WordPress Toolkit Testing and External IPs

[jhawkins003]

Hello! We are testing WordPress Toolkit on a dev server that limits connection access to our internal org IP's and specific whitelisted connections for utilities, etc. I notice the screenshot panel for sites in WordPress Toolkit seem to be throwing 403's which is to be expected (something similar happens on Installatron). Are there any other features we should be aware of in WPT that utilize external connections?

It would be great to be able to whitelist these if so, but from what I can tell from our logs the connections for the screenshot utility at least seem to rotate (I presume they are coming from a CDN of some description).

 

[cPJustinD]

Hi there! Could you clarify where you're encountering the 403s? I see that you mentioned the screenshot panel for sites in WordPress Toolkit; however, I' don't see this panel in my testing server. Any further clarification you can provide would be appreciated!

 

[jhawkins003]

Thank you for the response! When you select a domain in Wordpress Toolkit you are presented with a number of details regarding the installation, and one of the interface elements is a little screenshot of the site. I believe it uses an external service or script function to capture this site preview, and in the case of our testing server we block external connections. I just wanted to A) verify if there are any other elements of the toolkit which rely on external (non-localhost) connections, and B) if so, are there IP's we could/should whitelist so everything functions as it should for the utility.

 

[cPJustinD]

Thank you for that clarification. I'm setting up an instance on my test server to verify if any external connections were made on my end. I'll report back here shortly.

 

[cPJustinD]

It appears that connections outbound to 89.187.164.38 and store.cpanel.net on port 443 are required for WordPress Toolkit. Can temporarily allow these external connections (if not already allowed) and report back if you're still seeing the issue?

Additionally, I wanted to note that there are various connections necessary for WordPress Toolkit functioning in aspects like installation, updating, installing assets. It utilizes the wordpress.org API entry point. Another example is the screenshotting service shots.plesk.com for taking website previews for the list of websites as you're mentioning. These should be considered when reviewing your external connection restrictions.

If you require further information so that you can properly configure your server to allow these connections, it would be best to submit a support request so that we can work with WordPress Toolkit to obtain and provide more information.

 

[jhawkins003]

Thank you! Unfortunately whitelisting those did not make a difference. I even tried whitelisting the current IP associated with shots.plesk.com (assuming it's static and not on a CDN).

By the way, outbound connections aren't really the issue - inbound traffic is what gets blocked, as this is a development server and items hosted on it are not intended for public access. We allow almost all outbound connections. I have to think that having test servers behind some form of secure access is not an uncommon practice, so having a list of utility/service-related IP's for WHM admins to be aware of would be a great thing to communicate.

 

[jhawkins003]

Hellohello! Just checking in on this question - was the final answer a "we don't know at this time"? I would be more than happy to open a ticket, but my question "what inbound IP's do we need to whitelist on secured servers so Wordpress Toolkit works as intended" feels more like a documentation/forum item and less a technical support/bug-fix item to burden the support staff with.

 

[cPRex]

I'm not sure there is going to be a way to provide a comprehensive list for this tool. It reaches out to cPanel, WordPress, and Plesk, depending on what operations are being performed, and the IPs from the various areas could change at any time.

 

[jhawkins003]

Ok! That makes sense.

We will soon be testing the tool in more detail and will be happy to share our experiences onto this thread regarding quirks, etc. As of now, the only feature that seems to not function as intended are the screenshot thumbnails mentioned earlier in the thread. That might well be the only element meaningfully impacted.

 

[cPRex]

For sure - if you've got feedback, let me know!

 

[Bucanero74]

Hi, something "similar" is happening to me, I create a site with the WordPress Toolkit, the site works, but the admin area gives 403 forbidden so I can'y login to the WP Admin Dashboard

 

[cPanelAnthony]

Hi, something "similar" is happening to me, I create a site with the WordPress Toolkit, the site works, but the admin area gives 403 forbidden so I can't login to the WP Admin Dashboard

I'm guessing the conversation in this thread didn't help? When you get these 403 errors, are there any errors in the Apache or cPanel error logs?

The cPanel Log Files - cPanel Knowledge Base - cPanel Documentation

documentation.cpanel.net