InstaWP v3.20.0 Product Update 

InstaWP v3.20.0 is a dense release: new Shield controls, a rethought billing model, CDN improvements, and a long list of fixes that our team has been methodically working through. Here’s everything that landed.

InstaWP v3.20.0: What’s New

Here is what you’ll find with this release. 

Shield & Bot Detection Gets Granular

The biggest infrastructure story in this release is the Shield layer getting a serious upgrade. You can now configure bot detection at the rule level; giving you precise control over what gets blocked, challenged, or let through.

PPU Billing: Cleaner Plans, Better Flows

Pay-per-use billing gets a meaningful overhaul this release. Migration, 2-Way Sync, and WhiteLabel domains now each have their own single-plan products; no more hunting through combined plan tiers to find what you actually need. 

We also fixed a cluster of display bugs: per-unit pricing tiers, usage counters, and final price rendering were all showing incorrect values in various scenarios. These are now accurate.

CDN: Caching for Logged-In WordPress Users

This one’s been a long time coming. Static assets are now cached via Bunny CDN edge rules even for authenticated WordPress users. If you’re running anything with a logged-in user experience, membership sites, client portals, WaaS products, you’ll see real performance gains here without any configuration changes on your end.

Backup & Server Health: Less Noise, More Signal

Three reliability fixes shipped in this area. 

First, automated_backup_taken_at was being stamped on failed backup jobs, which was corrupting backup history and making it hard to know when a real backup actually succeeded. That timestamp now only gets set on genuine success.

Second, we’ve eliminated the false-positive “No Healthy Servers” alerts that were firing from transient monitoring blips. 

Lastly, the auto-heal system no longer triggers on momentary health check failures, it now waits for confirmed, persistent issues before taking action. 

Security Scanner: Phishing Kits and Hardened Directories

The website scanner now detects phishing kit signatures in the filesystem, a class of malicious scripts commonly injected into compromised WordPress sites to harvest credentials. This adds a meaningful new detection category on top of existing malware scanning.

We also hardened the scanner itself by having it automatically prune insta-mount/ and editor/ directories during scan cycles. This reduces the attack surface and prevents inadvertent information disclosure through those paths.

PHP 8.5 Support

InstaWP now supports PHP 8.5 across site creation, templates, and snapshots. Stay current with the runtime without waiting on your platform.

Beyond the infrastructure work, four user-facing additions landed this release.

A post-signup survey now personalizes the onboarding experience for new user.

Users can also enable login and logout activity notifications from Profile → Notifications, a simple addition that matters a lot for security-conscious teams and agencies managing client accounts.

On the protection side, Cloudflare Turnstile now guards snapshot and template launch pages. Compared to traditional CAPTCHA, Turnstile is faster and significantly more privacy-friendly. 

Improvements

1. The dashboard loads faster thanks to optimized database queries and reduced API calls, an improvement you’ll feel most at larger account sizes. 
2. WaaS landing pages are now fully responsive on mobile, and the WaaS list view has been cleaned up with unused bulk action checkboxes removed.
3. The reset password page now correctly shows the brand logo, which sounds minor but matters when you’re running a white-labeled product. 
4. Template site lifetime display was fixed to show accurate expiry times, and disk usage now initializes correctly for sites created from templates or snapshots.

Fixes

1. The activity log alert rules dropdown now shows all 34 activity types. The “Join Agency Program” button works correctly across all account states, and user roles now apply as expected on demo sites created from templates.
2. Pool site creation uses proper locking to ensure subdomain uniqueness, and WaaS project slugs now stay unique through renames and avoid routing conflicts.
3. Clone and template operations are now correctly excluded from manual backup limits. 
4. 2-way sync has received targeted fixes to improve the reliability of bidirectional content synchronization.
5. On the migrations front, rate limiting during high-volume operations is now handled with smarter back-off logic. 
6. Plugin file paths are normalized correctly across all hosting environments. InstaCP migrations report real-time progress updates to the dashboard. 
7. The migration options file is now protected and source URL is included in status checks for more resilient migration handling. 
8. Plugin install and configure failures now surface clear, actionable error messages.

Enterprise

1. For partners and white-label operators, this release includes a migration performance funnel , a visual report showing success rates across migration pipeline stages with per-white-label filtering. 
2. A PHP fatal error caused by insufficient memory allocation during large site migrations on Bluehost is resolved. 
3. Backup failures and API compatibility issues on Loopia-hosted sites have been fixed. 
4. The demo site API now includes disk usage data in its response, giving migration partners the storage context they need without an additional API call.

InstaWP Connect Plugin v0.1.2.5

1. The plugin now correctly detects the WordPress root directory when installed as a symlink, which was breaking installs in certain managed and containerized environments.
2. Admin dashboard JavaScript has been optimized and error message handling improved. Missing migration file detection now catches issues before a migration begins rather than mid-operation. 
3. A new guard prevents initiating a new migration while one is already in progress, eliminating the confusing and potentially damaging double-migration scenario.

As always, if you run into anything after updating, our support team is available and the documentation has been updated to reflect these changes. More to come.

— The InstaWP Team