kind regards,
wontfix Pending Close
opened by unakriti 1
Switch from snap to python-certbot on Jammy

Ubuntu 14.04 Jammy ships the with Certbot V1+, unlike previous versions of Ubuntu. Could we switch over for this version of Ubuntu? The DPKGs take up a lot less space and require less complexity for containerized setups.

The main and feature packages are: certbot - automatically configure HTTPS using Let's Encrypt python3-certbot - main library for certbot python3-certbot-dns-cloudflare - Cloudflare DNS plugin for Certbot python3-certbot-dns-digitalocean - DigitalOcean DNS plugin for Certbot python3-certbot-dns-dnsimple - DNSimple DNS plugin for Certbot python3-certbot-dns-gandi - Gandi LiveDNS plugin for Certbot python3-certbot-dns-gehirn - Gehirn DNS plugin for Certbot python3-certbot-dns-google - Google DNS plugin for Certbot python3-certbot-dns-linode - Linode DNS plugin for Certbot python3-certbot-dns-ovh - OVH DNS plugin for Certbot python3-certbot-dns-rfc2136 - RFC 2136 DNS plugin for Certbot python3-certbot-dns-route53 - Route53 DNS plugin for Certbot python3-certbot-dns-sakuracloud - SakuraCloud DNS plugin for Certbot python3-certbot-dns-standalone - Standalone DNS Authenticator plugin for Certbot python3-certbot-nginx - Nginx plugin for Certbot
enhancement Hold

opened by batonac 4
V5 OLS | PHP Overrides for Error Log & Open Base Dir
Hi,

Thank you for OLS beta. Appreciate all the effort and something I was looking forward to for a long time

However, in its current form, I find the utility of this much-awaited release rather limiting.

Edit 17 October 2022:

Specifically, the three listed PHP Overrides are restrictive:

php_admin_value open_basedir "/var/www/ols.testdomain.com/html:/tmp/"

php_admin_flag log_errors On

php_admin_value error_log logs/php_error_log

I cannot fully use popular monitoring plugins because they cannot read the PHP log file defined by WPCD. Although there are likely to be more incompatible plugins, the ones I have tried unsuccessfully include:

Erro Log Viewer (https://wordpress.org/plugins/error-log-viewer/)

Error Log Mointor (https://wordpress.org/plugins/error-log-monitor/)

BulletProof Security (https://wordpress.org/plugins/bulletproof-security/)

Database Cleaner & Optimizer- PHP Error Log Feature (https://wordpress.org/plugins/database-cleaner/)

Moreover, the use of php_admin_value does not allow admins to override the configuration using a custom php.ini file.

This approach is somewhat surprising because WPCD's earlier webserver (NGINX) allowed admins to set their own location for error logs.

Here's a snippet (taken from the OLS manager) of what PHP overrides section for a Virtual Host limits:

### Insert common phpIni **php_admin_flag log_errors On** **php_admin_value error_log logs/php_error_log** **php_admin_value open_basedir "/var/www/sub.domain.com/html:/tmp/"** php_admin_value disable_functions "dl, exec, fpassthru, getmypid, getmyuid, highlight_file, link, opcache_get_configuration, passthru, pcntl_exec, pcntl_get_last_error, pcntl_setpriority, pcntl_strerror, pcntl_wifcontinued, phpinfo, popen, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, source, system, virtual" php_admin_flag allow_url_fopen Off php_admin_value session.use_strict_mode 1 php_admin_value session.cookie_httponly 1 php_admin_value session.use_cookies 1 php_admin_value session.use_only_cookies 1 php_admin_value session.use_trans_sid 0 php_admin_value memory_limit 128M php_admin_value post_max_size 25M php_admin_value upload_max_filesize 25M php_admin_value max_execution_time 7200

Of course, this can be modified manually by accessing OLS manager for a site and then removing the unwanted lines. Doing so for a number of sites and everytime a new site is deployed just calls for unnecessary administrative overhead.

While the rest of the configuration is just fine, my specific request is to consider dropping /commenting out the line items of php_admin_flag log_errors On, php_admin_value error_log logs/php_error_log, and php_admin_value open_basedir "/var/www/ols.testdomain.com/html:/tmp/" from the above section, This should allow admins the flexibility to use plugins of choice and / or define their own PHP ini values.

Once again, thank you for all the amazing work and just this minor modification would make it a lot easier to transition to OLS.

TIA

Kind regards,
enhancement
opened by unakriti 0
V5 OLS Manager Login Fails

Hi,

I installed a new Ubuntu 22.04 OLS server on Linode. After upgrading all packages and rebooting the server, I then made PHP 8.1 as the default version. At this point, I have no website on the box.

When I install OLS webserver manager by providing a username and password, it installation itself is successful and I can see the WPCD screen for it as below (username and password are masked in the screenshot):

But I am unable to login to the OLS manager using the set of credentials - says invalid credentials as below

What could be possible reasons? Am I missing something here? Does the password field not allow certain characters - I ask because I had created a random password using Lastpass password generator.

Lastly, for such scenarios, I am not sure whether it might be a good idea to have an option to update the OLS manager password inside WPCD admin screen or simply do an uninstall and a re-install the OLS webserver manager?

File used: [wp-cloud-deploy-V5.0.0-Beta07] from WPCD account / downloads.

Kind regards,
enhancement good first issue Priority: Low

opened by backpackingseries 3