myVesta is Debian fork of VestaCP that is under development by one of the VestaCP developers.
Focused on security and stability, with a lot of security improvements.

More »

Git

See latest git commits, get source code, report issue.

Go to github »

Forum

Join our community, ask questions, help to others.

Go to forum »

Knowledge base

Place for howtos and documentation. Please help us by writing articles.

Go to our knowledge base »



At least 4407 active servers powered by myVesta

Last 5 git commits:
2025-08-30 Introducing a new command: v-change-phpmyadmin-url
2025-08-24 Update multi-php-install.sh to use apt-get instead of apt and add support for Debian 13 repository for PHP installation
2025-08-23 Update postinst script to check for releases 11 and 12 for tcp_window_scaling configuration
2025-08-23 Merge pull request #203 from myvesta/cursor/Compatibility-with-PHP-8-4
2025-08-22 Temporary skip myvesta dovecot conf files
You can download the nightly build by running: v-update-myvesta

Latest release: 0.9.9-0-13
Latest build date: 2025-08-15

Changelog:
Version 0.9.9-0-13 [2025-08-15]
==================================================
* Improvement: Activating FileManager licence for all users (credits to Official VestaCP)
* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta)
* Improvement: Added support for PHP 8.3 and 8.4
* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP)
* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php)
* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot])
* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request')
* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12
* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel
* Improvement: v-install-wordpress: Support for IDN format domains
* Security: Adding ProFTPD jail rule to Fail2Ban
* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites
* Security: Introducing a new command: v-fix-php-ini-disable-functions
* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering)
* Improvement: When deleting a domain, also delete the database if the domain has a database
* Bugfix: Removing temporary Docker container network interfaces from RRD
* Introducing v-run-wp-cli-myvesta that knows the correct terminal width
* Introducing a new command: v-cd-www alias for v-change-dir-www
* Introducing a new command: v-clear-fail2ban
* Introducing a new command: v-get-dns-config (to print zone file in bind9 format)
* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute)
* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command
* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval'
* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp'
* Improvement: v-install-wordpress: Almost always use https
* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables  in the command line
* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions)
* Security: v-commander: removing the ability to set a root password
* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script
* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff)
* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta)
* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta)
* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync'
* Improvement: Calculate the size of directories on /hdd too
* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php
* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant
* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M
* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons
* Bugfix: v-restore-user: permissions fix while restoring backup
* Bugfix: Add some loops due to 403 errors during LE request in some random cases
* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter
* Bugfix: vst-install-debian.sh - removing phppgadmin
* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers)
* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde)
* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */
* Bugfix: Small PHP syntax fixes in the admin panel
* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic)
* Improvement: Added functions to check if a domain or user is unsuspended in main.sh
* Introducing a new command: v-update-document-errors-files
* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night
* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old
* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl
* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant
* Added to .gitignore excludes for 'data', 'conf', and 'log' folders
* And many other minor bugfixes and improvements...
If you get "GPG error apt.myvestacp.com signatures couldn't be verified, public key is not available NO_PUBKEY 88807D4B2221338C" - see our announcement.

Missed an update? Check out our previous change logs


Screenshots



More about myVesta



Features of myVesta



Useful scripts



How to install

Download the installation script:

curl -O http://c.myvestacp.com/vst-install-debian.sh

Then run it:

bash vst-install-debian.sh

... or use our installer generator.



About VestaCP

Special thanks to vestacp.com and Serghey Rodin for open-source VestaCP project.


Hosting panel redesign by ioTheme !



License

Vesta is licensed under GPL v3 license