WPSDK/v-wordpress-plugin-updater
2
0
Fork 0
mirror of https://github.com/djav1985/v-wordpress-plugin-updater.git synced 2025-08-17 18:11:17 +08:00
Code Issues Packages Activity Actions 1
The v-wordpress-plugin-updater project is designed to streamline the management and updating of WordPress plugins and themes through a robust API and automated processes. It offers a comprehensive solution for secure plugin and theme updates, including user authentication, IP blacklisting, and detailed logging. https://vontainment.com
107 commits 2 branches 0 tags 26 MiB
Find a file
nikolai@vontainment.com 2620afcead modified: .gitattributes 
modified:   .gitignore
	modified:   LICENSE
	modified:   README.md
	modified:   update-api/classes/HomeHelper.php
	modified:   update-api/classes/LogsHelper.php
	modified:   update-api/classes/PlHelper.php
	modified:   update-api/classes/ThHelper.php
	renamed:    update-api/classes/SecurityHandler.php -> update-api/classes/UtilityHandler.php
	modified:   update-api/config.php
	modified:   update-api/lib/auth-lib.php
	modified:   update-api/lib/load-lib.php
	modified:   update-api/public/.htaccess
	modified:   update-api/public/api.php
	modified:   update-api/public/assets/css/styles.css
	modified:   update-api/public/assets/js/header-scripts.js
	modified:   update-api/public/index.php
	modified:   update-api/public/login.php
	modified:   update-api/public/robots.txt
2025-07-05 04:30:19 -04:00
mu-plugin Update MU plugin updater to handle direct ZIP 2025-07-04 21:11:54 -04:00
update-api modified: .gitattributes 2025-07-05 04:30:19 -04:00
.gitattributes modified: .gitattributes 2025-07-05 04:30:19 -04:00
.gitignore modified: .gitattributes 2025-07-05 04:30:19 -04:00
LICENSE modified: .gitattributes 2025-07-05 04:30:19 -04:00
README.md modified: .gitattributes 2025-07-05 04:30:19 -04:00
v-wordpress-plugin-updater.png new file: .gitattributes 2024-06-24 19:04:38 -04:00

README.md

project-logo

V-WORDPRESS-PLUGIN-UPDATER

Effortless Updates, Enhanced Security, Seamless WordPress Management

Developed with the software and tools below.

PHP JSON


Table of Contents

📍 Overview

The v-wordpress-plugin-updater project is designed to streamline the management and updating of WordPress plugins and themes through a robust API and automated processes. It offers a comprehensive solution for secure plugin and theme updates, including user authentication, IP blacklisting, and detailed logging. The project provides an admin interface for managing updates, handling uploads, and monitoring logs, ensuring seamless operation across different environments. With support for both single and multisite installations, this project enhances WordPress site maintenance efficiency by automating update checks and installations, significantly reducing manual intervention.

🧩 Features

Feature Description
⚙️ Architecture The project employs a modular architecture, dividing functionality into distinct components such as update APIs, configuration management, and admin interfaces. This ensures maintainability and scalability.
🔩 Code Quality The project adheres to coding standards, with clear organization of files and comprehensive inline comments. Security measures like input sanitization and IP blacklisting are integrated throughout the codebase.
📄 Documentation Includes configuration and setup guides, inline comments, and function documentation. The repository seems well-organized, but additional user-facing documentation could enhance accessibility.
🔌 Integrations The project integrates with WordPress installations, leveraging external APIs for plugin and theme updates. Dependencies include authentication, WAF, and configuration libraries.
🧩 Modularity The codebase exhibits high modularity, with distinct folders for configuration, classes, and public access points. Each module handles specific functionality, promoting reusability and ease of maintenance.
Performance The project is designed for efficiency, with secure download endpoints and optimized URL routing via .htaccess. However, explicit performance metrics and profiling data are not provided.
🛡️ Security Implements robust security measures including IP blacklisting, authentication libraries, and input validation. Admin interface security is enhanced through session management and a web application firewall (WAF).
📦 Dependencies The project relies on standard libraries like authentication, WAF, configuration management, IP blacklisting, and Dropzone for dynamic file handling.
🚀 Scalability Designed to handle increasing traffic with modular components for updates and management. However, explicit load testing data to back scalability claims is not available.

🗂️ Repository Structure

└── v-wordpress-plugin-updater/
    ├── LICENSE
    ├── README.md
    ├── mu-plugin
    │   ├── von-sys-plugin-updater-mu.php
    │   ├── von-sys-plugin-updater.php
    │   ├── von-sys-theme-updater-mu.php
    │   └── von-sys-theme-updater.php
    ├── png_20230308_211110_0000.png
    ├── screenshot.jpg
    └── update-api
        ├── HOSTS
        ├── app
        ├── config.php
        ├── lib
        ├── public
        └── storage

📦 Modules

update-api
File Summary
HOSTS Define the configuration details and settings for server hosts involved in the update process, facilitating seamless communication and coordination for updating WordPress plugins and themes. This enhances the repositorys overall capability to manage updates effectively across different environments.
config.php Configuration file for defining essential constants crucial for the plugin and theme update management system. Establishes authentication credentials, sets directory paths for plugins, themes, blacklists, and logs, thereby ensuring the smooth operation and organization of the update API within the repositorys architecture.
update-api.public
File Summary
index.php Serves as the main entry point for the Update APIs web interface, providing a dashboard for managing WordPress hosts, plugins, themes, and viewing logs. Initializes sessions and includes necessary configurations and libraries, facilitating an admin interface with essential resources for a responsive and interactive user experience.
.htaccess Enhances URL routing by managing redirects and internal rewrites, ensuring clear and organized access to key sections like home, plupdate, thupdate, and logs. This optimization streamlines external requests and maintains seamless internal navigation within the update-api component of the repository.
login.php Provides an admin login interface for the Update API, enhancing security and access control. Integrates with configuration, authentication, and web application firewall libraries to facilitate validation and protection mechanisms within the broader WordPress plugin update ecosystem. Presents a user-friendly login form to manage API updates effectively.
robots.txt Regulate web crawler access to the update-api directory with a specified delay, optimizing server load and ensuring the smooth operation of the plugin updater functionality within the repositorys architecture.
update-api.public.themes
File Summary
api.php Serve as an endpoint for managing theme updates, verifying domain and key authenticity, and delivering updated theme versions to authorized users. Implements IP blacklisting and logs activity to enhance security and traceability, ensuring only authenticated requests can access and download theme updates.
download.php Provides a secure endpoint for downloading theme updates by validating user credentials and domain against an authorized list, ensuring only legitimate users can access the requested files while blocking blacklisted IPs.
update-api.public.plugins
File Summary
api.php Provides an API for managing WordPress plugin updates, verifying access through domain and key checks, validating IP addresses, and delivering new plugin versions when available. Enhances security with IP blacklisting and logs both successful updates and unauthorized access attempts.
download.php Facilitates secure plugin downloads by validating user credentials against a predefined list. Prevents unauthorized access and ensures only authorized users can download specified files. Integrates security measures like input sanitization and IP blacklisting to safeguard the update process within the WordPress plugin architecture.
update-api.storage
File Summary
BLACKLIST.json Maintains a list of blacklisted plugins or themes, preventing them from receiving updates via the update API. This ensures security and stability by blocking disallowed or potentially harmful software components within the WordPress plugin and theme ecosystem.
update-api.classes
File Summary
HomeHelper.php Manage HOSTS entries and handle form requests with sanitized input.
PlHelper.php Process plugin uploads and deletions securely.
ThHelper.php Process theme uploads and deletions securely.
LogsHelper.php Group log entries by domain for easy review.
ErrorHandler.php Render session messages and errors in views.
UtilityHandler.php Validate input data and maintain the IP blacklist.
update-api.app.pages
File Summary
plupdate.php Facilitate plugin uploads and manage update statuses through a user interface integrated with Dropzone for drag-and-drop functionality. Streamline plugin management by displaying existing plugins and handling file uploads and errors dynamically, contributing to the overall flexibility and usability of the plugin updater system within the repositorys architecture.
thupdate.php Facilitates the management and uploading of WordPress themes, providing a user-friendly interface for theme uploads, displaying a table of available themes, and offering real-time upload status feedback through Dropzone integration for enhanced user experience.
logs.php Displays plugin and theme logs on the WordPress Update API interface, facilitating monitoring and troubleshooting within the updater architecture. Integrates dynamic content, enhancing the user experience by providing real-time log outputs for both plugins and themes.
home.php Facilitates the management of allowed hosts for the WordPress Update API by displaying a current list and providing a form to add new entries. Integrates seamlessly into the update-api section, enhancing control over authorized domains within the repositorys architecture.
update-api.lib
File Summary
auth-lib.php Facilitates user authentication within the WordPress Update API by managing login and logout operations, handling session security, and implementing measures against failed login attempts to enhance system security. Essential for safeguarding access to the update APIs functionalities and integrating seamlessly with the repositorys broader architecture.
waf-lib.php Sanitizes and validates input data, checks for disallowed characters and patterns, updates login attempt records, and manages IP blacklists for security, contributing to the broader security framework of the Update API within the v-wordpress-plugin-updater repository.
load-lib.php Serve as a security and routing mechanism, ensuring only authenticated users can access specific pages within the WordPress update API. It checks for blacklisted IPs, redirects unauthenticated users to the login page, and dynamically loads page-specific helper and main files if they exist.
mu-plugin
File Summary
von-sys-theme-updater.php Automates the daily update checks for WordPress themes by scheduling events, retrieving update details from a specified API, downloading, and installing theme updates seamlessly, ensuring themes remain current. Integrates error logging to handle update failures and provides feedback on the update status for each theme.
von-sys-plugin-updater.php Facilitates automated plugin updates in a WordPress environment by scheduling daily checks and downloading new versions if available, ensuring plugins remain current and secure with minimal manual intervention. Integrates with the Vontainment API to verify and obtain updates, enhancing overall site maintenance efficiency.
von-sys-plugin-updater-mu.php WP Plugin Updater Multisite automates daily checks and updates for WordPress plugins within a multisite environment, ensuring all plugins remain current by interacting with the Vontainment API to fetch updates, download, and install them seamlessly.
von-sys-theme-updater-mu.php Automates daily WordPress theme updates across multisite installations. Handles scheduled update checks, verifies theme versions against Vontainment API, and manages theme package downloads and installations. Logs outcomes and errors to ensure smooth, repeated theme maintenance. Integrates seamlessly into the existing plugin updater framework.

🚀 Getting Started

System Requirements:

  • PHP: version 7.4 or higher
  • Web Server: Apache, Nginx or any server capable of running PHP
  • Write Permissions: ensure the web server can write to update-api/storage

⚙️ Installation

  1. Clone or download this repository inside your web server document root.

  2. Create the following directories so the Update API can store packages and logs:

    mkdir -p update-api/storage/plugins
mkdir -p update-api/storage/themes
mkdir -p update-api/storage/logs

  3. Edit update-api/config.php and set the login credentials and directory constants. Adjust VALID_USERNAME, VALID_PASSWORD, and paths under BASE_DIR if the defaults do not match your setup.

  4. Define the API constants used by the mu-plugins in your WordPress wp-config.php:

    define('VONTMENT_KEY', 'your-api-key');
define('VONTMENT_PLUGINS', 'https://example.com/update-api/public/plugins/api.php');
define('VONTMENT_THEMES', 'https://example.com/update-api/public/themes/api.php');

  5. Ensure the web server user owns the update-api/storage directory so uploads and logs can be written.

🤖 Usage

  1. Copy the files from the repository's mu-plugin/ folder into your WordPress installation's wp-content/mu-plugins/ directory. Create the directory if it doesn't exist. WordPress automatically loads any PHP files placed here.
  2. Log in to the Update API via update-api/public/login.php using the credentials configured in config.php to manage hosts, plugins and themes.

🎗 License

This project is licensed under the GNU General Public License v3.