InstaWP v3.24.0: Controlled Migrations and Stronger Infrastructure
v3.24.0 gives users more control over site migrations while strengthening the infrastructure layer that keeps WordPress sites stable, secure, and responsive.
Added
⚡InstaMCP 1.1: InstaWP sites can now talk with 13 site tools, making site management, inspection, and automation faster from one connected workflow.
⚡Destination Server Selection: You can now choose a specific destination server when migrating a site, instead of relying only on automatic assignment.
⚡Server Identification in Migration UI: The destination server dropdown now displays servers in “ID - IP Address” format, making it easier to pick the right target.
⚡Destination Server API: A new API endpoint has been added to fetch eligible destination servers for migration workflows.
⚡Stuck PHP-FPM Detection: New automatic stuck-worker detection helps recover tenant PHP-FPM processes that can cause intermittent 502/504 errors.
⚡Fail2ban Orphan Cleanup: Stale IP entries in HestiaCP banlist.conf are now cleaned up when fail2ban no longer manages them.
⚡Admin-AJAX Flood Detection: Runaway plugin loops, such as WP File Manager elFinder floods, can now be detected and logged for easier troubleshooting.
⚡Apache MPM Auto-Tuning: Health checks can now detect Apache MPM configuration drift and apply RAM-aware tuning when needed.
Improved
⚡More Controlled Migrations: Site migration now gives users more control over which server their site moves to, reducing surprises during infrastructure planning.
⚡More Secure Migration Dumps: Pull-migration database dumps are now stored outside public_html with hashed filenames and cleanup safeguards.
⚡Stronger Health Checks: The InstaWP health-check script has been refactored and optimized for better coverage, reliability, and maintainability.
⚡More Reliable Apache Tuning: Apache MPM tuning now uses safer triggers, aligned RAM tiers, and capped backup counts.
⚡Safer Service Reloads: Service reload handling now avoids silent no-ops on certain reload paths.
⚡Cleaner Fail2ban Handling: CIDRs are now validated upfront to reduce invalid fail2ban operations.
Fixed
⚡skip_search_replace Handling: The skip_search_replace flag is now correctly forwarded during WordPress URL changes, preventing unintended search-replace operations.
⚡SFTP Chroot Ownership: Fixed an SSH/SFTP toggle issue that could break SFTP access by changing /home ownership incorrectly.
⚡MCP Token Re-Enable: MCP tokens now sync correctly when the MCP plugin is re-enabled, preventing token invalidation after toggling.
⚡Scoped PHP-FPM Recovery: Stuck PHP-FPM cleanup now targets tenant pools only and excludes the system www pool.
⚡SSH/SFTP Defaults: SSH/SFTP is now disabled by default for newly provisioned users and can be enabled explicitly when needed.
Security
⚡Safer New User Defaults: New user accounts no longer have SSH/SFTP enabled by default, reducing attack surface.
⚡Protected Migration Dumps: Pull-migration database dumps are stored outside the web root with hashed filenames to reduce accidental exposure risk.