V-WORDPRESS-PLUGIN-UPDATER

Seamless Updates, Limitless Innovation, Unmatched Control

Built with the tools and technologies:

---

Table of Contents

1. Table of Contents
2. Overview
3. Features
4. Project Structure
5. Getting Started
6. Roadmap
7. License

---

Overview

The v-wordpress-plugin-updater project is designed to streamline the management and updating of WordPress plugins and themes through a robust API and automated processes. It offers a comprehensive solution for secure plugin and theme updates, including user authentication, IP blacklisting, and detailed logging. The project provides an admin interface for managing updates, handling uploads, and monitoring logs, ensuring seamless operation across different environments. With support for both single and multisite installations, this project enhances WordPress site maintenance efficiency by automating update checks and installations, significantly reducing manual intervention.

---

Features

	Component	Details
⚙️	Architecture	PHP-based plugin architecture for WordPress Follows standard plugin directory structure Includes updater logic, hooks, and admin interfaces
🔩	Code Quality	Uses PHP best practices with namespacing Code is modular with separate classes/functions Includes inline comments and docblocks
📄	Documentation	README provides setup and usage instructions Includes code comments and inline docs No extensive external docs or API references
🔌	Integrations	Integrates with WordPress hooks and filters Uses REST API endpoints for updates Reads configuration from JSON and ini files
🧩	Modularity	Separate classes for updater, plugin info, and settings Configurable via JSON files Supports extension points for custom behaviors
🧪	Testing	Limited unit tests present, primarily for core classes Uses PHPUnit for testing PHP components Test coverage appears minimal, mainly functional tests
⚡️	Performance	Optimized file checks with caching mechanisms Minimized HTTP requests during update checks Uses transient caching in WordPress
🛡️	Security	Sanitizes and validates external inputs Uses nonces for admin actions Reads configuration files with restricted permissions
📦	Dependencies	PHP standard library WordPress core functions Configuration files: robots.txt, blacklist.json, php.ini, etc.

---

Project Structure

└── v-wordpress-plugin-updater/
    ├── .github
    │   └── copilot-instructions.md
    ├── LICENSE
    ├── README.md
    ├── mu-plugin
    │   ├── v-sys-plugin-updater-mu.php
    │   ├── v-sys-plugin-updater.php
    │   └── v-sys-theme-updater.php
    ├── update-api
    │   ├── HOSTS
    │   ├── app
    │   │   ├── Controllers
    │   │   │   ├── ApiController.php
    │   │   │   ├── AuthController.php
    │   │   │   ├── HomeController.php
    │   │   │   ├── LogsController.php
    │   │   │   ├── PluginsController.php
    │   │   │   └── ThemesController.php
    │   │   ├── Core
    │   │   │   ├── AuthMiddleware.php
    │   │   │   ├── Controller.php
    │   │   │   ├── ErrorMiddleware.php
    │   │   │   ├── Router.php
    │   │   │   └── Utility.php
    │   │   ├── Models
    │   │   │   ├── HostsModel.php
    │   │   │   ├── LogModel.php
    │   │   │   ├── PluginModel.php
    │   │   │   └── ThemeModel.php
    │   │   └── Views
    │   │       ├── 404.php
    │   │       ├── home.php
    │   │       ├── layouts
    │   │       │   ├── footer.php
    │   │       │   └── header.php
    │   │       ├── login.php
    │   │       ├── logs.php
    │   │       ├── plupdate.php
    │   │       └── thupdate.php
    │   ├── autoload.php
    │   ├── config.php
    │   ├── php.ini
    │   ├── public
    │   │   ├── .htaccess
    │   │   ├── assets
    │   │   │   ├── css
    │   │   │   │   ├── login.css
    │   │   │   │   ├── mobile.css
    │   │   │   │   └── styles.css
    │   │   │   ├── images
    │   │   │   │   ├── background.png
    │   │   │   │   ├── login.jpg
    │   │   │   │   └── logo.png
    │   │   │   └── js
    │   │   │       ├── footer-scripts.js
    │   │   │       └── header-scripts.js
    │   │   ├── favicon.ico
    │   │   ├── index.php
    │   │   └── robots.txt
    │   └── storage
    │       ├── BLACKLIST.json
    │       └── logs
    │           ├── php_app.log
    │           ├── plugin.log
    │           └── theme.log
    └── v-wordpress-plugin-updater.png

Project Index

V-WORDPRESS-PLUGIN-UPDATER/

__root__

⦿ __root__

File Name	Summary
LICENSE	- Provides the licensing terms for the project, establishing legal permissions and restrictions for software use, distribution, and modification within the overall architecture - Ensures clarity on rights granted to users and contributors, supporting open-source collaboration and legal compliance across the entire codebase.

update-api

⦿ update-api

File Name	Summary
php.ini	- Configure PHP environment settings to optimize API performance and stability within the update API module - By managing error display, upload limits, and execution times, it ensures reliable handling of data uploads and processing tasks, supporting the overall architectures goal of maintaining a robust and efficient API service.
HOSTS	- Defines the host configurations for the update API, establishing the environment settings necessary for deploying and managing the API across different infrastructure targets - It ensures consistent host references, facilitating seamless integration and communication within the overall system architecture - This setup supports reliable deployment workflows and environment-specific customization for the update API component.
config.php	- Defines core configuration constants for the WordPress Update API, establishing authentication parameters, directory paths, and session management settings - These configurations facilitate secure and organized access to plugin, theme, and log storage, supporting the API’s role in managing and delivering updates within the overall project architecture.
autoload.php	- Establishes a PSR-4 autoloading mechanism for the App namespace, enabling seamless and efficient loading of class files within the update-api project - This autoloader supports the modular architecture by dynamically resolving class locations, ensuring organized code management and streamlined execution across the applications components.

public

⦿ update-api.public

File Name	Summary
robots.txt	- Defines web crawler access restrictions by disallowing all user agents from indexing the site, ensuring the entire website remains private and excluded from search engine results - This configuration supports the overall architecture by controlling visibility and maintaining confidentiality of the sites content.
index.php	- Facilitates routing and error handling for the WordPress Update API, enabling seamless request dispatching and robust middleware management - Serves as the entry point that initializes session management, loads configuration, and directs incoming API requests to appropriate handlers, ensuring reliable operation within the overall project architecture.
.htaccess	- Defines URL rewriting rules to route requests to the main application handler, ensuring proper request processing - Implements caching policies for static assets to optimize load times and reduce server load - Enhances performance and efficiency across the web application by managing request flow and client-side caching strategies.

app

⦿ update-api.app

Models

⦿ update-api.app.Models

File Name	Summary
ThemeModel.php	- Manages theme files within the WordPress Update API, enabling retrieval, deletion, and uploading of theme ZIP packages - Facilitates theme lifecycle operations, ensuring proper file handling, validation, and size restrictions to support seamless theme management in the broader update infrastructure.
HostsModel.php	- Manages host entries within the WordPress Update API by providing functionalities to retrieve, add, update, and delete host records - Ensures consistent handling of host data, maintains log integrity, and supports dynamic configuration of host access controls, integral to the overall architecture for secure and flexible update management.
PluginModel.php	- Manages WordPress plugin files within the UpdateAPI architecture by providing functionalities for retrieving, uploading, and deleting plugin ZIP files - Ensures proper handling of file validation, size constraints, and safe file operations, supporting seamless plugin management and updates in the broader system - Facilitates efficient plugin lifecycle control aligned with the APIs update and deployment processes.
LogModel.php	- Provides functionality to process and visualize log data related to WordPress updates, grouping entries by domain and status - It enhances the overall architecture by enabling clear, styled reporting of update success or failure, including historical context, which supports monitoring and troubleshooting within the update management system.

Core

⦿ update-api.app.Core

File Name	Summary
Utility.php	- Provides utility functions for validating domain names, API keys, slugs, filenames, versions, usernames, and passwords within the WordPress Update API - Manages IP-based security by tracking failed login attempts and maintaining a blacklist, ensuring enhanced security and integrity across the update process - Integral to maintaining data validation standards and safeguarding the API against unauthorized access.
Router.php	- Defines the core routing mechanism for the WordPress Update API, directing incoming requests to appropriate controllers based on URL paths - Ensures authentication for protected routes and handles URL redirection and error responses, facilitating seamless request handling within the applications architecture.
Controller.php	- Provides a foundational class for rendering view templates within the WordPress Update API, facilitating separation of concerns by managing presentation logic - It supports the overall architecture by enabling consistent and streamlined output generation, ensuring that different parts of the application can display data effectively while maintaining a clean code structure.
ErrorMiddleware.php	- Provides centralized error handling and logging for the WordPress Update API, ensuring robust management of runtime errors, exceptions, and shutdown events - Facilitates graceful error responses, maintains application stability, and logs critical issues, thereby supporting reliable API operations and easier troubleshooting within the overall system architecture.
AuthMiddleware.php	- Implements authentication and security checks within the WordPress Update API, ensuring only authorized users and trusted IPs access update functionalities - It enforces session validation, handles timeout and user agent consistency, and blocks blacklisted IPs, thereby maintaining secure and controlled API interactions as part of the overall application security architecture.

Views

⦿ update-api.app.Views

File Name	Summary
thupdate.php	- Provides a user interface for managing WordPress themes within the UpdateAPI platform, enabling viewing, uploading, and status tracking of theme packages - Integrates a dynamic upload mechanism with real-time feedback, supporting seamless theme updates and extensions through a structured, web-based dashboard aligned with the overall API architecture.
login.php	- Provides the login interface for the WordPress Update API, enabling administrators to authenticate securely before accessing update management functionalities - Integrates styling and scripts to ensure a user-friendly experience, while facilitating session handling and error messaging within the broader API architecture - Serves as the entry point for authorized users to interact with the update management system.
404.php	- Provides a user-friendly 404 error page for the UpdateAPI, ensuring clear communication when a requested resource is not found - Integrates consistent styling and scripts within the broader WordPress-based API architecture, maintaining a cohesive user experience and guiding users appropriately within the APIs web interface.
logs.php	- Displays plugin and theme update logs within the WordPress Update API, providing a clear interface for monitoring recent changes - Integrates header and footer layouts to maintain consistent styling across the application, facilitating efficient tracking of update activities and supporting overall system transparency and troubleshooting.
plupdate.php	- Provides a user interface for managing WordPress plugin updates within the UpdateAPI platform - Facilitates viewing installed plugins, uploading new plugin ZIP files via drag-and-drop, and displaying real-time upload status messages - Integrates with backend processes to streamline plugin management, ensuring seamless updates and installations in a structured, user-friendly manner.
home.php	- Provides a user interface for managing allowed hosts within the WordPress Update API, enabling viewing and adding domain entries - Facilitates administrative control over host configurations, ensuring secure and organized management of permitted domains for update operations - Integrates form handling and display logic to support dynamic updates in the APIs host list.

layouts

⦿ update-api.app.Views.layouts

File Name	Summary
header.php	- Defines the header layout for the WordPress Update API admin interface, establishing the page structure, navigation, and styling - It facilitates seamless user interaction by providing consistent branding, navigation tabs for managing hosts, plugins, themes, and viewing logs, and integrates necessary scripts and styles to support the APIs administrative functions within the overall architecture.
footer.php	- Defines the footer layout for the UpdateAPIs web interface, providing consistent branding and user interface closure across pages - It includes dynamic copyright information, links to assets and scripts, and integrates error message handling to ensure seamless user experience within the overall WordPress-based architecture.

Controllers

⦿ update-api.app.Controllers

File Name	Summary
ApiController.php	- Implements a WordPress Update API endpoint to securely handle update requests for plugins and themes - Validates incoming parameters, authenticates domain keys, and serves the latest compatible files based on version comparisons - Integrates logging and access control, ensuring only authorized requests retrieve updates, thereby maintaining the integrity and security of the update distribution process within the overall architecture.
LogsController.php	- Provides an interface for retrieving and displaying log data related to plugin and theme activities within the WordPress Update API - It orchestrates the processing of log files and renders a view to present log outputs, supporting monitoring and troubleshooting of plugin and theme updates in the overall application architecture.
PluginsController.php	- Manages plugin-related operations within the WordPress Update API, including uploading, deleting, and displaying plugins - Facilitates secure handling of plugin files and user actions, generating dynamic HTML interfaces for plugin management - Integrates with core models and middleware to ensure smooth, secure interactions, supporting the overall architecture of plugin administration in the update ecosystem.
HomeController.php	- Manages user interactions for the WordPress Update API by handling host entries, including adding, updating, and deleting domains and keys - Validates requests, maintains session messages, and renders the hosts management interface with dynamic HTML tables - Integrates with the overall architecture to facilitate secure, user-driven configuration of host data within the update system.
ThemesController.php	- Manages theme-related operations within the WordPress Update API, including uploading, deleting, and displaying themes - Facilitates secure handling of theme files through validation and CSRF protection, while generating dynamic HTML interfaces for theme management - Integrates with core models and middleware to ensure smooth, secure interactions across the applications architecture.
AuthController.php	- Handles user authentication within the WordPress Update API, managing login sessions, validating credentials, and redirecting users appropriately - Ensures secure session management, tracks failed login attempts, and integrates blacklisting for security - Facilitates user access control, enabling authenticated interactions with the API while safeguarding against unauthorized access.

storage

⦿ update-api.storage

File Name	Summary
BLACKLIST.json	- Maintains a list of blacklisted entries to enforce security and access control within the update API - Serves as a centralized reference for filtering or blocking specific data, ensuring compliance with security policies across the system - Integrates seamlessly into the overall architecture to support consistent and efficient management of restricted entities.

mu-plugin

⦿ mu-plugin

File Name	Summary
v-sys-plugin-updater.php	- Implements automated daily checks and updates for WordPress plugins by retrieving, downloading, and installing newer plugin versions from a remote API - Integrates seamlessly into the WordPress lifecycle to ensure plugins remain current, enhancing site security and functionality without manual intervention - Serves as a core component of the update management architecture within the broader WordPress plugin ecosystem.
v-sys-theme-updater.php	- Implements automated daily updates for WordPress themes by checking for new versions, downloading update packages, and applying updates seamlessly - Integrates with the WordPress update API to ensure themes remain current, enhancing site security and functionality while minimizing manual intervention within the overall WordPress architecture.
v-sys-plugin-updater-mu.php	- Implements automated daily plugin update checks and installations for a WordPress multisite environment - It ensures plugins are kept current by retrieving updates from a remote API, downloading, and installing them seamlessly, thereby maintaining site security and functionality without manual intervention - The process is optimized for main site management, enhancing overall WordPress maintenance efficiency.

---

Getting Started

System Requirements:

• PHP: version 7.4 or higher
• Web Server: Apache, Nginx or any server capable of running PHP
• Write Permissions: ensure the web server can write to /storage

Installation

1. Clone or download this repository inside your web server document root.

2. Create the following directories so the Update API can store packages and logs:

   mkdir -p /storage/plugins
   mkdir -p /storage/themes
   mkdir -p /storage/logs

3. Edit /config.php and set the login credentials and directory constants. Adjust VALID_USERNAME, VALID_PASSWORD, and paths under BASE_DIR if the defaults do not match your setup.

4. Define the API constants used by the mu-plugins in your WordPress wp-config.php:

   define('VONTMENT_KEY', 'your-api-key');
   define('VONTMENT_PLUGINS', 'https://example.com/api');
   define('VONTMENT_THEMES', 'https://example.com/api');

5. Ensure the web server user owns the /storage directory so uploads and logs can be written.

NOTE: Make sure to set /public/ as doc root.

Usage

1. Copy the files from the repository's mu-plugin/ folder into your WordPress installation's wp-content/mu-plugins/ directory. Create the directory if it doesn't exist. WordPress automatically loads any PHP files placed here.
2. Log in to the Update API by visiting the /login route (handled by index.php) using the credentials configured in config.php to manage hosts, plugins and themes.

---

Roadmap

• Task 1: Convert to MVC framework
• Task 2: Implement more advanced authorization for site connections
• Task 3: Implement ability to remove ips from blacklist
• Task 4: Implement plug-in verification on upload
• Task 4: Implement docker version

---

License

V-wordpress-plugin-updater is protected under the LICENSE License. For more details, refer to the LICENSE file.

---