Ask: Possibility to update config file when user manually install / add plugins?

Hi All,

Sorry, I’m wondering if its possible to automatically update the config file when there’s a new plugin by user who install plugins from wp-admin panel / add manually some plugin through ftp for example ?

  • Do you think its possible if the wordpress directory part of git and perhaps i can tweak something to scan / detect then update the config file ? im currently try to read / test something with like hooks for git though (for this i need to setup git to the remote repo from live server)
  • Or maybe there are some ways to achieve this ?

Many thanks in advance,

You could potentially build a system to do this, but I would strongly recommend against it for the following reasons:

  • If you want to maintain the Bedrock approach, someone adding a plugin via the admin would essentially be running a composer install on your live production server. This is not great:
    • It’s a security risk (you’re effectively allowing someone to execute more-or-less arbitrary code on your server)
    • The site could easily go down while the install is in progress (i.e. a package fails to install; the server runs out of PHP workers and stalls; composer runs out of memory, etc)
    • If the install fails, and especially if it fails in a partial state, your site is entirely broken
    • Composer is a CLI tool–you would have no capacity to troubleshoot or debug it from the admin, unless you built a system to do so (which would be a non-trivial undertaking)
    • Your server many not even have Composer installed, or allow this kind of behavior
  • In addition to running composer, you would also need to run git to make commits and push to your repo
    • To do this, your server would need to be able to authenticate with your git provider
    • You would also need some kind of system to recover from git errors, resolve merge conflicts, etc
    • As with Composer, your server may not even have git, or allow this kind of usage
  • Bedrock’s Composer approach to plugin management assumes that all plugins installed will be on Packagist (or hosted in a custom location elsewhere) but WordPress allows many other ways to install plugins–i.e. simply uploading a zip file. An automated system like you describe would have no way of handling this.

Are these problems insurmountable? No, probably not, but so far as I am aware there are no existing solutions for them, and you are signing yourself up for a great deal of work if you decide you want to try and surmount them.

Bedrock is designed as a management tool, and is intended for an approach to WordPress where you tread your site as an application that you control and manage. See: Twelve-Factor WordPress App | Roots

1 Like

I wonder if there’s another way about this situation… @brm-ryd is looking to add the functionality of automatically adding the package to composer. @alwaysblank rightly says is a bad idea. It’s also a lot of work, even if a person ignored the security concerns.

Why not take this direction: generate a report that lists the differences between the plugins installed via composer and the plugins installed via WordPress.


@roygbyte that’s a good idea! You can get a pretty good report on what’s installed w/ WP-CLI’s wp plugin list command, which can be instructed to output only certain fields (i.e. plugin name, version) and in certain formats (i.e. JSON, YAML). You could probably write a pretty straightforward bash script that would do something like:

  • Call wp plugin list on your remote site and parse installed plugins
  • Parse your local composer.json for plugins
  • Compare those lists
  • Generate a diff report

And that’s a very clever way to implement it! Here I was thinking a person would have to use a plugin to implement this functionality… But as you say: the whole thing could be a cute bash script!

This is something I could definitely see myself using in the future. But first I got to see if Azure supports WP CLI…

Many thanks @alwaysblank & @roygbyte for gave the great feedback!,

Yes @roygbyte , i currently still find out the right way to parse (perhaps based on checking plugins directory content / using wp cli to parse and add into composer config