@rivermobster - I did my testing and couldn't reproduce that on my end. I had a WordPress site and I manually selected the "Discourage search engines from indexing this site" option in WordPress, then clicked the refresh button in WPT (which causes it to re-scan the site) and that was displayed properly. The same thing happens with the "Search engine indexing" option.
Is it possible you just need to do the re-scan to let WPT pick up those changes? It doesn't grab that data in real-time, so that's likely where the confusion is.
Is it possible you just need to do the re-scan to let WPT pick up those changes? It doesn't grab that data in real-time, so that's likely where the confusion is.
Understood.
I'll put that on my to-do list and give it a shot.
Did you happen to try it with the aftermarket security plug ins and see if the re-scan will pick up those changes? I use All In One WP Security & Firewall if you feel so inclined to try. If not, I get that too.
I'm kind of afraid to go down that road. If I do it once here, I can just picture someone going "but you tested a custom plugin for rivermobster!" Well, yeah, because I don't want to get thrown in a river!
I'm just going to give a more general "we don't test plugins" answer here :D
I'm just going to give a more general "we don't test plugins" answer here :D
I am so angry at this Wordpress Toolkit addition to my VPS. Who the hell gave you the right to even add it to my VPS, let alone scan my server and edit my clients config.php file. !!!! I had to answer to my clients why were folders and edits done to their website - THIS IS BLUDDY UNACCEPTABLE - I do not care how YOU feel this Toolkit is beneficial - IT NOT ! Please DO NOT damn install your rubbish on my server without my permission !!
I had to manually detach every website (your stupid script is not automatic), and then uninstall. PLEASE PLEASE we don't have time to be cleaning your rubbish okay.
@cPanel Dev Team - How the hell can you allow this! and on top of your price increases you want us to pay more for a stupid Toolkit for maintenance!
PATHETIC !
I had to manually detach every website (your stupid script is not automatic), and then uninstall. PLEASE PLEASE we don't have time to be cleaning your rubbish okay.
@cPanel Dev Team - How the hell can you allow this! and on top of your price increases you want us to pay more for a stupid Toolkit for maintenance!
PATHETIC !
I agree - We should have had an option to install WPT with the update and not being forced on our servers - I hate this !!
The script can process all sites on a server if you specify the directory that contains all your vhosts instead of specifying the directory of each vhost individually. Let us know if you still have issues with the script.
Will there be an easier way to uninstall in the future? Or at least opt not to have it installed in the first place?
So much has been said already, but I too echo the sentiments of the rightly annoyed cPanel license holders in this thread.
It was a totally unacceptable decision to unwittingly install WordPress Toolkit without consent of the server operators.
WordPress Manager and WordPress Toolkit are not comparable. The latter suddenly imposes separate licensing restrictions without any prior notice or consent, and blocks clients from routine business. That is why this is a big problem. What exactly gives cPanel the right to modify client WordPress installations without their consent? Nothing. Don't modify our production web applications please.
Removing this from our 9 WHM servers (including the hundreds of sites we host) along with dealing with queries about why some unknown software licensing constraint is suddenly in place, is costing us time thus money. Are cPanel going to compensate license holders for commercial time that has been lost correcting this problem?
Also let's look at your own documentation: https://docs.cpanel.net/knowledge-base/cpanel-developed-plugins/wordpress-toolkit/
----
I've run the RPM command to remove this plug-in from infected servers (and yes, this shady installation is an infection), however it only removes the plug-in itself. It does not undo the changes it made to client web applications without our consent.
Is there a script from cPanel we can use to clean up their infection from client web applications, or must we go through each WordPress site manually?
It was a totally unacceptable decision to unwittingly install WordPress Toolkit without consent of the server operators.
Wrong. I manage 9 WHM servers, and did not get asked about this during automatic updates. Most of which are in the "stable" branch until the next LTS is available, though this problem contradicts the meaning of stability. Having not known these plug-ins exist let alone what they are and do I've never opted in to WordPress Manager or WordPress Toolkit.
WordPress Manager and WordPress Toolkit are not comparable. The latter suddenly imposes separate licensing restrictions without any prior notice or consent, and blocks clients from routine business. That is why this is a big problem. What exactly gives cPanel the right to modify client WordPress installations without their consent? Nothing. Don't modify our production web applications please.
Removing this from our 9 WHM servers (including the hundreds of sites we host) along with dealing with queries about why some unknown software licensing constraint is suddenly in place, is costing us time thus money. Are cPanel going to compensate license holders for commercial time that has been lost correcting this problem?
Also let's look at your own documentation: https://docs.cpanel.net/knowledge-base/cpanel-developed-plugins/wordpress-toolkit/
- "WordPress Toolkit Lite installs by default"
- "When you upgrade a server to cPanel & WHM version 92, the nightly cPanel & WHM update process detects whether WordPress Manager is installed on the server. If WordPress Manager is installed, the update process will install WordPress Toolkit."
----
I've run the RPM command to remove this plug-in from infected servers (and yes, this shady installation is an infection), however it only removes the plug-in itself. It does not undo the changes it made to client web applications without our consent.
Is there a script from cPanel we can use to clean up their infection from client web applications, or must we go through each WordPress site manually?
Last edited:
@adamreece.webbox - you'll see I retracted that statement in a later post about the update.
There are details here that will help remove the change: Completely Uninstall Wordpress Toolkit including users
There are details here that will help remove the change: Completely Uninstall Wordpress Toolkit including users
This script looks like it only modifies infections made to "wp-config.php". On further inspection this infection has also created the following directories/files relative to the home folder:
- /.wp-toolkit/
- /.wp-toolkit-identifier
- /public_html/wp-content/maintenance/
- /public_html/wp-content/maintenance.php
- /wordpress-backups/
Fellow server operators, here is a script for your scrutiny to process all customers you host and purge WP Toolkit from their home folder and individual site HTDOCS directories. Amendments welcome.
pastebin.com
Instructions:
@cPanel: You've cost us 2 hours of time today with your infection. If you'd like to compensate us £140+VAT for commercial time lost we can provide you with a link to do that.
remove-wp-toolkit.sh - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Instructions:
- Save at "/root/remove-wp-toolkit.sh"
- `chmod 0750 /root/remove-wp-toolkit.sh`
- Run the script.
@cPanel: You've cost us 2 hours of time today with your infection. If you'd like to compensate us £140+VAT for commercial time lost we can provide you with a link to do that.
Last edited:
@ adamreece.webbox Thanks for the script. Its a pity cPanel couldn't be bothered to write this for us.
Let us know if they cough up £140+VAT for you, we would like to invoice them as well
Let us know if they cough up £140+VAT for you, we would like to invoice them as well
Hello all
A little late to this dreadfully shambolic party.
Like others here, I am very annoyed to find this toolkit thing has been installed without my permission and also affecting my customers. This in fact is actually quite a blow in my confidence with cPanel and WHM. I mean, how can they sanction this kind of action? Will there be more malware coming from the core updates?
What's worse, if you want to use the primary features, you have to PAY for it.... on top of all the cPanel price increases, this is another smack in the face.
I will be deleting Wordpress Toolkit - Was happy with the old Wordpress manager.
A little late to this dreadfully shambolic party.
Like others here, I am very annoyed to find this toolkit thing has been installed without my permission and also affecting my customers. This in fact is actually quite a blow in my confidence with cPanel and WHM. I mean, how can they sanction this kind of action? Will there be more malware coming from the core updates?
What's worse, if you want to use the primary features, you have to PAY for it.... on top of all the cPanel price increases, this is another smack in the face.
I will be deleting Wordpress Toolkit - Was happy with the old Wordpress manager.
Hello Every Wordpress Toolkit Disgruntled Person,
Here is my point to cPanel...
First of all, I reckon something that meddles with the existing Wordress installs on my servers in this fashion is akin to malware.
Number two - If you are going to so rudely interrupt the long standing open-source party over at Wordpress perhaps you would like to first make the installation options very, very clear in advance. And also while you're at it you should probably write a very comprehensive instruction manual.... something like the depth of the beautiful Wordpress codex site.
Number three - How would your company and clients feel if Matt Mullenweg and all the good people over at Wordpress wrote a new update that decided it was OK to screw with the EasyApache cPanel files without asking?
Seriously, I can't help wondering whether Oakley have decided they are financially jealous of watching Wordpress get so much use on 'their' servers at the same time as being free and open source.
Perhaps they think its time to try and corner the cPanel Wordpress users so they can make a free open source piece of software into something that will only run on WHM & Plesk if you pay Oakley some extra bucks. Maybe thats where this is heading.
Imagine a future where you get up one day and find out you can no longer even run Wordpress at all on your cPanel, WHM & Plesk servers unless you pay an additional per user price for an extension that enables this wonderful open source software to even be installed at all.
Despite the recent price hikes and license changes, I'm sure that's not what they are up to, they probably just want to make your life easier.
Here is my point to cPanel...
First of all, I reckon something that meddles with the existing Wordress installs on my servers in this fashion is akin to malware.
Number two - If you are going to so rudely interrupt the long standing open-source party over at Wordpress perhaps you would like to first make the installation options very, very clear in advance. And also while you're at it you should probably write a very comprehensive instruction manual.... something like the depth of the beautiful Wordpress codex site.
Number three - How would your company and clients feel if Matt Mullenweg and all the good people over at Wordpress wrote a new update that decided it was OK to screw with the EasyApache cPanel files without asking?
Seriously, I can't help wondering whether Oakley have decided they are financially jealous of watching Wordpress get so much use on 'their' servers at the same time as being free and open source.
Perhaps they think its time to try and corner the cPanel Wordpress users so they can make a free open source piece of software into something that will only run on WHM & Plesk if you pay Oakley some extra bucks. Maybe thats where this is heading.
Imagine a future where you get up one day and find out you can no longer even run Wordpress at all on your cPanel, WHM & Plesk servers unless you pay an additional per user price for an extension that enables this wonderful open source software to even be installed at all.
Despite the recent price hikes and license changes, I'm sure that's not what they are up to, they probably just want to make your life easier.
@3.14fingers - thanks for the feedback on this. I'm going to go through these concerns in order to make sure nothing is missed.
While there are additional paid features in the tool that require a license, those are the more advanced things like cloning and staging. Installation and management can all be done through the free version. There's also no reason you couldn't keep installing WordPress manually, as we have no plans to block one of the most popular pieces of software in the world to try and force users to pay for that to be installed on cPanel machines.
While WordPress Toolkit does get automatically installed for users that had WordPress Manager, it doesn't take over any installations without you specifically telling it to. For example, if you have WordPress already installed, and then install WordPress Toolkit, it won't try and manage the installs unless you perform a scan for them.
I agree - and at this point I believe that is how it behaves. While WPT may see your installation, it won't adjust any configuration files unless you have it manage the WordPress install.
This point doesn't make sense to me since EasyApache is proprietary software and WordPress is distributed freely. WordPress doesn't run at a high enough level to make any adjustments to the EasyApache tools as those are handled by the root user. I do understand the point you're trying to make though, which is why we don't force users to use WPT. The reason we install the software at all is because we are trying to get users off the older WordPress Manager tool.
While there are additional paid features in the tool that require a license, those are the more advanced things like cloning and staging. Installation and management can all be done through the free version. There's also no reason you couldn't keep installing WordPress manually, as we have no plans to block one of the most popular pieces of software in the world to try and force users to pay for that to be installed on cPanel machines.
Unfortunately experience shared in this thread shows that this is just not accurate.
Looking at the experience we've had on our WHM servers, and that of other customers complaining in this thread, WP Toolkit did interfere with existing WordPress installations without our consent. I would put money on that plenty of impacted customers didn't even know WP Toolkit existed, let alone installed it intentionally and consented to modifying existing detached WordPress deployments.
This did actual damage to the data of multiple of our clients. (Companies frequently get sued for this kind of negligence!) This cost us commercial time to repair, time taken away from other billable work, and I suspect the same for that of other complaints too.
@adamreece.webbox - I can't say I've seen that exact behavior. I do know there were issues when the product was first released, but that type of interference should no longer be happening.
If you're still seeing that, could you open a ticket with our team so we can investigate?
If you're still seeing that, could you open a ticket with our team so we can investigate?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| D | WordPress Toolkit fails to uninstall plugin when proc_open, proc_close are disabled in PHP config | Product Extensions | 23 |