All Announcements29 Apr, 2026

InstaWP v3.23.0: More Reliable Migrations, SSL, Backups & Site Operations

Improvement

Fix

New Feature

Added

⚡ Backup Storage Audit: A new daily backup audit now checks database records against S3 backup objects and sends a Slack report for better backup visibility.

⚡ Server Self-IP Protection: Servers now whitelist their own public IP at the CrowdSec parser level to prevent accidental self-blocking from loopback or proxy traffic.

⚡ SSL Nameserver Verification: SSL renewal now checks NS records before attempting renewal, helping avoid failed Let’s Encrypt attempts and rate-limit issues.

⚡ PHP Version Auto-Detection: WP-CLI commands now detect the correct PHP binary per domain, reducing issues on sites using non-default PHP versions.

Improved

⚡ More Reliable Site Migrations: Migration pulls now use binary-safe database imports, helping preserve serialized data from builders, galleries, and plugins that store escaped content.

⚡ Smarter SQL Imports: MariaDB 10.6+ sandbox-mode comments are now handled automatically to prevent SQL import failures.

⚡ Custom Domain HTTPS: Bunny CDN ForceSSL is now enabled for mapped custom domains, so HTTP traffic redirects to HTTPS automatically.

⚡ SSL Renewal Coverage: SSL renewal now catches already-expired domains, not just domains nearing expiry.

⚡ Better Backup Cleanup: Stale backup worker volumes are cleaned automatically, and weekly S3 backup cleanup is now scheduled.

⚡ 2FA-Friendly Login Limits: The wp-login burst limit was increased from 3 to 8 requests, reducing false rate-limits for users with 2FA plugins.

⚡ Safer WordPress Restores: Admin user handling during restore is now stricter and safer, preventing existing admins from being accidentally demoted.

⚡ More Reliable Server Monitoring: Server heartbeat checks now send valid JSON and handle process locks correctly, reducing false failures.

Fixed

⚡ SSL Targeting Bug: SSL installation jobs now target sites by primary key, preventing certificates from being applied to the wrong site.

⚡ Cache Toggle Failures: Object cache enable/disable logic no longer corrupts the wp-config.php anchor block, and cache script errors are now surfaced properly.

⚡ SSL Queue Blocking: SSL renewal jobs no longer flood queue metrics or block site creation.

⚡ CDN Hostname Checks: Fixed false positives when checking CDN hostname availability.

⚡ Migration Config Issues: Source wp-cli.yml files are now neutralized during pull migrations to prevent source-server configuration from affecting the destination site.

⚡ Backup Cleanup Bugs: S3 backup cleanup issues were fixed, with validation added to prevent unintended cleanup runs.

⚡ Stuck Processing Jobs: Redis job records are now finalized when exceptions occur, so failed tasks no longer stay stuck as “processing.”

⚡ Auto-Heal Alerts: Auto-heal reporting no longer creates misleading alerts when the HestiaCP API is unreachable.

⚡ Nginx Config Detection: Duplicate limit_req_zone checks now scan all Nginx config files, preventing misconfiguration on multi-config setups.