Add cron job for disk usage snapshot

Merge pull request #200 from lukapaunovic/patch-7
Create wprocket-webp-express-force-https.tpl
2025-08-14 02:28:05 -07:00 · 2025-08-13 19:35:56 +02:00 · 2025-08-10 14:31:21 +02:00 · 2025-08-10 14:29:59 +02:00 · 2025-08-10 12:13:20 +00:00 · 2025-08-10 11:48:54 +00:00
491 changed files with 25708 additions and 3028 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
+data
+conf
+log
--- a/Changelog.md
+++ b/Changelog.md
@ -1,6 +1,51 @@
-Version 0.9.8-26-61 [05-Apr-2023]
+Version 0.9.9-0-12 [28-Feb-2025]
+==================================================
+* SpamHaus DNSBL removed from exim4
+* A lot of small bugs fixed
+
+Version 0.9.9-0-11 [30-May-2024]
+==================================================
+* Introducing v-run-wp-cli command ( @isscbta )
+* Introducing v-add-wordpress-admin command ( @isscbta )
+* Few bugs fixed
+
+Version 0.9.9-0-10 [11-Apr-2024]
+==================================================
+* Introducing v-edit-php-ini command ( @isscbta )
+* Introducing v-edit-domain-php-ini command ( @isscbta )
+
+Version 0.9.9-0-9 [05-Apr-2024]
+==================================================
+* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos )
+* Few bugs fixed
+
+Version 0.9.9-0-5 to 0.9.9-0-8
+==================================================
+* Few bugs fixed
+
+Version 0.9.9-0-4 [27-Jun-2023]
+==================================================
+* Support for Debian 12 ( in mutual cooperation with @HestiaCP )
+
+Version 0.9.9-0-2 [12-Jun-2023]
+==================================================
+* Hosting panel UI perfomance fix
+
+Version 0.9.9-0 [05-Jun-2023]
+==================================================
+* Redesign of hosting panel
+* Fix for WP_CACHE_KEY_SALTs in v-clone-website command
+* Fix for "Helo name contains a ip address" in Exim4
+* Fix for Exim4 for punycode domains (in collaboration with @HestiaCP )
+
+Version 0.9.8-26-62 [05-Apr-2023]
+==================================================
+* Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP )
+
+Version 0.9.8-26-61 [04-Apr-2023]
 ==================================================
 * Many bugfixes
+* Hotfix for LetsEncrypt to prevent Apache falling 

 Version 0.9.8-26-60 [12-Feb-2023]
 ==================================================
--- a/README.md
+++ b/README.md
@ -1,14 +1,95 @@
-myVesta
-==================================================

-Visit our homepage:
- https://www.myvestacp.com/
+<h1 align="center"><a href="https://myvestacp.com">myVesta</a></h1>

-Forum:
- https://forum.myvestacp.com/
+<div style="text-align:center">
+
+[![Screenshot of myVesta](https://www.myvestacp.com/screenshot1.png)](https://www.myvestacp.com/)
+
+</div>
+
+<h1 align="center">About</h1>
+
+<p align="center">myVesta is a security and stability-focused fork of VestaCP, exclusively supporting Debian in order to maintain a streamlined ecosystem. Boasting a clean, clutter-free interface and the latest innovative technologies, our project is committed to staying synchronized with official VestaCP commits. We work independently to enhance security and develop new features, driven by our passion for contributing to the open-source community rather than monetary gain. As such, we will offer all features built for myVesta to the official VestaCP project through pull requests, without interfering with their development milestones.</p>
+
+<p align="center"><b><a href="https://github.com/myvesta/vesta/blob/master/Changelog.md">View Changelog</a>
+</b></p>
+
+<h1>Links</h1>
+<ul>
+  <li><a href="https://www.myvestacp.com/">Visit our homepage.</a></li>
+  <li><a href="https://forum.myvestacp.com/">Check out our forum for discussions and support.</a></li>
+  <li><a href="https://wiki.myvestacp.com/">For more information, take a look at our knowledge base.</a></li>
+</ul>
+
+<h1>Features of myVesta</h1>
+<ul>
+    <li>Support for Debian 11 and 12 (Debian 12 is recommended, but previous Debian releases are also supported)</li>
+    <li>Support for MySQL 8</li>
+    <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=51">nginx templates</a> that can prevent denial-of-service on your server</li>
+    <li><a href="https://forum.myvestacp.com/viewtopic.php?f=18&t=52">Support for multi-PHP versions</a></li>
+    <li>You can <a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=350">host NodeJS apps</a></li>
+    <li>You can limit the maximum number of sent emails (per hour) <a href="https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L112-L113">per mail account</a> and <a href="https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L72-L73">per hosting account</a>, preventing hijacking of email accounts and preventing PHP malware scripts to send spam.</li>
+    <li>
+      You can completely "lock" myVesta so it can be accessed only via secret URL, for example https://serverhost:8083/?MY-SECRET-URL
+      <ul>
+        <li>During installation you will be asked to choose a secret URL for your hosting panel</li>
+        <li>Literally no PHP scripts will be alive on your hosting panel (won't be able to get executed), unless you access the hosting panel with secret URL parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - attackers won't be able to access it without knowing your secret URL - PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless they have the secret URL.</li>
+        <li>You can see for yourself how this mechanism was built by looking at:</li>
+        <ul>
+          <li><a href="https://github.com/myvesta/vesta/blob/master/src/deb/for-download/php/php.ini#L496">src/deb/for-download/php/php.ini</a></li>
+          <li><a href="https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php">web/inc/secure_login.php</a></li>
+        </ul>
+        <li>If you didn't set the secret URL during installation, you can do it anytime. Just execute in shell: <code>echo "&lt;?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php</code></li>
+      </ul>
+    </li>
+  <li>We <a href="https://github.com/myvesta/vesta/blob/master/install/debian/10/php/php7.3-dedi.patch#L9">disabled dangerous PHP functions</a> in php.ini, so even if, for example, your customer's CMS gets compromised, hacker will not be able to execute shell scripts from within PHP.</li>
+  <li>Apache is fully switched to mpm_event mode, while PHP is running in PHP-FPM mode, which is the most stable PHP-stack solution
+    <ul><li>OPCache is turned on by default</li></ul>
+    <li>Auto-generating LetsEncrypt SSL for server hostname (signed SSL for Vesta 8083 port, for dovecot (IMAP & POP3) and for Exim (SMTP))</li>
+    <li>You can change Vesta port during installation or later using one command line: v-change-vesta-port [number]</li>
+    <li>ClamAV is configured to block zip/rar/7z archives that contains executable files (just like GMail)</li>
+    <li>Backup will run with lowest priority (to avoid load on server), and can be configured to run only by night (and to stop on the morning and continue next night) </li>
+    <ul>
+    <li>You can compile Vesta binaries by yourself - <a href="https://github.com/myvesta/vesta/blob/master/src/deb/vesta_compile.sh">src/deb/vesta_compile.sh</a></li>
+<li>You can even create your own APT repository in a minute</li>
+<li>We are using latest nginx version for vesta-nginx package</li>
+<li>With your own APT infrastructure you can take security of Vesta-installer infrastructure in your own hands. You will have full control of your Vesta code (this way you can rest assured that there's 0% chance that you'll install malicious packages from repositories that may get hacked)</li>
+<li>Binaries that you compile are 100% compatible with official VestaCP from vestacp.com, so you can run official VestaCP code with your own binaries (in case you don't want the source code from this fork)</li>
+</ul>
+    
+  </li>
+  </ul>
+  
+<h1>How to install</h1>
+Download the installation script:
+
+```shell
+curl -O http://c.myvestacp.com/vst-install-debian.sh
+```
+
+Then run it:
+
+```shell
+bash vst-install-debian.sh
+```
+
+Or use our <a href="https://www.myvestacp.com/install_generator.html">installer generator</a>.
+
+<h1>Useful scripts</h1>
+<ul>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=24&t=50">How to move accounts from one (my)Vesta server to another myVesta server</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=17&t=386">WordPress installer in one second </a></li>(v-install-wordpress)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=17&t=385">Cloning script that will copy the whole site from one (sub)domain to another (sub)domain </a></li>(v-clone-website)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=17&t=382">Script that will migrate your site from http to https, replacing http to https URLs in database </a></li>(v-migrate-site-to-https)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=24&t=63">Script for importing cPanel backups to Vesta (thanks to Maks Usmanov - Skamasle) </a></li> (v-import-cpanel-backup)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=18&t=52">Script that will install multiple PHP versions on your server</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=350">How to host NodeJS apps</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=51">Script that will install nginx templates that can prevent denial-of-service on your server</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=15&t=47">Official VestaCP Softaculous installer</a></li>
+</ul>
+
+
+<h1>Licence</h1>
+myVesta is licensed under <a href="https://github.com/serghey-rodin/vesta/blob/master/LICENSE">GPL v3</a> license.

-Knowledge base:
- https://wiki.myvestacp.com/

-Changelog:
- https://github.com/myvesta/vesta/blob/master/Changelog.md
--- a/bin/v-activate-rocket-nginx
+++ b/bin/v-activate-rocket-nginx
@ -75,18 +75,20 @@ fi
 # Changing Proxy Template
 # Check if the proxy template is already set correctly
 current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}')
-if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then
+if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then
    echo "Proxy Template is already set up correctly"
 else
    # Prompt the user to choose whether to force HTTPS or not
-    echo "Do you want to force-https in your Proxy Template or not (y/n):"
+    echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):"
    read answer

    # Change the proxy template based on the user's choice
-    if [ "$answer" == "y" ]; then
-        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https"
-    else
+    if [ "$answer" == "h" ]; then
        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting"
+    elif [ "$answer" == "f" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https"
+    elif [ "$answer" == "w" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https"
    fi

    echo "Proxy Template is ready"
@ -126,7 +128,7 @@ else
    chown $user:$user /home/$user/web/$domain/cron.log

    case $fpm_ver in
-        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) 
+        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) 
            /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1"
            ;;
    esac
--- a/bin/v-add-firewall-ban
+++ b/bin/v-add-firewall-ban
@ -72,6 +72,13 @@ $iptables -I fail2ban-$chain 1 -s $ip \
 # Changing permissions
 chmod 660 $conf

+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    if ! grep -q  "deny $ip;" /etc/nginx/conf.d/block.conf; then
+        echo "deny $ip;" >> /etc/nginx/conf.d/block.conf
+        systemctl reload nginx
+   fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-add-firewall-rule
+++ b/bin/v-add-firewall-rule
@ -83,6 +83,16 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        touch /etc/nginx/conf.d/block-firewall.conf
+        if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then
+            echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf
+            systemctl restart nginx
+        fi
+    fi
+fi
+

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@ -17,6 +17,12 @@ aliases=$3
 # LE API
 API='https://acme-v02.api.letsencrypt.org'

+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
+deb_release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
@ -56,8 +62,12 @@ query_le_v2() {
    # Save http response to file passed as "$4" arg or print to stdout if not provided
    # http response headers are always sent to stdout
    local save_to_file=${4:-"/dev/stdout"}
-    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
-}
+    if [ "$deb_release" -gt 8 ]; then
+        curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+    else
+        curl --location --user-agent "myVesta" --insecure --retry 5 --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+    fi
+ }



@ -123,7 +133,7 @@ fi
 # Requesting nonce / STEP 1
 echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
-answer=$(curl -s -I "$API/directory")
+answer=$(curl --user-agent "myVesta" -s -I "$API/directory")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
@ -144,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
 done
 payload=$(echo "$payload"|sed "s/,$//")
 payload=$payload']}'
+# validation='pending'
+# # Start counter to avoid infinite loop
+# i=0
+# while [ "$validation" = 'pending' ]; do
+# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$url" "$payload" "$nonce")
@ -154,12 +169,23 @@ authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
+order=$(echo -e "$answer" | grep -i location | cut -f2 -d \  | tr -d '\r\n')
+echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt new auth status $status"
 fi
+# # Exit the loop after 5 attempts
+# i=$((i + 1))
+# if [ $i -gt 5 ]; then
+#     break
+# fi
+# sleep 2
+# done

 # Requesting authorization token / STEP 3
 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
@ -264,19 +290,35 @@ for auth in $authz; do
    # Doing pol check on status
    i=1
    while [ "$validation" = 'pending' ]; do
-        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
-        payload='{}'
-        echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
-        answer=$(query_le_v2 "$url" "$payload" "$nonce")
-        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
-        url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
-        echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log
-        validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
-        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
-        nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
-        echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
-        status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
-        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+        i=0
+        while true; do
+            echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
+            payload='{}'
+            echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+            answer=$(query_le_v2 "$url" "$payload" "$nonce")
+            echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+            url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
+            echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log
+            validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
+            echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+            nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+            echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+            status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+            echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+            if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then
+                break
+            fi
+            if [ "$wildcard" = 'yes'  ]; then
+                if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then
+                    break
+                fi                
+            fi
+            i=$((i + 1))
+            if ((i > 30)); then
+                break
+            fi
+            sleep 2
+        done
        if [[ "$status" -ne 200 ]]; then
            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_CONNECT "Let's Encrypt validation status $status"
@ -288,7 +330,7 @@ for auth in $authz; do
            check_result $E_CONNECT "Let's Encrypt domain validation timeout"
        fi
        echo "[$(date)] : curl: $url2 :" >> /usr/local/vesta/log/letsencrypt.log
-        get_answer=$(curl --silent -S "$url2")
+        get_answer=$(curl --user-agent "myVesta" --silent -S "$url2")
        echo "[$(date)] : get_answer=$get_answer" >> /usr/local/vesta/log/letsencrypt.log
        sleeping=$((i*2))
        echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
@ -323,17 +365,42 @@ if [[ "$status" -ne 200 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
 fi
-if [ "$certificate" = "" ]; then
-    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
-    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty on step 6"
-fi
+
 if [ "$nonce" = "" ]; then
-    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty on step 6" >> /usr/local/vesta/log/letsencrypt.log
-    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty on step 6"
+    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty after step 6" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty after step 6"
 fi

-# Downloading signed certificate / STEP 7
-echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+if [ "$certificate" = "" ]; then
+    validation="processing"
+	i=1
+	while [ "$validation" = "processing" ]; do
+        echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+		answer=$(query_le_v2 "$order" "" "$nonce")
+		i=$((i + 1))
+
+		nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \  | tr -d '\r\n')
+        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+		status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ')
+        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+		validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+		certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"')
+        echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+		sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s
+		if [ $i -gt 10 ]; then
+			check_result "$E_CONNECT" "Certificate processing timeout ($domain)"
+		fi
+	done
+fi
+
+if [ "$certificate" = "" ]; then
+    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty after step 7" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty after step 7"
+fi
+
+# Downloading signed certificate / STEP 8
+echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
--- a/bin/v-add-letsencrypt-user
+++ b/bin/v-add-letsencrypt-user
@ -15,6 +15,10 @@ user=$1
 # LE API
 API='https://acme-v02.api.letsencrypt.org'

+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@ -41,7 +45,7 @@ query_le_v2() {
    post_data=$post_data'"payload":"'"$payload_"'",'
    post_data=$post_data'"signature":"'"$signature_"'"}'

-    curl -s -i -d "$post_data" "$1" -H "$content"
+    curl --user-agent "myVesta" -s -i -d "$post_data" "$1" -H "$content"
 }


--- a/bin/v-add-srs-support-to-exim
+++ b/bin/v-add-srs-support-to-exim
@ -0,0 +1,77 @@
+#!/bin/bash
+
+gen_pass() {
+    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+    if [ -z "$1" ]; then
+        LENGTH=32
+    else
+        LENGTH=$1
+    fi
+    while [ ${n:=1} -le $LENGTH ]; do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+    echo "$PASS"
+}
+
+eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+    echo "= ERROR: Exim SRS support requires Exim 4.96 or higher."
+    echo "You have Exim $eximversion"
+    exit 1;
+fi
+
+echo "=== Addind SRS support to Exim4 ==="
+# SRS support is taken from HestiaCP
+
+if [ ! -f "/etc/exim4/srs.conf" ]; then
+    echo "= Generating SRS KEY"
+    srs=$(gen_pass 16) 
+    echo $srs > /etc/exim4/srs.conf
+    chmod 640 /etc/exim4/srs.conf
+    chown root:Debian-exim /etc/exim4/srs.conf
+fi
+
+if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then
+    echo "= Backing up /etc/exim4/exim4.conf.template"
+    cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf"
+    v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Patching \"dnslookup:\" block"
+    /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' '  no_more' 'dnslookup:\n  driver = dnslookup\n  # if outbound, and forwarding has been done, use an alternate transport\n  domains = ! +local_domains\n  transport = ${if eq {$local_part@$domain} \\n                      {$original_local_part@$original_domain} \\n                      {remote_smtp} {remote_forwarded_smtp}}\n  no_more'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks"
+    v-sed 'aliases:' 'inbound_srs:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which are converted to SRS, and decode them\n    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n    data = $srs_recipient\n\ninbound_srs_failure:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which look converted to SRS but are invalid\n    condition = ${if inbound_srs {$local_part} {}}\n    allow_fail\n    data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"remote_forwarded_smtp:\" block"
+    v-sed 'procmail:\n  driver = pipe' 'remote_forwarded_smtp:\n  driver = smtp\n  dkim_domain = DKIM_DOMAIN\n  dkim_selector = mail\n  dkim_private_key = DKIM_PRIVATE_KEY\n  dkim_canon = relaxed\n  dkim_strict = 0\n  hosts_try_fastopen = \n  hosts_try_chunking = !93.188.3.0/24\n  message_linelength_limit = 1G\n  # modify the envelope from, for mails that we forward\n  max_rcpt = 1\n  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n  driver = pipe' '/etc/exim4/exim4.conf.template'
+fi
+
+touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_email_account_max_recipients
+touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+echo "= Restarting exim4 service"
+systemctl restart exim4
+
+if [ $? -ne 0 ]; then
+    systemctl status exim4
+    cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template
+    systemctl restart exim4
+    echo "=== Patching failed, old exim conf returned, exim4 restarted again."
+    exit 1
+fi
+echo "=== SRS support was added successfully. ==="
+
+exit 0
--- a/bin/v-add-user-package
+++ b/bin/v-add-user-package
@ -28,7 +28,7 @@ is_package_new() {
 }

 is_package_consistent() {
-    source $pkg_dir/$package.pkg
+    parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg)
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
        is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
    fi
@ -63,6 +63,9 @@ is_package_consistent() {
        is_int_format_valid $BACKUPS 'BACKUPS'
    fi
    is_format_valid_shell $SHELL
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }


--- a/bin/v-add-wordpress-admin
+++ b/bin/v-add-wordpress-admin
@ -0,0 +1,76 @@
+#!/bin/bash
+# info: Add a WordPress admin user to a specific domain
+# options: DOMAIN USERNAME PASSWORD EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+if [ "$#" -lt 4 ]; then
+    echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+username=$2
+password=$3
+email=$4
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain doesn't exist";
+    exit 1;
+fi
+
+if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo 'Please install WordPress first.'
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes;
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-backup-user
+++ b/bin/v-backup-user
@ -22,6 +22,9 @@ source $VESTA/func/domain.sh
 source $VESTA/func/db.sh
 source $VESTA/conf/vesta.conf

+if [ ! -z "$NOW" ]; then
+    BACKUP_LA_LIMIT=50
+fi

 #----------------------------------------------------------#
 #                    Verifications                         #
--- a/bin/v-backup-user-now
+++ b/bin/v-backup-user-now
@ -0,0 +1,6 @@
+#!/bin/bash
+
+export ALLOW_BACKUP_ANYTIME='yes'
+export NOW='yes'
+
+nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1
--- a/bin/v-backup-users
+++ b/bin/v-backup-users
@ -37,7 +37,7 @@ fi

 log=$VESTA/log/backup.log

-$BIN/v-check-vesta-license >/dev/null
+# $BIN/v-check-vesta-license >/dev/null

 touch $log
 if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
--- a/bin/v-blacklist-email-account
+++ b/bin/v-blacklist-email-account
@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Add a specific email address to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-blacklist-email EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Prepare entries for Exim4 and SpamAssassin
+EXIM_ENTRY="$EMAIL"
+SPAMASSASSIN_ENTRY="blacklist_from $EMAIL"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then
+    add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE."
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/bin/v-blacklist-email-domain
+++ b/bin/v-blacklist-email-domain
@ -0,0 +1,133 @@
+#!/bin/bash
+# info: Add a domain to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a domain already exists in a file
+check_domain_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "^${domain}$" "$file"
+}
+
+# Function to check if a SpamAssassin entry already exists
+check_spamassassin_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add domain to file
+add_domain_to_file() {
+    local domain=$1
+    local file=$2
+    echo "$domain" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for Exim4
+EXIM_ENTRY_MAIN="$DOMAIN"
+EXIM_ENTRY_SUB="*.$DOMAIN"
+
+# Prepare entries for SpamAssassin
+SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}"
+SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then
+    add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then
+        add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"
+        echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE."
+    else
+        echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE."
+    fi
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/bin/v-change-database-password-for-all-wordpress
+++ b/bin/v-change-database-password-for-all-wordpress
@ -0,0 +1,65 @@
+#!/bin/bash
+# info: change db password to all wordpress databases
+# options:
+#
+# The command is used for changing db password to all wordpress databases on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+only_user='';
+if [ ! -z "$1" ]; then
+    only_user=$1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /root/remember-db-user-pass.txt
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    if [ ! -z "$only_user" ]; then
+        if [ "$only_user" != "$user" ]; then
+            continue;
+        fi
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+            /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
+            echo "--------------------------------"
+        fi
+    done
+
+    if [ ! -z "$only_user" ]; then
+        break;
+    fi
+
+done
+
+# cat /root/remember-db-user-pass.txt
+if [ -f "/root/remember-db-user-pass.txt" ]; then
+    rm /root/remember-db-user-pass.txt
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-change-database-password-for-wordpress
+++ b/bin/v-change-database-password-for-wordpress
@ -0,0 +1,132 @@
+#!/bin/bash
+# info: change database password for wordpress
+# options:
+#
+# The command is used for changing database password for wordpress.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+if [ -z "$user" ]; then
+    echo "ERROR: Domain $domain not found"
+    exit 1;
+fi
+
+if [ ! -d "/home/$user" ]; then
+    echo "ERROR: User $user doesn't exist";
+    exit 1;
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "ERROR: Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo "=== Domain: $domain"
+    wp_config_path="/home/$user/web/$domain/public_html/wp-config.php"
+    if grep -q $'\r' $wp_config_path; then
+        echo "=== removing CRLF from wp-config.php"
+        tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path
+        chown $user:$user $wp_config_path
+    fi
+    db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+")
+    db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+")
+    if [ -z "$db_name" ]; then
+        db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+")
+    fi
+    if [ -z "$db_user" ]; then
+        db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+")
+    fi
+    new_password=''
+    found_existing_password=0
+    if [ -f "/root/remember-db-user-pass.txt" ]; then
+        db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt)
+        if [ -n "$db_user_pass" ]; then
+            new_password=$(echo "$db_user_pass" | cut -d':' -f2)
+            echo "= Using existing password for $db_user"
+            found_existing_password=1
+        fi
+    fi
+
+    if [ -z "$new_password" ]; then
+        new_password=$(generate_password)
+    fi
+
+    echo "DB name: $db_name"
+    echo "DB user: $db_user"
+    echo "New DB password: $new_password"
+    if [ $found_existing_password -eq 0 ]; then
+        touch /root/remember-db-user-pass.txt
+        echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt
+        chown root:root /root/remember-db-user-pass.txt
+        chmod 600 /root/remember-db-user-pass.txt
+    fi
+    /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password"
+    if [ $? -ne 0 ]; then
+        echo "*************** ERROR: Failed to change database password ***************"
+        exit 1;
+    fi
+    line="define('DB_PASSWORD', '$new_password');"
+    chattr -i $wp_config_path
+    sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path
+    new_password_line=$(grep "DB_PASSWORD" $wp_config_path)
+    echo "New DB password line: $new_password_line"
+    if [ "$new_password_line" != "$line" ]; then
+        echo "*************** ERROR: line in wp-config.php is not what we expected ***************"
+        echo "Expected: $line"
+        echo "Actual  : $new_password_line"
+        echo "*************** ERROR: Please check wp-config.php manually ***************"
+        exit 1;
+    fi
+else
+    echo "ERROR: WP-config.php not found"
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit 0;
--- a/bin/v-change-dir-www
+++ b/bin/v-change-dir-www
@ -0,0 +1,71 @@
+#!/bin/bash
+# info: Change directory to the public_html folder of a domain
+# usage: source v-cd-www DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    echo "This script must be sourced to change the current directory."
+    echo "Usage: source v-cd-www DOMAIN"
+    exit 1
+fi
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    return 1
+fi
+
+# Importing system environment
+source /etc/profile
+PATH=$PATH:/usr/local/vesta/bin && export PATH
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+
+if [ -z "$user" ]; then
+    echo "Domain $domain doesn't exist"
+    return 1
+fi
+
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User $user doesn't exist"
+    return 1
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain $domain doesn't have a public_html directory"
+    return 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd "/home/$user/web/$domain/public_html"
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+return 0
--- a/bin/v-change-domain-owner
+++ b/bin/v-change-domain-owner
@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then
    exit
 fi

+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user

 #----------------------------------------------------------#
 #                       Action                             #
@ -57,11 +60,11 @@ if [ ! -z "$web_data" ]; then
        ssl_key=$VESTA/data/users/$owner/ssl/$domain.key
        ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca
        ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem
-        mv $ssl_crt $VESTA/data/users/$user/ssl/
-        mv $ssl_key $VESTA/data/users/$user/ssl/
-        mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+        cp $ssl_crt $VESTA/data/users/$user/ssl/
+        cp $ssl_key $VESTA/data/users/$user/ssl/
+        cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
    fi

    # Check ftp user account
@ -79,10 +82,23 @@ if [ ! -z "$web_data" ]; then
    # Move data
    mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/

+    if [ -d "/hdd/home/$owner/web/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain
+    fi
+
    # Change ownership
    find $HOMEDIR/$user/web/$domain -user $owner \
        -exec chown -h $user:$user {} \;

+    if [ "$SSL" = 'yes' ]; then
+        sleep 10
+        rm $ssl_crt
+        rm $ssl_key
+        rm $ssl_ca > /dev/null 2>&1
+        rm $ssl_pem > /dev/null 2>&1
+        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+    fi
+
    # Rebuild config
    $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1
    $BIN/v-rebuild-web-domains $owner no
@ -140,6 +156,10 @@ if [ ! -z "$mail_data" ]; then
    # Move data
    mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/

+    if [ -d "/hdd/home/$owner/mail/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain
+    fi
+
    # Change ownership
    find $HOMEDIR/$user/mail/$domain -user $owner \
        -exec chown -h $user {} \;
--- a/bin/v-change-firewall-rule
+++ b/bin/v-change-firewall-rule
@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
 str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
 str="$str TIME='$time' DATE='$date'"

+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting old rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf

@ -74,6 +76,14 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        NEWIP=$ip
+        parse_object_kv_list_non_eval "$oldvalues"
+        sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-change-user-package
+++ b/bin/v-change-user-package
@ -16,6 +16,7 @@ force=$3

 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf

 is_package_avalable() {
@ -23,7 +24,7 @@ is_package_avalable() {
    usr_data=$(cat $USER_DATA/user.conf)
    IFS=$'\n'
    for key in $usr_data; do
-        eval ${key%%=*}=${key#*=}
+        parse_object_kv_list_non_eval $key
    done

    WEB_DOMAINS='0'
@ -35,7 +36,7 @@ is_package_avalable() {

    pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
        grep -v DATE)
-    eval $pkg_data
+    parse_object_kv_list_non_eval $pkg_data

    # Checking usage agains package limits
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,11 +74,15 @@ is_package_avalable() {
            check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
        fi
    fi
+
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }

 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf)
+    parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
    echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
--- a/bin/v-change-vesta-port
+++ b/bin/v-change-vesta-port
@ -41,6 +41,7 @@ is_int_format_valid "$port" 'port number'
 #----------------------------------------------------------#

 sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
+sed -i "s|$oldport ssl;|$port ssl;|g" $VESTA/nginx/conf/nginx.conf
 if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
 fi
--- a/bin/v-change-wordpress-admin-passwords
+++ b/bin/v-change-wordpress-admin-passwords
@ -0,0 +1,201 @@
+#!/bin/bash
+# info: interactively delete or change WordPress admin passwords for a given domain
+# options: DOMAIN
+#
+# d  → delete user  (with content reassignment)
+# c  → change password (random 10-char alnum)
+# s  → skip
+# x  → exit
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+if [ ! -z "$PHP" ]; then
+    WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+else
+    WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+fi
+
+# random 10-char password
+gen_pass() { tr -dc 'A-Za-z0-9' </dev/urandom | head -c 10; }
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo
+echo "WordPress administrators for $DOMAIN:"
+echo "-------------------------------------"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+fi
+
+RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes"
+ADMIN_LIST_CSV=$(eval "$RUN")
+
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+ADMIN_LIST_CSV=$(echo "$ADMIN_LIST_CSV" | tail -n +2)
+
+[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; }
+
+DEFAULT_USER=""
+
+printf "%-6s %-20s %s\n" "ID" "Username" "Email"
+while IFS=',' read -r PID PLOGIN PEMAIL; do
+    printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL"
+    if [ "$PID" = "1" ]; then
+        DEFAULT_USER="$PLOGIN"
+    fi
+done <<< "$ADMIN_LIST_CSV"
+
+echo
+echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
+
+# interactive loop
+while IFS=',' read -r ID LOGIN EMAIL; do
+    [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
+    while true; do
+        echo "-------------------------------------"
+        read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
+        skip=0;
+        case "$ACT" in
+            [Dd]* )
+                # read -r -p "Really DELETE \"$TARGET\" ?   (y/n, default: y) " CONF < /dev/tty
+                CONF="y"
+                if [[ ! "$CONF" =~ ^[Nn]$ ]]; then
+                    # build an array of OTHER admin usernames
+                    mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}')
+                    if [ "${#OTHER_USERS[@]}" -eq 0 ]; then
+                        echo "Cannot delete the only administrator account."
+                        break
+                    fi
+                    if [ "$DEFAULT_USER" = "" ]; then
+                        DEFAULT_USER="${OTHER_USERS[0]}"
+                    fi
+                    echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}"
+                    while true; do
+                        read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty
+                        REASSIGN=${REASSIGN:-$DEFAULT_USER}
+                        DEFAULT_USER=$REASSIGN
+                        if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then
+                            break
+                        fi
+                        if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then
+                            echo "Skipping reassignment."
+                            skip=1;
+                            break
+                        fi
+                        if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then
+                            break
+                        fi
+                        echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}"
+                    done
+                    if [ $skip -eq 1 ]; then
+                        break
+                    fi
+                    # delete by username, reassign by username
+                    RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes"
+                    eval "$RUN"
+                    if [ $? -eq 0 ]; then
+                        echo "$TARGET deleted (content reassigned to $REASSIGN)."
+                    else
+                        cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                        echo "Failed to delete $TARGET."
+                    fi
+                else
+                    echo "Deletion cancelled."
+                fi
+                break
+                ;;
+            [Cc]* )
+                NEW_PASS=$(gen_pass)
+                RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes"
+                eval "$RUN"
+                if [ $? -eq 0 ]; then
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS"
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                else
+                    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                    echo "Failed to change password for $TARGET."
+                fi
+                break
+                ;;
+            [Ss]* )
+                echo "Skipping $TARGET."
+                break
+                ;;
+            [Xx]* )
+                echo "Exiting."
+                exit 0
+                ;;
+            * ) echo "Please answer d, c, s, or x." ;;
+        esac
+    done
+done <<< "$ADMIN_LIST_CSV"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    echo ""
+    echo ""
+    echo "-------------------------------------"
+    echo "For website $DOMAIN - new wp-admin passwords have been set."
+    echo "-------------------------------------"
+    cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    echo "-------------------------------------"
+    echo ""
+    echo ""
+    read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty
+    if [ -z "$SAVE_PASSWORDS" ]; then
+        SAVE_PASSWORDS="n"
+    fi
+    if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then
+        rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    fi
+fi
+
+#----------------------------------------------------------#
+#        flush cache and refresh all security salts        #
+#----------------------------------------------------------#
+
+echo "-------------------------------------"
+echo
+echo "Flushing cache and refreshing salts..."
+
+RUN="$WP_RUN cache flush"
+eval "$RUN"
+RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force"
+eval "$RUN"
+RUN="$WP_RUN config shuffle-salts"
+eval "$RUN"
+
+echo "Cache flushed and salts refreshed."
+
+echo
+echo "Done."
+
+exit 0
--- a/bin/v-clean-garbage
+++ b/bin/v-clean-garbage
@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then
    exit 1
 fi

+echo "===== Before cleaning ====="
+df -h
+echo "==========================="
+
 # Includes
 source /usr/local/vesta/func/main.sh

@ -21,6 +25,15 @@ source /usr/local/vesta/func/main.sh
 #                       Action                             #
 #----------------------------------------------------------#

+# turn off tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
+fi
+
+find /tmp/ -type f -mtime +7 -delete
 rm /var/backups/* > /dev/null 2>&1
 rm /var/cache/apt/archives/* > /dev/null 2>&1
 cd /var/log
@ -37,13 +50,18 @@ find /var/log/ -type f -name "*.4" -delete
 find /var/log/ -type f -name "*.5" -delete
 find /var/log/ -type f -name "*.6" -delete
 find /var/log/ -type f -name "*.7" -delete
+find /var/log/ -type f -name "*.8" -delete
+find /var/log/ -type f -name "*.9" -delete
 find /var/log/ -name "*.gz" -type f -delete
 find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \;
 find /usr/local/vesta/log/ -type f -not -name "*.log" -delete
 find /var/log/exim4/ -type f -exec truncate -s 0 {} \;
+truncate -s 0 /*.log > /dev/null 2>&1
+rm /panic-*.log > /dev/null 2>&1
+rm /var/log/panic-*.log > /dev/null 2>&1

 clean_home() {
-    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1
    find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
@ -51,7 +69,10 @@ clean_home() {
    find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1
    find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1
    nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \;
    nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \;
    nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \;
@ -69,16 +90,43 @@ if [ $fail2ban_running -eq 1 ]; then
 fi
 if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            systemctl restart nginx
+        fi
+    fi
 fi
 if [ $fail2ban_running -eq 1 ]; then
    systemctl start fail2ban
 fi

+# turn on tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 &
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 &
+fi
+
+exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim')
+if [ $exim_installed -gt 0 ]; then
+    systemctl restart exim4
+fi
+
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#

-echo "=== Garbage cleaned ==="
+echo ""
+echo "***** Garbage cleaned *****"
+echo ""
+echo "===== After cleaning ======"
+df -h
+echo "==========================="
+

 log_event "$OK" "$ARGUMENTS"

--- a/bin/v-clear-fail2ban
+++ b/bin/v-clear-fail2ban
@ -0,0 +1,59 @@
+#!/bin/bash
+# info: Clean fail2ban database
+# options: NONE
+#
+# The function is cleaning fail2ban database
+
+#----------------------------------------------------------#
+#           Verifications & Variable & Function            #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# check if fail2ban is installed
+fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban')
+if [ $fail2ban_installed -eq 0 ]; then
+    echo "Fail2ban is not installed"
+    exit 1
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Cleaning fail2ban database
+fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Stopping fail2ban"
+    systemctl stop fail2ban
+fi
+if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
+    echo "== Cleaning fail2ban database"
+    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        echo "== Cleaning nginx block.conf"
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            echo "== Restarting nginx"
+            systemctl restart nginx
+        fi
+    fi
+fi
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Starting fail2ban"
+    systemctl start fail2ban
+fi
+
+echo "== Done, fail2ban database cleaned"
+
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-clone-website
+++ b/bin/v-clone-website
@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then
    echo "--TO_DATABASE_USERNAME=..."
    echo "--TO_DATABASE_PASSWORD=..."
    echo "--SITE_SUBFOLDER=..."
+    echo "--EXCLUDE_UPLOADS=1 (or do not set it)"
    exit 1
 fi

@ -263,12 +264,6 @@ if [ $IT_IS_WP -eq 0 ]; then
        cd /root
        git clone https://github.com/interconnectit/Search-Replace-DB.git
    fi
-else
-    if [ ! -f "/usr/local/bin/wp" ]; then
-        echo "=== Downloading latest wp-cli"
-        wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
-        chmod +x /usr/local/bin/wp
-    fi
 fi

 CREATE_TO_DATABASE=0
@ -313,6 +308,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL"
 echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT"
 echo "SEARCH_FOR_CONFIGS_DATABASE_NAME     = $SEARCH_FOR_CONFIGS_DATABASE_NAME"
 echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME"
+echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS"
 echo "==============================================================================="
 read -p "=== Press Enter to continue ==="

@ -370,17 +366,25 @@ if [ -d "/root/temp" ]; then
 fi
 mkdir -p /root/temp
 cd /root/temp
-mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
+mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
 echo "=== Importing to database $TO_DATABASE_NAME"
 mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql
+rm $FROM_DATABASE_NAME.sql
+
+EXCLUDE=''
+if [ ! -z "$EXCLUDE_UPLOADS" ]; then
+    EXCLUDE="--exclude '/wp-content/uploads/*'"
+fi

 echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER"
 if [ "$SITE_SUBFOLDER" != ".." ]; then
-    echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/"
-    rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/
+    run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
 else
-    echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
-    rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/
+    run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
 fi
 echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER"
 chown -R $TO_USER:$TO_USER $TO_FOLDER
@ -419,21 +423,35 @@ if [ $IT_IS_WP -eq 0 ]; then
        php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/"
    fi
 else
-    cd $TO_FOLDER
-    if [ -d "wp-content/plugins/w3-total-cache" ]; then
-        rm -f wp-content/object-cache.php
-        rm -f wp-content/db.php
-        rm -f wp-content/advanced-cache.php
-        rm -rf wp-content/w3tc-config
-        rm -rf wp-content/plugins/w3-total-cache
-    fi
    echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME"
-    sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
    if [ "$FROM_USER" != "$TO_USER" ]; then
        echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME"
-        sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid
+        /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
+    fi
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes;
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes;
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes;
+fi
+
+# ----------- Update Wordfence WAF Path -------------
+
+# Path to .user.ini file in the new domain directory
+user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini"
+
+# Check if .user.ini exists
+if [ -f "$user_ini" ]; then
+    echo "Updating .user.ini with new path..."
+
+    # Change path from old domain to new domain
+    sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini
+
+    # Check if replacement was successful and update .user.ini
+    if [ $? -eq 0 ]; then
+        echo ".user.ini updated successfully."
+    else
+        echo "Failed to update .user.ini file."
    fi
-    sudo -H -u$TO_USER wp cache flush
 fi

 echo "===== DONE ===="
--- a/bin/v-commander
+++ b/bin/v-commander
@ -13,11 +13,14 @@ fi

 source /etc/profile
 PATH=$PATH:/usr/local/vesta/bin && export PATH
-echo "======================= mvVesta-commander ================================"
+if [ $SHOWHEADER -eq 1 ]; then
+    echo "======================= mvVesta-commander ================================"
+fi

 if [ -f /root/kernelupdate ]; then
    rm /root/kernelupdate
 fi
+apt_updated=0
 apt_upgraded=0
 quit_on_empty=0

@ -60,34 +63,36 @@ check_status() {

 myhelp() {
    echo "---------- Press: -----------"
-    echo "u  = apt-get update"
-    echo "g  = apt-get upgrade"
+    echo "a  = Activate Email rate limit"
+    echo "b  = bash"
    echo "c  = check status"
+    echo "d  = df -h"
    echo "e  = make sure Apache is in mpm_event"
-    echo "s  = download sury.org apt-get key"
+    echo "f  = free -h"
+    echo "g  = apt-get upgrade"
+    echo "h  = help"
    echo "m  = install php-memcached"
    echo "p  = set version of php as default"
+    echo "q  = quit"
+    echo "r  = reboot"
+    echo "s  = download sury.org apt-get key"
+    echo "t  = clean the trash"
+    echo "u  = apt-get update"
    echo "v  = update myVesta"
    echo "vo = update myVesta without 'apt-get update'"
-    echo "t  = clean the trash"
    echo "w  = w"
-    echo "d  = df -h"
-    echo "f  = free -h"
-    echo "b  = bash"
-    echo "r  = reboot"
-    echo "q  = quit"
-    echo "h  = help"
    echo "-----------------------------"
-    echo "inst v   = install myVesta"
-    echo "inst p   = install multi-php"
-    echo "inst pgw = install php-gate"
-    echo "inst r   = install new Roundcube"
-    echo "inst memcached = install memcached"
-    echo "inst redis     = install Redis"
+    echo "inst v                = install myVesta"
+    echo "inst p                = install multi-php"
+    echo "inst pgw              = install php-gate"
+    echo "inst r                = install new Roundcube"
+    echo "inst memcached        = install memcached"
+    echo "inst redis            = install Redis"
+    echo "inst nginx-rate-limit = install nginx-rate-limit templates"
    echo "dis fb   = stop and disable fail2ban"
    echo "dis dove = stop and disable dovecot"
-    echo "dis spam = stop and disable spam"
-    echo "dis clam = stop and disable clamav"
+    echo "dis spam = stop and disable spamassassin"
+    echo "dis clam = stop and disable ClamAV"
    echo "p 7.0    = set default php 7.0"
    echo "p 7.3    = set default php 7.3"
    echo "p 7.4    = set default php 7.4"
@ -96,20 +101,38 @@ myhelp() {
    echo "m def    = install php-memcached if needed"
    echo "check fc = check if FreshClam is up"
    echo "-----------------------------"
-    echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account"
+    echo "enable-ssh-root-password-login = Allow root password authentication via SSH"
+    echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub"
    echo "-----------------------------"
 }

+apt_update() {
+    echo "============================="
+    echo "== running: apt-get update"
+    release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+    if [ "$release" -lt 10 ]; then
+        apt-get update
+    else
+        apt-get update --allow-releaseinfo-change
+    fi
+    apt_updated=1
+}
+
 COUNTER=0
+HAS_PARAMETERS=0

 while true
 do

    COUNTER=$((COUNTER + 1))
    if [ $COUNTER -le $numargs ]; then
+        HAS_PARAMETERS=1
        answer=$1
        shift
    else
+        if [ $HAS_PARAMETERS -eq 1 ]; then
+            exit;
+        fi
        read -p 'What to do: ' answer
    fi

@ -126,17 +149,42 @@ do
    if [ "$answer" = 'quit-on-empty' ]; then
        echo "== the script will quit on next enter"
        quit_on_empty=1
+        HAS_PARAMETERS=0
    fi

+
+    if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then
+    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_email_account_max_recipients
+    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+    check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
+    fi
+
+    systemctl restart exim4
+    echo "Email rate limit activated."
+    fi
+
+
+
    if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then
-        echo "============================="
-        echo "== running: apt-get update"
-        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
-        if [ "$release" -lt 10 ]; then
-            apt-get update
-        else
-            apt-get update --allow-releaseinfo-change
-        fi
+        apt_update
    fi

    if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then
@ -153,11 +201,9 @@ do
        apt_upgraded=1
        
        kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log)
-        if [ $kernelupdate -gt 0 ]; then
+        if [ $kernelupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then
            touch /root/kernelupdate
-            echo "== kernel is updated"
-        else
-            echo "== kernel is not updated"
+            echo "== kernel is updated, reboot is required!"
        fi
    fi

@ -241,8 +287,14 @@ do
    if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then
        echo "============================="
        echo "== disabling SpamAssassin"
-        systemctl stop spamassassin.service
-        systemctl disable spamassassin.service
+        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+        if [ "$release" -lt 12 ]; then
+            systemctl stop spamassassin.service
+            systemctl disable spamassassin.service
+        else
+            systemctl stop spamd.service
+            systemctl disable spamd.service
+        fi

        sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template
        sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template
@ -354,32 +406,13 @@ do
        echo "============================="
        echo "== cleaning trash"
        df -m
-        ps -Af | grep tailf | grep -v "grep tailf"
-        if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
-            kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
-        fi
-        if [ -f "/usr/local/bin/tailf_exim.php" ]; then
-            kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
-        fi
        echo "------"
        ps -Af | grep tailf | grep -v "grep tailf"
        echo "------"
-        sleep 2
-        truncate -s 0 /*.log
-        rm /panic-*.log
-        rm /var/log/panic-*.log
        /usr/local/vesta/bin/v-clean-garbage
-        sleep 2
-        if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
-            nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log &
-        fi
-        if [ -f "/usr/local/bin/tailf_exim.php" ]; then
-            nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log &
-        fi
        echo "--------------"
        df -m
        echo "--------------"
-        sleep 2
        ps -Af | grep tailf | grep -v "grep tailf"
    fi

@ -438,8 +471,8 @@ do
        memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
        apt-get update
        apt-get -y install memcached 
-        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
-        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
        if [ $memory -lt 15000000 ]; then
            sed -i "s/-m 64/-m 256/" /etc/memcached.conf
        else
@ -460,6 +493,7 @@ do

        sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf
        sed -i "s|^save |# save |g" /etc/redis/redis.conf
+        sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf
        if [ $memory -lt 15000000 ]; then
            sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf
        else
@ -472,6 +506,15 @@ do
        echo "-------------------"
    fi

+    if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then
+        echo "============================="
+        echo "== Installing inst nginx-rate-limit templates"
+        curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh
+        bash install_rate_limit_tpl.sh
+        echo "== nginx-rate-limit templates installed."
+        echo "-------------------"
+    fi
+
    if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then
        echo "== Checking if FreshClam is up"
        clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running')
@ -490,21 +533,13 @@ do
        echo "--- New settings ---"
        grep '^PermitRoot' /etc/ssh/sshd_config
        echo "--------------------"
-        adminline=$(grep '^admin:' /etc/shadow)
-        adminline=${adminline:6}
-        adminline="root:$adminline"
-        sed -i "s#^root:.*#$adminline#" /etc/shadow
-        echo "root password is now the same as admin password."
-        echo "--------------------"
-        grep '^root:' /etc/shadow
-        grep '^admin:' /etc/shadow
-        echo "--------------------"
        echo "Port 22 opened in Firewall for all IP addresses."
        /usr/local/vesta/bin/v-unsuspend-firewall-rule "11"
        echo "--------------------"
+        echo "Type 'passwd' in the terminal to set the root password."
+        echo "--------------------"
    fi

-
    if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then
        echo "============================="
        echo "== Rebooting the server"
@ -554,4 +589,13 @@ do
        /root/install-new-roundcube.sh
    fi

+    if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then
+        if [ ! -f "/root/.ssh/id_rsa.pub" ]; then
+            ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
+        fi
+        echo "=== YOUR id_rsa.pub IS BELOW ==="
+        cat /root/.ssh/id_rsa.pub
+        echo "======"
+    fi
+
 done
--- a/bin/v-delete-database-of-domain
+++ b/bin/v-delete-database-of-domain
@ -0,0 +1,69 @@
+#!/bin/bash
+# info: delete database if domain has database
+# options: DOMAIN
+#
+# The function for deleting database if domain has database
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+RET=$OK
+
+# echo "================================="
+r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain)
+# echo $r
+eval $r
+# echo "================================="
+
+if [ ! -z "$DATABASE_NAME" ]; then
+    echo "=== v-delete-database $USER $DATABASE_NAME"
+    /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME
+    if [ $? -ne 0 ]; then
+        echo "=== v-delete-database failed"
+        RET=$E_NOTEXIST
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+log_event "$RET" "$ARGUMENTS"
+
+exit
--- a/bin/v-delete-domain
+++ b/bin/v-delete-domain
@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user"
 if [ ! -z "$WEB_SYSTEM" ]; then
    str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
    if [  ! -z "$str" ]; then
+        $BIN/v-delete-database-of-domain $domain
        domain_found='yes'
        $BIN/v-delete-web-domain $user $domain 'no'
-        check_result $? "can't suspend web" > /dev/null
+        check_result $? "can't delete web" > /dev/null
    fi
 fi

@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then
    if [  ! -z "$str" ]; then
        domain_found='yes'
        $BIN/v-delete-dns-domain $user $domain 'no'
-        check_result $? "can't suspend dns" > /dev/null
+        check_result $? "can't delete dns" > /dev/null
    fi
 fi

@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
    if [  ! -z "$str" ]; then
        domain_found='yes'
        $BIN/v-delete-mail-domain $user $domain
-        check_result $? "can't suspend mail" > /dev/null
+        check_result $? "can't delete mail" > /dev/null
    fi
 fi

--- a/bin/v-delete-firewall-ban
+++ b/bin/v-delete-firewall-ban
@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null
 # Changing permissions
 chmod 660 $conf

+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf
+    systemctl reload nginx
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-delete-firewall-rule
+++ b/bin/v-delete-firewall-rule
@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#

+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf

 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-delete-inactive-wordpress-plugins-and-themes
+++ b/bin/v-delete-inactive-wordpress-plugins-and-themes
@ -0,0 +1,165 @@
+#!/bin/bash
+# info: delete inactive WordPress plugins and themes
+# options: DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+if [ ! -z "$PHP" ]; then
+    WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+else
+    WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+fi
+
+quarantined=0;
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo "Inactive WordPress plugins for $DOMAIN:"
+echo "-------------------------------------"
+
+RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes"
+PLUGINS_LIST_CSV=$(eval "$RUN")
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2)
+
+DEACTIVATED_PLUGINS_LIST_CSV=""
+
+if [ ! -z "$PLUGINS_LIST_CSV" ]; then
+    printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
+    while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+        if [ "$STATUS" = "inactive" ]; then
+            printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
+            DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME"
+        fi
+    done <<< "$PLUGINS_LIST_CSV"
+else
+    echo "No plugins found."
+fi
+
+if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then
+    echo ""
+    read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+    if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+        while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+            if [ "$STATUS" = "inactive" ]; then
+                folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME"
+                file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php"
+                if [ -d "$folder" ] || [ -f "$file" ]; then
+                    destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN"
+                    if [ -d "$folder" ]; then
+                        source_path="$folder"
+                        destination_path="$destination_base_folder/$NAME"
+                    elif [ -f "$file" ]; then
+                        source_path="$file"
+                        destination_path="$destination_base_folder/$NAME.php"
+                    fi
+                    mkdir -p $destination_base_folder
+                    chown $USER:$USER $destination_base_folder
+                    mv $source_path $destination_path
+                    if [ -d "$destination_path" ]; then
+                        echo "= Folder $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                    if [ -f "$destination_path" ]; then
+                        echo "= File $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                else
+                    echo "=== ERROR: Folder $folder or file $file not found - it does not exist?"
+                fi
+            fi
+        done <<< "$PLUGINS_LIST_CSV"
+    fi
+fi
+
+echo ""
+echo "Inactive WordPress themes for $DOMAIN:"
+echo "-------------------------------------"
+
+RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes"
+THEMES_LIST_CSV=$(eval "$RUN")
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2)
+
+DEACTIVATED_THEMES_LIST_CSV=""
+
+if [ ! -z "$THEMES_LIST_CSV" ]; then
+    printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
+    while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+        if [ "$STATUS" = "inactive" ]; then
+            printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
+            DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME"
+        fi
+    done <<< "$THEMES_LIST_CSV"
+else
+    echo "No themes found."
+fi
+
+if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then
+    echo ""
+    read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+    if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+        while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+            if [ "$STATUS" = "inactive" ]; then
+                folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME"
+                if [ -d "$folder" ]; then
+                    destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN"
+                    source_path="$folder"
+                    destination_path="$destination_base_folder/$NAME"
+                    mkdir -p $destination_base_folder
+                    chown $USER:$USER $destination_base_folder
+                    mv $source_path $destination_path
+                    if [ -d "$destination_path" ]; then
+                        echo "= Folder $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                else
+                    echo "=== ERROR: Folder $folder not found - it does not exist?"
+                fi
+            fi
+        done <<< "$THEMES_LIST_CSV"
+    fi
+fi
+
+echo ""
+if [ $quarantined -eq 1 ]; then
+    echo "= All deactivated plugins and themes moved to quarantine."
+    echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN"
+else
+    echo "= No deactivated plugins or themes found."
+fi
+exit 0;
--- a/bin/v-delete-mail-domain
+++ b/bin/v-delete-mail-domain
@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
    rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn
    rm -rf $HOMEDIR/$user/conf/mail/$domain
    rm -rf $HOMEDIR/$user/mail/$domain_idn
+    if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then
+        rm -rf /hdd/home/$user/mail/$domain_idn
+    fi
 fi

 # Deleting dkim dns record
--- a/bin/v-delete-mail-domain-dkim
+++ b/bin/v-delete-mail-domain-dkim
@ -48,7 +48,7 @@ fi
 # Deleting dns record
 if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
    records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}')
    for id in $dkim_records; do
        $BIN/v-delete-dns-record $user $domain $id
    done
--- a/bin/v-delete-mails
+++ b/bin/v-delete-mails
@ -0,0 +1,127 @@
+#!/bin/bash
+# info: delete old emails (by mtime) for user/domain/account, with optional scope
+# usage:   v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE
+# SCOPE:   all    – clean every Maildir folder (cur, new, tmp, custom subfolders)
+#          trash  – clean only Trash/Junk/Spam folders
+
+# load Vesta functions & config
+source "$VESTA/func/main.sh"
+source "$VESTA/conf/vesta.conf"
+
+# read arguments
+user="$1"
+domain="$2"
+account="$3"
+mtime="$4"
+scope="$5"
+
+# verify argument count
+check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE'
+
+# validate scope
+if [[ "$scope" != "all" && "$scope" != "trash" ]]; then
+  echo "ERROR: SCOPE must be 'all' or 'trash'."
+  exit 1
+fi
+
+# validate logical combinations
+if [[ "$user" == "all" ]]; then
+  if [[ "$domain" != "all" || "$account" != "all" ]]; then
+    echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'."
+    exit 1
+  fi
+elif [[ "$domain" == "all" && "$account" != "all" ]]; then
+  echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'."
+  exit 1
+fi
+
+# build a detailed summary for the warning
+declare -a summary_parts
+if [[ "$user" == "all" ]]; then
+  summary_parts+=("all users")
+else
+  summary_parts+=("user '$user'")
+fi
+
+if [[ "$domain" == "all" ]]; then
+  summary_parts+=("all domains")
+else
+  summary_parts+=("domain '$domain'")
+fi
+
+if [[ "$account" == "all" ]]; then
+  summary_parts+=("all accounts")
+else
+  summary_parts+=("account '$account'")
+fi
+
+# join with commas
+summary=$(printf ", %s" "${summary_parts[@]}")
+summary=${summary:2}
+
+# only warn if any of them is 'all' or if mtime is 'all'
+if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then
+  echo "WARNING: This will delete emails older than '$mtime' days for ${summary}."
+  read -p "Are you sure? (yes/no): " confirm
+  [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; }
+fi
+
+# function to delete emails
+delete_emails() {
+  local u="$1" d="$2" a="$3"
+  local maildir="/home/$u/mail/$d/$a"
+
+  [[ ! -d "$maildir" ]] && return
+
+  echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime"
+
+  # build find predicates
+  if [[ "$scope" == "all" ]]; then
+    folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" )
+  else
+    folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" )
+  fi
+
+  # assemble and run find
+  if [[ "$mtime" == "all" ]]; then
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null
+  else
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null
+  fi
+}
+
+# collect users
+if [[ "$user" == "all" ]]; then
+  users=$(v-list-users plain | awk '{print $1}')
+else
+  users="$user"
+fi
+
+# iterate through users, domains, accounts
+for u in $users; do
+  if [[ "$domain" == "all" ]]; then
+    domains=$(v-list-mail-domains "$u" plain | awk '{print $1}')
+  else
+    domains="$domain"
+  fi
+
+  for d in $domains; do
+    if [[ "$account" == "all" ]]; then
+      accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}')
+    else
+      accounts="$account"
+    fi
+
+    for a in $accounts; do
+      delete_emails "$u" "$d" "$a"
+    done
+  done
+done
+
+# restart dovecot to refresh mailbox state
+systemctl restart dovecot
+
+# log the action (status first, then message)
+log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account"
+
+exit 0
--- a/bin/v-delete-user
+++ b/bin/v-delete-user
@ -94,6 +94,9 @@ fi
 # Deleting user directories
 chattr -i $HOMEDIR/$user/conf
 rm -rf $HOMEDIR/$user
+if [ -d "/hdd/home/$user" ]; then
+    rm -rf /hdd/home/$user
+fi
 rm -f /var/spool/mail/$user
 rm -f /var/spool/cron/$user
 rm -f /var/spool/cron/crontabs/$user
--- a/bin/v-delete-web-domain
+++ b/bin/v-delete-web-domain
@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then
    rm $fpmconf
    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
 fi
-fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
-fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf"
-if [ -f "$fpmconf" ]; then
-    rm $fpmconf
-    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
-fi
+
+for PHPV in /etc/php/*; do
+    if [ -d "${PHPV}" ]; then
+        # PHPVER=$(basename ${PHPV})
+        POOLD="${PHPV}/fpm/pool.d"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
+            rm $fpmconf
+            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+        fi
+        POOLD="${PHPV}/fpm/pool.d-ioncube"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
+            rm $fpmconf
+            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+        fi
+    fi
+done

 # Deleting domain from web.conf
 sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf
@ -142,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error*

 # Deleting directory
 rm -rf $HOMEDIR/$user/web/$domain
+if [ -d "/hdd/home/$user/web/$domain" ]; then
+    rm -rf /hdd/home/$user/web/$domain
+fi


 #----------------------------------------------------------#
--- a/bin/v-delete-wordpress-uploads-php-files
+++ b/bin/v-delete-wordpress-uploads-php-files
@ -0,0 +1,64 @@
+#!/bin/bash
+# info: delete PHP files from WordPress uploads folder
+# options: DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+quarantined=0;
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+
+files=$(find wp-content/uploads/ -type f -name "*.php")
+
+if [ -z "$files" ]; then
+    echo "= No PHP files found in WordPress uploads folder."
+    exit 0;
+fi
+
+echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :"
+echo "-------------------------------------"
+echo "$files"
+echo "-------------------------------------"
+
+read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+    for file in $files; do
+        source_file="/home/$USER/web/$DOMAIN/public_html/$file"
+        destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file"
+        destination_folder=$(dirname "$destination_file")
+        mkdir -p "$destination_folder"
+        chown $USER:$USER "$destination_folder"
+        mv "$source_file" "$destination_file"
+        echo "= File $source_file moved to $destination_file"
+        quarantined=1;
+    done
+    chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN"
+fi
+
+echo ""
+if [ $quarantined -eq 1 ]; then
+    echo "= All PHP files moved to quarantine."
+    echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN"
+else
+    echo "= No PHP files found in WordPress uploads folder."
+fi
+
+exit 0;
--- a/bin/v-desinfect-wordpress
+++ b/bin/v-desinfect-wordpress
@ -0,0 +1,86 @@
+#!/bin/bash
+# info: disinfect a WordPress site with several maintenance commands
+# options: DOMAIN
+
+# -------------------------------------------------------- #
+#                    variables and checks                  #
+# -------------------------------------------------------- #
+
+if [ "$(whoami)" != "root" ]; then
+    echo "You must be root to run this command."
+    exit 1
+fi
+
+# make sure all Vesta helper scripts are reachable
+export PATH="/usr/local/vesta/bin:$PATH"
+source /etc/profile
+
+domain="$1"
+if [ -z "$domain" ]; then
+    echo "Usage: v-desinfect-wp DOMAIN"
+    exit 1
+fi
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain")
+if [ -z "$user" ]; then
+    echo "Domain $domain does not exist."
+    exit 1
+fi
+
+if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then
+    echo "= WordFence CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wordfence-cli
+fi
+
+# absolute paths to maintenance scripts, in desired order
+declare -a tasks=(
+    "/usr/local/vesta/bin/v-change-database-password-for-wordpress"
+    "/usr/local/vesta/bin/v-change-wordpress-admin-passwords"
+    "/usr/local/vesta/bin/v-fix-wordpress-core"
+    "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes"
+    "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files"
+    "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+    "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+)
+
+# -------------------------------------------------------- #
+#                    execution strategy                    #
+# -------------------------------------------------------- #
+
+echo
+read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty
+
+if [[ "$run_all" =~ ^[Yy]$ ]]; then
+    echo "Running all maintenance steps for $domain"
+    automatic=true
+else
+    echo
+    echo "Selective mode. You will be asked for each step."
+    automatic=false
+fi
+
+for cmd in "${tasks[@]}"; do
+    if [ ! -x "$cmd" ]; then
+        echo "Command $cmd not found or not executable, skipping."
+        continue
+    fi
+
+    if [ "$automatic" = false ]; then
+        while true; do
+            read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty
+            case "$yn" in
+                [Yy]* ) break ;;
+                [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;;
+                * )     echo "Please answer y or n." ;;
+            esac
+        done
+    fi
+
+    echo
+    echo "=== $(basename "$cmd") $domain ==="
+    "$cmd" "$domain"
+done
+
+echo
+echo "Done."
+exit 0
--- a/bin/v-df-snapshot-diff
+++ b/bin/v-df-snapshot-diff
@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Make a diff between two snapshots of the disk usage
+# options: FILE1 FILE2
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Let's declare three associative arrays
+declare -A FILE1
+declare -A FILE2
+declare -A FILED
+
+file1=$1
+file2=$2
+
+if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
+    file1="/usr/local/vesta/data/df/$file1"
+fi
+
+if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
+    file2="/usr/local/vesta/data/df/$file2"
+fi
+
+if [ ! -f "$file1" ]; then
+    echo "File $file1 not found"
+    exit 1
+fi
+
+if [ ! -f "$file2" ]; then
+    echo "File $file2 not found"
+    exit 1
+fi
+
+timestamp=$(date +%Y-%m-%d-%H-%M-%S)
+mkdir -p /usr/local/vesta/data/df-diff
+file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt"
+file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt"
+file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt"
+touch $file0
+
+# Let's load the first file and fill the array FILE1
+while IFS=$'\t' read SIZE DIRECTORY; do
+    # Skip blank lines or lines that are not in the correct format
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    # Insert values into the array
+    FILE1["$DIRECTORY"]="$SIZE"
+done < "$file1"
+
+# Let's load the second file and fill the array FILE2
+while IFS=$'\t' read SIZE DIRECTORY; do
+    # Skip blank lines or lines that are not in the correct format
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    # Insert values into the array
+    FILE2["$DIRECTORY"]="$SIZE"
+done < "$file2"
+
+# We iterate through FILE1 and look for the matching key in FILE2
+for k in "${!FILE1[@]}"; do
+    if [[ -v FILE2["$k"] ]]; then
+        # If there is the same folder (KEY) in FILE2
+        DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} ))
+        FILED["$k"]=$DIFF
+        echo -e "${DIFF}\t${k}" >> $file0
+    else
+        # If the folder (KEY) is not found in FILE2
+        FILED["$k"]=${FILE1["$k"]}
+        echo -e "${FILE1["$k"]}\t${k}" >> $file0
+    fi
+done
+
+# sorted by size
+sort -nr -k1,1 $file0 > $file0s
+
+# sorted by folders
+while IFS=$'\t' read SIZE DIRECTORY; do
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f
+done < "$file2"
+
+chmod 600 $file0 $file0s $file0f
+chown root:root $file0 $file0s $file0f
+
+echo "Done."
+echo "You can do:"
+echo "mcview $file0"
+echo "mcview $file0s"
+echo "mcview $file0f"
+echo "--------------------------------"
+echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):"
+head -n 30 $file0s
+echo "--------------------------------"
+echo "Here is the first 30 lines of the diff, sorted by folders (in MB):"
+head -n 30 $file0f
+echo "--------------------------------"
+
+exit 0
--- a/bin/v-df-snapshot-logs-cleaner
+++ b/bin/v-df-snapshot-logs-cleaner
@ -0,0 +1,11 @@
+#!/bin/bash
+# info: Clean up old snapshots of the disk usage
+# options: NONE
+
+folder="/usr/local/vesta/data/df"
+mkdir -p $folder
+find $folder -type f -mtime +30 -delete
+
+folder="/usr/local/vesta/data/df-diff"
+mkdir -p $folder
+find $folder -type f -mtime +30 -delete
--- a/bin/v-df-snapshot-make
+++ b/bin/v-df-snapshot-make
@ -0,0 +1,20 @@
+#!/bin/bash
+# info: Make a snapshot of the disk usage
+# options: NONE
+
+folder="/usr/local/vesta/data/df"
+
+mkdir -p $folder
+timestamp=$(date +%Y-%m-%d-%H-%M-%S)
+du --max-depth=1 -c -m -x / > $folder/snapshot-$timestamp.txt
+du --max-depth=1 -c -m -x /home >> $folder/snapshot-$timestamp.txt
+du --max-depth=2 -c -m -x /home >> $folder/snapshot-$timestamp.txt
+du --max-depth=3 -c -m -x /home >> $folder/snapshot-$timestamp.txt
+du --max-depth=6 -c -m -x /home >> $folder/snapshot-$timestamp.txt
+du --max-depth=1 -c -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt
+du --max-depth=1 -c -m -x /var/log >> $folder/snapshot-$timestamp.txt
+
+chmod 600 $folder/snapshot-$timestamp.txt
+chown root:root $folder/snapshot-$timestamp.txt
+
+exit 0
--- a/bin/v-edit-domain-php-ini
+++ b/bin/v-edit-domain-php-ini
@ -0,0 +1,90 @@
+#!/bin/bash
+# info: Edit php.ini for certain domain
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain)
+
+if [ -z "$fpm_ver" ]; then
+    echo "PHP version for domain $domain could not be determined."
+    exit 1
+fi
+
+config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf"
+
+if command -v mcedit >/dev/null; then
+    mcedit "$config_file"
+else
+    nano "$config_file"
+fi
+
+echo "Restarting PHP-FPM service for PHP version ${fpm_ver}"
+systemctl restart php${fpm_ver}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${fpm_ver}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully."
+fi
+echo ""
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-edit-php-ini
+++ b/bin/v-edit-php-ini
@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Edit php.ini for a specific PHP version
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# List available PHP versions and store them into an array
+mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php)
+
+echo "Available PHP versions:"
+PS3="Please select the PHP version you want to edit php.ini for: "
+
+select php_version in "${php_versions[@]}"; do
+    if [[ -n $php_version ]]; then
+        break
+    else
+        echo "Invalid choice. Please try again."
+    fi
+done
+
+# Define path to the php.ini file
+php_ini_path="/etc/php/${php_version}/fpm/php.ini"
+
+# Check if php.ini exists for the selected version
+if [[ ! -f "$php_ini_path" ]]; then
+    echo "The php.ini file for the selected PHP version ($php_version) does not exist."
+    exit 1
+fi
+
+# Determine the text editor to use
+if command -v mcedit >/dev/null 2>&1; then
+    editor_cmd="mcedit"
+elif command -v nano >/dev/null 2>&1; then
+    editor_cmd="nano"
+else
+    echo "No supported text editor found. Please install 'mcedit' or 'nano'."
+    exit 1
+fi
+
+# Open php.ini for the chosen PHP version in the selected editor
+echo "Opening $php_ini_path in editor $editor_cmd..."
+$editor_cmd "$php_ini_path"
+
+# Restart the PHP-FPM service for the selected version
+echo "Restarting the PHP-FPM service for PHP version $php_version..."
+systemctl restart php${php_version}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${php_version}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully."
+fi
+
+#----------------------------------------------------------#
+#                       Exit                               #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-fix-php-ini-disable-functions
+++ b/bin/v-fix-php-ini-disable-functions
@ -0,0 +1,35 @@
+#!/bin/bash
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1;
+fi
+
+if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi;
+
+echo "=== Fixing php.ini files to have the correct disable_functions line"
+
+export NOTFOUNDVAL="exec,system,passthru,shell_exec"
+export LINEBEGINSWITH="disable_functions ="
+export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _
+
+export NOTFOUNDVAL2="^$LINEBEGINSWITH"
+export REMOVELINETHATCONTAINS=$LINEBEGINSWITH
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _
+
+if [ -f "/tmp/patched" ]; then
+    rm /tmp/patched
+
+    echo "== Restarting all PHP-FPM services"
+    systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
+
+    echo "=== Everything done."
+else
+    echo "=== Everything is already correct."
+fi
+
+exit 0;
--- a/bin/v-fix-user-permissions
+++ b/bin/v-fix-user-permissions
@ -44,14 +44,15 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \;
 find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \;
 find /home/$user/mail/*/ -type f -exec chmod u+rw {} \;
 find /home/$user/mail/*/ -type f -exec chmod g+rw {} \;
-
+find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \;

 find /home/$user/conf/dns/ -type f -exec chown root:bind {} \;
 find /home/$user/conf/ -type d -exec chown root:root {} \;

-find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} +
-find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} +
-find /home/$user/web/*/public_html/ -exec chown $user:$user {} \;
+for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+    /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+    echo "--------------------------------"
+done

 echo "Done, permissions fixed for user: $user"

--- a/bin/v-fix-website-permissions
+++ b/bin/v-fix-website-permissions
@ -0,0 +1,161 @@
+#!/bin/bash
+# info: Fixing chown and chmod permissions for a website
+# options: DOMAIN [USER]
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/conf/vesta.conf
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "Error: Folder /home/$user doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+echo "Updating permissions and ownership for /home/$USER/web/$domain/"
+
+php_chmod_allowed=1
+if [ -f "/home/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+
+# === General files and directories permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    # New way of fixing permissions
+    # Fixing permissions
+    find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
+    find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} +
+
+    # Fixing ownership
+    find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
+    find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+else
+    # Old way of fixing permissions
+    # Fixing permissions
+    find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
+    find public_html/ -type f ! -perm 644 -exec chmod 644 {} +
+
+    # Fixing ownership
+    find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
+    find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+# === PHP and .env permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    php_chmod="600"
+
+    if [ "$WEB_SYSTEM" = 'nginx' ]; then
+        php_chmod="644"
+    fi
+
+    if [ -f "/home/php_chmod" ]; then
+        php_chmod=$(cat /home/php_chmod)
+    fi
+    if [ -f "/home/$USER/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
+    fi
+
+    # Setting chmod 600 for all .php and .env files
+    echo "= Setting chmod $php_chmod for all .php and .env files"
+    # Fixing permissions
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
+    # Fixing ownership
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+# === Symlinks ownership ===
+symlink_chown_allowed=1
+if [ -f "/home/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+
+if [ "$symlink_chown_allowed" -eq 1 ]; then
+    find -type l ! -user $USER -exec chown -h $USER:$USER {} +
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "Permissions for $domain have been successfully updated."
+
+exit 0
--- a/bin/v-fix-website-permissions-for-all-websites
+++ b/bin/v-fix-website-permissions-for-all-websites
@ -0,0 +1,41 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+        echo "--------------------------------"
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-fix-website-permissions-for-all-websites-only-php
+++ b/bin/v-fix-website-permissions-for-all-websites-only-php
@ -0,0 +1,44 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1
+        echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-fix-website-permissions-only-php
+++ b/bin/v-fix-website-permissions-only-php
@ -0,0 +1,121 @@
+#!/bin/bash
+# info: Fixing PHP and .env permissions and ownership for a website
+# options: DOMAIN [USER]
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/conf/vesta.conf
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "Error: Folder /home/$user doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/"
+
+php_chmod_allowed=1
+if [ -f "/home/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+
+# === PHP and .env permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    php_chmod="600"
+
+    if [ "$WEB_SYSTEM" = 'nginx' ]; then
+        php_chmod="644"
+    fi
+
+    if [ -f "/home/php_chmod" ]; then
+        php_chmod=$(cat /home/php_chmod)
+    fi
+    if [ -f "/home/$USER/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
+    fi
+
+    # Setting chmod 600 for all .php and .env files
+    echo "= Setting chmod $php_chmod for all .php and .env files"
+    # Fixing permissions
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
+    # Fixing ownership
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "PHP and .env permissions and ownership for $domain have been successfully updated."
+
+exit 0
--- a/bin/v-fix-wordpress-core
+++ b/bin/v-fix-wordpress-core
@ -0,0 +1,115 @@
+#!/bin/bash
+# info: fix compromised wp-admin and wp-includes
+# options: DOMAIN [CACHE_DIR]
+#
+# Replaces wp-admin and wp-includes with clean copies that match
+# the WordPress core version detected on the site.
+#
+# Example:
+#   v-fix-wp-core example.com
+#   v-fix-wp-core example.com /srv/wp-cache
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+# Arguments
+DOMAIN="$1"
+CACHE_DIR="${2-/srv/wp-cache}"       # default cache location
+
+QUARANTINE_DIR="/srv/wp-quarantine"
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+check_args '1' "$#" 'DOMAIN [CACHE_DIR]'
+is_format_valid 'domain'
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)"  # temp workspace
+trap 'rm -rf "$TMP_DIR"' EXIT
+
+# 1etermine WP version
+if [ -z "$PHP" ]; then
+    WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+else
+    WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+fi
+
+check_result $? "cannot detect WP version" > /dev/null
+if [ -z "$WP_VERSION" ]; then
+    check_result 1 "empty WP version string"
+fi
+echo "Detected WordPress version $WP_VERSION"
+
+# 2ind site owner and path
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+check_result $? "cannot find domain owner" > /dev/null
+SITE_PATH="/home/$USER/web/$DOMAIN/public_html"
+if [ ! -d "$SITE_PATH" ]; then
+    check_result 1 "site path $SITE_PATH does not exist"
+fi
+
+# ensure cached core is present
+CACHE_PATH="$CACHE_DIR/$WP_VERSION"
+if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then
+    echo "Cache for $WP_VERSION missing, downloading ZIP..."
+
+    mkdir -p "$CACHE_PATH"
+    ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip"
+    ZIP_FILE="$TMP_DIR/wp.zip"
+
+    curl -fSL "$ZIP_URL" -o "$ZIP_FILE"
+    check_result $? "download failed" > /dev/null
+
+    unzip -q "$ZIP_FILE" -d "$TMP_DIR"
+    check_result $? "unzip failed" > /dev/null
+
+    mv "$TMP_DIR/wordpress/wp-admin"    "$CACHE_PATH/"
+    mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/"
+    cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/"
+fi
+
+# backup current core folders
+TIMESTAMP="$(date +%Y%m%d%H%M%S)"
+BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP"
+mkdir -p "$BACKUP_DIR"
+mv "$SITE_PATH/wp-admin"    "$BACKUP_DIR/"
+mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/"
+
+for f in "$SITE_PATH"/*.php; do
+    [[ $(basename "$f") == "wp-config.php" ]] && continue
+    mv "$f" "$BACKUP_DIR/"
+done
+if [ -f "$SITE_PATH/.user.ini" ]; then
+    mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/"
+fi
+
+# chown -R www-data:www-data "$BACKUP_DIR"
+check_result $? "backup failed" > /dev/null
+echo "Old core folders moved to $BACKUP_DIR"
+
+# deploy clean core
+rsync -a --delete "$CACHE_PATH/wp-admin/"    "$SITE_PATH/wp-admin/"
+rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/"
+check_result $? "rsync failed" > /dev/null
+
+for corephp in "$CACHE_PATH"/*.php; do
+    base=$(basename "$corephp")
+    [ "$base" = "wp-config.php" ] && continue
+    rsync -a "$corephp" "$SITE_PATH/$base"
+done
+
+# fix permissions
+SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN
+# chown -R www-data:www-data "$BACKUP_DIR"
+
+echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN"
+exit
--- a/bin/v-get-dns-config
+++ b/bin/v-get-dns-config
@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Get domain DNS config.db file content
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DNS_FILE="/home/$user/conf/dns/$domain.db"
+
+if [ -f "$DNS_FILE" ]; then
+    cat "$DNS_FILE"
+else
+    echo "DNS configuration file for $domain does not exist."
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;
--- a/bin/v-grep
+++ b/bin/v-grep
@ -0,0 +1,27 @@
+#!/bin/bash
+# info: calling myvesta_grep PHP function
+# options: PARAMETERS
+#
+# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression)
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
+    STDIN=$(cat -)
+    if [ ! -z "$STDIN" ]; then
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+        exit $?
+    fi
+fi
+
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
+fi
+exit $?
--- a/bin/v-import-cpanel-backup
+++ b/bin/v-import-cpanel-backup
@ -157,9 +157,15 @@ for sk_dbr in $sk_db_list
 			echo " Create and restore ${sk_dbr} "
 			sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
 			sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
+			if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then
+				v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create
+			fi
 			mysql < mysql/${sk_dbr}.create
 			sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
 			sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
+			if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then
+				v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql
+			fi
 			mysql ${sk_dbr} < mysql/${sk_dbr}.sql
 		else
 			echo "Error: Cant restore database $sk_dbr alredy exists in mysql server"
@ -269,28 +275,29 @@ cd $sk_mdir
 for sk_maild in $(ls -1)
 do
 if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp"  ]]; then
-	if [ -d "$sk_maild" ]; then
-		for sk_mail_account in $(ls $sk_maild/)
-		 do
-					
-					echo "Create and restore mail account: $sk_mail_account@$sk_maild"
-					sk_mail_pass1=$(generate_password)		
-					/usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1
-					mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild}
-					chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild}
-					find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete
-					# echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1"	>> /root/sk_mail_password_${sk_cp_user}-${sk_cod}
-					echo "Set password for ${sk_mail_account}@${sk_maild}"
-					pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F  ":" '{print $2}')
-					newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0"
-					newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'"
-					# echo $newline
-					escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g')
-					escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g')
-					sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd
-					sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf
-		done
-	fi
+    if [ -d "$sk_maild" ]; then
+        for sk_mail_account in $(ls $sk_maild/)
+        do
+            echo "Create and restore mail account: $sk_mail_account@$sk_maild"
+            sk_mail_pass1=$(generate_password)        
+            /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1
+            mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild}
+            chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild}
+            find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete
+            if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then
+                echo "Set password for ${sk_mail_account}@${sk_maild}"
+                pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F  ":" '{print $2}')
+                newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0"
+                newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'"
+                escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g')
+                escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g')
+                sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd
+                sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf
+            else
+                echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1"    >> /root/sk_mail_password_${sk_cp_user}-${sk_cod}
+            fi
+        done
+    fi
 #else
 # this only detect default dirs account new, cur, tmp etc
 # maybe can do something with this, but on most cpanel default account have only spam.
@ -367,7 +374,9 @@ tput setaf 4
 echo "##############################"
 echo "cPanel Backup restored"
 echo "Review your content and report any fail"
-# echo "I reset mail password not posible restore it yet."
-# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}"
+if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then
+    echo "I reset mail password not posible restore it yet."
+    echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}"
+fi
 echo "##############################"
 tput sgr0
--- a/bin/v-install-unsigned-ssl
+++ b/bin/v-install-unsigned-ssl
@ -52,6 +52,12 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#

+if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then
+    /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain"
+fi
+
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+
 email="info@$domain"

 TMPLOC="/home/$user/tmp/$domain"
@ -62,8 +68,13 @@ mkdir $TMPLOC

 # Parsing certificate file
 crt_end=$(grep -n "END CERTIFICATE-" $TMPLOC/vst.pem |cut -f 1 -d:)
-key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
-key_end=$(grep -n  "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
+if [ "$release" -lt 12 ]; then
+    key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
+    key_end=$(grep -n  "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:)
+else
+    key_start=$(grep -n "BEGIN PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:)
+    key_end=$(grep -n  "END PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:)
+fi

 # Adding SSL certificate
 cd $TMPLOC
--- a/bin/v-install-wordfence-cli
+++ b/bin/v-install-wordfence-cli
@ -0,0 +1,37 @@
+#!/bin/bash
+# info: Script for installing WordFence CLI
+# options: NONE
+
+if ! command -v git &> /dev/null; then
+    echo "= Git is not installed. Installing..."
+    apt-get update > /dev/null 2>&1
+    apt-get install -y git
+fi
+
+cd /root
+
+if [ ! -d "myvesta-wordfence-cli" ]; then
+    git clone https://github.com/isscbta/myvesta-wordfence-cli.git
+    cd ~/myvesta-wordfence-cli/
+else
+    cd ~/myvesta-wordfence-cli/
+    git pull
+fi
+
+echo ""
+echo "----------------------------------------------------------------"
+echo ""
+echo "Which Docker container do you want to install for WordFence CLI?"
+echo "1. WordFence CLI official Docker container"
+echo "2. WordFence CLI Docker container maintained by myVesta"
+read -r -p "Enter your choice: " choice < /dev/tty
+
+if [ "$choice" == "1" ]; then
+    bash wf-cli-install.sh
+fi
+
+if [ "$choice" == "2" ]; then
+    bash wf-cli-install-our-image.sh
+fi
+
+exit 0;
--- a/bin/v-install-wordpress
+++ b/bin/v-install-wordpress
@ -57,17 +57,26 @@ if [ -z "$database" ]; then
    fi
 fi

+# Convert domain to IDN if available
+if command -v idn2 >/dev/null 2>&1; then
+    database=$(idn2 "$database")
+    idn_domain=$(idn2 "$domain")
+elif command -v idn >/dev/null 2>&1; then
+    database=$(idn "$database")
+    idn_domain=$(idn "$domain")
+fi
+
 if [ -z "$email" ]; then
-    email="info@$domain";
+    email="info@$idn_domain";
 fi

 if [ ! -d "/home/$user" ]; then
-    echo "User doesn't exist";
+    echo "= Error: Folder /home/$user doesn't exist";
    exit 1;
 fi

 if [ ! -d "/home/$user/web/$domain/public_html" ]; then
-    echo "Domain doesn't exist";
+    echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist";
    exit 1;
 fi

@ -95,51 +104,72 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
 #                       Action                             #
 #----------------------------------------------------------#

-PROTOCOL='http'
-if [ -z "$SKIP_LE" ]; then
-    if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
-        /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
-    fi
-else
-    PROTOCOL='https'
+PROTOCOL='https'
+
+if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
+    echo "== Trying to install LetsEncrypt for domain $domain"
+    /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
 fi

-if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then
-    PROTOCOL='https'
-    if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then
-        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+if [ ! -z "$FORCE_HTTP" ]; then
+    # Switch to http:// only if --FORCE_HTTP parameter is set
+    echo "== Force http://"
+    PROTOCOL='http'
+fi
+
+TPL_CHANGED=0;
+
+if [ "$WEB_SYSTEM" != 'nginx' ]; then
+    if [ "$PROTOCOL" = "https" ]; then
+        if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+            TPL_CHANGED=1;
+            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+        fi
+        if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+            TPL_CHANGED=1;
+            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+        fi
+    fi
+    if [ "$PROTOCOL" = "http" ]; then
+        if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
+            TPL_CHANGED=1;
+            /usr/local/vesta/bin/v-change-web-domain-proxy-tpl  "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
+        fi
    fi
 fi

 /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql"

-if [ ! -f "/usr/local/bin/wp" ]; then
-    echo "=== Downloading latest wp-cli"
-    wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
-    chmod +x /usr/local/bin/wp
-fi
-
 WORKINGDIR="/home/$user/web/$domain/public_html"
 rm -rf $WORKINGDIR/*
 cd $WORKINGDIR

-sudo -H -u$user wp core download
-sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB
+/usr/local/vesta/bin/v-run-wp-cli $domain core download
+if [ ! -f "$WORKINGDIR/index.php" ]; then
+    echo "= WordPress installation failed: WordPress core download failed."
+    exit 1;
+fi
+
+/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB
+if [ ! -f "$WORKINGDIR/wp-config.php" ]; then
+    echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found."
+    exit 1;
+fi

 password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12)

 wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n

-sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR
+/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR

 mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';"

 echo "================================================================="
-echo "Installation is complete. Your username/password is listed below."
+echo "Your WordPress installation is complete."
 echo ""
-echo "Site: $PROTOCOL://$domain/"
+echo "Website URL: $PROTOCOL://$domain/"
 echo ""
-echo "Login: $PROTOCOL://$domain/wp-admin/"
+echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/"
 echo "Username: $wpadmin"
 echo "Password: $password"
 echo ""
--- a/bin/v-install-wp-cli
+++ b/bin/v-install-wp-cli
@ -0,0 +1,27 @@
+#!/bin/bash
+# info: Download WP CLI
+# options: NONE
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+echo "= Installing WP CLI by downloading phar file..."
+wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
+chmod +x /usr/local/bin/wp
+
+if [ -f "/usr/local/bin/wp" ]; then
+    echo "= WP CLI installed successfully."
+    echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND"
+    exit 0;
+else
+    echo "= WP CLI installation failed."
+    echo "= Please install it manually."
+    exit 1;
+fi
--- a/bin/v-install-wp-cli-myvesta
+++ b/bin/v-install-wp-cli-myvesta
@ -0,0 +1,79 @@
+#!/bin/bash
+# info: Download myVesta WP CLI
+# options: NONE
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+if [ ! -f "/usr/local/bin/composer" ]; then
+    echo "= Composer is not installed. Installing..."
+    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+    php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+    php -r "unlink('composer-setup.php');"
+    echo "= Composer installed successfully."
+fi
+
+if [ -d "/usr/local/bin/wp-cli" ]; then
+    echo "= Removing old myVesta WP CLI..."
+    rm -rf /usr/local/bin/wp-cli
+fi
+
+echo "= Installing myVesta WP CLI..."
+
+cd /usr/local/bin
+git clone https://github.com/wp-cli/wp-cli.git
+
+chown -R www-data:www-data wp-cli
+
+ver_ge() {
+    # usage: ver_ge 7.2 5.6   --> returns true if $1 is greater than or equal to $2
+    [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ]
+}
+
+current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+')
+
+php_versions=$(/usr/local/vesta/bin/v-list-php)
+for php_version in $php_versions; do
+    if ver_ge "$php_version" "7.2"; then
+        oldest_allowed_php_version=$php_version
+        break
+    fi
+done
+
+echo "= Setting PHP version to $oldest_allowed_php_version"
+update-alternatives --set php /usr/bin/php$oldest_allowed_php_version
+
+cd wp-cli/
+sudo -H -u www-data composer install
+
+echo "= Installing search-replace-command package..."
+sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command
+
+echo "= Setting PHP version to $current_php_version"
+update-alternatives --set php /usr/bin/php$current_php_version
+
+# Fix terminal columns issue for WP CLI
+echo "= Fixing terminal columns issue for WP CLI..."
+/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php'
+
+echo ""
+
+if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    echo "= myVesta WP CLI installed successfully."
+    echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND"
+    exit 0;
+else
+    echo "= myVesta WP CLI installation failed."
+    echo "= Please install it manually."
+    exit 1;
+fi
--- a/bin/v-list-php
+++ b/bin/v-list-php
@ -0,0 +1,76 @@
+#!/bin/bash
+# info: list of installed php versions
+# options: [FORMAT]
+#
+# The function for obtaining the list of installed PHP versions.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    counter=$(echo "$phpversions" | wc -l)
+    i=1
+    echo '['
+    for phpversion in $phpversions; do
+        if [ "$i" -lt "$counter" ]; then
+            echo -e  "\t\"$phpversion\","
+        else
+            echo -e  "\t\"$phpversion\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# shell list function
+shell_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# CSV list function
+csv_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Obtaining the list of installed PHP-FPM versions
+phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/bin/v-list-php-apache
+++ b/bin/v-list-php-apache
@ -0,0 +1,91 @@
+#!/bin/bash
+# info: list of installed php versions that have Apache template.
+# options: [FORMAT]
+#
+# The function obtains the list of installed PHP versions that have Apache template.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    counter=$(echo "$phpversions" | wc -l)
+    i=1
+    echo '['
+    for phpversion in $phpversions; do
+        if [ "$i" -lt "$counter" ]; then
+            echo -e  "\t\"$phpversion\","
+        else
+            echo -e  "\t\"$phpversion\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# shell list function
+shell_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+# CSV list function
+csv_list() {
+    for phpversion in $phpversions; do
+        echo "$phpversion"
+    done
+}
+
+echo_phpversions_list() {
+    for element in "${phpversions_list[@]}"; do
+        echo "$element"
+    done
+}
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Obtaining the list of installed PHP-FPM versions
+fpmphpversions=$(/usr/local/vesta/bin/v-list-php)
+
+for phpversion in $fpmphpversions; do
+    phpversiontpl=${phpversion//./}
+    tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl"
+    if [ -f "$tpl" ]; then
+        phpversions_list+=("$phpversion")
+    fi
+done
+
+phpversions=$(echo_phpversions_list)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/bin/v-list-sys-config
+++ b/bin/v-list-sys-config
@ -54,7 +54,8 @@ json_list() {
        "SOFTACULOUS": "'$SOFTACULOUS'",
        "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'",
        "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
-        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
+        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'",
+        "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'"
    }
 }'
 }
--- a/bin/v-list-sys-services
+++ b/bin/v-list-sys-services
@ -297,7 +297,11 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
        if [ "$service" = 'mysql' ]; then
            proc_name='mysqld'
            release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
-            if [ "$release" -eq 11 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then
+            if [ "$release" -gt 10 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then
+                service='mariadb'
+                proc_name='mariadbd'
+            fi
+            if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then
                service='mariadb'
                proc_name='mariadbd'
            fi
--- a/bin/v-list-user-log
+++ b/bin/v-list-user-log
@ -12,6 +12,7 @@
 # Argument definition
 user=$1
 format=${2-shell}
+limit=${3-300}

 # Includes
 source $VESTA/func/main.sh
@ -34,6 +35,9 @@ json_list() {
        "TIME": "'$TIME'",
        "DATE": "'$DATE'"
    }'
+        if [ "$limit" -gt 0 ] && [ "$i" = "$limit" ]; then
+            break;
+        fi
        if [ "$i" -lt "$objects" ]; then
            echo ','
        else
@ -83,7 +87,7 @@ csv_list() {
 #                    Verifications                         #
 #----------------------------------------------------------#

-check_args '1' "$#" 'USER [FORMAT]'
+check_args '1' "$#" 'USER [FORMAT] [LIMIT]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"

@ -93,7 +97,7 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#

 # Parsing history log
-logs=$(tail -n 300 $USER_DATA/history.log 2>/dev/null)
+logs=$(tail -n $limit $USER_DATA/history.log | tac)

 case $format in
    json)   json_list ;;
--- a/bin/v-make-main-apache-log
+++ b/bin/v-make-main-apache-log
@ -0,0 +1,14 @@
+#!/bin/bash
+
+touch /var/log/apache2/time.log
+# truncate -s 0 /var/log/apache2/time.log
+chmod 0640 /var/log/apache2/time.log
+chown root:adm /var/log/apache2/time.log
+find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n    ServerName |g'
+find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n    ServerName |g'
+if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then
+    sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf
+fi
+systemctl restart apache2
+
+wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php
--- a/bin/v-make-separated-ip-for-email
+++ b/bin/v-make-separated-ip-for-email
@ -1,4 +1,4 @@
-#!/bin/bash
+ #!/bin/bash

 # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users
 # options: MAIL_HOSTNAME MAIL_IP
@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME"
 is_ip_format_valid "$MAIL_IP"

 HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME")
-if [ -z "$HOST_USER" ]; then
+if [ -z "$HOST_USER" ]; then 
    echo "Error: hostname $HOSTNAME is not created as web domain"
    exit 4
 fi
@ -138,7 +138,18 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template)
 if [ "$check_grep" -eq 0 ]; then
    echo "=== patching exim4.conf.template"
    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
-    cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+    if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+        cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template
+        sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template
+    fi
+
+    if (( $(echo "$eximversion < 4.94" | bc -l) )); then
+        sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template
+    fi
+
    sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template
    sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template
    sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template
@ -148,6 +159,8 @@ if [ "$check_grep" -eq 0 ]; then
    sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template
    sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template
    sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template
+    /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template'
+    /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template'
    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
    touch /etc/exim4/limit_per_email_account_max_recipients
    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
@ -166,9 +179,10 @@ if [ "$check_grep" -eq 0 ]; then
    fi
    systemctl restart exim4
    if [ $? -ne 0 ]; then
+        systemctl status exim4
        cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template
        systemctl restart exim4
-        echo "=== Patching failed, aborting"
+        echo "=== Patching failed, old exim conf returned, exim4 restarted again."
        exit 1
    fi
    echo "=== Patching successful"
--- a/bin/v-migrate-site-to-https
+++ b/bin/v-migrate-site-to-https
@ -40,6 +40,7 @@ is_format_valid 'domain' 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

+
 FROM_DATABASE_NAME=''
 FROM_DATABASE_USERNAME=''
 FROM_DATABASE_PASSWORD=''
@ -94,6 +95,8 @@ if [ "$DB_EXISTS" = "no" ]; then
    exit 6
 fi

+phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN")
+
 # ----------- CHECK -------------

 FROM_REPLACE1="http://$FROM_DOMAIN"
@ -102,19 +105,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN"
 TO_REPLACE2="https://www.$FROM_DOMAIN"

 if [ $IT_IS_WP -eq 0 ]; then
-    if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then
-        echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/"
-        exit 7
-    fi
-    if [ ! -f "/usr/bin/php7.0" ]; then
-        echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0"
-        exit 8
-    fi
-else
-    if [ ! -f "/usr/local/bin/wp" ]; then
-        echo "=== Downloading latest wp-cli"
-        wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
-        chmod +x /usr/local/bin/wp
+    if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then
+        if [ ! -f "/usr/bin/git" ]; then
+            apt-get update > /dev/null 2>&1
+            apt-get -y install git > /dev/null 2>&1
+        fi
+        cd /root
+        git clone https://github.com/interconnectit/Search-Replace-DB.git
    fi
 fi

@ -164,15 +161,15 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC

 if [ $IT_IS_WP -eq 0 ]; then
    echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
-    php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1"
    echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
-    php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2"
 else
    cd $SITE_FOLDER
    echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
-    sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid
+    /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
    echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
-    sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid
+    /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
 fi

 echo "===== DONE ===="
--- a/bin/v-move-domain-and-database-to-account
+++ b/bin/v-move-domain-and-database-to-account
@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then
    exit
 fi

+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user
+
 USER_TO=$user

 #----------------------------------------------------------#
@ -84,6 +88,56 @@ if [ $? -ne 0 ]; then
    RET=$E_NOTEXIST
 fi

+#----------------------------------------------------------#
+#               Update Wordfence WAF Path                  #
+#----------------------------------------------------------#
+
+filepath="/home/USER_TO/web/$domain/public_html/.user.ini"
+filename=$(basename $filepath)
+
+# Check if file exists
+if [ -f "$filepath" ]; then
+    echo "Updating $filename with new user path..."
+    
+    # Temporary file for modification
+    tmp_file=$(mktemp)
+    
+    # Change path from old USER to new USER_TO
+    sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
+    
+    # Check if replacement was successful and update file
+    if [ $? -eq 0 ]; then
+        mv "$tmp_file" "$filepath"
+        echo "$filename updated successfully."
+    else
+        echo "Failed to update $filename file."
+        rm "$tmp_file"  # Deletes temporary file
+    fi
+fi
+
+filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php"
+filename=$(basename $filepath)
+
+# Check if file exists
+if [ -f "$filepath" ]; then
+    echo "Updating $filename with new user path..."
+    
+    # Temporary file for modification
+    tmp_file=$(mktemp)
+    
+    # Change path from old USER to new USER_TO
+    sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
+    
+    # Check if replacement was successful and update file
+    if [ $? -eq 0 ]; then
+        mv "$tmp_file" "$filepath"
+        echo "$filename updated successfully."
+    else
+        echo "Failed to update $filename file."
+        rm "$tmp_file"  # Deletes temporary file
+    fi
+fi
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
--- a/bin/v-move-folder-and-make-symlink
+++ b/bin/v-move-folder-and-make-symlink
@ -19,6 +19,8 @@ fi
 FROMFOLDER=$1
 TOFOLDER=$2

+echo "Executing: v-move-folder-and-make-symlink $1 $2"
+
 # Includes
 source $VESTA/func/main.sh

@ -26,6 +28,16 @@ source $VESTA/func/main.sh
 #                    Verifications                         #
 #----------------------------------------------------------#

+if [ -z "$FROMFOLDER" ]; then
+    echo "First parameter is empty, aborting"
+    exit 1
+fi
+
+if [ -z "$TOFOLDER" ]; then
+    echo "Second parameter is empty, aborting"
+    exit 1
+fi
+
 # Trimming the ending slash, just in case
 FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::')
 TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::')
@ -66,19 +78,21 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#

-rsync -a "$FROMFOLDER/" "$TOFOLDER/"
-# with slashes on the end of the path of both folders
-if [ "$?" -ne 0 ]; then
-    echo "Error happened, aborting"
-    exit 1
-fi
-
 if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then
    # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files
    chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1
    # with slashes on the end of the path of the folder
 fi

+# rsync -a "$FROMFOLDER/" "$TOFOLDER/"
+# with slashes on the end of the path of both folders
+
+mv "$FROMFOLDER" "$TOFOLDER"
+if [ "$?" -ne 0 ]; then
+    echo "Error happened, aborting"
+    exit 1
+fi
+
 rm -rf "$FROMFOLDER"
 # without slash on the end of the path of the folder

--- a/bin/v-php-func
+++ b/bin/v-php-func
@ -2,11 +2,20 @@
 # info: calling myVesta PHP functions
 # options: FUNCTION
 #
-# The function is calling myVesta PHP functions.
+# The function is calling myVesta or standard PHP functions directly from bash

 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

+
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
+    STDIN=$(cat -)
+    if [ ! -z "$STDIN" ]; then
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@"
+        exit $?
+    fi
+fi
+
 php /usr/local/vesta/func/bash-to-php-interpreter.php "$@"
 exit $?
--- a/bin/v-restart-web
+++ b/bin/v-restart-web
@ -64,7 +64,9 @@ fi

 # Resart web system if reload didn't work
 if [ "$rc" -ne 0 ]; then
-    service $WEB_SYSTEM restart >/dev/null 2>&1
+    # service $WEB_SYSTEM restart >/dev/null 2>&1
+    systemctl reset-failed $WEB_SYSTEM
+    systemctl restart $WEB_SYSTEM >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        send_email_report
        check_result $E_RESTART "$WEB_SYSTEM restart failed"
--- a/bin/v-restore-user
+++ b/bin/v-restore-user
@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
        # Restoring web domain data
        chown $user $tmpdir
        chmod u+w $HOMEDIR/$user/web/$domain
+        chmod 0755 $tmpdir/web/$domain
        sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
            -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
            2> $HOMEDIR/$user/web/$domain/restore_errors.log
@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
        if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
            chown $user $tmpdir
            chmod u+w $HOMEDIR/$user/mail/$domain_idn
+            chmod 0755 $tmpdir/mail/$domain
            sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
                -C $HOMEDIR/$user/mail/$domain_idn/
            if [ "$?" -ne 0 ]; then
--- a/bin/v-run-wp-cli
+++ b/bin/v-run-wp-cli
@ -0,0 +1,146 @@
+#!/bin/bash
+# info: Run WP CLI command for a specific domain
+# options: DOMAIN WP_CLI_COMMAND
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+wp_command=${@:2} 
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+VERBOSE_MODE=1
+
+check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+if [ ! -d "/home/$user" ]; then
+    echo "= User doesn't exist";
+    exit 1;
+fi
+
+if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo '= Please install WordPress first.'
+    exit 1;
+fi
+
+wpcli=""
+
+if [ ! -f "/usr/local/bin/wp" ]; then
+    echo "= WP CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wp-cli
+fi
+
+if [ -z "$USE_WP_CLI_MYVESTA" ]; then
+    if [ -f "/usr/local/bin/wp" ]; then
+        # Get current time and file ctime in seconds since epoch
+        current_time=$(date +%s)
+        file_ctime=$(stat -c %Z /usr/local/bin/wp)
+        # Calculate age in days
+        age_days=$(( (current_time - file_ctime) / 86400 ))
+        if [ "$age_days" -gt 30 ]; then
+            echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)."
+            echo "= Updating WP CLI..."
+            /usr/local/vesta/bin/v-install-wp-cli
+        fi
+    fi
+fi
+
+if [ -t 1 ]; then
+    output='terminal'
+else
+    output='file'
+fi
+
+if [ -f "/usr/local/bin/wp" ]; then
+    wpcli="/usr/local/bin/wp"
+    WP_CLI_PACKAGES_DIR=""
+fi
+
+if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then
+    wpcli="/usr/local/bin/wp-cli/php/boot-fs.php"
+    COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}')
+    echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS
+    WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages"
+fi
+
+if [ -z "$wpcli" ]; then
+    echo "= WP CLI is not installed. Please install it manually."
+    exit 1;
+fi
+
+mkdir -p /home/$user/.wp-cli
+chown $user:$user /home/$user/.wp-cli
+
+if [ -z "$PHP" ]; then
+    phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
+else
+    phpver=$PHP
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd /home/$USER/web/$domain/public_html
+
+if [ -z "$OPEN_BASEDIR" ]; then
+    OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp"
+fi
+
+if [ -z "$DISABLE_FUNCTIONS" ]; then
+    DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
+fi
+
+if [ -z "$SHOW_ERRORS" ]; then
+    sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log
+else
+    sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command
+fi
+
+return_code=$?
+
+if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then
+    rm /usr/local/bin/wp-cli/COLUMNS
+fi
+
+if [ -z "$SHOW_ERRORS" ]; then
+    if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then
+        cat /home/$user/web/$domain/wp-cli-error.log
+    fi
+fi
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit $return_code;
--- a/bin/v-run-wp-cli-myvesta
+++ b/bin/v-run-wp-cli-myvesta
@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    echo "= myVesta WP CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wp-cli-myvesta
+fi
+
+if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
+    # Get current time and file ctime in seconds since epoch
+    current_time=$(date +%s)
+    file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php)
+    # Calculate age in days
+    age_days=$(( (current_time - file_ctime) / 86400 ))
+    if [ "$age_days" -gt 30 ]; then
+        echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)."
+        echo "= Updating myVesta WP CLI..."
+        /usr/local/vesta/bin/v-install-wp-cli-myvesta
+    fi
+fi
+
+USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@"
--- a/bin/v-sed
+++ b/bin/v-sed
@ -0,0 +1,27 @@
+#!/bin/bash
+# info: calling myvesta_sed PHP function
+# options: PARAMETERS
+#
+# The function is calling myVesta PHP replacement for GNU 'sed' command (but without regular expression)
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
+    STDIN=$(cat -)
+    if [ ! -z "$STDIN" ]; then
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@"
+        exit $?
+    fi
+fi
+
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@"
+fi
+exit $?
--- a/bin/v-suspend-firewall-rule
+++ b/bin/v-suspend-firewall-rule
@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#

+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Suspending rule
 update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes

 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-suspend-web-domain
+++ b/bin/v-suspend-web-domain
@ -17,6 +17,10 @@ domain=$2
 domain_idn=$2
 restart=$3

+if [ -z "$restart" ]; then
+    restart='yes'
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
@ -80,12 +84,14 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED' 'yes'
 increase_user_value "$user" '$SUSPENDED_WEB'

-# Restarting web server
-$BIN/v-restart-web $restart
-check_result $? "Web restart failed" >/dev/null
-
-$BIN/v-restart-proxy $restart
-check_result $? "Proxy restart failed" >/dev/null
+if [ "$restart" = "yes" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
+    
+    $BIN/v-restart-proxy $restart
+    check_result $? "Proxy restart failed" >/dev/null
+fi

 # Logging
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-unlock-wordpress
+++ b/bin/v-unlock-wordpress
@ -58,6 +58,8 @@ chown -R $user:$user public_html/

 rm public_html/wp-content/uploads/.htaccess

+/usr/local/vesta/bin/v-fix-website-permissions $domain
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
--- a/bin/v-unsuspend-firewall-rule
+++ b/bin/v-unsuspend-firewall-rule
@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#

+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Suspending rule
 update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no

 # Updating system firewall
 $BIN/v-update-firewall

+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        touch /etc/nginx/conf.d/block-firewall.conf
+        if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then
+            echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf
+            systemctl restart nginx
+        fi
+    fi
+fi
+

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-update-document-errors-files
+++ b/bin/v-update-document-errors-files
@ -0,0 +1,48 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html
+        cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html
+        sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html
+        chown $user:$user /home/$user/web/$domain/document_errors/*
+        chmod 644 /home/$user/web/$domain/document_errors/*
+    done
+
+done
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-update-firewall
+++ b/bin/v-update-firewall
@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp
 echo "$iptables -F INPUT" >> $tmp

 # Enabling stateful support
-if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
+if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
    str="$iptables -A INPUT -m state"
    str="$str --state ESTABLISHED,RELATED -j ACCEPT"
    echo "$str" >> $tmp
@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
 fi

 # Saving rules to the master iptables file
-if [ -d "/etc/sysconfig" ]; then
-    /sbin/iptables-save > /etc/sysconfig/iptables
-    if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
-        /sbin/chkconfig iptables on
-    fi
-else
+# if [ -d "/etc/sysconfig" ]; then
+#     /sbin/iptables-save > /etc/sysconfig/iptables
+#     if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
+#         /sbin/chkconfig iptables on
+#     fi
+# else
    /sbin/iptables-save > /etc/iptables.rules
    preup="/etc/network/if-pre-up.d/iptables"
    if [ ! -e "$preup" ]; then
@ -178,7 +178,7 @@ else
        echo "exit 0" >> $preup
        chmod +x $preup
    fi
-fi
+# fi

 # Worarkound for OpenVZ
 if [ -e "/proc/vz/veinfo" ]; then
--- a/bin/v-update-mail-domain-disk
+++ b/bin/v-update-mail-domain-disk
@ -49,7 +49,8 @@ dom_diks=0
 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do
    home_dir=$HOMEDIR/$user/mail/$domain/$account
    if [ -e "$home_dir" ]; then
-        udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+        cd $home_dir
+        udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
    else
        udisk=0
    fi
--- a/bin/v-update-mail-domains-disk
+++ b/bin/v-update-mail-domains-disk
@ -35,13 +35,14 @@ fi
 #----------------------------------------------------------#

 # Starting loop
-for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do
+for domain in $(list_objects 'mail' 'DOMAIN'); do
    dom_diks=0
-    accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT')
+    accounts=$(list_objects "mail/$domain" 'ACCOUNT')
    for account in $accounts; do
        home_dir=$HOMEDIR/$user/mail/$domain/$account
        if [ -e "$home_dir" ]; then
-            udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+            cd $home_dir
+            udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
        else
            udisk=0
        fi
--- a/bin/v-update-sys-rrd-la
+++ b/bin/v-update-sys-rrd-la
@ -74,7 +74,7 @@ rrdtool graph $RRD/la/$period-la.png \
    -c "SHADEA#ffffff" \
    -c "SHADEB#ffffff" \
    -c "FONT#555555" \
-    -c "CANVAS#302c2d" \
+    -c "CANVAS#F2F2F2" \
    -c "GRID#666666" \
    -c "MGRID#AAAAAA" \
    -c "FRAME#777777" \
@ -82,7 +82,7 @@ rrdtool graph $RRD/la/$period-la.png \
    DEF:la=$RRD/la/la.rrd:LA:AVERAGE \
    DEF:pr=$RRD/la/la.rrd:PR:AVERAGE \
    COMMENT:'\r' \
-    AREA:la#C8EA2E:"LA * 100"\
+    AREA:la#00CD2E:"LA * 100"\
    GPRINT:la:'LAST: Current\:''%8.0lf'  \
    GPRINT:la:'MIN: Min\:''%8.0lf'  \
    GPRINT:la:'MAX: Max\:''%8.0lf\j'  \
--- a/bin/v-update-sys-rrd-net
+++ b/bin/v-update-sys-rrd-net
@ -35,13 +35,15 @@ if [ ! -d "$RRD/net" ]; then
    mkdir $RRD/net
 fi

+find $RRD/net -name "veth*" -delete
+
 # Parsing network interfaces
 ndev=$(cat /proc/net/dev)
 ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g")

 # Parsing excludes
 if [ -z "$RRD_IFACE_EXCLUDE" ]; then
-    RRD_IFACE_EXCLUDE='lo'
+    RRD_IFACE_EXCLUDE='lo,'
 fi
 for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do
    ifaces=$(echo "$ifaces" |grep -vw "$exclude" )
@ -62,6 +64,8 @@ for iface in $ifaces; do
            RRA:MAX:0.5:6:700 \
            RRA:MAX:0.5:24:775 \
            RRA:MAX:0.5:288:797
+    else
+        touch $RRD/net/$iface.rrd
    fi

    # Parsing device stats
@ -112,6 +116,8 @@ for iface in $ifaces; do

 done

+find $RRD/net -name "*.png" -mtime +1 -delete
+find $RRD/net -name "*.rrd" -mtime +1 -delete

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-update-web-domain-disk
+++ b/bin/v-update-web-domain-disk
@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then
    disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
 fi

+# Defining hdd home directory
+home_dir="/hdd$HOMEDIR/$user/web/$domain/"
+
+# Checking home directory exist
+if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
+    disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+    disk_usage=$(( disk_usage + disk_usage2 ))
+fi

 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-update-web-domains-disk
+++ b/bin/v-update-web-domains-disk
@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#

 # Domain loop
-for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do
+for domain in $(list_objects 'web' 'DOMAIN'); do
    home_dir="$HOMEDIR/$user/web/$domain/"
    if [ -e "$home_dir" ]; then
        disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
    fi
+    home_dir="/hdd$HOMEDIR/$user/web/$domain/"
+    if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
+        disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+        disk_usage=$(( disk_usage + disk_usage2 ))
+    fi
    update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage"
 done

--- a/bin/v-whitelist-email-account
+++ b/bin/v-whitelist-email-account
@ -0,0 +1,119 @@
+#!/bin/bash
+# info: Add a specific email address to SpamAssassin whitelist
+# usage: v-whitelist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to check if a domain/email is already blacklisted
+check_blacklisted() {
+    local pattern=$1
+    local file=$2
+    grep -qE "blacklist_from.*${pattern}" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-whitelist-email-account EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Extract the domain from the email address
+DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}')
+
+# Prepare entries for SpamAssassin
+WHITELIST_ENTRY="whitelist_from $EMAIL"
+BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
+BLACKLIST_ENTRY_SUB="*.$DOMAIN"
+
+#----------------------------------------------------------#
+#                SpamAssassin Whitelist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+
+# Check if the email address or its domain is already blacklisted
+if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. It is already blacklisted."
+    exit 1
+fi
+
+if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted."
+    exit 1
+fi
+
+if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted."
+    exit 1
+fi
+
+# Add the email to whitelist if not already present
+if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+# Restart SpamAssassin only if changes were made
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/bin/v-whitelist-email-domain
+++ b/bin/v-whitelist-email-domain
@ -0,0 +1,119 @@
+#!/bin/bash
+# info: Add a domain to SpamAssassin whitelist
+# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a SpamAssassin whitelist entry already exists
+check_whitelist_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "whitelist_from $entry" "$file"
+}
+
+# Function to check if a domain/email is already blacklisted
+check_blacklist_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "blacklist_from.*${domain}$" "$file"
+}
+
+# Function to add whitelist entry to file
+add_whitelist_to_file() {
+    local entry=$1
+    local file=$2
+    echo "whitelist_from $entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for SpamAssassin
+WHITELIST_ENTRY_MAIN="*@${DOMAIN}"
+WHITELIST_ENTRY_SUB="*.$DOMAIN"
+BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
+BLACKLIST_ENTRY_SUB="*.$DOMAIN"
+
+#----------------------------------------------------------#
+#                SpamAssassin Whitelist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+
+# Check if the domain is already blacklisted
+if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then
+    echo "Cannot whitelist $DOMAIN. It is already blacklisted."
+    exit 1
+fi
+
+# Add the main entry
+if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+# Add the subdomain entry if needed
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+# Restart SpamAssassin only if changes were made
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0
--- a/func/bash-to-php-interpreter.php
+++ b/func/bash-to-php-interpreter.php
@ -7,24 +7,73 @@ else $SHLVL=3;

 if (!isset($argv)) exit(5);

+$argv_start=1;
+$STDIN_ENABLED=false;
+if ($argv[1]=='--stdin') {
+    $STDIN_ENABLED=true;
+    $argv_start++;
+}
+
+$myvesta_stdin='';
+if ($STDIN_ENABLED==true) {
+    stream_set_blocking(STDIN, false);
+    $myvesta_f = fopen( 'php://stdin', 'r' );
+    while( $myvesta_line = fgets( $myvesta_f ) ) {
+        $myvesta_stdin .= $myvesta_line;
+    }
+    fclose( $myvesta_f );
+}
+
 include ("/usr/local/vesta/func/main.php");
 include ("/usr/local/vesta/func/string.php");

 $counter=count($argv);
 if ($counter<2) myvesta_throw_error(2, 'Function is missing');

-$func=$argv[1];
+$func=$argv[$argv_start];
 if (!function_exists($func)) {
-    $func="myvesta_".$argv[1];    
+    $func="myvesta_".$argv[$argv_start];    
    if (!function_exists($func)) myvesta_throw_error(2, 'Function does not exists');
 }

+$insert_stdin_at_position=false;
+if ($func=="myvesta_grep") $insert_stdin_at_position=1;
+if ($func=="myvesta_sed") $insert_stdin_at_position=2;
+
 $params=array();

-for ($i=2; $i<$counter; $i++) {
+$added=0;
+$stdin_content='';
+$myvesta_stdin_from_file='';
+$myvesta_stdin_return_not_found=false;
+if ($myvesta_stdin!='' && $insert_stdin_at_position===false) {$params[]=$myvesta_stdin; $added++;}
+
+$argv_start++;
+
+for ($i=$argv_start; $i<$counter; $i++) {
    $argv[$i]=myvesta_fix_backslashes($argv[$i]);
+    //if ($insert_stdin_at_position!==false && $myvesta_stdin=='') if ($insert_stdin_at_position==$added) {$stdin_content=$argv[$i]; $added++; continue;}
    $params[]=$argv[$i];
+    $added++;
 }
+//print_r($params); exit;
+
+if ($insert_stdin_at_position!=false) {
+    if ($myvesta_stdin=='' && isset($params[$insert_stdin_at_position])) {
+        $file_or_stdin=$params[$insert_stdin_at_position];
+        if (!file_exists($file_or_stdin)) {
+            $myvesta_stdin_return_not_found=true;
+            $myvesta_stdin='';
+        } else {
+            $myvesta_stdin=file_get_contents($file_or_stdin);
+            $myvesta_stdin_from_file=$file_or_stdin;
+        }
+        $params[$insert_stdin_at_position]=$myvesta_stdin;
+    } else {
+        array_splice($params, $insert_stdin_at_position, 0, array($myvesta_stdin));
+    }
+}
+//print_r($params); exit;

 $r=call_user_func_array($func, $params);
 if (is_bool($r)) {
--- a/func/db.sh
+++ b/func/db.sh
@ -29,6 +29,9 @@ mysql_connect() {
    mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1
    if [ '0' -ne "$?" ]; then
        if [ "$notify" != 'no' ]; then
+            subj="Error: Connection to $HOST failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\
                $SENDMAIL -s "$subj" $email
        fi
@ -55,10 +58,13 @@ mysql_query() {

 mysql_dump() {
    err="/tmp/e.mysql"
-    mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
+    mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err
    if [ '0' -ne "$?" ]; then
        rm -rf $tmpdir
        if [ "$notify" != 'no' ]; then
+            subj="Error: dump $database failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo -e "Can't dump database $database\n$(cat $err)" |\
                $SENDMAIL -s "$subj" $email
        fi
@ -82,6 +88,9 @@ psql_connect() {
    psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql
    if [ '0' -ne "$?" ]; then
        if [ "$notify" != 'no' ]; then
+            subj="Error: Connection to $HOST failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\
                $SENDMAIL -s "$subj" $email
        fi
@ -103,6 +112,9 @@ psql_dump() {
    if [ '0' -ne "$?" ]; then
        rm -rf $tmpdir
        if [ "$notify" != 'no' ]; then
+            subj="Error: dump $database failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+            
            echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\
                $SENDMAIL -s "$subj" $email
        fi
--- a/func/main.php
+++ b/func/main.php
@ -1,6 +1,9 @@
 <?php

 $myvesta_exit_on_error=true;
+$myvesta_quiet_mode=0;
+if (isset($_SERVER['MYVESTA_QUIET'])) $myvesta_quiet_mode=intval($_SERVER['MYVESTA_QUIET']);
+
 define('MYVESTA_ERROR_PERMISSION_DENIED', 1);
 define('MYVESTA_ERROR_MISSING_ARGUMENTS', 2);
 define('MYVESTA_ERROR_FILE_DOES_NOT_EXISTS', 3);
@ -8,18 +11,22 @@ define('MYVESTA_ERROR_STRING_NOT_FOUND', 4);
 define('MYVESTA_ERROR_GENERAL', 5);

 function myvesta_echo($str) {
-    global $myvesta_echo_done, $myvesta_last_echo;
+    global $myvesta_echo_done, $myvesta_last_echo, $myvesta_quiet_mode;
+    if ($myvesta_quiet_mode==1) return;
    $myvesta_echo_done=true;
    $myvesta_last_echo=$str;
    echo $str;
 }

-function myvesta_exit($code) {
-    global $SHLVL, $myvesta_echo_done, $myvesta_last_echo;
+function myvesta_exit($code, $echo='') {
+    global $SHLVL, $myvesta_echo_done, $myvesta_last_echo, $myvesta_quiet_mode;
    // myvesta_echo ("==================== ".$argv[0].": ".$code." ====================\n");
-    if ($SHLVL<3 && $myvesta_echo_done==true) {
-        $last_char=substr($myvesta_last_echo, -1, 1);
-        if ($last_char!="\n") echo "\n";
+    if ($myvesta_quiet_mode!=1) {
+        if ($echo!='') myvesta_echo($echo);
+        if ($SHLVL<3 && $myvesta_echo_done==true) {
+            $last_char=substr($myvesta_last_echo, -1, 1);
+            if ($last_char!="\n") echo "\n";
+        }
    }
    exit($code);
 }
@ -28,8 +35,8 @@ $myvesta_current_user=exec('whoami', $myvesta_output, $myvesta_return_var);
 if ($myvesta_current_user != 'root') {myvesta_echo ("ERROR: You must be root to execute this script"); myvesta_exit(1);}

 function myvesta_throw_error($code, $message) {
-    global $myvesta_exit_on_error;
-    if ($message!=='') myvesta_echo ("ERROR: ".$message);
+    global $myvesta_exit_on_error, $myvesta_quiet_mode;
+    if ($message!=='' && $myvesta_quiet_mode!=1) myvesta_echo ("ERROR: ".$message);
    if ($myvesta_exit_on_error) myvesta_exit($code);
    return $code;
 }
@ -46,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) {
    $argument_counter=count($argv);
    $argument_counter--;
    $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]);
+    $command=$argv[0];
    // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n");
    if ($argument_counter<$requried_arguments) {
        $arguments=str_replace(" ", "' '", $arguments);
--- a/func/main.sh
+++ b/func/main.sh
@ -254,6 +254,9 @@ is_object_unsuspended() {
        spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'")
    fi
    if [ ! -z "$spnd" ]; then
+        if [ ! -z "$VERBOSE_MODE" ]; then
+            echo "Error: $(basename $1) $3 is suspended"
+        fi
        check_result $E_SUSPENDED "$(basename $1) $3 is suspended"
    fi
 }
@ -359,6 +362,17 @@ search_objects() {
    IFS="$OLD_IFS"
 }

+# List objects
+list_objects() {
+    OLD_IFS="$IFS"
+    IFS=$'\n'
+    for line in $(cat $USER_DATA/$1.conf); do
+        eval $line
+        eval echo \$$2
+    done
+    IFS="$OLD_IFS"
+}
+
 # Get user value
 get_user_value() {
    grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}'
@ -1143,3 +1157,105 @@ check_if_service_exists() {
        echo "0"
    fi
 }
+
+# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl.
+# Inspired by HestiaCP function and improved
+parse_object_kv_list_non_eval() {
+    # Let's combine all the parameters into one string, replace the new lines with a space
+    local str="${*//$'\n'/ }"
+    str=${str//\\\'/---QUOTE---}
+    str=${str//\\\"/---DQUOTE---}
+    local backup_str=$str
+
+    local key val match i length length_val prefix position cut
+    i=0
+    # Searching for key='value' blocks
+    # Loop until we find the next key='value'
+    while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do
+        key="${BASH_REMATCH[1]}"
+        val="${BASH_REMATCH[2]}"
+        match="${BASH_REMATCH[0]}"
+        length=${#match}
+        length_val=${#match}
+
+        # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number)
+        if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
+            check_result "$E_INVALID" "Invalid key format [$key]"
+        fi
+
+        # Declaring a global variable
+        val=${val/---QUOTE---/\\\'}
+        val=${val/---DQUOTE---/\\\"}
+        declare -g "$key"="$val"
+
+        # Let's remove the processed part from str to continue
+        prefix=${str%%"$key="*}
+        position=${#prefix}
+        cut=$((position + 1 + length_val))
+        str=${str:cut}
+        ((i++))
+        if [ $i -eq 100 ]; then
+            check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
+        fi
+    done
+
+    # Terminate function if we don't expect strings with double apostrophes
+    if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then
+        return;
+    fi
+
+    # Searching for key="value" blocks
+    str=$backup_str
+    i=0
+    # Loop until we find the next key="value"
+    while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do
+        key="${BASH_REMATCH[1]}"
+        val="${BASH_REMATCH[2]}"
+        match="${BASH_REMATCH[0]}"
+        length=${#match}
+        length_val=${#match}
+
+        # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number)
+        if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
+            check_result "$E_INVALID" "Invalid key format [$key]"
+        fi
+
+        # Declaring a global variable
+        val=${val/---QUOTE---/\\\'}
+        val=${val/---DQUOTE---/\\\"}
+        declare -g "$key"="$val"
+
+        # Let's remove the processed part from str to continue
+        prefix=${str%%"$key="*}
+        position=${#prefix}
+        cut=$((position + 1 + length_val))
+        str=${str:cut}
+        ((i++))
+        if [ $i -eq 100 ]; then
+            check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
+        fi
+    done
+}
+
+# Return OK (0) if domain is unsupended
+# Parameters:
+# $1 - user
+# $2 - domain
+return_ok_if_domain_is_unsuspended() {
+    spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'")
+    if [ ! -z "$spnd" ]; then
+        return $E_SUSPENDED
+    fi
+    return $OK
+}
+
+# Return OK (0) if user is unsupended
+# Parameters:
+# $1 - user
+return_ok_if_user_is_unsuspended() {
+    spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'")
+    if [ ! -z "$spnd" ]; then
+        return $E_SUSPENDED
+    fi
+    return $OK
+}
--- a/func/rebuild.sh
+++ b/func/rebuild.sh
@ -610,6 +610,9 @@ rebuild_pgsql_database() {
    if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then
        echo "Error: postgresql config parsing failed"
        if [ ! -z "$SENDMAIL" ]; then
+            subj="Error: postgresql config parsing failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email
        fi
        log_event "$E_PARSING" "$ARGUMENTS"
@ -621,6 +624,9 @@ rebuild_pgsql_database() {
    if [ '0' -ne "$?" ];  then
        echo "Error: Connection failed"
        if [ ! -z "$SENDMAIL" ]; then
+            subj="Error: Connection failed"
+            email=$($BIN/v-get-user-value admin CONTACT)
+
            echo "Database connection to PostgreSQL host $HOST failed" |\
                $SENDMAIL -s "$subj" $email
        fi
--- a/func/string.php
+++ b/func/string.php
@ -2,14 +2,18 @@

 // --- file functions ---

-function myvesta_find_in_file($file, $find) {
-    if (!file_exists($file)) return myvesta_throw_error (MYVESTA_ERROR_FILE_DOES_NOT_EXISTS, "File '$file' not found");
+function myvesta_find_in_file($file, $find, $quiet=false) {
+    if (!file_exists($file)) {
+        if ($quiet) return false;
+        return myvesta_throw_error (MYVESTA_ERROR_FILE_DOES_NOT_EXISTS, "File '$file' not found");
+    }

    $buf=file_get_contents($file);

    $pos=strpos($buf, $find);
+    
    if ($pos===false) return myvesta_throw_error (MYVESTA_ERROR_STRING_NOT_FOUND, "");
-
+    if ($quiet) return true;
    return $pos;
 }

@ -68,6 +72,60 @@ function myvesta_strip_in_file_between_including_borders($file, $left, $right) {
    return true;
 }

+// --- mixed functions ---
+
+function myvesta_grep($find, $content, $count=0, $quiet=0) {
+    global $myvesta_stdin, $myvesta_stdin_return_not_found, $myvesta_quiet_mode;
+    if ($count==='-c') {$count=1; $quiet=0;}
+    if ($count==='-q') {$count=0; $quiet=1;}
+    if ($myvesta_quiet_mode==0) $myvesta_quiet_mode=$quiet;
+    //echo "find          = " . $find."\n"; echo "file_or_stdin = " . $content."\n"; echo "count         = " . $count."\n"; echo "quiet         = " . $quiet."\n"; exit;
+    if ($myvesta_stdin_return_not_found==true) {
+        if ($count==1) return myvesta_throw_error (MYVESTA_ERROR_FILE_DOES_NOT_EXISTS, "0");
+        return myvesta_throw_error (MYVESTA_ERROR_FILE_DOES_NOT_EXISTS, "");
+    }
+    
+    $arr=explode("\n", $content);
+
+    $buffer='';
+    $hits=0;
+    foreach ($arr as $line) {
+        if (strpos($line, $find)!==false) {
+            $hits++;
+            if ($quiet==false && $count==false) $buffer.=$line."\n";
+        }
+    }
+    if ($count==1) {
+        if ($hits==0) return myvesta_exit (MYVESTA_ERROR_STRING_NOT_FOUND, "0");
+        return $hits;
+    }
+    if ($quiet==1) {
+        if ($hits==0) return myvesta_exit (MYVESTA_ERROR_STRING_NOT_FOUND, "");
+        return true;
+    }
+    if ($hits==0) return myvesta_exit (MYVESTA_ERROR_STRING_NOT_FOUND, "");
+    return $buffer;
+}
+
+function myvesta_sed($find, $replace, $content) {
+    global $myvesta_stdin, $myvesta_stdin_return_not_found, $myvesta_stdin_from_file;
+    //echo "find            = " . $find."\n"; echo "replace         = " . $replace."\n"; echo "file_or_stdin   = " . $content."\n"; echo "stdin_from_file = " . $myvesta_stdin_from_file."\n"; exit;
+    if ($myvesta_stdin_return_not_found==true) {
+        return myvesta_throw_error (MYVESTA_ERROR_FILE_DOES_NOT_EXISTS, "File not found");
+    }
+
+    if (strpos($content, $find)===false) return myvesta_throw_error (MYVESTA_ERROR_STRING_NOT_FOUND, "String '$find' not found");
+
+    $content=str_replace($find, $replace, $content);
+    if ($myvesta_stdin_from_file!='') {
+        $r=file_put_contents($myvesta_stdin_from_file, $content);
+        if ($r===false) return false;
+    } else {
+        myvesta_echo ($content);
+    }
+    return true;
+}
+
 // --- string functions ---

 function myvesta_str_get_between (&$text, $left_substring, $right_substring, $start=0, $return_left_substring=0, $return_right_substring=0, $left_substring_necessary=1, $right_substring_necessary=1) {
@ -136,6 +194,17 @@ function myvesta_str_replace_between_including_borders($text, $left, $right, $re
 }

 function myvesta_str_strip_between_including_borders($text, $left, $right) {
+    global $myvesta_stdin;
+    $args=func_get_args();
+    $args_i=-1;
+    if ($myvesta_stdin!='') {
+        $text=$myvesta_stdin;
+    } else {
+        $args_i++; $text=$args[$args_i];
+    }
+    $args_i++; $left=$args[$args_i];
+    $args_i++; $right=$args[$args_i];
+
    $left_len=strlen($left);
    $right_len=strlen($right);
    while (true) {
@ -147,3 +216,23 @@ function myvesta_str_strip_between_including_borders($text, $left, $right) {
    }
    return $text;
 }
+
+function myvesta_str_find($text, $find, $quiet=false) {
+    $pos=strpos($text, $find);
+    if ($pos===false) return myvesta_throw_error (MYVESTA_ERROR_STRING_NOT_FOUND, "");
+    if ($quiet) return true;
+    return $pos;
+}
+
+function myvesta_str_uppercase($text) {
+    return strtoupper($text);
+}
+
+function myvesta_str_lowercase($text) {
+    return strtolower($text);
+}
+
+function myvesta_str_substring($text, $start, $length=null) {
+    if ($length===null) return substr($text, $start);
+    if ($length!==null) return substr($text, $start, $length);
+}
--- a/install/debian/10/exim/dnsbl.conf
+++ b/install/debian/10/exim/dnsbl.conf
@ -1,2 +1 @@
 bl.spamcop.net
-zen.spamhaus.org
--- a/install/debian/10/exim/exim4.conf.template
+++ b/install/debian/10/exim/exim4.conf.template
@ -91,16 +91,18 @@ acl_check_mail:
  deny    condition     = ${if eq{$sender_helo_name}{}}
          message       = HELO required before MAIL

-  drop    message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
+  drop    !authenticated = *
+          message       = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
-          condition     = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}}
          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
          delay         = 45s

-  drop    condition     = ${if isip{$sender_helo_name}}
+  drop    !authenticated = *
+          condition     = ${if isip{$sender_helo_name}}
          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)

-  drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+  drop    !authenticated = *
+          condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
          message       = $interface_address is _my_ address

  accept
--- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl
+++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl
@ -17,7 +17,7 @@
    <Directory %sdocroot%>
        AllowOverride All
        SSLRequireSSL
-        Options +Includes -Indexes +ExecCGI
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
 	</Directory>
    SSLEngine on
    SSLVerifyClient none
--- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl
+++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl
@ -16,7 +16,7 @@
    </Directory>
    <Directory %sdocroot%>
        AllowOverride All
-        Options +Includes -Indexes +ExecCGI
+        Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
    </Directory>
 #    <IfModule mod_ruid2.c>
 #        RMode config
--- a/Show more
+++ b/Show more