Completely Uninstall Wordpress Toolkit including users

RobinF28

Active Member
Jun 27, 2015
40
8
58
Elgin, Scotland
cPanel Access Level
Root Administrator
I agree with the general sentement above from WHM users, i.e. new features shoudn't add or modify code on users' accounts without the explicit consent & agreement from server owners etc.

I too have used the rpm -e wp-toolkit-cpanel command to remove the feature, after initally accepting it, in oder to understand it's functionalty better, and then regretted this.

Furthermore and FYI, I have noticed many additional log lines (1000's of additional lines) in our daily "/var/log/secure" log file, referencing this line...

sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts

... which indicates increased activity as this feature "does-it's-thing" so to speak, and there is no explination of this yet. I'm a bit suspicious of course, but hoping this will now stop after its de-registration.

Just FYI.

:)
 

custer

Registered
Staff member
Dec 7, 2020
3
2
78
Russian Federation
cPanel Access Level
Root Administrator
Since the editing of the wp-config.php files.. I tested some manual Wordpress upgrades and they have now switched to the dev/nightly versions. This is a huge issue. There has to be some way for cPanel to support the reversal of this almost malicious (not intended) action.
Hi @bradlee,

This can happen only if both of the following conditions are true:

1. Your WP site is already running a dev/nightly version.
2. Major WP core updates were enabled for your WP site either manually or via WPT.

Please double check if the sites you've used for testing were already running a dev/nightly build, since WPT cannot install dev/nightly builds or update a public release build to a dev/nightly build without site admin enabling dev/nightly builds first.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,067
283
213
cPanel Access Level
Root Administrator
Hey everyone!

We've published a tool that will allow you to automatically remove the extra entry to the wp-config.php file:


Since this does make a change to user files, it's important you have a backup first just in case.
 

Paul Shultz

Active Member
Jun 5, 2018
27
10
3
Malebourne
cPanel Access Level
Root Administrator
Thanks to @custer for that helpful post.

I'd also like to point out that after some additional research, WPT *will* auto-install if you update cPanel and Wordpress Manager is detected, which is something we weren't aware of at the time I posted last week.
I am glad that this was picked up, as it was made to believe i did something wrong in v90 update to v92.0.3 feature showcase
 
  • Like
Reactions: cPRex

0884094

Member
Nov 14, 2013
15
6
53
cPanel Access Level
Root Administrator
"WordPress Toolkit" has broken auto-update for the 350 WordPress blogs on our server by modifying wp-config.php without my knowledge.

cPanel: please avoid pushing this kind of thing onto my systems in the future.

@custer: my platform manages auto-updates by setting constants from our own plugin, so if you scan wp-config.php and don't find WP_AUTO_UPDATE_CORE, don't think that you can insert your own random settings without affecting anything. Your inserts clobbered our logic. It took me a while to figure out what was going on. Our plugin uses this:
add_filter( 'auto_update_core', '__return_true' );
add_filter( 'allow_dev_auto_core_updates', '__return_true' );
add_filter( 'allow_minor_auto_core_updates', '__return_true' );
add_filter( 'allow_major_auto_core_updates', '__return_true' );
add_filter( 'auto_core_update_send_email', '__return_false' );
 

rivermobster

Well-Known Member
Dec 16, 2020
67
9
8
SoCal
cPanel Access Level
Root Administrator
@custer

I'd like to add a little something to this discussion, both pro and con...

First, I'm upgrading to a new cloud hosting account. It was nice to find the Toolkit there. Normally, I'd either have to add WP manually, or do it through Softaculous, so the toolkit was a nice surprise since I won't have Softaculous anymore.

We are all here to make money. Obviously the toolkit wants to monetize itself, but let's be realistic here....

Almost All of the options the toolkit wants us to pay for are free with a number of different security plugins, so why would anyone want to pay for that! lol

This is the one I use, I have it on all of my sites: All In One WordPress Security and Firewall Plugin The free version has, I believe, all of your Premium options included. Wordfence is probably the most popular one, but it's a little overblown for my tastes.

Premium features should be PREMIUM features. Things you can't get somewhere else or provide a much needed service.

Being able to add my own plugin and theme library is Really nice, but do i want to pay a monthly fee for that? Yeah no. Cause really, that's the only thing I can see so far that I can't easily get somewhere else AND makes my life easier.

Add some Real value to it, reduce the price, or maybe make it a one time fee to upgrade (the one time fee is a much prefered option to me)? Nickel and diming my monthly nut is never my first choice for an upgrade. :)

With all due respect,

-Joe