Skip to content

architecpoint/plesk-scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
.github
.github
 
 
mysql-backups
mysql-backups
 
 
pci-dss-scan
pci-dss-scan
 
 
remove-old-wordpress-backups
remove-old-wordpress-backups
 
 
README.md
README.md
 
 

Repository files navigation

Plesk Scripts

A collection of utility scripts for automating common Plesk server management tasks, including MySQL database backups, WordPress backup cleanup, and PCI-DSS security header compliance scanning.

⭐ If you like this project, star it on GitHub — it helps a lot!

OverviewScriptsGetting StartedUsage

Overview

This repository provides ready-to-use scripts for Plesk server administrators to automate routine maintenance tasks. Whether you're managing MySQL databases or WordPress installations, these scripts help streamline your server operations with minimal configuration.

Key Features:

  • MySQL database backup automation for Windows and Linux
  • Automated cleanup of old WordPress backup files
  • PCI-DSS security header compliance scanning for hosted websites
  • Simple configuration with environment variables
  • Compatible with Plesk's built-in tools

Scripts

MySQL Backups

Automated MySQL database backup scripts for Plesk servers.

Available versions:

  • mysql-backup.bat - Windows batch script
  • mysql-backup.sh - Linux shell script

Features:

  • Backs up all MySQL databases
  • Uses Plesk's MySQL credentials
  • Creates individual SQL dump files per database
  • Excludes system databases (information_schema, performance_schema, phpmyadmin)
  • Automatically removes orphaned backup files for deleted databases
  • Enhanced error handling and detailed logging
  • Success/failure tracking with exit codes
  • Self-update capability for automatic script updates

Learn more →

Remove Old WordPress Backups

Automatically clean up old WordPress backup files to free up disk space.

Features:

  • Scans all WordPress installations in Plesk vhosts
  • Removes backups older than a specified number of days (default: 365 days)
  • Dry-run mode to preview deletions without removing files
  • Configurable retention period via environment variables
  • Safe deletion with proper error handling
  • Detailed logging with timestamps
  • Exit codes for automation and monitoring
  • Self-update capability for automatic script updates

Learn more →

PCI-DSS Security Header Compliance Scanner

Scan a website for the security header issues most commonly flagged by PCI-DSS compliance tools (e.g., PayPal's paypal.managepci.com scanner).

Available versions:

  • pci-dss-scan.bat - Windows batch script
  • pci-dss-scan.sh - Linux shell script

Features:

  • Detects X-Powered-By, Server, and other banner-disclosure headers (PCI DSS Req. 2.2 / 6.5)
  • Checks all Set-Cookie headers for missing Secure, HttpOnly, and SameSite flags
  • Validates Cache-Control headers on sensitive pages (login, checkout, cart, admin) and public pages
  • Checks for additional best-practice headers: X-Frame-Options, Strict-Transport-Security, Content-Security-Policy, etc.
  • Tests multiple paths automatically, including WordPress login, WooCommerce checkout, and custom registration pages
  • Colour-coded [PASS] / [FAIL] / [WARN] output with a final pass/fail summary
  • Exit code equals the number of failures (suitable for CI/CD pipelines)
  • Self-update capability with automatic or manual updates (Linux)

Learn more →

Getting Started

Prerequisites

For Linux scripts:

  • Plesk server (Linux)
  • Shell access with appropriate permissions
  • plesk CLI tool available

For Windows scripts:

  • Plesk server (Windows)
  • Administrator access
  • MySQL admin password

Installation

  1. Clone this repository or download the scripts you need:

    git clone https://github.com/architecpoint/plesk-scripts.git
cd plesk-scripts

  2. Make scripts executable (Linux only):

    chmod +x mysql-backups/mysql-backup.sh
chmod +x remove-old-wordpress-backups/remove-wordpress-backups.sh
chmod +x pci-dss-scan/pci-dss-scan.sh

  3. Configure the scripts according to your environment (see individual script documentation).

Usage

Self-Update Feature

All Linux scripts include built-in self-update capability to ensure you're always running the latest version from GitHub.

Manual update:

# Update the script to the latest version
./mysql-backups/mysql-backup.sh --update
./remove-old-wordpress-backups/remove-wordpress-backups.sh --update
./pci-dss-scan/pci-dss-scan.sh --update

Automatic updates (recommended for cron):

# Enable auto-update with environment variable
AUTO_UPDATE=true ./mysql-backups/mysql-backup.sh
AUTO_UPDATE=true ./pci-dss-scan/pci-dss-scan.sh https://example.com

# Configure in cron for automatic updates
0 2 * * * AUTO_UPDATE=true /path/to/plesk-scripts/mysql-backups/mysql-backup.sh

Configuration:

  • AUTO_UPDATE - Set to true to enable automatic updates (default: false)
  • UPDATE_CHECK_INTERVAL - Hours between update checks (default: 24)
  • GITHUB_BRANCH - GitHub branch to update from (default: main)

How it works:

  1. Each script contains embedded self-update functionality (no external dependencies)
  2. When enabled, scripts check for updates from the GitHub repository
  3. If a newer version is found, it's downloaded and validated
  4. The current version is backed up to <script-name>.backup
  5. The new version is installed atomically
  6. The script restarts automatically with the updated version
  7. Works silently in cron with no user interaction required

MySQL Backup Scripts

Linux:

# Run backup manually
./mysql-backups/mysql-backup.sh

# Run backup with auto-update enabled
AUTO_UPDATE=true ./mysql-backups/mysql-backup.sh

# Schedule with cron (daily at 2 AM with auto-update)
0 2 * * * AUTO_UPDATE=true /path/to/plesk-scripts/mysql-backups/mysql-backup.sh

Windows:

# Update the script with your MySQL admin password first
# Then run manually or schedule with Task Scheduler
mysql-backups\mysql-backup.bat

Note

For Windows, you must replace <password_for_mysql> in the batch file with your actual MySQL admin password before running.

Remove Old WordPress Backups

# Preview what would be deleted without actually removing files (dry-run mode)
./remove-old-wordpress-backups/remove-wordpress-backups.sh --dry-run

# Run with default settings (removes backups older than 365 days)
./remove-old-wordpress-backups/remove-wordpress-backups.sh

# Run with custom retention period (e.g., 180 days)
DAYS=180 ./remove-old-wordpress-backups/remove-wordpress-backups.sh

# Preview custom retention period before deleting
DAYS=180 ./remove-old-wordpress-backups/remove-wordpress-backups.sh --dry-run

# Run with auto-update enabled
AUTO_UPDATE=true ./remove-old-wordpress-backups/remove-wordpress-backups.sh

# Schedule with cron (weekly on Sundays at 3 AM with auto-update)
0 3 * * 0 AUTO_UPDATE=true /path/to/plesk-scripts/remove-old-wordpress-backups/remove-wordpress-backups.sh

PCI-DSS Scanner

Linux:

# Scan a target domain
./pci-dss-scan/pci-dss-scan.sh https://example.com

# Scan with auto-update enabled
AUTO_UPDATE=true ./pci-dss-scan/pci-dss-scan.sh https://example.com

# Add extra paths to test (space-separated)
EXTRA_PATHS="/members/ /sign-up/" ./pci-dss-scan/pci-dss-scan.sh https://example.com

Windows:

:: Scan a target domain
pci-dss-scan\pci-dss-scan.bat https://example.com

Interpreting results:

  • [PASS] — The check passed; no action required.
  • [FAIL] — A PCI-DSS required control is missing or misconfigured; must be remediated before re-scanning.
  • [WARN] — A best-practice header or flag is absent; review and apply if possible.
  • The script exits with a code equal to the number of [FAIL] results (0 = all clear).

Configuration

MySQL Backup Configuration

Linux (mysql-backup.sh):

  • Backup location: /backup/mysql/data/
  • Automatically uses Plesk database credentials

Windows (mysql-backup.bat):

  • Backup location: %plesk_dir%\Databases\MySQL\backup\
  • Requires manual MySQL password configuration

WordPress Backup Cleanup Configuration

Environment Variables:

  • DAYS - Number of days to keep backups (default: 365)
    • Example: DAYS=180 keeps backups for 6 months
  • DRY_RUN - Set to true to enable dry-run mode (default: false)
    • Example: DRY_RUN=true previews deletions without removing files

Command-line Options:

  • --dry-run or -n - Preview deletions without removing files
  • --update or --self-update - Update script to latest version from GitHub

PCI-DSS Scanner Configuration

Environment Variables:

  • TARGET_URL - Set the target domain (required if not passed as an argument)
    • Example: TARGET_URL=https://example.com ./pci-dss-scan/pci-dss-scan.sh
  • EXTRA_PATHS - Space-separated list of extra URL paths to include in cookie and header checks
    • Example: EXTRA_PATHS="/members/ /sign-up/"

Command-line Options:

  • First argument - Target URL (overrides TARGET_URL env var)
    • Example: ./pci-dss-scan/pci-dss-scan.sh https://example.com
  • --update or --self-update - Update script to latest version from GitHub (Linux only)

Best Practices

  1. Test scripts first - Always test scripts in a non-production environment before deploying
  2. Use dry-run mode - Preview deletions with --dry-run flag before running cleanup scripts
  3. Monitor disk space - Ensure adequate storage for database backups
  4. Verify backups - Regularly test backup restoration procedures
  5. Schedule wisely - Run backups during off-peak hours to minimize server load
  6. Review logs - Check cron logs or Task Scheduler history for script execution status
  7. Enable auto-update - Set AUTO_UPDATE=true in cron jobs to keep scripts up-to-date automatically
  8. Check update logs - Review [UPDATE] log entries to confirm successful updates

Troubleshooting

Self-Update Issues

Problem: Script cannot download updates

# Verify curl or wget is installed
which curl wget

# Test GitHub connectivity
curl -I https://raw.githubusercontent.com/architecpoint/plesk-scripts/main/README.md

Problem: Update check happens too frequently

# Increase check interval to 7 days (168 hours)
UPDATE_CHECK_INTERVAL=168 AUTO_UPDATE=true ./mysql-backups/mysql-backup.sh

# Or disable auto-update and use manual updates
./mysql-backups/mysql-backup.sh --update

Problem: Script updated but using wrong branch

# Specify branch explicitly (e.g., develop, main)
GITHUB_BRANCH=develop AUTO_UPDATE=true ./mysql-backups/mysql-backup.sh

MySQL Backup Issues

Problem: Script cannot connect to MySQL

# Verify Plesk database access
plesk db -e "show databases"

Problem: Permission denied

# Ensure script has execute permissions
chmod +x mysql-backup.sh

PCI-DSS Scanner Issues

Problem: Site is unreachable

# Verify connectivity manually
curl -I https://example.com

Problem: Cookies not being detected on protected/login pages

  • The scanner tests unauthenticated requests; authenticated session cookies will only appear after login
  • Log in via a browser, capture cookies with browser dev tools, and compare flag settings manually
  • Or use EXTRA_PATHS to add any pages that set cookies before authentication

Problem: Some paths return 404 and are skipped

  • Confirm the path exists on the target site (e.g., the shop or donate page may be at a different slug)
  • Use EXTRA_PATHS to add the correct paths: EXTRA_PATHS="/give/ /events/" ./pci-dss-scan/pci-dss-scan.sh

Problem: ANSI colours not displaying in Windows CMD

  • Run from Windows Terminal or PowerShell, which support ANSI escape codes
  • Or pipe output to a file: pci-dss-scan.bat > results.txt

WordPress Backup Cleanup Issues

Problem: Want to verify what will be deleted before running

# Use dry-run mode to preview deletions
./remove-old-wordpress-backups/remove-wordpress-backups.sh --dry-run

# Or with environment variable
DRY_RUN=true ./remove-old-wordpress-backups/remove-wordpress-backups.sh

Problem: Files not being deleted

  • Check the backup path exists: /var/www/vhosts/*/wordpress-backups
  • Verify file permissions for the script user
  • Ensure correct DAYS value is set
  • Run with --dry-run flag to see what would be deleted

Security Considerations

Warning

These scripts access sensitive server resources. Follow these security best practices:

  • Store MySQL passwords securely (use environment variables or secure configuration files)
  • Restrict script permissions to authorized users only
  • Regularly review and audit script execution logs
  • Ensure backup directories have appropriate access controls

Contributing

Contributions are welcome! If you have improvements or additional scripts for Plesk management:

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Submit a pull request

License

This project is provided as-is for use with Plesk servers. Please review individual scripts for specific usage terms.

About

Standalone automation scripts for Plesk server management (Windows & Linux) - MySQL backups, WordPress cleanup, and more. Self-updating bash scripts with PID locking and detailed logging.

Topics

mysql windows linux wordpress automation backup plesk

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Contributors

Languages