SatisPress
Generate a Composer repository from a list of installed WordPress plugins and themes.
Why a WordPress Installation?
Many plugins and themes don't have public repositories, so managing them with Composer can be a hassle. Instead, SatisPress allows you to manage them in a standard WordPress installation, leveraging the built-in update process to handle the myriad licensing schemes that would be impossible to account for outside of WordPress.
The whitelisted packages are exposed via an automatically generated packages.json for inclusion as a Composer repository in a project's composer.json or even your own satis.json.
Installation
- Download the latest release from GitHub.
- Go to the Plugins → Add New screen in your WordPress admin panel and click the Upload tab at the top.
- Upload the zipped archive.
- Click the Activate Plugin link after installation completes.
Setup
Whitelisting Packages (Plugins & Themes)
Plugins and themes must be whitelisted to be exposed as Composer packages.
Plugins can be whitelisted by visiting the Plugins screen in your WordPress admin panel and toggling the checkbox for each plugin in the "SatisPress" column.
Themes can be toggled on the Settings screen at Settings → SatisPress.
Package Caching
Plugins and themes are automatically cached before being updated by WordPress and all known versions are exposed in packages.json.
Essentially, WordPress could be set up so that simply fetching packages actually triggers automatic updates for core and plugins. The only time you would need to log in is to install and set up new plugins or themes! (Automatic updates may not work with premium plugins or themes with a custom update process).
Install the Update Control plugin to tweak auto-update settings for plugins, themes and core.
Security
Be aware that the Composer repository and packages are public by default.
Securing the repository should be possible using the same methods outlined in the Satis documentation.
HTTP Basic Authentication
To provide a simple solution, SatisPress ships with a setting to enable HTTP Basic Authentication to protect packages. Only users registered in WordPress will have access to the packages. After activating, make sure an .htaccess file exists in wp-content/uploads/satispress/ to prevent direct access.
The Limit Login Attempts plugin is supported to prevent brute force login attempts.
Debugging
packages.json Transient
The generated packages.json is cached for 12 hours via the transients API. It will be flushed whenever WordPress checks for new plugin versions or after any theme, plugin, or core is updated. Be sure to flush the satispress_packages_json transient if you need to regenerate it otherwise.
Rewrite Rules
Flush rewrite rules and make sure the satispress rule exists if you're having trouble accessing packages.json or any of the packages. Rewrite Rules Inspector is a handy plugin for viewing or flushing rewrite rules.
Premium Themes
Themes with custom upgrade routines must be active in order to determine whether updates are available, so upgrading them will probably be a manual process.
Requiring SatisPress Packages
Once SatisPress is installed and configured you can include the SatisPress repository in the list of repositories in your composer.json or satis.json, then require the packages using "satispress" (or your custom setting) as the vendor:
{
"repositories": [
{
"type": "composer",
"url": "http://example.com/satispress/"
}
],
"require": {
"composer/installers": "~1.0",
"satispress/better-internal-link-search": "*",
"satispress/premium-plugin": "*",
"satispress/genesis": "*"
}
}Roadmap
- Allow additional packages to be defined on the settings screen.