What’s New In WPCloudDeploy 4.16

WPCD 4.16 is a release with a lot of tweaks affecting many areas of the application. It is also a technical release where we’re:

• Resetting certain defaults
• Continued doing the internal work necessary to bring the code closer to compliance with WP coding standards and
• Adding some foundations for future features.

It includes a few minor breaking changes:

• An update to the server callback scripts which should be installed on your existing servers.
• A new tab on the site screen for wp-config entries that might not be suitable for some of your non-admin users.
• A new version of the PowerTools add-on is required if you’re using it. Installing WPCD 4.16 with an old version of POWERTOOLS will cause a WSOD. It is best to disable PowerTools before installing this new version of WPCD.

There are also some stability improvements that kick in when running simultaneous operations on multiple servers.

Read on to learn more about how this release might affect you.

New: Update WP-CONFIG.PHP Without Leaving WPCD

You can now add or update the most common wp-config.php options from inside WPCD. There is a new tab on all sites called, simply, WPConfig.

There are two sections in it – one that shows the most common options and another where the admin can enter or update any option.

The visibility of this new tab can be controlled by the security options in the settings area as well as by Team options.

New: Disable Older PHP Versions On New Servers

New servers will no longer have PHP 5.6, 7.1, 7.2 and 7.3 enabled by default. While they will still be installed, their services will be disabled unless explicitly enabled by an admin.

Only PHP 7.4, 8.0 and 8.1 will be enabled.

To support this we have added a new column to the PHP PROCESSES section on the server SERVICES tab.

New: Starting Support for IPv6

We’re setting the foundation to fully support IPv6.

In this release we have done the following:

• The DigitalOcean provider will automatically request an IPv6 address for every server.
• There is a new option to automatically add AAAA record to CloudFlare if the server has an AAAA record.
• We added an option to display IPv6 addresses everywhere we show an IPv4 address.
• When display of IPv6 addresses is enabled you can search, sort and filter the server and site list with these addresses.

We’ve updated some of our add-on providers that support IPv6 to request an IPv6 address. The following providers have been updated:

• Linode
• Vultr
• Upcloud
• Hetzner
• Lightsail
• DigitalOcean

Exoscale does not support IPv6 at this time. EC2, AZURE, GOOGLE CLOUD and ALIBABA all require extensive work to support IPv6 so we’ll be delaying updates to those providers until absolutely required by customers.

For now, all servers still need an IPv4 address. But at some point in the future we’re hoping that we can support servers with a pure IPv6 address only (as long as all components in the web chain can handle it.)

New: Global Option For Delete Protection On New Sites

When we create a server, we have the option to automatically enable the DELETE PROTECT option for it. Now you can do the same for new sites as well.

The option is set in the WPCLOUDDEPLOY->SETTINGS area.

This option only applies to new sites created via the INSTALL WORDPRESS button, a WooCommerce purchase or REST API call. It does not apply to cloned sites or staging sites.

New: Global Option To Automatically Enable Page Cache On New Sites

Similar to the new global delete option above, there’s a new option to automatically enable the page cache on all new sites you create.

As with the delete option above, this option only applies to new sites created via the INSTALL WORDPRESS button, a WooCommerce purchase or REST API call. It does not apply to cloned sites or staging sites.

New: Additional Security Options

Added new options for servers and sites to hide the EMAIL and DESCRIPTIONS/NOTES/LABEL metaboxes on the server and site screens.

New: Easier Access To Documentation And Support Links

When you first install the plugin, chances are you’ll go right back to the plugin list. So we’ve added links there to our quick start and other documentation.

New: Upgrade Changes Front & Center

When an upgrade is available, we’ll now show the release notes directly in the plugin list. This might get to be a bit obnoxious but we believe that since this is a mission-critical component of your business, you should be fully aware of all changes before upgrading.

You can choose to not see this by setting an option (WPCD_HIDE_CHANGELOG_IN_PLUGIN_LIST) in the wp-config.php file.

New: Wisdom Plugin Integration

After the release of WPCD on Github last year, we now realize that we’re missing some critical intelligence regarding the environments in which the product is used. The Github release means more people are trying out the product but we’re completely blind when it comes to the configurations on which the plugin is being deployed.

This means that we cannot be sure that we are properly prioritizing compatibility testing for the most widely used environments, companion plugins, languages etc.

Prior to the release on github we had a more personal relationship with all users of WPCD so we had a good idea of the types of sites in which the plugin was being used. Unfortunately that is no longer the case. So while we’ve opened up the use of the plugin, we’re not receiving critical feedback that can help make a better product.

With the Wisdom Plugin integration we’re able to collect the following information that can help us see the big picture regarding the environments in which the plugin is installed. Some of the information we’re collecting include:

• WordPress theme and version
• WPCD version
• WordPress version
• Language
• Active and inactive plugins
• Server information such as PHP version, NGINX version, memory limits, timeouts etc.

Over time we’ll be able to get a better feel for the most common configurations in which WPCD is installed and that will help us prioritize testing, leading to a much higher quality product.

Please note that we are NOT collecting an IP address.

As you might expect, you’ll be able to turn off sharing this data in the SETTINGS screen and our privacy policy has been updated to reflect this new data collection.

New: Option To Control Deleting sFTP Users When Site Is Deleted

When a site is deleted we now delete the sFTP users associated with that site. However, you also have the option to NOT do so.

This is the inverse of what we have done in the past where we chose NOT to automatically delete sFTP users. So, if you are depending on your sFTP users to remain after a site has been deleted, you should definitely turn on this option.

New: Warning Email To Admin When Critical WPCD Crons Are Not Running

WPCD’s operations use a lot of background CRONs and we do run periodic checks to make sure that they are up and running.

However, we also realize that there might be long stretches of time where admins are not logged into the WPCD console and therefore might not see the warning messages.

So we now send warning emails when we detect that these critical services are not running. These are sent every 8 hours until the issue is resolved.

You do have the option to disable these emails in the SETTINGS area.

New: Bulk Delete Sites from Servers

There are two new options in the BULK ACTIONS drop-down in the site list:

• Delete Sites From Server
• Delete Sites and Backups From Server

These can be useful when you have a lot of development and testing sites you want to clean up or when you have old customer sites that just need to go away.

Given how dangerous these two functions are, we’ve placed them being an option in your settings area. That option needs to be enabled before these items will appear. And even then, only WPCD admins will be able to see and use them.

Updated: Server Callbacks

The script for server callbacks have been updated to collect the default PHP version for the server. Normally this should be 7.4 (but each site can run their own version). However, we’ve noticed that background updates might switch this default to 8.0 or 8.1 on some server providers.

This can cause issues with running many wp-cli commands, especially on sites that have plugins and themes that are not ready for PHP 8.0 or 8.1.

So, now we check to see if the default is 7.4 and, if not, add a warning in the HEALTH column as well as a notification to the notifications log (which you can subscribe to.)

However, this new feature will only work for you if you remove the existing callbacks and re-install. You can do this from the CALLBACKS tab on a server. We strongly suggest that you do this for all your servers.

New: Easier-to-use Post-Process Bash Scripts [V4.16.2]

Up until this release you could only make use of your custom bash scripts either by:

• Modifying the existing scripts directly or
• Writing a full add-on to insert them using WPCD hooks and filters.

With this release we’re giving you a third option for the most common use case – running commands at the end of the server provisioning and site provisioning processes.

You can now provide a URL to custom script files that will be executed at the end of the server and site deployment processes.

There are, of course some caveats you must be aware of.

• These scripts have to be publicly accessible. They can be ‘secret’ links such as the raw links to secret gists.
• Because they must be publicly accessible you cannot (or should not) include any private information such as api keys.

New: PHP INTL Module Now Part of The Default Server Stack [V4.16.3]

Back in 2021 WordPress started recommending that the PHP INTL module be added to the NGINX server for all WordPress installations. We have now made that part of our standard stack.

You can install it on servers deployed prior to WPCD V4.16.3 using the option in the server UPGRADE tab. This is an optional upgrade.

This changed was submitted by a customer as a Pull Request in our GITHUB repository and accepted and merged in 48 hours later.

Updated: Memory Limits (and Other Constants) For New Sites

New sites will have the following items explicitly set in wp-config.php

• WP_AUTO_UPDATE_CORE: minor
• WP_MEMORY_LIMIT: 128M
• WP_MAX_MEMORY_LIMIT: 128M
• CONCATENATE_SCRIPTS: false
• DISALLOW_FILE_EDIT: true

With these settings:

• We are restricting new sites to auto-update only the most minor WP versions. So, sites will be automatically updated from, for example, 5.8.1 to 5.8.2 but not be automatically updated from 5.8.1 to 5.9.0. You can, of course change this as you see fit by editing wp-config.php.
• The front-end of your site can only consume 128MB of memory per php script and the backend (wp-admin)can only consume 128MB per script as well. Prior versions of WPCD did not explicitly set these values so they defaulted to 40MB max for the front-end and 256MB for the wp-admin. PHP workers currently max out at 128MB in our default configuration so there’s no point in going above this value unless you increase the PHP memory limit as well.

Your existing sites will retain the old defaults of course.

Tweaks

• Tweak: WPAPP – When a site is cloned and the root domain of the clone is the one that is set up as the Cloudflare temp domain, we will now automatically create the DNS for the clone at Cloudflare. This means that we can automatically get an SSL certificate for the clone as well.
• Tweak: WPAPP – The option to block the REST API had confusing terminology because it was the inverse of what was actually happening. Clarified this so that the label uses the term ‘blocked’ and ‘not blocked’ instead.
• Tweak: Make sure that certain messages only display to users who pass the wpcd_is_admin() check instead of all users.
• Tweak: WPAPP – Validate certain fields on the server monit/healing tab before allowing an operation – this prevents Monit from throwing an error when it cannot parse its configuration files.
• Tweak: WPAPP – Updated the list of WP versions to add WP 5.9.2.
• Tweak: WPAPP – Add new notification type to handle upcoming features in the POWERTOOLS add-on.
• Tweak: WPAPP – Display the final status of PHP versions as they are being installed when the server is provisioned.
• Tweak: WPAPP – Only show the activate/deactivate option on the MISC tab when a site is disabled. Hide all other options when the site is disabled.
• Tweak: WPAPP: Changed the transient timeout for the pending log cron because that cron runs on a 60 min interval instead of a 1 min interval. [V4.16.3]

Fixes

• Fix: WPAPP – Staging and Cloned sites did not carry over the metas that indicate the status of the various caches.
• Fix: WPAPP – Individual toggle switches on monit components were not working – only the ‘all’ switches did what they were supposed to do.
• Fix: WPAPP – Typo on site TOOLS tab – reset permissions description should say 664 for files, not 644.
• Fix: WPAPP – We weren’t warning the user when they entered the ‘&()’ characters in certain fields where they are invalid.
• Fix: WPAPP – The process for marking pending log items as failed did not take into account all the new recent state types.
• Fix: WPAPP – The name of a custom post type was incorrect in an array where we were listing certain custom post types we use.
• Fix: Prevent server and site fields from being included in the DOM when their tabs have been disabled for an author or role. [V4.16.3]
• Fix: WPAPP – The Monitorix tab did not have a return statement in the proper location in its code. This could sometimes cause tabs to not appear when certain author-based and role-based security options were enabled on the tab. [V4.16.3]
• Fix: WPAPP – The sites tab on the server screen had an incorrect slug. This caused any author-based and role-based security attempting to hide the tab to fail – the tab would always show. [V4.16.3]
• Fix: WPAPP – The power tab on the server screen had an incorrect slug. This caused any author-based and role-based security attempting to hide the tab to fail – the tab would always show. [V4.16.3]

Dev

• Dev: WPAPP – New filter to allow providers to add text to any error messages when a server immediately fails to deploy – wpcd_wordpress-app-server_deployment_error. An example use of this is in the AWS EC2 add-on where a tip about IPv6 will be shown if a server fails to deploy properly.
• Dev: WPAPP – New action hook on the copy-to-existing-site action – wpcd_app_wordpress-app_before_action_copy_to_existing_site. This was requested by a customer and we were happy to get it done for them.
• Dev: WPAPP – Add New filter hook – wpcd_wordpress-app_show_deploy_server_button. This was requested by a customer and we’re happy to add it for them.
• Dev: WPAPP – Add filters to allow all key fields on the create-server popup to be accessible to developers (wpcd_wordpress-app_provider_regions_create_server_popup, wpcd_wordpress-app_providers_create_server_popup)
• Dev: WPAPP – Bash script changes and tweaks for site-sync – reduced code duplication and made more hardy when simultaneously copying sites to the same server.
• Dev: Add New filter hook – wpcd_get_active_cloud_providers. This one is a complement to the existing hook wpcd_get_cloud_providers.
• Dev: Update to latest version of metabox.io components.
• Dev: The never-ending task of cleaning up files and code to hew closer to the WordPress standards.

Deprecations

We are officially deprecating the wp-config option WPCD_SERVER_HIDE_TABS_WHEN_AUTHOR. This has been replaced by the many security options in the settings screen introduced in WPCD v4.14 and v4.15. Learn more about what this does in the WPCD wp-config docs if you believe it might affect you. It will likely be removed before the end of 2022.

Additionally, we’ve renamed certain hooks that did not have the ‘wpcd’ prefix. We don’t believe that these hooks are in use by customers. However, if for some reason your code is using a hook without the ‘wpcd’ prefix please let us know.

Other

If you follow our GITHUB project, we’ve updated the README file to add in a new section on BRANCHES and how we use them. So make sure you read that.

Wrapup

This release touches on many parts of the plugin and some features such as PHP installation, Author and Role Security and copy sites to server have significant behind-the-scenes changes. So for now it will be part of our fast-ring releases. We hope you take it out for a spin and let us know if you encounter any new issues that were not present in prior versions.

You can get it by downloading it from your account – it will not be pushed out automatically. Add-ons have been updated to support it as well.

---

If you do take this fast ring release for a spin, here are some things you can do to help verify the stability of the release before we convert it to slow ring regular release:

• Work with the COPY TO SERVER functions – there are substantial internal code changes here.
• Author and Role Security – Verify that these items disable and enable the respective tabs with no side-effects, especially that the admin functions still work when a tab is disabled for an author or role.