Recent cPanel update is self-installing Patchstack WP plugin into client sites.
cPanel's recent WP Toolkit update silently pushed its own Patchstack-branded plugin into every client WordPress site on our servers, no opt-in, no warning.
If this matters to you, here is the workaround I was given from cPanel support:
1. Create/edit /usr/local/cpanel/3rdparty/wp-toolkit/var/etc/config.ini and set:
rolloutIntegrationPluginToExistingSites = false
installIntegrationPluginToNewSites = false
Config survives updates per cPanel support.
2. The plugin installs as a must-use plugin, so wp plugin delete won't work. Use the built-in remover endpoint instead:
curl -sk -X POST -H 'Authorization: whm root:TOKEN' -H 'Content-Type: application/json' -d '{"confirm": true}' "https://hostname:2087/cgi/wpt/index.php/v1/installations/{ID}/features/integration-plugin/remover"
Where it says TOKEN, add a temporary one from WHM > API Tokens
Loop it across all instance IDs from wp-toolkit --list. For example, if there are 3 WP installations listed with ID's 1, 2, and 5, then the command is:for id in 1 2 5; do echo "=== $id ==="; curl -sk -X POST -H 'Authorization: whm root:YOUR_API_TOKEN' -H 'Content-Type: application/json' -d '{"confirm": true}' "https://hostname.com:2087/cgi/wpt/index.php/v1/installations/$id/features/integration-plugin/remover"; echo; done
-
I edited your post to remove the ticket link as that isn't going to work for anyone else. You may also want to do the same on your Reddit post.
0 -
Update - WP Toolkit is adding a bulk removal tool in version 6.12 that will let you remove this plugin from all instances on your machine.
0
Please sign in to leave a comment.
Comments
2 comments