WordPress Toolkit

WordPress Toolkit is a single management interface that enables you to easily install, configure, and manage WordPress. It is available if the WordPress Toolkit extension is installed in Plesk.

Note: The WordPress Toolkit extension is commercial. It is included into the Web Pro and the Web Host Plesk editions by default, and is available as premium extension in the Web Admin edition.

Installing WordPress

To install a new WordPress instance, go to Websites & Domains > WordPress and click Install. The following installation options are available:

  • For an express installation, click Install (Quick). The latest version of WordPress will be installed, and the default settings will be used.
  • If you want to change the default installation settings, click Install (Custom). This enables you to set up the administrator user, select the desired WordPress version, specify the database name, select autoupdate settings, and more.

    WP_install

Note: Installation of WordPress via the WordPress Toolkit is performed from the wordpress.org site.

The installation path of the installed WordPress site has the https prefix by default.

To view the list of all installations attached to the WordPress Toolkit, go to Websites & DomainsWordPress.

WP_list_of_installations

Adding existing WordPress Installations to WordPress Toolkit

All WordPress installations added using the WordPress Toolkit or through the Applications page appear in the WordPress Toolkit automatically; those installed manually need to be attached to the WordPress Toolkit. If you have upgraded from an earlier version of Plesk and you used WordPress, we recommend you to attach all existing WordPress installations to the WordPress Toolkit. To attach WordPress installations to the WordPress Toolkit, go to Websites & DomainsWordPress and click Scan. Note that if you install new copies of WordPress manually after the scan, these WordPress installations will not be attached to the WordPress Toolkit.

To detach a WordPress installation from the WordPress Toolkit, go to Websites & DomainsWordPress, click the WordPress installation name, and then click Detach. Note that a detached WordPress installation will be attached to the WordPress Toolkit again after you perform a new scan for WordPress installations.

You can completely remove any installation, no matter how it was installed: using the WordPress Toolkit, through the Applications page, or manually. To remove a WordPress installation from the WordPress Toolkit, go to Websites & DomainsWordPress, click the WordPress installation name, and then click Remove.

Importing WordPress Installations

You can use the "Web Site Migration" feature to migrate WordPress websites owned by you but hosted elsewhere to Plesk. When you migrate a WordPress website, Plesk copies all its files and the database to your server. Once a website has been migrated, you can manage it using WordPress Toolkit.

To migrate an existing WordPress website, go to Websites & Domains > WordPress, click Import, and then follow the instructions here.

Managing WordPress Installations

To manage settings of a WordPress installation, go to Websites & Domains > WordPress and click the name of the WordPress installation.

WP_overview

On the opened page, you can do the following:

  • Change the database user name, the administrator's email, the site name, or the interface language for a WordPress installation, by clicking Preferences.
  • Log in to a WordPress installation as an administrator, by clicking Log in to Admin Dashboard.
  • Change the administrator's access credentials, by clicking change password. In the opened Access credentials dialog, you can specify the password for the administrator account of the WordPress installation - it will be used to log in to WordPress from Plesk. If there is more than a single administrator account created for the WordPress installation, select the one that will be used for logging in to WordPress from the list. If you do not remember the password for the administrator account, you can reset it here.
  • If you have changed any settings directly in WordPress, click Refresh to re-read the installation data and display these changes in the WordPress Toolkit user interface.
  • To open WordPress site in a browser, click Open Site.
  • To manage the site files in the File Manager, click Manage Files. The folder where the WordPress is installed will be opened.

    Note: Files cannot be managed if the subscription is suspended.

  • View the current security status of the WordPress installation in the Security section. Click change to view and edit the security settings. For more information, refer to Securing WordPress.
  • Check if updates for WordPress and installed themes and plugins are available and set automatic updates in the Updates section. For more information, refer to Updating WordPress Installations.
  • Manage the database associated with the WordPress installation and change database user name in the Database section.
  • Manage WordPress plugins and themes. For more information, refer to Managing Plugins and Managing Themes.
  • Clone the WordPress installation (for details, refer to Cloning a WordPress site).
  • Synchronize WordPress data with another installation (for details, refer to Synchronization of WordPress Sites).
  • Back up the WordPress installation by clicking Back Up / Restore. The Backup Manager will be opened.
  • If your website is not ready for public viewing yet, deactivate the Search engine indexing option to make sure that search engines do not show your website in the search results. Deactivation of this option enables the "Discourage search engines from indexing this site" option in WordPress, which in turn adds the "noindex, nofollow" tags to your website's header and adds the Disallow directive into the virtual robots.txt file.
  • If you are installing WordPress for testing or development, enable the Debugging option. This will allow you to manage the native WordPress debugging tools in the opened Debug Settings dialog. You can select the following debug options:
    • WP_DEBUG - enable the main debug mode in WordPress. When this option is selected, you can select the following options:
      • WP_DEBUG_LOG - save all errors to the debug.log file inside the wp-content directory.
      • WP_DEBUG_DISPLAY - show debug messages inside HTML pages.
    • SCRIPT_DEBUG - force WordPress to use non-minified versions of core CSS and JavaScript files. This is useful when you are testing changes in these files.
    • SAVEQUERIES - save the database queries to an array that can be displayed to help analyze those queries. Note that this will have a noticeable performance impact on your site, so it is not recommended to leave this option enabled if you are not debugging.

    More information on the debug options can be found here. Debugging is shown as enabled if at least one debugging option is selected.

Next in this section:

Updating WordPress Installations

Managing Plugins

Managing Themes

Securing WordPress

Cloning a WordPress Site

Synchronization of WordPress Sites

 

Updating WordPress Installations

You can update your WordPress installations manually or automatically.

You can use different update settings depending on a situation. For example:

  • You maintain a publicly available (production) website you want to keep secure, but you are concerned that applying updates automatically may negatively affect it in some way. In this case, you can configure WordPress Toolkit to only install security updates automatically.
  • You maintain a non-public (staging) version of a WordPress site you want to keep up-to-date to ensure that, should an update break something, it happens on the staging installation and not on the production website. In this case, you can configure WordPress Toolkit to install all updates automatically.

Note: To ensure the security of your site, we recommend you to keep your WordPress instances up-to-date by switching the automatic updates on.

WordPress Toolkit uses WP-CLI for updating instances and sending you notifications.

To check if updates for WordPress and installed themes and plugins are available:

Go to Websites & DomainsWordPress and click Check for Updates.

To update one or more WordPress installations:

Go to Websites & Domains > WordPress, select the checkboxes corresponding to the WordPress installations you want to update, and click Update.

To set up automatic updates for one or more WordPress instances:

Go to Websites & DomainsWordPress, click Auto-Update, select the WordPress instances for which you want to set up automatic updates, and click one of the buttons:

  • Off (not recommended) - Install no updates. This option is the least secure of the three.
  • Minor - Install minor (security) updates only (for example, install 4.7.1, but not 4.8). This option is used by default and should not disrupt the correct operation of plugins.
  • Major & Minor - Install all (minor and major) updates (for example, to install 4.7.1 and 4.8). Please note that installing major updates may affect the operation of WordPress plugins.

    WP_autoupdate_buttons

To edit automatic updates settings of a particular WordPress instance:

Go to Websites & DomainsWordPress, click the name of the WordPress instance, and click change near Automatic updates. On the opened page, select one of the options:

  • Do not install updates automatically (not recommended)- Install no updates. This option is the least secure of the three.
  • Automatically install only minor (security) updates - Install minor (security) updates only (for example, install 4.7.1, but not 4.8). This option is used by default and should not disrupt the correct operation of plugins.
  • Automatically install all (minor and major) updates - Install all (minor and major) updates (for example, to install 4.7.1 and 4.8). Please note that installing major updates may affect the operation of WordPress plugins.

    WP_autoupdate

Auto-Update settings after upgrading WordPress Toolkit

When you upgrade the WordPress Toolkit extension to version 2.0 from an earlier version, the value of the Automatic Updates option will depend on two factors:

  • The previously configured value of the corresponding option in WordPress Toolkit.
  • The value of the WordPress constant WP_AUTO_UPDATE_CORE defined in the wp-config.php file (find more information here). The below table describes this dependence
WP_AUTO_UPDATE_CORE before upgrade Automatic Updates option in WordPress Toolkit before upgrade Automatic Updates option in WordPress Toolkit after upgrade

None

Off

Minor

None

On

Major & Minor

Minor

Off

Minor

True

Off

Major & Minor

False

Off

None

True, Minor, False

On

Major & Minor

Important: Do NOT change the value of the WP_AUTO_UPDATE_CORE constant manually because this value will not be synchronized with the corresponding WordPress Toolkit settings.

 

Managing Plugins

A WordPress plugin is a third-party software that adds new functionality to WordPress (for details, refer to https://wordpress.org/plugins/). WordPress Toolkit allows you to install plugins on one or more WordPress installations.

Installing and Removing Plugins

To install a plugin on one or more WordPress installations, go to Websites & Domains > WordPress > Plugins tab and click Install.

WP_plugins

Type in the name of the plugin you want to install and click Icon_search to search. Once the search is complete, locate the desired plugin in the list and select the corresponding checkbox. You can install the plugin on all WordPress installations on the currently selected subscription or select one or more installations on which the plugin will be installed. The selected plugin will be installed on all the selected WordPress installations. By default, newly installed plugins are activated immediately; you can prevent this by clearing the Activate after installation checkbox.

Note: If you search for a plugin, select the checkbox, and then perform a new search without installing the plugin first, the results of the first search will be lost. For that reason we recommend that you install plugins one at a time.

WP_install_plugin

To remove a plugin from one or more WordPress installations, go to Websites & Domains > WordPress. Select the checkboxes next to the names of WordPress installations from which you want to remove a plugin and click Plugins. Click thetrashcanicon next to a plugin to remove it from the selected WordPress instances.

You can also remove one or more plugins from all WordPress installations on a subscription. To do so, go to Websites & Domains > WordPress > Plugins tab, select the checkboxes next to the names of the plugins you want to remove, and click Uninstall.

Activating and Deactivating Plugins

To activate or deactivate one or more plugins on one or more WordPress installations, go to Websites & Domains > WordPress, select the checkboxes next to the names of WordPress installations on which you want to activate or deactivate plugins and click Plugins. You will be presented with a list of all plugins installed on at least one of the selected WordPress installations, along with their activation statuses. For every plugin, you can choose to activate it on all selected installations, deactivate it on all selected installations, or leave the plugin's activation status unchanged.

You can also activate or deactivate one or more plugins on all WordPress installations belonging to a subscription, on which those plugins are installed. To do so, go to Websites & Domains > WordPress > Plugins tab, select the checkboxes next to the names of the plugins you want to activate or deactivate, and click either Activate or Deactivate.

Updating Plugins

To update one or more plugins, go to Websites & Domains > WordPress > Plugins tab, select the checkboxes next to the names of the plugins you want to update, and click Update.

 

Managing Themes

A WordPress theme is a collection of files that modify the way the site is displayed (more information can be found at https://codex.wordpress.org/Using_Themes). WordPress Toolkit allows you to install themes on one or more WordPress installations.

Installing and Removing Themes

To install a theme on one or more WordPress installations, go to Websites & Domains > WordPress > Themes tab and click Install.

WP_themes

Type in the name of the theme you want to install and click looking_glass to search. Once the search is complete, locate the desired theme in the list and select the corresponding checkbox. You now can install the theme on all WordPress installations on the currently selected subscription, or select one or more installations on which the theme will be installed.

Note: If you search for a theme, select the checkbox, and then perform a new search without installing the theme first, the results of the first search will be lost. For that reason we recommend that you install themes one at a time.

WP_install_theme

To remove a theme from one or more WordPress installations, go to Websites & Domains > WordPress. Select the checkboxes next to the names of WordPress installations from which you want to remove a theme and click Themes. Click thetrashcanicon next to a theme to remove it from the selected WordPress instances.

You can also remove one or more themes from all WordPress installations on a subscription. To do so, go to Websites & Domains > WordPress > Themes tab, select the checkboxes next to the names of the themes you want to remove, and click Uninstall. Note that a theme that is currently active on a WordPress installation cannot be removed from that installation. To remove a theme from a WordPress installation, activate a different theme on it first.

Activating and Deactivating Themes

To activate a theme on one or more WordPress installations, go to Websites & Domains > WordPress, select the checkboxes next to the names of WordPress installations on which you want to activate the theme and click Themes. You will be presented with a list of all themes installed on at least one of the selected WordPress installations, along with their activation statuses. You can select a theme that will be activated on all WordPress installations on which it is installed.

You can also activate or deactivate a theme on all WordPress installations belonging to a subscription, on which that theme is installed. To do so, go to Websites & Domains > WordPress > Themes tab, and click Activate next to the theme you want to activate.

Updating Themes

To update one or more themes, go to Websites & Domains > WordPress > Themes tab, select the checkboxes next to the names of the themes you want to update, and click Update.

 

Securing WordPress

You can view the security status of your WordPress installation and change the security settings.

The security status of a WordPress installation is displayed in the S column at Websites & Domains > WordPress.

To check and secure WordPress installations:

  1. Go to Websites & Domains > WordPress.
  2. Do one of the following:
    • To check the security of all WordPress installations, click Check Security.
    • To secure a single WordPress installation, click the icon in the S column next to the name of the desired WordPress installation.
    • To secure two or more WordPress installations, select the checkboxes for the corresponding WordPress installations and click Check Security.
  3. Select the checkboxes corresponding to the security improvements you want to apply, then click Secure.

    WP_check_security

Caution: Keep in mind that not all security improvements can be rolled back. It is recommended to back up the corresponding subscription before securing WordPress installations.

A complete list of WordPress security improvements
  • The wp-content folder. The wp-content directory may contain insecure PHP files that can be used to damage your site. After WordPress installation, PHP files can be executed from the wp-content directory. The security check verifies that the execution of PHP files in the wp-content directory is forbidden. Note that custom directives in the .htaccess or web.config files might override this security measure. Also note that some of your plugins might stop working after securing the wp-content folder.
  • The wp-includes folder. The wp-includes directory may contain insecure PHP files that can be used to damage your site. After WordPress installation, PHP files can be executed from the wp-includes directory. The security check verifies that the execution of PHP files in the wp-includes directory is forbidden. Note that custom directives in the .htaccess or web.config files might override this security measure. Also note that some of your plugins might stop working after securing the wp-includes folder.
  • The configuration file. The wp-config.php file contains credentials for database access and other sensitive information. After WordPress installation, the wp-config.php file can be executed. If, for some reason, processing of PHP files by the web server is turned off, hackers can access the content of the wp-config.php file. The security check verifies that unauthorized access to the wp-config.php file is blocked. Note that custom directives in the .htaccess or web.config files might override this security measure.
  • Directory browsing permissions. If directory browsing is turned on, hackers can obtain information about your site (what plugins you use and so on). By default, directory browsing is turned off in Plesk. The security check verifies that directory browsing on the WordPress installation is turned off.
  • Database prefix. WordPress database tables have the same names in all WordPress installations. When the standard wp_ database table name prefix is used, the whole WordPress database structure is not a secret and anyone can obtain any data from it. The security check changes the database table name prefix to something other than wp_. The maintenance mode is turned on, all plugins are deactivated, the prefix is changed in the configuration file, the prefix is changed in the database, the plugins are re-activated, the permalink structure is refreshed, and then the maintenance mode is turned off.
  • Security keys. WordPress uses security keys (AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY) to encrypt information stored in the user's cookies. A good security key should be long (60 characters or longer), random and complicated. This security check verifies that the security keys are set up and that they at least contain both alphabetic and numeric characters.
  • Permissions for files and directories. If permissions for files and directories do not comply with the security policy, these files can be used to hack your site. After WordPress installation, files and directories can have various permissions. The security check verifies that the permissions for the wp-config.php file are set to 600, for other files to 644, and for directories to 755.
  • Administrator’s username. When a WordPress copy is installed, by default there is a user with administrative privileges and the username admin. As a user's username cannot be changed in WordPress, one only needs to guess the password to access the system as the administrator. The security check verifies that there is no user with the administrative privileges and the username admin.
  • Version information. There are known security vulnerabilities for each WordPress version. For this reason, displaying the version of your WordPress installation makes it an easier target for hackers. The version of an unprotected WordPress installation can be seen in the pages' meta data and readme.html files. The security check verifies that all readme.html files are empty and that every theme has a functions.php file which contains the line: remove_action(\'wp_head\', \'wp_generator\');.
 

Cloning a WordPress Site

Cloning a WordPress site is creation of its full copy with all web site files, database, and settings.

You may want to clone your WordPress site in one of the following situations:

  • You maintain a non-public (staging) version of a WordPress site on a separate domain or subdomain, and you want to publish it to a production domain to make it publicly available.
  • You have a publicly available (production) WordPress site and you want to create a non-public (staging) copy of it, to which you can make changes without affecting the production site.
  • You want to create a “master” copy of a WordPress site with pre-configured settings, plugins, and theme, and then clone it to start a new development project for a client.
  • You want to create multiple copies of a WordPress site and make different changes to each one (for example, to show them to a client so that he or she can choose the one he or she likes best).

Clone a WordPress site:

  1. Go to Websites & Domains and click WordPress in the menu on the right.

    Subscription_Wordpress

  2. Click the Clone button next to the name of the WordPress installation you want to clone.

    WP_Clone_2

  3. Click new subdomain to select the destination where your WordPress site will be cloned.

    WP_Clone_3

    Select one of the available options:

    • Create a new subdomain. Type in the desired subdomain name. Then, select the desired parent domain.
    • Use an existing domain or subdomain on the same or another subscription. Select the desired domain or subdomain from the list.
    • If the WordPress site being cloned is installed on a subdomain, the new subdomain link is replaced with the existing domain/subdomain link. In this case, you must select an existing domain or subdomain as the destination.

      WP_Cloning_subdomain_name_1

      Note: Make sure that the domain or subdomain selected as the destination is not being used by an existing website. During cloning, website data existing on the destination may be overwritten and irrevocably lost.

      WP_Cloning_from_subdomain_select_domain

  4. During cloning, a database will be created for the WordPress installation being created. Click the automatically generated database name (for example, wordpress_9) to change it. If multiple MySQL servers are registered in Plesk, you can select which one will host the database.

    WP_Cloning_database_name

  5. When you are satisfied with the selected destination and the database name, click OK.

    WP_Cloning_Progress_2

When the cloning is finished, the new clone will be displayed in the list of WordPress installations.

 

Synchronization of WordPress Sites

You can synchronize the content of your WordPress site including files and database with another WordPress site.

Let us say you maintain a non-public (staging) version of a WordPress site on a separate domain or subdomain and a publicly available (production) version of this site on a production domain. You may want to synchronize your WordPress sites in the following situations:

  • You want to copy the changes you made to the staging version to the production version.
  • You want to copy the data from the production site to the staging site to see how the changes (for example, a new plugin) work with the production data. After checking that everything works fine, you may copy your changes to your production site.
  • You have made some changes (for example, installed a new plugin) to the staging site, and these changes resulted in new tables being added to the database. You want to copy only these tables to the production site without affecting other data.
  • You have upgraded the staging site to a newly released version of WordPress and fixed the post-upgrade issues (if any). You now want to push these changes to the production site.

You can select which data you want to synchronize with another WordPress site. For example, you may want to synchronize only the files, only the database, or both the files and the database. If you synchronize the database, you can specify which database tables must be synchronized.

The synchronization works as follows:

  • The selected data are copied from the source site to the destination site.
  • The data missing from the source site but present on the destination site are not removed.
  • During syncronization, the site receiving new data is set to the maintenance mode and becomes temporarily unavailable.
  • If the destination site has an older WordPress version than the source site, WordPress Toolkit will first upgrade the destination site to the version of the source site and then perform the synchronization.
  • If the source site has an older WordPress version than the destination site, the synchronization will not be performed. To synchronize data in such a case, copy the data from the destination site to the source site first to match WordPress versions, make changes, and then perform the synchronization from the source site to the destination site again.
  • If the source and the destination sites have different database prefixes, WordPress Toolkit will first change the database prefix on the destination site and then perform the synchronization.
  • Synchronization of data between a multisite installation and a non-multisite installation is not supported. We recommend using cloning instead.

To synchronize a WordPress site data with another site:

  1. Go to Websites & Domains and click WordPress in the menu on the right.

    Subscription_Wordpress

  2. Click the Sync button next to the name of the WordPress installation you want to synchronize.

    WP_Sync1

  3. Under Destination WordPress Installation, select the destination WordPress installation you want to synchronize the data with. This WordPress installation may be related to the same or another subscription.

    Sync_settings

  4. Under Select Content to be Copied, select which data you want to synchronize with the destination WordPress site. The following options are available:
    • Files Only (the default option) - synchronizes only the website files including the WordPress core files and the files related to themes and plugins.

      Note: The files wp-config, .htaccess, and web.config will not be synchronized as changing of these files may disrupt the operation of WordPress.

    • Database Only - synchronizes only the database. You can select to import all, new, or selected database tables (for details, see the Database synchronization section below).
    • Files and Database - synchronizes both the website files and the database. You can choose to import all, new, or selected database tables by selecting the corresponding option (for details, see the Database synchronization section below).
  5. When you are satisfied with the selected destination and the content to be synchronized, click OK.

    Sync_progress

When the synchronization is finished, you will see a page displaying the settings of the source WordPress installation. On it, you can see the last time synchronization was performed.

Sync_result

Database synchronization

When you choose to synchronize databases (that is, you have selected either the Database Only or the Files and Database option), you need to specify which database tables you want to synchronize:

  • All Tables (the default option)
  • New tables
  • Selected tables. If you select this option, you can see the list of available database tables and select which tables you want to synchronize. If you want to synchronize all changes except for pages, posts, and users, you can select all database tables except the tables with the _postmeta, _posts, _username, and _users suffixes, by clicking the corresponding link.

Sync_select_tables

 

Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.