WPSDK/secure-updates-library
2
0
Fork 0
mirror of https://github.com/secure-updates/secure-updates-library.git synced 2025-11-21 12:16:56 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions
Library for plugin authors to self-host updates from their own secure updates server
3 commits 1 branch 0 tags 44 KiB
Find a file
Exact
acebytes 71894cf6cd Release 2.0.0: Major update with security features and health monitoring 
- Added package verification with checksum validation and auto-backup
- Added health monitoring with WordPress Site Health integration
- Added enhanced logging system with multiple log levels
- Added rate limiting to prevent server overload
- Added test mode for server connection verification
- Improved error handling and security measures
- Refactored using PHP Traits for better organization
- Updated minimum WordPress requirement to 5.0
2024-11-05 21:31:10 -08:00
secure-updates Release 2.0.0: Major update with security features and health monitoring 2024-11-05 21:31:10 -08:00
DOCUMENTATION.md Release 2.0.0: Major update with security features and health monitoring 2024-11-05 21:31:10 -08:00
example-usage.php Release 2.0.0: Major update with security features and health monitoring 2024-11-05 21:31:10 -08:00
INTEGRATION.md Release 2.0.0: Major update with security features and health monitoring 2024-11-05 21:31:10 -08:00
LICENSE Release 2.0.0: Major update with security features and health monitoring 2024-11-05 21:31:10 -08:00
README.md Release 2.0.0: Major update with security features and health monitoring 2024-11-05 21:31:10 -08:00

README.md

Secure Updates Library

Version 2.0

Description

The Secure Updates Library offers WordPress plugin authors a secure and efficient way to manage plugin updates hosted on their own servers. By integrating this library into their plugins, authors can provide automatic updates directly from their secure mirror, mirroring the update functionality found on WordPress.org. This library not only simplifies the update process but also enhances security through API key authentication.

Features

Core Functionality

  • 🔐 Secure plugin updates via private servers
  • 🔑 API key authentication
  • 🔄 Automatic version checking
  • 📦 WordPress update system integration

New in 2.0

  • Package integrity verification
  • 💾 Automatic backup and rollback
  • 📊 Enhanced logging system
  • 🏥 Health monitoring
  • Rate limiting protection
  • 🧪 Test mode for server verification

Requirements

  • WordPress 5.0 or higher
  • PHP 5.6 or higher
  • OpenSSL PHP extension
  • Write permissions for plugin directory

Installation

  1. Download the library files
  2. Place them in your plugin's directory:
your-plugin/
├── secure-updates/
│   └── secure-updates-library.php
├── your-plugin.php
└── [...other files]

Quick Start

Basic Implementation

/**
 * Initialize Secure Updates Library
 */
if (!isset($secure_updates_instances) || !is_array($secure_updates_instances)) {
    $secure_updates_instances = [];
}

include_once trailingslashit(plugin_dir_path(__FILE__)) . 'secure-updates/secure-updates-library.php';

$secure_updates_instances[] = new Secure_Updates_Library(
    'https://your-update-server.com',  // Your update server URL
    '1.0.0',                          // Your plugin version
    'your-api-key'                    // Your API key
);

Advanced Implementation

$secure_updates_instances[] = new Secure_Updates_Library(
    'https://your-update-server.com',
    '1.0.0',
    'your-api-key',
    false, // Test mode
    [
        'verify_packages' => true,
        'enable_logging' => true,
        'health_monitoring' => true,
        'rate_limiting' => [
            'requests_per_minute' => 30
        ]
    ]
);

Configuration Options

Test Mode

// Enable test mode to verify server connection
$test_mode = true;

Package Verification

$options['verify_packages'] = true; // Enable package verification

Rate Limiting

$options['rate_limiting'] = [
    'requests_per_minute' => 30,
    'burst' => 5
];

Logging

$options['enable_logging'] = true;
$options['log_level'] = 'debug'; // error, warning, info, debug

Server Requirements

Your update server must implement these endpoints:

  • /wp-json/secure-updates-server/v1/info/{slug}
  • /wp-json/secure-updates-server/v1/download/{slug}
  • /wp-json/secure-updates-server/v1/verify_file/{slug}
  • /wp-json/secure-updates-server/v1/connected

Security Features

  • Package checksum verification
  • API key authentication
  • SSL/TLS requirement
  • Rate limiting protection
  • Pre-update backups
  • File integrity checks

Health Monitoring

The library integrates with WordPress Site Health and provides:

  • System compatibility checks
  • Server connection monitoring
  • Update system diagnostics
  • SSL/TLS verification
  • File permission checks

Logging System

Comprehensive logging with:

  • Multiple log levels
  • Context information
  • Log rotation
  • Admin interface integration
  • Debug.log integration

Development

Debugging

Enable debug mode in wp-config.php:

define('WP_DEBUG', true);
define('SUP_DEBUG', true);

Contributing

  1. Fork the repository
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

Support

  • Documentation: [Link to docs]
  • Issues: [GitHub Issues]
  • Wiki: [GitHub Wiki]

License

GPL-2.0 or later. See LICENSE for details.