Feature Release 2.7.0

We spent most of July pushing small updates – many of which were not quite obvious. For the most part we were nipping and tucking and polishing existing features and not focusing too much on new features. We do have a few new things in there though…

New: Delete A Site & Backups

In the past when you deleted a site, its local backups remained on the server. Now, you have the option to delete those backups at the time the site is deleted.

Even with this new option, remote backups are never deleted.

New Cache and PHP columns

We found ourselves wanting to quickly figure out which sites had caches enabled and what version of PHP was installed on them. So we added them as columns to the App list.

We also color coded the PHP version – red to show outdated or unsafe versions, green to show acceptable versions and orange as a warning that the version might soon be outdated.

Now we can quickly scan down the list of our sites and view outdated PHP versions or sites without caches enabled.

Server Statistics

We’ve added a separate STATISTICS tab to the server detail screen. Click a single button and you can view the output of four different server-level commands that provide disk, memory and network traffic information.

With this new Statistics tab on the server screen, we removed the VNSTAT statistics from the APP screen since its data is aggregated server level data and is now shown on the server screen. But we also added an option in the settings screen to put it back there if you wish.


You can now install the MonitorIX data collection utility on servers. This utility allows for monitoring a large number of metrics. But, of course, we provide sensible defaults – if you want to change them you’ll need to drop to the command line and modify the configuration files there.

We include the following charts upon installation:

  • System load
  • Kernel usage
  • Filesystem usage
  • Network traffic
  • Netstat statistics
  • System services demand
  • Port traffic
  • Nginx statistics
  • MySQL statistics

The utility allows you to view the data in chart intervals of one day, weekly, monthly and yearly.

Updated Bash Scripts

We’ve updated some of the scripts used to execute server level tasks.

Backup Script

The backup script has a number of new options:

  • Prune local backups without running the backup process.
  • Clean up backups on a server. It can now identify local backup files that have no corresponding sites on the server and to optionally delete those backups.
  • Delete all local backups for a single site or for all sites.

None of the new backup script changes can be accessed from the UI at this time. But for those admins who are comfortable on the command line these new options are available today – just execute the 08-backup.sh script and follow the prompts.

New Security Rules

New servers will enable new security rules and new sites on those servers will automatically be opted into the new security rules.

Some of these new rules are:

  • Limit the number of login attempts per second on the wp-login.php screen.
  • Deny access to files with a ‘.log’ extension.
  • Deny access to files that start with a period.
  • Prevent execution of any cgi script that’s not a php file.
  • Prevent execution of any php script in the WordPress uploads folder.
  • Prevent downloads from files in the updraft folder if UpdraftPlus is installed.

Additionally, on the settings screen we hide data in certain fields by default – including the API KEY fields and the PRIVATE KEY fields. Even when entering data in these fields, the default is to hide the newly entered data.

Misc Tweaks

We changed the title of the ADD button on the Applications/Sites screen to make it clearer what the button does:

We also added the provider to the top of the primary app metabox:

Object Caches

For MemCached you now have the option to remove it from the server completely. Before, we only had the option to restart it or to clear the cache. But, if you install it and then change your mind you can now uninstall it to save some memory and CPU cycles.

For the REDIS add-on we changed the REDIS plugin that is automatically installed when a site is enabled for Redis. The new plugin is the one from Till Kruss.

We also updated it (REDIS) to add the option to remove it from the server completely. Just like MemCached, we only had the option to restart it or to clear the cache. But, if you install it and then change your mind you can now uninstall it to save some memory and CPU cycles.


We updated the default list of WordPress versions to their latest point releases and added version 5.5 scheduled for release in August 2020.


We updated relevant BASH scripts to allow admins to add new NGINX directives without directly modifying our default NGINX configuration. You can learn more about this in our Adding Custom NGINX Configs help document.

We also added a filter to allow the logo to be replaced when adding a server or site – wpcd_popup_header_logo. This is useful for admins and installations that are white-labeling the plugin.


  • The experimental e-mail gateway feature that was released with 2.6.0 would not show an error message if a test email failed to be sent. That is now resolved in this update.
  • The page cache confirmation message always said “cache has been disabled” even when the action was to “enable” it.
  • There was an issue with storing custom bucket names for the all-sites backup.
  • There was also a related issue with storing retention days for the all-sites backup.
  • PHP Warning about invalid commands or index for certain backup operations – it didn’t hurt anything but was just annoying to see in the log files.
  • There was an issue with the 6G firewall where, if there was a colon in the URL you would get an http forbidden error. This would affect common scenarios where you have redirects in the url such as this: http://subdomain.domain.com/logout?redirect_to=http://subdomain.domain.com/login. Notice the colon in the query args section of the url – in the past that would cause a forbidden error if the 6G firewall was turned on.
  • Enabling multisite SSL would always show as successful even when it sometimes failed.
  • Updated the BASH script for server-sync to resolve an issue where lock files would sometimes be left behind if the server-sync process failed – which would prevent future syncs from running.
Posted in