ManageWP – remotely updating plugins and themes outside of WordPress

Home Forums BulletProof Security Pro ManageWP – remotely updating plugins and themes outside of WordPress

This topic contains 10 replies, has 3 voices, and was last updated by  AITpro Admin 1 year, 4 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #19192

    Rich
    Participant

    I manage about 26 WordPress sites and use ManageWP toward the end of keeping the plugins, themes, etc up to date.  I have about 5 sites that use the BPS Pro plugin.  Whenever I upgrade a Plugin or Theme using I have to click a link to tell BPS Pro that I’m updating.  I presume it is for ARQ.  What happens if I use MnageWP to bulk update several BPS Pro sites?  Will it mess everything up?  I’ve excluded the Plugins folder on those sites from ARQ.

    #19196

    AITpro Admin
    Keymaster

    Update 2-8-2017: https://forum.ait-pro.com/forums/topic/managewp-read-me-first/

    Yes, the plugins folder is excluded by default from being checked by AutoRestore/Quarantine.  You can also create another AutoRestore folder exclude rule for your themes folder so that ARQ will not check your themes folder.  You would add the folder name:  themes in any available empty slot in the Exclude wp-content Folders table/form.  Click the Read Me help button on the Exclude wp-content Folders page for step by step instructions on creating wp-content folder exclude rules.

    #19198

    Rich
    Participant

    I know how to exclude folders from ARQ.  I’m not sure if you answered my question.  It seems you were focused on the fact that plugins are excluded from quarantine.  My question has to do with the effect of updating a plugin automatically from outside of the normal wordpress process (ManageWP allows me to bulk update multiple sites and plugins all at once).  ManageWP will not go back and click the button that I have to click after updating plugins so I’m not sure what the effect will be on my site.

    #19200

    AITpro Admin
    Keymaster

    Update 2-8-2017: https://forum.ait-pro.com/forums/topic/managewp-read-me-first/

    Oh ok you want to know the basics of how ARQ IDPS works. Got it now.

    ARQ IDPS is completely automated for things like when a WordPress automatic update occurs then ARQ IDPS will turn itself off, backup the new WordPress automatic updated files that were installed, do some error and integrity checking and then turn itself back on if everything passes all error and integrity checking.  We have looked into creating this for ManageWP, but unfortunately it would not be cost effective to create that feature in BPS Pro.

    ARQ IDPS is also completely automated in the same way as described above when installing themes from within your WordPress Dashboard.

    Ok now for the problem with installing files remotely.  ARQ IDPS has no way of knowing if you are a hacker adding files to the website or if you are the legitimate website owner updating/adding/modifying files remotely.  When you are manually editing or uploading files then these standard ARQ procedural steps in this link that would need to be done since ARQ cannot tell if you are a hacker or the legimate website owner modifying or uploading files to the website:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#procedural-steps

    Ok so now to answer your question.  ARQ IDPS will think you are a hacker hacking the website and will quarantine any files that you add to this website remotely since that would exactly simulate a hacker hacking the website and uploading/adding files to the website.

    So your options are these:
    You can do the standard ARQ IDPS procedural steps when manually modifying, installing, adding or uploading files to your website.
    You can create an AutoRestore exclude rule to tell ARQ not to check certain folders where you will be modifying files. This can be either a permanent or a temporary exclude rule.
    You can restore all the files that will be quarantined from Quarantine after you remotely modify/add/update/install them since ARQ will assume you are a hacker hacking this website.

    #19203

    Rich
    Participant

    Thank you for the lengthy explanation.  Forgive me if I’m obtuse.  You wrote:

    You can create an AutoRestore exclude rule to tell ARQ not to check certain folders where you will be modifying files. This can be either a permanent or a temporary exclude rule.

    As I noted, wp-content/plugins is one of the excluded folders.  What I hear you saying is that Plugin upgrades ought to be fine from ManageWP because the files in those folders are excluded from AutoRestore.  Consequently, it is “safe” to use ManageWP to update plugins.  If I wanted to update themes as well then I would need to excluded the themes folder (either permanently or temporarily).

    Yes?

    #19204

    AITpro Admin
    Keymaster

    Update 2-8-2017: https://forum.ait-pro.com/forums/topic/managewp-read-me-first/

    Yes.  You are correct that you can update/upgrade plugins remotely without having to do anything else – when you run the BPS Pro Setup Wizard on the first time installation of BPS Pro the AutoRestore plugins folder exclude rule is created by default.  I want to double check and make sure that you are using the correct format for the “plugins” folder exclude rule.  You may have just been using the example loosely of “wp-content/plugins”.  The plugin folder AutoRestore exclude rule would be literally (just the plugins folder name and nothing else):  plugins – without using “wp-content/” in front of that plugin folder exclude rule.  For the “themes” folder AutoRestore folder exclude rule you would use literally:  themes – without adding anything else to the exclude rule.

    #19214

    Rich
    Participant

    Thanks!  I’ve been successfully using the Excludes feature and know to just use the path following wp-content.  I have the cache folder on several themese excluded.

    #27659

    Living Miracles
    Participant

    [Topic has been merged into this relevant Topic]
    I recently installed BPS Pro on one of my sites, and also started using ManageWP. One thing I use ManageWP for is to take full backups of my site. Today I created a ManageWP backup for the first time, and the following two files got quarantined. I went ahead and restored them—twice—and each time they got quarantined again. Any idea why that would happen? I’m also looking for the most secure way to stop these ManageWP backups from getting quarantined when I create them. Thank you!

    /wp-content/managewp/backups/index.php
    /wp-content/managewp/backups/example.com_manual_full_xxxxx-xx-xx.zip
    #27662

    AITpro Admin
    Keymaster

    @ Living Miracles – Please read the information in this forum topic above.

    #27663

    Living Miracles
    Participant

    Thank you! Adding an exclude rule for the managewp/backups folder works like a charm.

    #32356

    AITpro Admin
    Keymaster

    BPS Pro AutoRestore Automation and ManagWP compatibility testing results:

    As it turns out Plugin and Theme installations/updates from ManageWP already work seamlessly with AutoRestore Automation and no additional steps are required. I believe the changes that were made in BPS Pro 12+ version series with the WP upgrader_pre_install and upgrader_post_install filters got everything working fine together.  For WP Core updates, AutoRestore Automation uses AJAX trigger functions instead of using the WP upgrader_pre_install and upgrader_post_install filters. So if someone wants to upgrade WordPress remotely using ManageWP then they would need to do these steps below:

    1. Use the ManageWP Open WP Dashboard feature to connect to your WordPress Dashboard.
    2. Update WordPress from the WP Dashboard. AutoRestore Automation will automatically turn Off AutoRestore, backup files and turn AutoRestore back On.

    Or

    1. Use the ManageWP Open WP Dashboard feature to connect to your WordPress Dashboard.
    2. Turn AutoRestore Off.
    3. Update WordPress from the Manage WP Dashboard.
    4. Run the BPS Pro Setup Wizard.

    Note:  Enabling WordPress Automatic Updates will automatically install any/all new versions of WordPress when they are available.  So manually updating WordPress either from your WP Dashboard or from the remote ManageWP Dashboard is not really necessary.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.