WPSDK/v-wordpress-plugin-updater
2
0
Fork 0
mirror of https://github.com/djav1985/v-wordpress-plugin-updater.git synced 2025-10-03 16:20:58 +08:00
Code Issues Packages Activity Actions

new file: .gitattributes

Browse source 
new file:   .gitignore
	modified:   README.md
	deleted:    png_20230308_211110_0000.png
	deleted:    screenshot.jpg
	new file:   v-wordpress-plugin-updater.png
This commit is contained in:
Nikolai 2024-06-24 19:04:38 -04:00
parent b8456e5312
commit e5b88b6d5f
6 changed files with 667 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitattributes vendored Normal file
View file

@ -0,0 +1,2 @@
# Auto detect text files and perform LF normalization
* text=auto

398
.gitignore vendored Normal file
View file

@ -0,0 +1,398 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore

# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates

# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs

# Mono auto generated files
mono_crash.*

# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
[Ww][Ii][Nn]32/
[Aa][Rr][Mm]/
[Aa][Rr][Mm]64/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
[Ll]ogs/

# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/

# Visual Studio 2017 auto generated files
Generated\ Files/

# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*

# NUnit
*.VisualState.xml
TestResult.xml
nunit-*.xml

# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c

# Benchmark Results
BenchmarkDotNet.Artifacts/

# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/

# ASP.NET Scaffolding
ScaffoldingReadMe.txt

# StyleCop
StyleCopReport.xml

# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.tlog
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc

# Chutzpah Test files
_Chutzpah*

# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb

# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap

# Visual Studio Trace Files
*.e2e

# TFS 2012 Local Workspace
$tf/

# Guidance Automation Toolkit
*.gpState

# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user

# TeamCity is a build add-in
_TeamCity*

# DotCover is a Code Coverage Tool
*.dotCover

# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json

# Coverlet is a free, cross platform Code Coverage Tool
coverage*.json
coverage*.xml
coverage*.info

# Visual Studio code coverage results
*.coverage
*.coveragexml

# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*

# MightyMoose
*.mm.*
AutoTest.Net/

# Web workbench (sass)
.sass-cache/

# Installshield output folder
[Ee]xpress/

# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html

# Click-Once directory
publish/

# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj

# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/

# NuGet Packages
*.nupkg
# NuGet Symbol Packages
*.snupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets

# Microsoft Azure Build Output
csx/
*.build.csdef

# Microsoft Azure Emulator
ecf/
rcf/

# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
*.appxbundle
*.appxupload

# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!?*.[Cc]ache/

# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs

# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk

# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/

# RIA/Silverlight projects
Generated_Code/

# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak

# SQL Server files
*.mdf
*.ldf
*.ndf

# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
*- [Bb]ackup.rdl
*- [Bb]ackup ([0-9]).rdl
*- [Bb]ackup ([0-9][0-9]).rdl

# Microsoft Fakes
FakesAssemblies/

# GhostDoc plugin setting file
*.GhostDoc.xml

# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/

# Visual Studio 6 build log
*.plg

# Visual Studio 6 workspace options file
*.opt

# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw

# Visual Studio 6 auto-generated project file (contains which files were open etc.)
*.vbp

# Visual Studio 6 workspace and project file (working project files containing files to include in project)
*.dsw
*.dsp

# Visual Studio 6 technical files
*.ncb
*.aps

# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions

# Paket dependency manager
.paket/paket.exe
paket-files/

# FAKE - F# Make
.fake/

# CodeRush personal settings
.cr/personal

# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc

# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config

# Tabs Studio
*.tss

# Telerik's JustMock configuration file
*.jmconfig

# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs

# OpenCover UI analysis results
OpenCover/

# Azure Stream Analytics local run output
ASALocalRun/

# MSBuild Binary and Structured Log
*.binlog

# NVidia Nsight GPU debugger configuration file
*.nvuser

# MFractors (Xamarin productivity tool) working folder
.mfractor/

# Local History for Visual Studio
.localhistory/

# Visual Studio History (VSHistory) files
.vshistory/

# BeatPulse healthcheck temp database
healthchecksdb

# Backup folder for Package Reference Convert tool in Visual Studio 2017
MigrationBackup/

# Ionide (cross platform F# VS Code tools) working folder
.ionide/

# Fody - auto-generated XML schema
FodyWeavers.xsd

# VS Code files for those working on multiple tools
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
*.code-workspace

# Local History for Visual Studio Code
.history/

# Windows Installer files from build outputs
*.cab
*.msi
*.msix
*.msm
*.msp

# JetBrains Rider
*.sln.iml

335
README.md
View file

@ -1,100 +1,299 @@
![Header](./png_20230308_211110_0000.png)
<p align="center">
<img src="v-wordpress-plugin-updater.png" width="60%" alt="project-logo">
</p>
<p align="center">
<h1 align="center">V-WORDPRESS-PLUGIN-UPDATER</h1>
</p>
<p align="center">
<em>Effortless Updates, Enhanced Security, Seamless WordPress Management</em>
</p>
<p align="center">
<!-- local repository, no metadata badges. -->
<p>
<p align="center">
<em>Developed with the software and tools below.</em>
</p>
<p align="center">
<img src="https://img.shields.io/badge/PHP-777BB4.svg?style=flat-square&logo=PHP&logoColor=white" alt="PHP">
<img src="https://img.shields.io/badge/JSON-000000.svg?style=flat-square&logo=JSON&logoColor=white" alt="JSON">
</p>

# v-wordpress-plugin-update-api
WordPress MU-Plugin, PHP api and Web GUI to update plugins and themes from your own server.
<br><!-- TABLE OF CONTENTS -->
<details>
<summary>Table of Contents</summary><br>

- [📍 Overview](#-overview)
- [🧩 Features](#-features)
- [🗂️ Repository Structure](#-repository-structure)
- [📦 Modules](#-modules)
- [🚀 Getting Started](#-getting-started)
- [⚙️ Installation](#-installation)
- [🤖 Usage](#-usage)
- [🧪 Tests](#-tests)
- [🛠 Project Roadmap](#-project-roadmap)
- [🤝 Contributing](#-contributing)
- [🎗 License](#-license)
- [🔗 Acknowledgments](#-acknowledgments)
</details>
<hr>

## What This Is
This is a WordPress mu-plugin (must-use plugin) along with a PHP API and Web GUI that allows you to update your WordPress plugins and themes from your own server.
## 📍 Overview

The mu-plugin iterates through all installed plugins and themes and sends the domain, security key, plugin slug and version to the API.
The v-wordpress-plugin-updater project is designed to streamline the management and updating of WordPress plugins and themes through a robust API and automated processes. It offers a comprehensive solution for secure plugin and theme updates, including user authentication, IP blacklisting, and detailed logging. The project provides an admin interface for managing updates, handling uploads, and monitoring logs, ensuring seamless operation across different environments. With support for both single and multisite installations, this project enhances WordPress site maintenance efficiency by automating update checks and installations, significantly reducing manual intervention.

The API compares the domain and key to a list in the HOSTS file. If the domain exists and the key matches, it checks the plugins against files in the /plugins directory, for example, `plugin-slug_1.0.0.zip`. If a new version is available the API sends the filename to the mu-plugin which in return sends a request to downloads.php with the domain, security key and plugin file. The download.php file grabs the plugin file from outside the webroot (for security) and passes it to the mu-plugin to be updated.
---

We have also added a web admin to the API for better user experience. Add, remove or edit domains and security keys. As well as upload and delete plugin file.
## 🧩 Features

You can customize the GUI by editing the CSS in the static folder and by swapping out the logo image.
| | Feature | Description |
|----|-------------------|---------------------------------------------------------------|
| ⚙️ | **Architecture** | The project employs a modular architecture, dividing functionality into distinct components such as update APIs, configuration management, and admin interfaces. This ensures maintainability and scalability. |
| 🔩 | **Code Quality** | The project adheres to coding standards, with clear organization of files and comprehensive inline comments. Security measures like input sanitization and IP blacklisting are integrated throughout the codebase. |
| 📄 | **Documentation** | Includes configuration and setup guides, inline comments, and function documentation. The repository seems well-organized, but additional user-facing documentation could enhance accessibility. |
| 🔌 | **Integrations** | The project integrates with WordPress installations, leveraging external APIs for plugin and theme updates. Dependencies include authentication, WAF, and configuration libraries. |
| 🧩 | **Modularity** | The codebase exhibits high modularity, with distinct folders for configuration, helpers, forms, and public access points. Each module handles specific functionality, promoting reusability and ease of maintenance. |
| 🧪 | **Testing** | The documentation does not explicitly mention testing frameworks or methodologies. Incorporating unit tests and integration tests could further enhance code reliability and stability. |
| ⚡️ | **Performance** | The project is designed for efficiency, with secure download endpoints and optimized URL routing via `.htaccess`. However, explicit performance metrics and profiling data are not provided. |
| 🛡️ | **Security** | Implements robust security measures including IP blacklisting, authentication libraries, and input validation. Admin interface security is enhanced through session management and a web application firewall (WAF). |
| 📦 | **Dependencies** | The project relies on standard libraries like authentication, WAF, configuration management, IP blacklisting, and Dropzone for dynamic file handling. |
| 🚀 | **Scalability** | Designed to handle increasing traffic with modular components for updates and management. However, explicit load testing data to back scalability claims is not available. |

![Login](./screenshot.jpg?raw=true "Login")
---

## 🗂️ Repository Structure

## Who This Is For
There are several great usage cases for this system. Our self-hosted API/Web GUI + MU-Plugin offering unique way of updating WordPress plugins without using the official repository.
```sh
└── v-wordpress-plugin-updater/
├── LICENSE
├── README.md
├── mu-plugin
│ ├── von-sys-plugin-updater-mu.php
│ ├── von-sys-plugin-updater.php
│ ├── von-sys-theme-updater-mu.php
│ └── von-sys-theme-updater.php
├── png_20230308_211110_0000.png
├── screenshot.jpg
└── update-api
├── HOSTS
├── app
├── config.php
├── lib
├── public
└── storage
```

One of the main benefits here is you do not have to edit any code in a plugin. Unlike the other ones available. This is great for a compatibility and ease of use.
---

This system is mostly geared to web developers and web designers who may want to push out updates to custom plugins without sharing them in the official repository.
## 📦 Modules

This can also allow you to edit existing plugins from the official repository and customize them. And push out a separate release once you've implemented or changes after updates to the official plugin.
<details closed><summary>update-api</summary>

Anyone who's using a plugin not from the official repository and who doesn't want to update each site manually when new releases arrive.
| File | Summary |
| --- | --- |
| [HOSTS](update-api/HOSTS) | Define the configuration details and settings for server hosts involved in the update process, facilitating seamless communication and coordination for updating WordPress plugins and themes. This enhances the repositorys overall capability to manage updates effectively across different environments. |
| [config.php](update-api/config.php) | Configuration file for defining essential constants crucial for the plugin and theme update management system. Establishes authentication credentials, sets directory paths for plugins, themes, blacklists, and logs, thereby ensuring the smooth operation and organization of the update API within the repositorys architecture. |

For anyone worried about supply chain attacks. Or just wants to intercept and test updates without having to then manually update many sites.
</details>

But most of all it's just much easier than any other option. You don't need to change code or anything just the name of the zip file upload it and you're done.
<details closed><summary>update-api.public</summary>

| File | Summary |
| --- | --- |
| [index.php](update-api/public/index.php) | Serves as the main entry point for the Update APIs web interface, providing a dashboard for managing WordPress hosts, plugins, themes, and viewing logs. Initializes sessions and includes necessary configurations and libraries, facilitating an admin interface with essential resources for a responsive and interactive user experience. |
| [.htaccess](update-api/public/.htaccess) | Enhances URL routing by managing redirects and internal rewrites, ensuring clear and organized access to key sections like home, plupdate, thupdate, and logs. This optimization streamlines external requests and maintains seamless internal navigation within the update-api component of the repository. |
| [login.php](update-api/public/login.php) | Provides an admin login interface for the Update API, enhancing security and access control. Integrates with configuration, authentication, and web application firewall libraries to facilitate validation and protection mechanisms within the broader WordPress plugin update ecosystem. Presents a user-friendly login form to manage API updates effectively. |
| [robots.txt](update-api/public/robots.txt) | Regulate web crawler access to the update-api directory with a specified delay, optimizing server load and ensuring the smooth operation of the plugin updater functionality within the repositorys architecture. |

## Getting Started
- This requires php setting allow_url_fopen enabled
</details>

### To Install In WP
<details closed><summary>update-api.public.themes</summary>

- Drop in the MU-Plugin from the MU-Plugin directory to your sites.
- Set a key for security in the file.
- Set api.php url in the file.
| File | Summary |
| --- | --- |
| [api.php](update-api/public/themes/api.php) | Serve as an endpoint for managing theme updates, verifying domain and key authenticity, and delivering updated theme versions to authorized users. Implements IP blacklisting and logs activity to enhance security and traceability, ensuring only authenticated requests can access and download theme updates. |
| [download.php](update-api/public/themes/download.php) | Provides a secure endpoint for downloading theme updates by validating user credentials and domain against an authorized list, ensuring only legitimate users can access the requested files while blocking blacklisted IPs. |

### To Install On Server
- Upload the update-api drectorie contents to your webservers webroot.
- Change webroot to the /public/ directory.
- Open config.php and set username and password.
</details>

### Manage Update API
- Login to WebGUI at yourdomain.com/
- Add websites domain in format domain.com.
- Add websites security key that you used in mu-plugin.
- Prepare updates by renaiming the plugin zip file to plugin-slug_1.1.1.zip : Pay attention to the formatting. First is the plug-in slug followed by an _ then the version.
- Now autodeletes any previous versions of plugin updates.
- Sites will update once daily.
<details closed><summary>update-api.public.plugins</summary>

| File | Summary |
| --- | --- |
| [api.php](update-api/public/plugins/api.php) | Provides an API for managing WordPress plugin updates, verifying access through domain and key checks, validating IP addresses, and delivering new plugin versions when available. Enhances security with IP blacklisting and logs both successful updates and unauthorized access attempts. |
| [download.php](update-api/public/plugins/download.php) | Facilitates secure plugin downloads by validating user credentials against a predefined list. Prevents unauthorized access and ensures only authorized users can download specified files. Integrates security measures like input sanitization and IP blacklisting to safeguard the update process within the WordPress plugin architecture. |

## Using Web GUI
The Web GUI can have login name and password set in the index.php file.
</details>

The Web GUI is set into tabbed sections. The first lets you add a host and key. The host is 'domain.com' & the key is 'anything'. You can add, edit or delete hosts and keys here.
<details closed><summary>update-api.storage</summary>

The second section is plugins. This lets you upload plugins or delete them. As this is currently setup if you are adding a new update you must remove the old one for this to work. The plugins zip file should be the same as it would in the offical repo except for the naming. The plugin slug refers to the main plugin file before `.php`. The version is in standard format 1.1.1 Take the plug-in folder and add it to a zip archive with the name and the following format plugin-slug_1.2.1.zip.
| File | Summary |
| --- | --- |
| [BLACKLIST.json](update-api/storage/BLACKLIST.json) | Maintains a list of blacklisted plugins or themes, preventing them from receiving updates via the update API. This ensures security and stability by blocking disallowed or potentially harmful software components within the WordPress plugin and theme ecosystem. |

The Third is for logs.
</details>

<details closed><summary>update-api.app.forms</summary>

## Project Status
| File | Summary |
| --- | --- |
| [home-forms.php](update-api/app/forms/home-forms.php) | Manage entries in the HOSTS file by adding, updating, or deleting domains and keys based on POST requests, enhancing the functionality of the Update API within the WordPress plugin ecosystem. This integration ensures seamless updating and administration of plugin and theme assets. |
| [thupdate-forms.php](update-api/app/forms/thupdate-forms.php) | Facilitate WordPress theme updates by enabling file uploads, deletions, and downloads. Integrates seamlessly with the broader update-api module to ensure easy management of theme files, supporting the repositorys functionality for maintaining up-to-date WordPress themes within a multi-functional plugin architecture. |
| [plupdate-forms.php](update-api/app/forms/plupdate-forms.php) | Enables management of WordPress plugins via an update API, offering functionality for uploading, deleting, and downloading plugin files. Supports validation of file extensions and safeguards against errors, ensuring smooth file handling and operational integrity within the broader repository architecture. |

### Change Log
3/10/23:
- Added download.php. This file handles sending the download to the plugin. This way the plugin directory can be outside the webroot and secure.
- Added a config.php for variables in the api. It will be located outside webroot.
- Moved HOSTS file out of webroot.
3/12/23
- added access logs to Web GUI.
- added validation for .zip uploads.
- Page nolonger must reload on uploads and shows errors in upload box.
3/14/23
- Improved admin styles
- Code Optimizations
4/12/23
- Fixed plugin table sorting order
- Cleaned up code
- Added WAF
5/20/23
- Tabbed interface
- Upload multible plugins at once
- Deletes old plugin version on new upload
- Theme Updates
</details>

### To-Do List
<details closed><summary>update-api.app.helpers</summary>

- Polish GUI ( Needs some tweaks).
- Need to make it more efficient and limit the request sent back and forth.
- Maybe add mu-plugin updates.
- Right now it logs everything to the debug log in WordPress. Would like to maybe set up its unlocking system that can be viewed from the admin.
- Move plugin variables to WordPress config.
| File | Summary |
| --- | --- |
| [plupdate-helper.php](update-api/app/helpers/plupdate-helper.php) | Generate an HTML table displaying available WordPress plugin ZIP files, allowing users to delete plugins via a form submission. Divide the plugins list into two columns for better readability and user experience within the Update API section of the repository. |
| [home-helper.php](update-api/app/helpers/home-helper.php) | Generate and manage an HTML table displaying domain and key entries from the HOSTS file, supporting update and delete actions. Enhance the user interface of the WordPress Update API by organizing entries into columns for ease of use and better readability. |
| [thupdate-helper.php](update-api/app/helpers/thupdate-helper.php) | Highlighting the themes available for updates and providing functionality to delete them, the thupdate-helper.php file within the update-api/app/helpers directory enhances the WordPress Update APIs capability to manage and display themes dynamically via HTML tables, seamlessly integrating with the parent plugins update architecture. |
| [logs-helper.php](update-api/app/helpers/logs-helper.php) | Processes log files to group log entries by domain name and generates formatted HTML output displaying the status of each entry, aiding in simplified log analysis and monitoring for the WordPress Update API system. Integrates within the broader architecture to offer transparency and error tracking for plugin and theme updates. |

</details>

<details closed><summary>update-api.app.pages</summary>

| File | Summary |
| --- | --- |
| [plupdate.php](update-api/app/pages/plupdate.php) | Facilitate plugin uploads and manage update statuses through a user interface integrated with Dropzone for drag-and-drop functionality. Streamline plugin management by displaying existing plugins and handling file uploads and errors dynamically, contributing to the overall flexibility and usability of the plugin updater system within the repositorys architecture. |
| [thupdate.php](update-api/app/pages/thupdate.php) | Facilitates the management and uploading of WordPress themes, providing a user-friendly interface for theme uploads, displaying a table of available themes, and offering real-time upload status feedback through Dropzone integration for enhanced user experience. |
| [logs.php](update-api/app/pages/logs.php) | Displays plugin and theme logs on the WordPress Update API interface, facilitating monitoring and troubleshooting within the updater architecture. Integrates dynamic content, enhancing the user experience by providing real-time log outputs for both plugins and themes. |
| [home.php](update-api/app/pages/home.php) | Facilitates the management of allowed hosts for the WordPress Update API by displaying a current list and providing a form to add new entries. Integrates seamlessly into the update-api section, enhancing control over authorized domains within the repositorys architecture. |

</details>

<details closed><summary>update-api.lib</summary>

| File | Summary |
| --- | --- |
| [auth-lib.php](update-api/lib/auth-lib.php) | Facilitates user authentication within the WordPress Update API by managing login and logout operations, handling session security, and implementing measures against failed login attempts to enhance system security. Essential for safeguarding access to the update APIs functionalities and integrating seamlessly with the repositorys broader architecture. |
| [waf-lib.php](update-api/lib/waf-lib.php) | Sanitizes and validates input data, checks for disallowed characters and patterns, updates login attempt records, and manages IP blacklists for security, contributing to the broader security framework of the Update API within the v-wordpress-plugin-updater repository. |
| [load-lib.php](update-api/lib/load-lib.php) | Serve as a security and routing mechanism, ensuring only authenticated users can access specific pages within the WordPress update API. It checks for blacklisted IPs, redirects unauthenticated users to the login page, and dynamically loads page-specific helper, form, and main files if they exist. |

</details>

<details closed><summary>mu-plugin</summary>

| File | Summary |
| --- | --- |
| [von-sys-theme-updater.php](mu-plugin/von-sys-theme-updater.php) | Automates the daily update checks for WordPress themes by scheduling events, retrieving update details from a specified API, downloading, and installing theme updates seamlessly, ensuring themes remain current. Integrates error logging to handle update failures and provides feedback on the update status for each theme. |
| [von-sys-plugin-updater.php](mu-plugin/von-sys-plugin-updater.php) | Facilitates automated plugin updates in a WordPress environment by scheduling daily checks and downloading new versions if available, ensuring plugins remain current and secure with minimal manual intervention. Integrates with the Vontainment API to verify and obtain updates, enhancing overall site maintenance efficiency. |
| [von-sys-plugin-updater-mu.php](mu-plugin/von-sys-plugin-updater-mu.php) | WP Plugin Updater Multisite automates daily checks and updates for WordPress plugins within a multisite environment, ensuring all plugins remain current by interacting with the Vontainment API to fetch updates, download, and install them seamlessly. |
| [von-sys-theme-updater-mu.php](mu-plugin/von-sys-theme-updater-mu.php) | Automates daily WordPress theme updates across multisite installations. Handles scheduled update checks, verifies theme versions against Vontainment API, and manages theme package downloads and installations. Logs outcomes and errors to ensure smooth, repeated theme maintenance. Integrates seamlessly into the existing plugin updater framework. |

</details>

---

## 🚀 Getting Started

**System Requirements:**

* **PHP**: `version x.y.z`

### ⚙️ Installation

<h4>From <code>source</code></h4>

> 1. Clone the v-wordpress-plugin-updater repository:
>
> ```console
> $ git clone ../v-wordpress-plugin-updater
> ```
>
> 2. Change to the project directory:
> ```console
> $ cd v-wordpress-plugin-updater
> ```
>
> 3. Install the dependencies:
> ```console
> $ composer install
> ```

### 🤖 Usage

<h4>From <code>source</code></h4>

> Run v-wordpress-plugin-updater using the command below:
> ```console
> $ php main.php
> ```

### 🧪 Tests

> Run the test suite using the command below:
> ```console
> $ vendor/bin/phpunit
> ```

---

## 🛠 Project Roadmap

- [X] `► INSERT-TASK-1`
- [ ] `► INSERT-TASK-2`
- [ ] `► ...`

---

## 🤝 Contributing

Contributions are welcome! Here are several ways you can contribute:

- **[Report Issues](https://local/v-wordpress-plugin-updater/issues)**: Submit bugs found or log feature requests for the `v-wordpress-plugin-updater` project.
- **[Submit Pull Requests](https://local/v-wordpress-plugin-updater/blob/main/CONTRIBUTING.md)**: Review open PRs, and submit your own PRs.
- **[Join the Discussions](https://local/v-wordpress-plugin-updater/discussions)**: Share your insights, provide feedback, or ask questions.

<details closed>
<summary>Contributing Guidelines</summary>

1. **Fork the Repository**: Start by forking the project repository to your local account.
2. **Clone Locally**: Clone the forked repository to your local machine using a git client.
```sh
git clone ../v-wordpress-plugin-updater
```
3. **Create a New Branch**: Always work on a new branch, giving it a descriptive name.
```sh
git checkout -b new-feature-x
```
4. **Make Your Changes**: Develop and test your changes locally.
5. **Commit Your Changes**: Commit with a clear message describing your updates.
```sh
git commit -m 'Implemented new feature x.'
```
6. **Push to local**: Push the changes to your forked repository.
```sh
git push origin new-feature-x
```
7. **Submit a Pull Request**: Create a PR against the original project repository. Clearly describe the changes and their motivations.
8. **Review**: Once your PR is reviewed and approved, it will be merged into the main branch. Congratulations on your contribution!
</details>

<details closed>
<summary>Contributor Graph</summary>
<br>
<p align="center">
<a href="https://local{/v-wordpress-plugin-updater/}graphs/contributors">
<img src="https://contrib.rocks/image?repo=v-wordpress-plugin-updater">
</a>
</p>
</details>

---

## 🎗 License

This project is protected under the [SELECT-A-LICENSE](https://choosealicense.com/licenses) License. For more details, refer to the [LICENSE](https://choosealicense.com/licenses/) file.

---

## 🔗 Acknowledgments

- List any resources, contributors, inspiration, etc. here.

[**Return**](#-overview)

---

BIN
png_20230308_211110_0000.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 998 KiB

BIN
screenshot.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 90 KiB

BIN
v-wordpress-plugin-updater.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB