Every release and what changed in it, newest first. WebDeck updates itself — and rolls back automatically if an update fails to come up.
Free and Pro plans, with a 14-day Pro trial
WebDeck now comes in two tiers. Free gives you 2 hosting accounts and 4 websites with every feature included — account isolation, all 48 one-click apps, free SSL, DNS, mail, backups and the WordPress manager. Pro (£12/month per server) unlocks unlimited accounts and websites, plus reseller accounts. A flat fee, however many customers you host.
14-day Pro trial. One click at install gives you every Pro feature for 14 days. No licence key, no card.
Your websites never go down. This is the rule the whole model is built around. If a trial ends or a subscription lapses, nothing is suspended, disabled or deleted — every website keeps serving and every mailbox keeps receiving. You simply drop to the Free tier limits, so you can't create new accounts or websites until you're back under them or you upgrade. A licence should never take a customer's website offline.
Free for VM6 Networks clients. Host with VM6 and you get the full Pro version at no cost, licensed automatically by server IP. Nothing to enter, nothing to renew.
Ten more apps — 48 in total — and an account cleanup fix
Ten more one-click apps — 48 in total. Joomla and Concrete CMS (websites), phpBB and Flarum (forums), Mautic and EspoCRM (marketing and CRM), LimeSurvey (surveys), phpMyFAQ (knowledge base), Chevereto (image hosting) and Pydio Cells (file sharing).
Deleting a website now removes its SFTP/SSH accounts. Previously the account was left behind with no website attached, showing as an orphan on the Isolation page. It's now cleaned up properly, along with its jail.
Account isolation, service logs in the panel, and a cross-platform overhaul
Account isolation. Every new SFTP/SSH account is now automatically confined to its own website's files and can't see other customers on the server. Resource limits cap CPU, memory and processes per account, so one customer can't exhaust the box. An optional process cage (bubblewrap) also hides other tenants' processes where the kernel supports it. A new Isolation page shows every account's status with one-click controls, and it self-heals if a mount or config is ever lost. Existing accounts are untouched — isolate them individually whenever you choose. No CloudLinux licence required.
Service logs, in the panel. Live Apache, MariaDB, PHP, mail, DNS and FTP logs straight from the Logs page — no SSH needed. There's also a self-heal activity feed on the Server dashboard so you can see exactly what the panel repaired and when.
Cross-platform reliability. A large chunk of this release was hunting down the differences between Debian-family and RHEL-family systems. Websites now configure correctly on Rocky and AlmaLinux, PowerDNS starts reliably under SELinux, PHP version selection only offers versions actually installed (and switches instantly), and the ionCube Loader installs correctly everywhere.
A more resilient installer. Transient package-mirror failures are retried rather than aborting the install, and the FTP server and process-isolation tools are set up for you automatically.
Security hardening. Every server is guaranteed a strong, unique signing key — the panel will never run with an insecure default. Rate-limiting now covers credential and expensive operations without getting in the way of normal use, and downloaded install scripts are verified before they run rather than piped straight to a shell.
Everyday improvements. Clear login errors ("incorrect username or password", not a confusing "session expired"), no forced password change right after setup, longer sessions, SFTP/FTP homed to the domain folder so private files can live outside the web root, and PHP module toggles that respond instantly and follow the selected PHP version.
Joomla, EspoCRM and phpBB are back. Their upstream downloads are working again, and they return in 2.0.1 along with seven more.
38 one-click apps, 65 PHP modules, and important app-installer fixes
Thirteen more apps — 38 in total. osTicket and GLPI (helpdesk), SuiteCRM, Dolibarr, Invoice Ninja, Akaunting, Firefly III, Kimai, Snipe-IT and Monica (business and CRM), wallabag and Shaarli (productivity), Pico and Bludit (websites), HumHub (community), and Piwigo (photo gallery).
Composer is now included. Several popular applications ship as source code with their dependencies missing — download them yourself and they fail on the first page load. WebDeck now installs those dependencies as part of the install, so Snipe-IT, Kimai, HumHub, Monica and Invoice Ninja actually run.
Apps stay current on their own. The installer asks each project what its latest release is at the moment you install, rather than relying on a version baked into WebDeck.
Fixed .zip extraction. WebDeck could only unpack .tar archives, so any app shipping as a .zip failed to install — this affected Grav, Matomo, OpenCart, PrestaShop and others. All install correctly now. Matomo and OpenCart were also being unpacked into the wrong place; both fixed.
65 PHP modules, up from 46. snmp, mcrypt, memcache, msgpack, amqp, oauth, uuid, zstd, brotli, smbclient, maxminddb, pcov, pspell, enchant, shmop and the SysV set — on every OS and web stack.
Joomla, EspoCRM and phpBB temporarily removed. Their download servers are currently returning errors. They'll return as soon as upstream is working — we'd rather remove an app than offer one that fails to install.
Status bar, cleaner navigation & per-site PHP settings
Per-site PHP settings. A new Edit PHP Settings button on every website lets admins, resellers and customers set memory limit, upload size, execution time, input variables and error display — per site, applied instantly, with no effect on any other site. Works on Apache, nginx and OpenLiteSpeed across every supported OS.
Server status bar. OS, kernel, load average and WebDeck version now show in the top-right of the panel. Load is colour-coded so you can spot a struggling server at a glance.
Cleaner navigation. The sidebar is now grouped into Hosting, Server, Tools and Configuration rather than one long list.
A dashboard that tells you what to do. The health card now lists each problem as its own item — which sites, what's wrong, and what fixes it — instead of one run-on summary line.
7-day free trial, PHP modules on every OS, licence management
7-day free trial. Install WebDeck on any host and start a free trial in one click at the licence step — every feature unlocked, including the free hostname and trusted SSL, with no key and no card. A countdown banner shows how long is left.
PHP modules on every OS and stack. Module toggles now work across Debian, Ubuntu, RHEL, Rocky and Alma, on Apache, nginx and OpenLiteSpeed. RHEL-family servers previously couldn't manage modules at all. Fourteen new modules added, bringing the total to 65.
PHP module self-heal. On boot and on demand, WebDeck now repairs broken module configuration — clearing orphaned files and neutralising entries that point at missing extensions.
Licence management. Settings → Licence gained a Refresh button and a Change licence key option. Both verify with the licence server before saving, so a bad key can't be saved.
Free panel hostname with trusted SSL, analytics, customer restore
A free hostname with a valid certificate. Every install is assigned a hostname like srv-a1b2c3.wd-server.co.uk with a browser-trusted HTTPS certificate — so the panel loads with a padlock from the very first minute, before you've pointed any domain at the box. No more "your connection is not private" on a fresh install.
Website analytics. Each site gets a privacy-friendly Analytics tab built from the server's own access logs — visits, top pages, referrers, 404s and errors. No tracking scripts, no third parties, nothing added to the site.
Customer self-restore. Customers can now restore their own sites from backups their host manages centrally — restore only, scoped to their own domains.
Licence keys for non-VM6 servers. VM6 clients stay licensed automatically by IP. Other servers activate with a licence key entered during setup.
Disaster recovery & login hardening
Rebuild a server from a backup. Restore an entire server — accounts, websites, databases, mail, DNS and panel configuration — onto a brand-new machine.
Backup self-test. Verifies that a backup can actually be restored, not just that it exists. An untested backup isn't a backup.
Login hardening. Configurable rate limits on panel logins and unauthenticated API requests.