Premium plugins with Composer, how to make it right.
In this short tutorial I will guide you trough setting up your own Composer repository with the help of Release Belt. This will enable you to use premium plugins with Composer. No more checking in Gravity Forms, WP Rocket and Advanced Custom Fields in Git.
- Why do we want premium plugins in Composer
- Set up your own Composer repository with Release Belt
- Adding your new Composer repository to a WordPress project
Why do we want premium plugins in Composer?
A couple of years ago I moved my WordPress development to Bedrock. Since then I have been loving the advantages of a better structure for my themes and plugins. One of the best things is that Bedrock uses Composer (the package manager for PHP) to handle it’s dependencies. This means that we define what our WordPress installation needs in a composer.json file. So if we need external PHP-packages we just require them there. What’s even better is that all plugins from wordpress.org can be required. This is done by using wpackagist, a repository for WordPress plugins. So if we need Yoast SEO for example, we just define it along with WordPress and other dependencies like this:
"require": {
...
"roots/wordpress": "5.1.1",
"wpackagist-plugin/wordpress-seo": "8.3",
...
}
And just like that Composer will manage our plugins along with WordPress and everything else we may need.
That’s a really good advantage of using Composer. But when you develop WordPress themes on a daily basis you will soon realise that there’s more plugins you need on a regular basis than the ones you find on wordpress.org. In all pages I build for clients I will use at least Advanced Custom Fields, Gravity Forms and WP Rocket.
Tip: Bedrock is really awesome for WordPress developers, but sometimes it makes things hard. Read my tutorial about how to make WEBP images work with Bedrock running on Nginx.
The problem with premium plugins and Composer
The problem with this is that those, and many other plugins you might find useful is premium plugins. Therefore you will need to pay a license. Of course the license itself isn’t the problem, but that they’re not publicly avaliable sure is. You often have to have an account, login and download the plugin files when you need them. That’s why they can’t exist on any public composer repository.
The way I used to solve this was to download the plugins, put them in the plugins folder and excluding them from Bedrocks default gitignore. This way they got checked in to my version control. Obviously not a very good solution, since i then kept another authors code mixed in my git repo for no reason. And every time a plugin needs to update, I need to update locally and then push to the git repo and deploy to live
This led me to Google to look for ways to get premium plugins working with Composer. I tried a couple of solutions but nothing that ticked all the right boxes, until I found Release Belt. This makes it really simple to set up your own private composer repo.
Set up your own Composer repository with Release Belt
Below I will show you how simple it is to setup release belt on your own server. We will use authentification, to only make it avaliable for you and your team, since we’re dealing with paid premium plugins here.
To get going, we first need to get Release Belt up and running. Go to the folder where you keep your projects and run the code below, changing “my-composer-repo” to whatever name you want. Im assuming you already got composer installed if you read this.
git clone https://github.com/Rarst/release-belt my-composer-repo
cd my-composer-repo
composer belt-update
To keep this updated in the future, you could just run composer belt-update
to get the latest version.
Once we have everything set up, you can begin to place plugins in your repo with the following structure: releases/wordpress-plugin/plugin-vendor/plugin.0.0.1.zip
.The reason we place the file in a folder called wordpress-plugin is that composer is used for a lot of different php dependencies. By using this folder structure we tell composer/installers that this is a wordpress plugin, and Bedrock will place it in the right folder for us. The folder “plugin-vendor” should of course be the name of the plugin vendor eg. “rocket-genius” for Gravity Forms, but you can give it whatever name that makes sense to you. The file “plugin.0.0.1.zip” should be the file you download from the vendor named by this convention – pluginname.versionnumber.zip. When new versions of that plugin is released you just download the new file and put it next to the old one, in the same vendor folder.
Add authentification to our Custom composer repository
Now it’s time to add authentification so nobody except you and your team could use this repo. From the root directory of your composer repo run: php bin/encodePassword.php yourpassword
, replacing “yourpassword” with the password you want. You will then get a hash to put in the config to setup the authentification.
Now, open the file config/configExample.php
in a text editor and save it as config/config.php
, in this file, we uncomment the users part and set it up lik this:
'users' => [
'username' => [ // Desired username
'hash' => 'fsFR#Rwr32r#€#€FSDF32#SDFR31233434', // The password hash from before
'allow' => ['wordpress-plugin'], // Allow this user to access WordPress plugins
],
]
Get the repository up on a server
With that setup you need to upload this to a web server. How you configure the server is totally up to you. All you need to know is that you need to set the public/
directory as your servers web root. And then point a domain like “composer.yourcompany.com” at the server.
After everything is uploaded, when you access the url you should see something like this after you entered your username and password. All your premium plugins in your own Composer repo:
To the left is a boilerplate composer.json. This lists all latest versions of the plugins in your composer repo. Just below is the config for this repository which you will to add to your WordPress projects composer.json file. To the right is a list of all versions of all plugins you have on your repo.
So, all we have to do now when a new plugin or version is released is to drag and drop a zip file in your favourite FTP client (or use git if you want). Just make sure to put it in the right place in the releases directory, and your repo will update.
Adding your new Composer repository to a WordPress project
To add plugins from your repo to a WordPress project, you first need to declare your repo in composer.json. This is done by adding it to your repository section like this:
"repositories": {
...
"composer.yourcompany.com": {
"type": "composer",
"url": "https://composer.yourcompany.com"
}
}
After that’s done you can require the plugins just like you do from wpackagist or any other place. Either by putting them manually in your composer.json file and run composer install
from the shell. Or by requiring them with composer require vendor/pluginname
from the shell.
Since we’re using authentification, the first time you require something from the repo you will have to input your credentials in the shell. When you do this you will get promted to save those credentials for later use.
Thats all for this piece. Now Composer can manage all premium plugins for you and your team. Thats the whole point of doing it the Composer way, isn’t it?
If you got any feedback or questions, just hit me up in the comments section below.
Join the Conversation
A note about WP Rocket: the plugin is directly available through composer, and the additional settings to do are listed in the readme on the plugin repo. Makes it even easier to integrate in a project.
I had no idea. Thank you! One more plugin that can be excluded from Release Belt. Yet many more to go though! 🙂
Leave a comment