The first major WordPress Toolkit release in 2022 is v5.10.0, which is now officially available for Plesk! This release focuses on further improving the vulnerability scan feature, delivering bug fixes to customers, and laying out the groundwork for the introduction of API in the product.
Site Vulnerability Scan: Support For Inactive Assets
The Site vulnerability scan for the WP Toolkit has been helping site administrators keep their sites secure for several months now. However, it was scanning only active plugins and themes, which could be a problem in some cases. If a site admin wanted to activate a previously inactive plugin, there was no way to check if this plugin was safe to activate (that is, if it contained known vulnerabilities).
To address this issue, WordPress Toolkit now also scans inactive plugins and themes. To help site admins correctly assess what needs to be addressed first, it’s now possible to filter out vulnerabilities based on whether they are found inactive or inactive assets:
Since WordPress Toolkit sends out email notifications about found vulnerabilities, these emails now also include information about vulnerabilities found in inactive plugins and themes. These vulnerabilities are listed separately to make sure site admins can properly assess the urgency needed to address these vulnerabilities.
Link To PHP Version Change
If a WordPress site is using an outdated version of PHP that’s no longer supported by the vendor, WordPress Toolkit shows a warning for the site administrator. To help users fix this issue, a link to the PHP management menu was added to this warning message. This addresses a concern voiced by our partners, so we hope this small change will help their users stay up-to-date and secure.
One-Time Server Rescan
After the update to v5.10, the WP Toolkit will run a one-time server-wide scan on the cPanel platform. This will allow us to manage WordPress installations added manually or through other management tools.
The team has been working on brainstorming and developing the basis for the fully-fledged WordPress Toolkit API. We’ve made a lot of exciting progress, but it’s too early to unveil these changes to the public. So keep an eye on this blog for updates!