Update Ghost to 5.18.0
Updated Casper to v5.3.2 - Sodbileg Gansukh
Improved preview text on member alert emails (#15543) - Elena Baidakova
Improved email failure handling and retrying (#15504) - Simon Backx
Fixed member importer crash for failed imports (#15560) - Rishabh Garg
Fixed timezone issue with min/max dates in datetime picker - Ozan Uslan
Fixed ctrl/cmd+s not saving focused fields on general/staff settings screens - Kevin Ansfield
Fixed broken close buttons on modals (#15514) - Ronald Langeveld
Fixed active state bug in sidebar nav (#15511) - Stephen Sauceda
Oh, and it may require like 4 or 5 patches to box code. Forgot about that. 😅It's fully functional tho, a little unpolished, a lot unpolished. But everything works. @girish and I will work together to integrate it properly at some point after 6.0. My patches run at "start" time, so the fact they're inefficient isn't too big of a deal, but just know that somewhere down the line, @girish and I will add it properly into a stable version of Cloudron.
What an accomplishment this was for me back then. I like that my first post in the forums is this crazy hellscape of Cloudron and Docker development jargon. I also wonder if this will ever help anyone down the road. Either way, I'm glad this whole thing is archived, it's p nostalgic for me. ☺️
However, the point of Free Software is not only about how things are now but also about future proofing. Things might change in the devs' lives, they might need to move on, they might need a lump of cash cause something terrible happen and sell the company, or whatever else. And if the new devs have a different ethics what do we do? Look for another software and all the time and energy spent on Cloudron is kinda wasted and then not as many people benefit from this amazing platform? And to be honest the current situation makes it hard to recommend it and promote in some context because not everyone is just interested in the best software or value for money but also care about software license but ethical and practical reasons.
I don't have a perfect solution as I understand and respect Girish and Nebulon's current position in that they don't want someone to just fork everything and release it for free.
Maybe something could be added in the license that says the code must be made publicly available, and that if the license changes to a more restrictive one (one that removes the public release of the code), then the current license reverts to a Free Software license e.g. AGLP 3.0 or its successor. This would basically guarantee Freedom 0 and 1 and would implement some kind of (twisted) copyleft. And that would be enough to make me happy 🙂
But I don't know if that is possible at all?? I'm a legal geek but not on software license...yet 😉 Anyone know?
1-Is a security plugin necessary in wordpress managed?
I use the Developer package for WordPress so can't speak for the Managed version too much, but my general advice would be the following:
Generally speaking, it'd best to only install plugins when you know you have a need that isn't already addressed in the system. Thus, knowing your exact needs would come before choosing any particular plugin. My rule of thumb personally is not to install a plugin unless I understand why I need it and what I want to achieve with it.
Security is a huge umbrella with probably hundreds of different sub-categories / uses. So for example, it'd be good to know if you are wanting to be notified of any irregular file changes, block specific functionality in WordPress, lockdown user accounts with custom permissions, change the login page URL, rate limit logins, or a mix of those or a whole bunch of other ones.
It's good to copy an existing WordPress site (or a default one) to test new plugins on to see if they will interfere with your current setup, avoiding testing in any live production website.
Aside from the above, I'd honestly recommend just using the Developer package of WordPress. I know that goes against Girish's recommendation 👼 but there are at least several of us "power users" in Cloudron that feel there's no real upside to the Managed package other than a little bit more security by default. Eventually, whether it's sooner or later, you'll likely have the need to use a particular plugin that will need to modify files or access certain files, in which case you'll then have to do a bunch of work to migrate from the Managed package to the Developer package, so IMO you may as well just start on the Developer package to begin with unless you have very basic needs for WordPress and don't plan on growing it at all. And you won't want to be caught in a project that's time-sensitive to then find out you need to now also migrate an entire website to a new app instance type. I learned that lesson the hard way myself. 😉
By the way, every app has its own category in the forum. You may be better served to create a separate and dedicated post in the WordPress (managed or developer) categories. This thread in particular is pretty old and is generally on a different topic than "security plugins" for WordPress.