This outlines WordPress-focused features that would make Ploi.io the go-to platform for developers and agencies managing multiple WP installs.
As it stands, ploi is great - but i feel the below would add a huge advantage over the competition. This list is not exhaustive but i feel would be a great starting point.
WordPress Config
Installation
I think this could be expanded on - maybe transition installation and config using wp-cli
- wp core download
- wp config set db etc
- wp core install
- --url={pulled from site}
- --title={pulled from free text field in ploi}
- --admin_user={pulled from free text field in ploi}
- --admin_password={automatically generated, but pulled from text fiels}
- --admin_email={again - pulled from field (maybe default to ploi user?}}
- ability to run custom wp cli copmmand afetr install?
General
- Ability to see version info on general tab? https://roadmap.ploi.io/projects/3-panel-requests/items/1105-show-project-laravel-wordpress-etc-version-on-the-sites-list
- Theres some other useful info available that could be displayed in the dashboard.
- Run custom wp-cli commands
- Per site resource metrics would allow the ability to find a site that is being hammered. requency tied to Ploi’s existing check intervals.
- Ability to quickly enable and disable WP debug. and add that log file to the logs section on the site panel.
- One-click login. but this will probably need a mu-plugin. (not too important
- WP Cron can be triggered using wp-cli - related https://roadmap.ploi.io/projects/2-site-level-requests/items/607-option-for-run-wordpress-cron-with-wp-cli
Staging / Templates / Cloning
- Ability to clone a wordpress site (use wp db export to dump the db in the clone) wp search-replace for handling of url changes.
- Ability to create a staging site using a similar method (making sure no-index is set)
- The above would allow the creation of a blueprint / template site. Maybe could be marked in a templates section in ploi.
- cross server cloning would be helpful.
See - https://roadmap.ploi.io/projects/2-site-level-requests/items/939-clone-wp-incl-database
Caching
- consider use of nginx helper plugin installation and config in ploi
- adopt WP_REDIS_PREFIX per site to avoid wp_ conflicts
both above should be achievable using wp-cli as well
Security
- Integrate with Wordfence Threat Intel API (free for commercial use).
- Flag outdated/insecure plugins/themes.
- Periodic wp core/plugin verify-checksums
- 7g/8g firewall https://perishablepress.com/8g-firewall/ works with all sites, not just WP
- Ability to quickly enable / disable xml-rpc
- fail2ban integration with wordpress rules
- support for editing wp-config.php files that are placed outside the webroot directory. https://roadmap.ploi.io/projects/3-panel-requests/items/1192-wordpress-support-for-wp-configphp-outside-webroot
Backups
Although more server level, WP DB and files would ideally be saved in a single archive. this could be simplified by allowing a custom command to be run before and after backup. Or maybe a checkbox that will run a wp db export whatever.sql then remove after??? On restore - the db would have to be re-imported, then the file deleted.
WordPress updates
- Ability to see outstanding updates and update wither wp, plugin, or theme etc.
Thats off the top of my head - i have tried linking existing roadmap items where poss.
Apologies for any terrible markdown formatting :/
EdwardG added some extra features that would be helpful that I probably missed...
- Staging with a custom domain
- PHP settings to change per site from the panel (This is possible, but require knowledge of php config files), a few simple fields (on the site level) like execution time, input time, input vars, memory limit, post max size, max upload, session garbage collection time, php worker count.
- We have FastCGI cache clearing per site, but Redis / opcache per site would be very handy
- ModSecurity implementation
Thanks again Edward - lets keep this conversation going.
All these mentioned here (by EdwardG) are neccessities. Hope to see it soon on ploi
This https://roadmap.ploi.io/projects/1-server-level-requests/items/243-allow-update-php-fpm-pm-setting-from-dashboard is planned in server section. If Dennis add WP features, he can kill two birds with one stone 😂 Just sayin
Would love to help test any steps in this direction. We still use Gridpane because of the cloning and simplicity of full WP support and I'd love WP to feel as integrated as laravel does on Ploi
Most of the key features have already been mentioned here. I would be super happy to help test anything if this starts moving forward. Would be a huge relieve to have all of our websites managed through ploi.
Changing the theme or disabling/enabling a plugin would be useful.
Bubblewrap https://github.com/containers/bubblewrap can be used for better userspace isolation when a site user accesses shell through SSH.
Currently, users are able to see other users processes, home directories and critical system files are also accessible. Such critical info should be only available to root and ploi
Just looking around at the state of play as we move away from Gridpane
7G/8G rules are super handy for high target platforms like WP. And the combined backup of database and files are the same time with seamless restore and the ability to clone over existing sites (on other servers as well) is key to a smooth workflow.
Here's a nice example from Spinwpup on flexible backup settings
👀 I have started.
Multiple repositories:
Plugin & theme management:
All will be available in the Ploi API as well!
@Dennis May is suggest Bulk actions for plugin / theme pages for bulk removal of themes for example / unwanted plugins in one go.
wp cli can also do this with specifing multiple plugins / themes
@Dennis as discussed: https://roadmap.ploi.io/projects/2-site-level-requests/items/1475-hide-getting-started-when-wordpress-or-other-is-detected Since its not completly WordPress related hereby a seperate feature request.
Another idea would be to implement a way to protect sites from malware. I've come across third-party systems like Imunify360 that actively scan directories and databases to verify whether a site is safe. If it isn't, the system automatically removes or cleans the affected files to restore the site to a safe state.
Of course, when hosting a site you hope everything stays secure, but I've had a few situations where hackers managed to get in and take control using malware. Having something like this built in would be a huge relief when it happens, you'd be able to fix the issue instantly (or prevent it)
Yesterday a whole lot was added again to the WordPress tab:
- WP_DEBUG toggle — Flip WP_DEBUG on or off from the panel, with smarter wp-config.php location handling and UX polish.
- Site cloning — Clone a full WordPress site including its database, with automatic Cloudflare subdomain matching.
- Bulk plugin actions — Activate, deactivate, update, or delete multiple plugins at once; install card moved below the list.
- Bulk theme actions — Manage multiple themes in one go with bulk activate, update, and delete.
- Plugin & theme install/delete — Install and remove plugins and themes directly from the panel, no CLI needed.
- Search-replace — Safely swap URLs or strings across your WordPress database, ideal after a clone or domain change.
- API support — New API endpoints for site cloning, plugin & theme install/delete, and search-replace, so you can automate everything from your own tooling.
This is looking really good! Well done on the progress
The biggest remaining things that would be good to improve:
- Caching: Integration with plugins like Nginx helper to better manage caching from the site. This needs to be rock solid and super simple to clear from the site and create exceptions
- Backups (being able to backup and restore DB and files at the same time as well as flexible backup schedules in one place)
- Ideally this would be directly accessible from the site interface so we can train staff on site admin and updates, with what you've done adding a backups tab in the wordpress screen with any linked backups would be great
- Ability to clone over an existing site (e.g. work on a staging copy to check a migration and then clone it over the existing live site) - we do this a lot as it maintains domains and connections.
Hope that helps
Site cloning is already available, it has been for a long while. Did you know? 🥰
Correct me if I'm wrong but you need to set up a new domain when you clone?
What I mean is being able to clone the site over an existing install on the same server.
Our very common use case for this is staging site for a new feature -> ready -> clone onto the live site to launch it. Cloning over the existing install in Spinwpup and Gridpane results in much less downtime which is very helpful especially for a festival or product launch.
If we have to make a new site we have to remove the domain from the live site so we can spin up the new copy. Cloning over the existing site in those platforms preserves WPconfig and Nginx settings of the live site but replaces database and WP files
Hopefully that makes sense
