Completely Uninstall Wordpress Toolkit including users

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,483
566
273
cPanel Access Level
Root Administrator
@rivermobster - I did my testing and couldn't reproduce that on my end. I had a WordPress site and I manually selected the "Discourage search engines from indexing this site" option in WordPress, then clicked the refresh button in WPT (which causes it to re-scan the site) and that was displayed properly. The same thing happens with the "Search engine indexing" option.

Is it possible you just need to do the re-scan to let WPT pick up those changes? It doesn't grab that data in real-time, so that's likely where the confusion is.
 

rivermobster

Well-Known Member
Dec 16, 2020
104
25
28
SoCal
cPanel Access Level
Root Administrator
@rivermobster - I did my testing and couldn't reproduce that on my end. I had a WordPress site and I manually selected the "Discourage search engines from indexing this site" option in WordPress, then clicked the refresh button in WPT (which causes it to re-scan the site) and that was displayed properly. The same thing happens with the "Search engine indexing" option.

Is it possible you just need to do the re-scan to let WPT pick up those changes? It doesn't grab that data in real-time, so that's likely where the confusion is.
Understood.

I'll put that on my to-do list and give it a shot.

Did you happen to try it with the aftermarket security plug ins and see if the re-scan will pick up those changes? I use All In One WP Security & Firewall if you feel so inclined to try. If not, I get that too. :)
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,483
566
273
cPanel Access Level
Root Administrator
I'm kind of afraid to go down that road. If I do it once here, I can just picture someone going "but you tested a custom plugin for rivermobster!" Well, yeah, because I don't want to get thrown in a river!

I'm just going to give a more general "we don't test plugins" answer here :D
 

rivermobster

Well-Known Member
Dec 16, 2020
104
25
28
SoCal
cPanel Access Level
Root Administrator
I'm kind of afraid to go down that road. If I do it once here, I can just picture someone going "but you tested a custom plugin for rivermobster!" Well, yeah, because I don't want to get thrown in a river!

I'm just going to give a more general "we don't test plugins" answer here :D
lol...

Understood completely. I'll put that on my to-do list as well. :D
 
  • Like
Reactions: cPRex

theimagehouse

Registered
Feb 14, 2021
3
2
1
South Africa
cPanel Access Level
Root Administrator
I am so angry at this Wordpress Toolkit addition to my VPS. Who the hell gave you the right to even add it to my VPS, let alone scan my server and edit my clients config.php file. !!!! I had to answer to my clients why were folders and edits done to their website - THIS IS BLUDDY UNACCEPTABLE - I do not care how YOU feel this Toolkit is beneficial - IT NOT ! Please DO NOT damn install your rubbish on my server without my permission !!

I had to manually detach every website (your stupid script is not automatic), and then uninstall. PLEASE PLEASE we don't have time to be cleaning your rubbish okay.

@cPanel Dev Team - How the hell can you allow this! and on top of your price increases you want us to pay more for a stupid Toolkit for maintenance!

PATHETIC !
 
  • Like
Reactions: adamreece.webbox

theimagehouse

Registered
Feb 14, 2021
3
2
1
South Africa
cPanel Access Level
Root Administrator
@custer thank you for your reply.
Full update, minor update, plugin update etc are all available options of course from within 'Softaculous' which thousands of us already have installed.
And please in future, do not alter or edit our clients files without our express permission! It doesn't look good when we have to explain to our clients that although we host their websites, some third party software called "cPanel" has edited them without asking us !!!
I agree - We should have had an option to install WPT with the update and not being forced on our servers - I hate this !!
 
  • Like
Reactions: adamreece.webbox

custer

Member
Staff member
Dec 7, 2020
5
4
78
Russian Federation
cPanel Access Level
Root Administrator
There is nothing automatic about that tool. It requires you edit the command line to include the path to the wp-config.php file and then run it, one at a time, for each and every Wordpress installation on the server. Your installation script apparently found and edited every one of them without our intervention. Why are you making it so difficult to uninstall?
The script can process all sites on a server if you specify the directory that contains all your vhosts instead of specifying the directory of each vhost individually. Let us know if you still have issues with the script.
 

theimagehouse

Registered
Feb 14, 2021
3
2
1
South Africa
cPanel Access Level
Root Administrator
The script can process all sites on a server if you specify the directory that contains all your vhosts instead of specifying the directory of each vhost individually. Let us know if you still have issues with the script.
Will there be an easier way to uninstall in the future? Or at least opt not to have it installed in the first place?
 

adamreece.webbox

Well-Known Member
Nov 3, 2016
48
14
8
Penarth, United Kingdom
cPanel Access Level
Root Administrator
So much has been said already, but I too echo the sentiments of the rightly annoyed cPanel license holders in this thread.

It was a totally unacceptable decision to unwittingly install WordPress Toolkit without consent of the server operators.

@Forrest Ward - your server did not get any Wordpress installations as part of the update. If your server had Wordpress Manager, which has been a cPanel tool for some time, or if you clicked the option to install Wordpress Toolkit during the Feature Showcase, your machine would get Wordpress Toolkit installed. It just gives you the option to install and manage all Wordpress installations more easily.

As mentioned earlier in this thread, you can remove the RPM if you don't want the tool on the machine at all.
Wrong. I manage 9 WHM servers, and did not get asked about this during automatic updates. Most of which are in the "stable" branch until the next LTS is available, though this problem contradicts the meaning of stability. Having not known these plug-ins exist let alone what they are and do I've never opted in to WordPress Manager or WordPress Toolkit.

WordPress Manager and WordPress Toolkit are not comparable. The latter suddenly imposes separate licensing restrictions without any prior notice or consent, and blocks clients from routine business. That is why this is a big problem. What exactly gives cPanel the right to modify client WordPress installations without their consent? Nothing. Don't modify our production web applications please.

Removing this from our 9 WHM servers (including the hundreds of sites we host) along with dealing with queries about why some unknown software licensing constraint is suddenly in place, is costing us time thus money. Are cPanel going to compensate license holders for commercial time that has been lost correcting this problem?

Also let's look at your own documentation: https://docs.cpanel.net/knowledge-base/cpanel-developed-plugins/wordpress-toolkit/
  • "WordPress Toolkit Lite installs by default"
  • "When you upgrade a server to cPanel & WHM version 92, the nightly cPanel & WHM update process detects whether WordPress Manager is installed on the server. If WordPress Manager is installed, the update process will install WordPress Toolkit."
I may appear to be unjustifiably annoyed with this (shambolic) decision but given the time lost and customer applications modified without consent it has to be 100% understood by the cPanel team that this is not an acceptable practice. Someone screwed up bad, and this has damaged our perspective of cPanel's direction along with their reputation.


----


I've run the RPM command to remove this plug-in from infected servers (and yes, this shady installation is an infection), however it only removes the plug-in itself. It does not undo the changes it made to client web applications without our consent.

Is there a script from cPanel we can use to clean up their infection from client web applications, or must we go through each WordPress site manually?
 
Last edited:

adamreece.webbox

Well-Known Member
Nov 3, 2016
48
14
8
Penarth, United Kingdom
cPanel Access Level
Root Administrator
This script looks like it only modifies infections made to "wp-config.php". On further inspection this infection has also created the following directories/files relative to the home folder:
  • /.wp-toolkit/
  • /.wp-toolkit-identifier
  • /public_html/wp-content/maintenance/
  • /public_html/wp-content/maintenance.php
  • /wordpress-backups/
Not sure why we need to use a separate process at all. cPanel forced its way into our hosted WordPress sites easily enough, it should be able to see its way out just as easy as it came in. (This is again manual action due cPanel's intrusion costing its customers commercial time.)
 

adamreece.webbox

Well-Known Member
Nov 3, 2016
48
14
8
Penarth, United Kingdom
cPanel Access Level
Root Administrator
Fellow server operators, here is a script for your scrutiny to process all customers you host and purge WP Toolkit from their home folder and individual site HTDOCS directories. Amendments welcome.


Instructions:
  1. Save at "/root/remove-wp-toolkit.sh"
  2. `chmod 0750 /root/remove-wp-toolkit.sh`
  3. Run the script.
No modifications are made without your approval. If the output looks good run again with option "--consent" to action the cleaning proposed.



@cPanel: You've cost us 2 hours of time today with your infection. If you'd like to compensate us £140+VAT for commercial time lost we can provide you with a link to do that. :)
 
Last edited:

WorkinOnIt

Well-Known Member
Aug 3, 2016
212
30
28
UK
cPanel Access Level
Root Administrator
Hello all

A little late to this dreadfully shambolic party.

Like others here, I am very annoyed to find this toolkit thing has been installed without my permission and also affecting my customers. This in fact is actually quite a blow in my confidence with cPanel and WHM. I mean, how can they sanction this kind of action? Will there be more malware coming from the core updates?

What's worse, if you want to use the primary features, you have to PAY for it.... on top of all the cPanel price increases, this is another smack in the face.

I will be deleting Wordpress Toolkit - Was happy with the old Wordpress manager.
 
  • Like
Reactions: adamreece.webbox