wpmgr

Changelog

What shipped and when

Every WPMgr release, newest first. Each entry links to the relevant feature pages. For the full history and release artifacts, see GitHub Releases.

  1. v0.61.40

    Organizations can now be deleted, with a safety grace window.

    • AddedOrganization owners can delete an organization from Settings, Organization, with a type-the-name confirmation. An empty organization is removed immediately; a populated one is scheduled with a grace window: hidden right away and recoverable until the window passes, then permanently removed along with its sites' agent connections and stored data.
    • FixedSwitching the active organization now reconnects live dashboard updates to the newly active one immediately, instead of requiring a full page reload.
    • FixedThe deletion flow no longer shows a misleading "recoverable during the grace window" message for an empty organization, which is removed immediately and has no grace window; that message now appears only when a deletion is genuinely recoverable.
  2. v0.61.39

    Real User Monitoring data collection fixed, on self-host and under any cache.

    • FixedReal User Monitoring collected no data at all on self-hosted installs: the bundled reverse-proxy configuration had no route for the RUM endpoint, so every beacon request was rejected before it reached the application (the same gap silently dropped inbound email and billing webhooks too). Both are now routed correctly, and a new check exercises the real proxy configuration against every public endpoint so a gap like this is caught before release.
    • FixedReal User Monitoring also collected no data on sites served by a third-party page cache, because the collector script was only injected inside WPMgr's own cache output. It is now injected on a standard WordPress hook during page generation, so whichever cache serves the page still captures the data.
    • FixedThe RUM beacon key could get permanently stuck: if the one-time delivery of the key to a site was ever lost, the site kept showing RUM as enabled while silently collecting nothing. The control plane now tracks whether the site has actually confirmed it holds a key and automatically reissues one when it is missing. A manual "Rotate beacon key" action was added, and the dashboard now warns when RUM is on but unconfirmed.
  3. v0.61.37

    Fixed the hide-login security feature: the secret URL now actually serves a login form.

    • FixedTurning on "hide login" showed a harmless but alarming "policy stored but agent push failed" error even though it saved and applied correctly. More seriously, the secret login URL did not show a login form at all (it bounced to the home page), which could leave you unable to sign in through the browser. The secret URL now serves the login form correctly while the default wp-login.php stays hidden. Review also closed two smaller gaps: the secret URL is no longer exposed in page links to logged-out visitors, and the access cookie is now signed so it cannot be forged.
  4. v0.61.36

    Fixed a bug that could permanently break an incremental backup chain.

    • FixedAn incremental backup could fail with a "stalled" error because retention cleanup had deleted a parent snapshot's file-list data while it was still needed, permanently breaking the chain. Retention now always protects the completed snapshot at each chain position and, as a ground-truth safety net, never deletes data that any surviving snapshot still references. A broken chain now fails fast with a clear "run a full backup" message instead of stalling silently.
  5. v0.61.35

    Vulnerability and performance tiles on the Health tab now show live data.

    • FixedThe Vulnerabilities and Performance tiles on a site's Health tab were placeholders that always read "Not scanned yet" and "Not measured yet", regardless of the real data. They now show live results: open-vulnerability count and worst severity, and Core Web Vitals (LCP) from real visitor data, each linking through to the full view. A site that has not been scanned, or has no visitor data yet, shows an honest empty state instead of a fabricated number.
  6. v0.61.33

    Your own backup destinations now actually work, end to end.

    • FixedConfiguring a local folder or your own S3-compatible bucket as a backup destination looked like it worked (the "Test connection" check passed), but every backup still went to managed storage regardless. Backups, full and incremental, now run to the destination you configured, and restore reads back from it, across all three types: managed storage, a local folder on the server, and your own S3-compatible bucket. For your own bucket, the control plane signs the uploads and downloads so the site never holds your storage credentials.
    • FixedTemporary backup working files left behind by a failed or interrupted run are now cleaned up automatically by a daily job, instead of slowly accumulating on disk.
    • ChangedHosted service only: managed backup storage is now a paid-plan feature. On the free plan, backups target your own storage (a local folder or your own S3-compatible bucket) instead. Self-hosted installs are unaffected and always keep managed storage, and restoring an existing backup is never restricted.
  7. v0.61.31

    Restore now verifies the site actually loads, and rolls back automatically if it does not.

    • AddedAfter the files and database are swapped, restore now runs two checks: first that the restored database is intact while the site is still in maintenance mode, then, once the site is live, that it is not showing a fatal error. If either check finds a genuine failure, the restore automatically reverts both the files and the database to their pre-restore state and reports the run as failed with the reason, instead of leaving a broken site behind and reporting success. The checks fail open on a network blip, so they can never roll back a good restore.
    • FixedRestore could also silently drop plugin or theme files whose path happened to contain a reserved drop-in name (for example a plugin's own class-db.php), leaving the site broken while the restore reported success. Restore now matches its protected-file exclusions by exact path instead of substring, so only genuine WordPress root drop-ins and config files are held back. Sites affected by an earlier restore can recover by re-restoring from the same snapshot.
  8. v0.61.30

    Uptime incidents now have real history, with a detail view.

    • AddedUptime incidents are now recorded and kept, so the Incidents panel shows real history: past incidents with accurate durations and a flapping indicator for sites that go down repeatedly. Clicking an incident opens a detail view with the site's live status, the probe results across the incident window, a timeline of what else happened around that time (updates, backups, activity, PHP errors), 7- and 30-day uptime, and quick actions.
    • FixedAn ongoing incident previously showed the wrong severity ("Degraded" for a site that was down), a duration that read "NaNh", and a blank site name; incidents now show the correct severity, read "ongoing" while open, and always show the site name. Also fixed: unreadable dropdown menus in dark mode, two dead breadcrumb links, and an "Open site" action that did nothing.
  9. v0.61.26

    Uptime: TLS expiry now shows, and downtime alert emails send reliably.

    • FixedTLS certificate expiry now shows for monitored sites. The uptime prober only read the certificate during a fresh TLS handshake, which almost never happened after the first probe on a reused connection, so the TLS expiry column stayed empty from the start. It now reads the certificate on every probe, fresh or reused.
    • FixedDowntime and recovery alert emails were silently skipped when SMTP was configured only in the dashboard (Settings, Email/SMTP) and not also set as environment variables. Alerts now send through the same saved relay used everywhere else, with environment variables kept only as a fallback.
    • FixedThe audit log recorded "Emailed: Yes" for a downtime alert whenever recipients were configured, even when the send was skipped or failed. It now records the true outcome (Sent, Skipped, or Failed) with the reason, for both email and webhook delivery.
  10. v0.61.17

    Bulk, chain-aware backup deletion.

    • AddedSelect multiple backups with checkboxes, including whole incremental chains via a tri-state chain checkbox, with one-click filters for all failed or all zero-byte runs, and delete the batch in one action. Selecting a snapshot automatically includes the later generations that depend on it, shown before you confirm, so a chain can never be left broken.
    • AddedA batch of failed or zero-byte runs needs one plain confirmation; a batch containing any completed backup asks you to type one phrase for the whole batch. Deleting a snapshot, single or bulk, now also refuses while a restore that reads it is in progress.
  11. v0.61.15

    Fleet Audit log redesigned, with several reliability fixes.

    • ChangedRedesigned the fleet Audit log. Events now read as plain sentences instead of raw internal codes, the operator who performed each action is shown by name, and long runs of routine file reads collapse into one expandable line so writes, deletions, and denied actions stand out. Added an outcome filter (Denied, Writes, Sensitive), a search box, exact timestamps, and a per-event detail view.
    • FixedThe event list was ordered oldest-first while presented as newest-first, so once a tenant passed one page of events, recent activity was paged off the end; it now lists newest events first (no audit data was ever lost). Also fixed a false "Chain break" integrity warning caused by two actions recorded at the same instant, and a page-load failure for accounts with automated activity like uptime alerts and backups.
    • AddedOwners can now acknowledge a "Chain break" that predates an older fix, since the audit log is append-only and its rows can never be altered. Acknowledging moves the integrity anchor to the current point so verification runs forward cleanly; new tampering is still detected, and the acknowledgment itself is recorded in the audit log.
  12. v0.61.10

    Bulk updates only touch sites that actually need them.

    • FixedMulti-site bulk update now only creates a task for a site that actually has the selected update pending, instead of also creating a task, and then failing it, for every selected site that does not have that plugin, theme, or core update available. Sites the update does not apply to are now reported as skipped, not failed.
  13. v0.61.9

    A failed update no longer strands a site in maintenance mode.

    • FixedA failed plugin or theme update no longer leaves a site stuck showing WordPress's maintenance page to every visitor. The post-update health check now tolerates a brief, transient 503 from an in-progress database migration instead of treating it as a failure and rolling back an update that actually succeeded.
  14. v0.61.6

    Reliable downtime alerts and a faster Sites list.

    • FixedDowntime email alerts now fire reliably. A race in the alert state machine could let a sustained outage go unalerted; alert state now transitions atomically so every qualifying outage sends its alert.
    • FixedThe Notifications settings page now saves correctly, including the daily email digest toggle.
    • FixedFixed a slow first load of the Sites list after the dashboard had been idle for a while.
  15. v0.61.3

    A batch of dashboard, backup, and update fixes.

    • FixedBackups now correctly preserve plugin and theme vendor code that happens to live in a folder named cache or upgrade, while still excluding real runtime cache and update staging files.
    • FixedThe backup schedule form no longer rejects valid day-of-week, day-of-month, or hourly-interval selections, and update run history now shows accurate task counts and completion progress.
    • FixedClosing any dialog no longer leaves the page unclickable, and bulk plugin and theme updates now default to only the items that actually have an update available.
  16. v0.61.0

    File Manager for every managed site.

    • AddedBrowse, preview, edit, upload, download, zip, and restore prior versions of files on any managed WordPress site, right from the dashboard, no SFTP or cPanel required. A sensitive-file deny list and a separate write-access toggle keep it safe, and every action is written to the audit log. Off by default; only owners and admins can turn it on.
    • AddedCloudPanel sites now get integrated cache purging: WPMgr clears its own page cache and CloudPanel's Varnish cache together, no separate plugin needed.
  17. v0.57.7

    New multipage marketing website.

    • ChangedThe public site at wpmgr.app is now a multipage, server-rendered site: a dedicated page for every feature, solution pages by audience and by job, pricing, this changelog, a resources area, and a self-hosted API reference generated from the OpenAPI spec. Faster, fully crawlable, and easier to extend.
  18. v0.57.0

    Vulnerability feed configuration from the dashboard.

    • AddedInstance administrators can configure the Wordfence Intelligence API key from a new admin page instead of an environment variable. The page shows live connection status, lets you save or remove the key, and provides a Sync now action. The key is encrypted at rest.
  19. v0.56.0

    Vulnerability scanner across your fleet.

    • AddedWPMgr now checks every managed site's plugins, themes, and WordPress core against the Wordfence Intelligence vulnerability feed. Each finding shows severity, affected version range, fixed version, and CVE references. One-click remediation updates the vulnerable item using the existing update flow. Findings appear per-site on the Security tab and fleet-wide on the Vulnerabilities page.
  20. v0.55.0

    2FA enrollment flow for site users + redesigned Security tab.

    • AddedAfter an operator requires 2FA for a user role, affected users now see a guided enrollment screen on next login: scan a QR code, confirm a code, save backup codes. Users can also start enrollment proactively from their WordPress profile.
    • ChangedThe per-site Security tab is now a card-based layout with a status overview strip and collapsible setting groups: Login and Two-Factor, Password policy, Hardening, File integrity, Bans, and Hide login.
  21. v0.54.0

    2FA for WordPress site users, password policy, and hidden login.

    • AddedOperators can require 2FA for chosen user roles, enforced at the WordPress login screen. Methods: authenticator app (TOTP), email one-time code, backup codes. A grace period lets users enroll before enforcement. The control plane and wp-config bypass can never be locked out.
    • AddedPer-site password policy: minimum strength, known-compromised password blocking (privacy-preserving prefix query), reuse blocking, and optional expiry.
    • AddedHide login page: move wp-login.php to a secret address per site. All three controls are per-site, opt-in, and off by default.

This page shows the most recent releases. For the complete release history and all release artifacts:

View all releases on GitHub