Feature Release 4.6.0

We just pushed a major set of new features to all FireupWP (now WPCD.Cloud) customers.

New: “Push” Notifications

You can now send alerts on important server events to multiple email addresses, multiple Slack hooks and multiple Zapier hooks.

Events supported in this release are:

  • Power events (server start up, server shutdown)
  • MONIT (“Healing”) alerts.
  • Server restart needed
  • Backup start and end
  • When malware has been detected (if Maldet is installed)

Each user/admin can create multiple alerts for different types of events, server and site combinations. Or you can create a single alert for all servers and sites (quick way to get started!)

New Backup Option

WPCD.Cloud currently allows you to backup your WordPress sites to Amazon S3. With this release we are starting to focus on backing up critical files that are outside of your WordPress data folders.

Under the BACKUP tab on your servers you will see a new backup option: LOCAL SERVER CONFIGURATION BACKUPS

As you can see, a simple toggle is all you need to turn it on.

If you’ve ever made an errant update to a configuration file and wished you could go back in time without doing a full restore of your server or site, you’ll appreciate this feature.

The following files are backed up to another folder:

  • NGINX configuration files from /etc/nginx
  • php.ini
  • LetsEncrypt “live” folder
  • mysql configuration files from /etc/mysql
  • wp-config.php files from all sites

We still recommend that you turn on your providers’ server image level backups – this new feature does not replace those images.

New: Redirect Rules

You can now set up simple redirect rules for each site at the server level. We say “Simple” because we can only handle direct URL -> URL redirection within the UI, i.e.: No NGINX regex rules can be used.

The reason for the restriction is simple – we can’t reliably escape and make safe the regex data entered into our browser-based UI before applying it on the Linux command line.

Still, there are many scenarios where being able to do simple redirects at the server level is useful.

If you really need to apply a REGEX based redirect, you’ll still need to log into the server via SSH and edit or create the redirect file (contact our support staff for instructions on creating a redirect rules file).

New: HTTP/2 Option

We’ve exposed the option to enable or disable HTTP/2 so that you no longer have to drop to the command line for it.

New: Change PHP Workers

Admins can now change PHP workers without needing to ssh into the server.

Only full WPCD.Cloud admins can do this – even if a regular user has been granted permission to make site changes they will not see this option. The reason is that, in shared environments, it would be too easy for one user to set these options to hog all the server resources or break the server by requesting more resources than what’s available.

New: Security and Optimization Tweaks

We’ve now provided a UI for some commonly used NGINX options.

New: UI For Installing Fail2Ban

We added an option to allow the admin to install fail2ban on the server. We’ve provided a server level script for a while now – with this release we’ve provided a UI for that script.

We also added options to change some basic Fail2Ban parameters. These should work for most use cases.

And, for each site, you can now install the WP FAIL2BAN WordPress plugin that will allow certain WordPress related events to trigger IP blocks.

New: Set / Reset Root Password

We now allow you to set or reset the root password. But we don’t allow you to specify the password – we generate it for you to prevent using weak passwords. (Of course, we can’t do anything if you decide to go directly to the command line and apply a weak password.)

WPCD.Cloud does not use the root password for normal operations. But, if, for some reason, you lock yourself out of a server, most cloud server providers provide a recovery console where you are required to login with a root password (not a key-pair).

If you’re experimenting with Fail2Ban now that it’s available in the UI, you might consider setting up a root password first. If you lock yourself out of the server with fail2ban then you can use the root password along with your server providers’ console to regain access.

New: GoAccess

You can now install the GOAccess dashboard from inside WPCD.Cloud

Not familiar with GoAccess? Here is a brief description, taken directly from their website:

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly.

Visual Tweaks

The server detail screen now uses vertical tabs just like the site detail screen.

And, both server and site screen tabs now include icons (a completely functionally useless change but it does make things a bit more visually appealing.)

Multisite Updates

This release adds the core changes necessary to support WordPress multisite subdirectory configurations as well as wildcard SSLs for sub-domain based multisites.

New Permissions

We added explicit permissions that can be applied to five tabs on the server screen:

Most users will have no need to use these permissions.

New: Email Alerts For Server & Site Owners

This feature is probably only going to be of interest to agencies with a lot of servers and sites scattered across various server providers. With it you can specify one or more “owners” of a server by setting up email addresses directly on the server or site record.

Then, you can choose one or more servers and sites and compose emails to those owners.

This is useful when you receive a maintenance notification from a server provider. You can then just choose all the servers or sites located at that provider and send out an alert email to the respective owners without having to wonder if the server provider field in your CRM is up to date.

Server Level Changes

WPCD.Cloud 4.6.0 includes some significant server level changes:

PHP OpCache

OPCache is now enabled by default on new servers and configured to assume multiple sites that should not be exposed to each other (Shared hosting environment).

If you are dedicating a site to a single server or multiple sites that belong to the same user then you can disable a couple of the OPCache directives to get slightly better performance.

Server Changes

New servers will enable GZIP on additional file types and also enable AIO and PCRE JIT, all of which will increase performance slightly.

Prior versions of the server stack actually had GZIP enabled but not for many common file types. This new version of the stack includes all the usual suspects.

Site Changes

New sites will enable automatic browser caching of images and certain other static assets.

In the past we assumed that a CDN or other proxy (such as Cloudflare) would be used to facilitate this functionality but it doesn’t really hurt to enable it anyway. It’s still a good idea for you to enable a CDN or proxy on production sites – if those sites have decent traffic a CDN will usually be faster than going directly to your servers for static assets.

New: CloudFlare DNS Integration

Up till now WPCD has not had a native integration with any DNS service provider. That changes with this release with the inclusion of basic support for CloudFlare.

New sites will be given a randomly generated temporary domain which will also be added to CloudFlare’s DNS automatically. Users can still specify a different domain for their new site, overriding the temporary one.

This makes it easy to just start using a new WP site, especially if all you’re looking to do is fire up a temporary site.

New: Control PHP Processes

You can now restart and check the status of the PHP process for all versions of PHP.

Scheduled Server Reboots

We added an option to allow admins to schedule server restarts for later. A tiny but useful feature when the server needs to be restarted after a background update but you really don’t want to do it during production hours.

Tweaks & Fixes

Our Best Fix Yet

Regular users of our product know there was a very very annoying issue with tabs – when the page refreshed you were always taken back to tab #1 instead of returning you to where you were. This was a limitation of the metabox.io library which we used to rapidly build things out.

Since it didn’t seem as if metabox.io was going to fix this trait anytime soon, we applied a JavaScript band-aid of our own in this version. So, in most cases, after applying a setting and refreshing the screen, you will be returned to the tab you were on.

We can’t claim that it will work 100% of the time since it is a band-aid but it’s a lot lot better than it used to be!


  • Tweak: Show the initial WP login credentials under the MISC tab.
  • Tweak: In the NOTES section for servers and sites, there is a new tab that can only be seen by admins. The other tabs can be seen and used by regular uses if they’ve been assigned rights to the server or site. This new tab allow admins to add notes without fear that they will be seen by regular users.
  • Tweak: Add support for Monitorix for Ubuntu 20.04.
  • Tweak: If a site is disabled, show a disabled message in most site tabs instead of allowing the admin to perform operations that might fail because of missing Nginx config files.
  • Tweak: Removed Ubuntu 20.04 from limited release – it’s now fully supported in this version.
  • Tweak: Add an option to the select drop-down for WP versions to support WP 5.6.1.
  • Tweak: Make sure domain names are always lowercase when changing domains or cloning a site.
  • Tweak: Lock down the ability to change advanced php.ini options to system admins.
  • Tweak: Lock down the ability to reset the restricted set of PHP functions to system admins.
  • Tweak: When setting a “common” php option, validate it against a known good list.
  • Tweak: Add option to hide the NOTES column in general tab in the SERVER screen. Most experienced users don’t need to see this column so it’s nice to just get it off the screen.
  • Tweak: New option to hide the instance id from the server list screen.
  • Tweak: Add option to remove the email gateway package after it’s been installed. Before you had no option to remove it other than with an ssh login.
  • Add the disk size to the Digital Ocean server size description.
  • When saving settings we clear all caches for all providers. This is an attempt to make some of the functions on the screen a little less confusing while not completely killing performance.


  • Fix: Sometimes a required entry for page caching was not automatically added to the wp-config.php file.
  • Fix: Prophylactic code added to the bash scripts to prevent user names from being greater than 32 chars.
  • Fix: A function was returning incorrect data about the existence of a domain.
  • Fix: The primary server callback might sometimes fail if there’s a space in the UPTIME data
  • Fix: The toggle for turning on and off the UFW firewall never really worked – the toggle logic was actually inversed.
  • Fix: Silly bug in the push-commands.php file where we used add_action instead of do_action.
  • Fix: When changing the PHP version on the SERVER TOOLS tab, we now set a meta that shows the new version.
  • Fix: Some servers would not notify the plugin after a reboot because network services were not started.
  • Fix: An issue where domain changes would mangle the new domains’ NGINX configuration files in certain edge cases.
Posted in