V-WORDPRESS-PLUGIN-UPDATER

Effortless Updates, Enhanced Security, Seamless WordPress Management

Developed with the software and tools below.

Table of Contents

• 📍 Overview
• 🧩 Features
• 🗂️ Repository Structure
• 📦 Modules
• 🚀 Getting Started
  • ⚙️ Installation
  • 🤖 Usage
• 🎗 License

---

📍 Overview

The v-wordpress-plugin-updater project is designed to streamline the management and updating of WordPress plugins and themes through a robust API and automated processes. It offers a comprehensive solution for secure plugin and theme updates, including user authentication, IP blacklisting, and detailed logging. The project provides an admin interface for managing updates, handling uploads, and monitoring logs, ensuring seamless operation across different environments. With support for both single and multisite installations, this project enhances WordPress site maintenance efficiency by automating update checks and installations, significantly reducing manual intervention.

---

🧩 Features

	Feature	Description
⚙️	Architecture	The project employs a modular architecture, dividing functionality into distinct components such as update APIs, configuration management, and admin interfaces. This ensures maintainability and scalability.
🔩	Code Quality	The project adheres to coding standards, with clear organization of files and comprehensive inline comments. Security measures like input sanitization and IP blacklisting are integrated throughout the codebase.
📄	Documentation	Includes configuration and setup guides, inline comments, and function documentation. The repository seems well-organized, but additional user-facing documentation could enhance accessibility.
🔌	Integrations	The project integrates with WordPress installations, leveraging external APIs for plugin and theme updates. Dependencies include authentication, WAF, and configuration libraries.
🧩	Modularity	The codebase exhibits high modularity, with distinct folders for configuration, MVC components (app/Core, app/Controllers, app/Models, app/Views), and public access points. Each module handles specific functionality, promoting reusability and ease of maintenance.
⚡️	Performance	The project is designed for efficiency, with secure download endpoints and optimized URL routing via .htaccess. However, explicit performance metrics and profiling data are not provided.
🛡️	Security	Implements robust security measures including IP blacklisting, authentication libraries, and input validation. Admin interface security is enhanced through session management and a web application firewall (WAF).
📦	Dependencies	The project relies on standard libraries like authentication, WAF, configuration management, IP blacklisting, and Dropzone for dynamic file handling.
🚀	Scalability	Designed to handle increasing traffic with modular components for updates and management. However, explicit load testing data to back scalability claims is not available.

---

🗂️ Repository Structure

└── v-wordpress-plugin-updater/
    ├── LICENSE
    ├── README.md
    ├── mu-plugin
    │   ├── v-sys-plugin-updater-mu.php
    │   ├── v-sys-plugin-updater.php
    │   └── v-sys-theme-updater.php
    ├── update-api
    │   ├── HOSTS
    │   ├── app
    │   │   ├── Core
    │   │   ├── Controllers
    │   │   ├── Models
    │   │   └── Views
    │   ├── autoload.php
    │   ├── config.php
    │   ├── public
    │   └── storage
    └── v-wordpress-plugin-updater.png

---

📦 Modules

update-api

File	Summary
HOSTS	Stores allowed domain and key pairs for API requests.
config.php	Defines login credentials and directory paths for plugins, themes, blacklists and logs.
autoload.php	Simple PSR-4 autoloader for classes under the App namespace.

update-api.public

File	Summary
index.php	Serves as the main entry point for the Update APIs web interface, providing a dashboard for managing WordPress hosts, plugins, themes, and viewing logs. Initializes sessions and includes necessary configurations and libraries, facilitating an admin interface with essential resources for a responsive and interactive user experience.
/api (routed via index.php)	Unified API endpoint handled by ApiController, validating domains and keys while enforcing IP blacklist rules. Delivers update packages when newer versions are available.
.htaccess	Manages redirects for /login.php and /api.php while routing all requests through index.php. This ensures clean URLs such as /login and /api and provides optimized access to key sections like home, plupdate, thupdate, and logs.
/login (handled by index.php)	Provides an admin login interface for the Update API, enhancing security and access control. Integrates with configuration, authentication, and web application firewall libraries to facilitate validation and protection mechanisms within the broader WordPress plugin update ecosystem. Presents a user-friendly login form to manage API updates effectively.
robots.txt	Regulates web crawler access to the update-api directory with a specified delay, optimizing server load and ensuring the smooth operation of the plugin updater functionality within the repositorys architecture.

update-api.storage

File	Summary
BLACKLIST.json	Maintains a list of blacklisted plugins or themes, preventing them from receiving updates via the update API. This ensures security and stability by blocking disallowed or potentially harmful software components within the WordPress plugin and theme ecosystem.

update-api.app

Directory	Purpose
Core	Base controller, router, utility and error handlers.
Controllers	Handle requests for authentication, hosts, plugins, themes and logs.
Models	Data access for hosts, plugins, themes and logs.
Views	Templates for the admin UI (home, login, updates, logs).
autoload.php	Registers a PSR-4 autoloader for the App namespace.

update-api.app.views

File	Summary
plupdate.php	Facilitate plugin uploads and manage update statuses through a user interface integrated with Dropzone for drag-and-drop functionality. Streamline plugin management by displaying existing plugins and handling file uploads and errors dynamically, contributing to the overall flexibility and usability of the plugin updater system within the repositorys architecture.
thupdate.php	Facilitates the management and uploading of WordPress themes, providing a user-friendly interface for theme uploads, displaying a table of available themes, and offering real-time upload status feedback through Dropzone integration for enhanced user experience.
logs.php	Displays plugin and theme logs on the WordPress Update API interface, facilitating monitoring and troubleshooting within the updater architecture. Integrates dynamic content, enhancing the user experience by providing real-time log outputs for both plugins and themes.
home.php	Facilitates the management of allowed hosts for the WordPress Update API by displaying a current list and providing a form to add new entries. Integrates seamlessly into the update-api section, enhancing control over authorized domains within the repositorys architecture.

mu-plugin

File	Summary
v-sys-theme-updater.php	Automates the daily update checks for WordPress themes by scheduling events, retrieving update details from a specified API, downloading, and installing theme updates seamlessly, ensuring themes remain current. Integrates error logging to handle update failures and provides feedback on the update status for each theme.
v-sys-plugin-updater.php	Facilitates automated plugin updates in a WordPress environment by scheduling daily checks and downloading new versions if available, ensuring plugins remain current and secure with minimal manual intervention. Integrates with the Vontainment API to verify and obtain updates, enhancing overall site maintenance efficiency.
v-sys-plugin-updater-mu.php	WP Plugin Updater Multisite automates daily checks and updates for WordPress plugins within a multisite environment, ensuring all plugins remain current by interacting with the Vontainment API to fetch updates, download, and install them seamlessly.

---

🚀 Getting Started

System Requirements:

• PHP: version 7.4 or higher
• Web Server: Apache, Nginx or any server capable of running PHP
• Write Permissions: ensure the web server can write to update-api/storage

⚙️ Installation

1. Clone or download this repository inside your web server document root.

2. Create the following directories so the Update API can store packages and logs:

   mkdir -p update-api/storage/plugins
   mkdir -p update-api/storage/themes
   mkdir -p update-api/storage/logs
   

3. Edit update-api/config.php and set the login credentials and directory constants. Adjust VALID_USERNAME, VALID_PASSWORD, and paths under BASE_DIR if the defaults do not match your setup.

4. Define the API constants used by the mu-plugins in your WordPress wp-config.php:

   define('VONTMENT_KEY', 'your-api-key');
   define('VONTMENT_PLUGINS', 'https://example.com/update-api/public/api');
   define('VONTMENT_THEMES', 'https://example.com/update-api/public/api');
   

5. Ensure the web server user owns the update-api/storage directory so uploads and logs can be written.

🤖 Usage

1. Copy the files from the repository's mu-plugin/ folder into your WordPress installation's wp-content/mu-plugins/ directory. Create the directory if it doesn't exist. WordPress automatically loads any PHP files placed here.
2. Log in to the Update API by visiting the /login route (handled by index.php) using the credentials configured in config.php to manage hosts, plugins and themes.

🎗 License

This project is licensed under the MIT License.

---