composer repository for wpmudev plugins?

I mostly follow the bedrock stack with my wordpress setups. This includes dependency management via composer.

Do you offer a composer repository for your plugins?
If you don’t I think you should consider it.

Otherwise I guess i’ll have to check all the plugin code into version control, and update it by hand, which seems like a mess.

Or do you have an alternative solution for dependency management?

  • Michael Bissett

    Hi @Karl, welcome to the WPMU DEV Community, hope you're doing well this evening! :slight_smile:

    While we don't offer that sort of system presently, I'm personally curious about what it is you would be looking to do with that?

    As we offer premium plugins here, offering an open repository like that wouldn't be feasible, that would seem to be something used for free plugins.

    Please advise,

  • kall

    Thanks for the welcome, really enjoying things so far.

    Hm, i didn’t consider the premium part. I think composer can support repositories with authorization, but I’ve never done that myself and it might be tricky.

    The reason I want to use such a system is so that i can develop wordpress sites similar to how web applications with a framework like django or rails are developed.
    I write the code and store it in version control, then i can deploy it to a server with the configuration details for that server. Ideally this should be fairly easy to reproduce.

    What i do not want to do is go into a web ui after deployment and set up a bunch of stuff that is not specific to this server.
    Its not really possible anyway, because those plugins still need to be configured, so I guess if i also have to do it for installation it’s not that big a deal. I just try to minimize it as much as possible, and using composer was a nice step in that direction.

    I know wordpress isn’t really designed to work this way. The web ui is the selling point. Its more building one site, with one instance, than building an ‘app’.

    I’d be interested in how other people handle the development of wordpress sites. I’m not a very experienced wordpress developer.
    I’m also not even building such important projects right now that these things, like reproducible deployments, are really needed. But they still make sense to me. It’s how i learned to build software.

    I think there might be a solution for me. I can declare each package i need in my composer.json with the link to the zip file on

    Are those links static and publicly accessible, or are they only accessible to logged in users?

  • Sumit Kumar

    Hi @kall,
    Hope you are having a great weekend, so far!

    First off, great to see the thread conversation with some new stuffs mentioned there :slight_smile:

    Yes, All of our plugins are under GPL. If you check back to the common questions that we listed down before joining us, (screenshot attached), we even mentioned it in there:

    Yes, everything we do is 100% GPL, so you can customize it as much as you want, we’ll even give you a hand!

    Therefore, we never meant restricting any of our members to not to mess-up our plugins. Infact we do provide custom solutions, in case they need to use it in their own way :slight_smile:

    Moreover, it will be glad to see your good stuff there with our plugin. Please go ahead and make some tweaks in them and let us know if you get out something excellent in there.

    Let us know, if we can provide you assistance, further.
    We will be more than happy to resolve your any queries.

    Thanks and Regards,

  • kall

    Yes. That was not really what my post was about. I was talking about distribution of the plugins and limiting distribution being sort of pointless for GPL software.

    I don’t need any further assistance though, so maybe this general discussion is a bit misplaced in the help forum. I’ll mark this as resolved.

    My only request is that you maybe consider in the future to offer a composer repository of your plugins.

  • Pierre

    Hi, we are also using the Bedrock stack, which is a great way (a better way imho) to handle WP projects, especially for versionning, deployment, project creation/duplication, etc..

    We have a wpml licence, and they allow direct download (so we can download the wpml components with composer) using our account / api key in the composer repositories definition.

    It would be great if you included this for the wpmudev plugins, as for us it is simply a reason for not renewing our subscription next year, because it is too complicated to manage many WP projects without composer... :slight_smile:

  • m33

    + 100 on this. I also use bedrock and composer and would really like to see WPMUDEV create a private repo for all the plugins. It's so much easier using composer.

    Delicious brains figured it out with db migrate pro here:

    Here's instructions on how to create the private repo for composer:

    I hope you do the same soon.

  • Steve

    Bump for this being the best idea ever!!

    I personally resorted to doing this manually, here are my steps so if anyone else is interested...

    (We pretty much use all the stuff from Roots and modify it all to fit our needs. Bedrock, Sage, Trellis w/ Ansible)

    Keep all the plugins that we regularly use from here under version control in private Bitbucket repositories. (Annoying because there isn't really a way I found out to scan for new updates, pretty much resorted to running a dummy site locally with all the plugins activated and checking every once in awhile for updates then updating our repos)

    Then run Satis on a subdomain of our company URL to make a small scale static version of Packagist of all the version controlled plugins. It's just running a cron so it stays current with Bitbucket and we can authenticate with SSH so it even works for new deployments, plus it's private and secure.

    Also if you check out the above link there is a commercial service as well for the same thing.
    *wink* *wink* Toran Proxy is made by the lead dev of Composer, probably so he can make some side money which he deserves for helping us to have the great tool of Composer.

    Is everyone else thinking what I am... probably not so I'll just tell you.

    Reach out to them and set something really awesome up!! It benefits everyone... Toran Proxy gets more exposure, you guys can get help setting this up... and I can stop with my bootlegged way of version controlling your plugins!

    But really when you think about it, for being a company that is built around providing WP plugins for developers doesn't it seem a little crazy I have to do all that just to install these plugins with composer and keep them under version control....

    You guys must have these all under version control anyways, either hook up with Toran Proxy (it's in their roadmap to do exactly what I'm proposing here anyways) or fork Satis or Packagist and set it up yourselves. Everyone who is a paying member here gets their own unique SSH key for authenticating and downloading the plugins/themes, drop it right in our members area. If we stop paying you just remove your half of the key and BAM access denied.

    Then you guys put out major press that you took the next step in making your service the best for developers out there! Just remember to shoot me a little kick back for basically giving you a completely actionable and marketable plan to roll out something sweet on a much larger scale than anyone else is doing.

    Rant = Done

  • Iain

    I'd love to see a Composer repo for WPMU plugins, and I'd imagine it could be built to require some kind of authentication that doesn't give away the login passwords for our accounts.

    Incidentally, if these plugins are all GPL, then it would be perfectly fine for someone to set up a repository elsewhere as long as they'd paid the original fee.

  • Steve

    As far as authentication goes it would be as easy as generating a unique SSH keypair for each account and letting us access it on our profile pages. This way it really has nothing to do with our logins and once an account is closed they just remove that key from the server and you can no longer access the plugins.

    We currently have a private composer repo set up, it would be very easy for me to clone it and just make it public.... That being said I know it is within my right to set up the repository publicly, I'm sure the brass at WPMU Dev would probably not be all that happy about it, but maybe I'm wrong. I just don't know if I want to be responsible for keeping it updated it's not bad for the few we use on a regular basis in our private repo, would probably need some people to volunteer to help keep it current.

    Let's see if the staff jumps in with a comment about how they would feel about all that, and hey maybe it will push it far enough up the chain for them to actually implement it.

    Also... if you use composer jump on here and comment with at least a +1 or show support for the idea!!!!
    PS. If you don't use composer than check it out, Bedrock is a good working example of how to get started.