Composer is the standard dependency manager for PHP. Instead of copying plugin folders into wp-content/
, you list everything your site relies on in a singlecomposer.json
. One command (composer install
or composer update
) then pulls the exact versions, places them in predictable locations, and records them in a lock-file so that every environment (local, CI, production) stays in sync.
Bedrock is by far the most comprehensive, so the walkthrough below uses it.
composer create-project roots/bedrock my-site
.env.example
to .env
, then fill in DB_…
, WP_HOME
, WP_SITEURL
, and salts.web/
directory.https://example.test/wp/wp-admin
and run the normal WordPress installer.The easiest way to pull anything that lives on WordPress.org is WPackagist – a Composer mirror of the plugin directory.
{
"repositories": [
{ "type": "composer", "url": "https://wpackagist.org" }
]
}
composer require \
wpackagist-plugin/woocommerce:^9.0 \
wpackagist-plugin/flexible-shipping:^5.0
woocommerce
gives you the full shop suite, while flexible-shipping
(by Octolize) adds powerful table-rate rules – all free on WordPress.org.Premium Octolize extensions – e.g. Flexible Shipping PRO – are distributed from a private Composer repository at
https://composer.octolize.dev
. Access is secured by a bearer-token (your personal API key).
# Tell Composer where the private repo lives
auth_host="composer.octolize.dev"
composer config repositories.octolize/plugins composer "https://${auth_host}"
# Store your key in global auth.json (do this on every machine/CI runner)
composer config --global --auth "bearer.${auth_host}" YOUR_MASTER_API_KEY_HERE
auth.json
instead.composer require octolize-plugin/flexible-shipping-pro
All Octolize premium packages share the octolize-plugin/*
namespace, so future updates are as simple as:
composer update octolize-plugin/*
Whether you run a tiny blog or a multi-store WooCommerce installation, adopting Composer today means safer updates, cleaner repos, and deployments that “just work.” Happy coding!