Hello,
I’m using aaPanel with Nginx + Redis + Fail2Ban + WAF (Nginx Pro) in a production environment.
In my installation, WP Toolkit comes preinstalled by default and cannot be removed from the App Store (there is no uninstall option).
For security reasons, I do not use WP Toolkit at all and I want to fully remove it or at least safely disable it, because:
It increases the attack surface
It adds panel-to-WordPress integration I don’t need
I prefer managing WordPress via wp-admin and wp-cli only
My questions:
Is there an official way to completely uninstall WP Toolkit when it comes as a default module?
If full removal is not supported, what is the recommended and safe way to disable it permanently?
Is it safe to:
stop its service
and restrict access to /www/server/panel/plugin/wp_toolkit (or similar directory)?
Will aaPanel updates re-enable or reinstall WP Toolkit automatically?
I want to make sure I’m following best practices recommended by aaPanel, not using unsupported hacks.
Thanks in advance for clarification.
Best regards
