Managing WordPress Dependencies with Composer – Octolize Plugins

1 – What is Composer?

Composer is the standard dependency manager for PHP. Instead of copying plugin folders into wp-content/, you list everything your site relies on in a singlecomposer.json. One command (composer install or composer update) then pulls the exact versions, places them in predictable locations, and records them in a lock-file so that every environment (local, CI, production) stays in sync.

2 – Using Composer with WordPress

Starter kits at a glance

• Roots / Bedrock – reorganizes WordPress into a modern project structure.
• johnpbloch/wordpress-core – pulls only core without changing folders (good when you need vanilla paths).
• fancyguy/webroot-installer – keeps core outside the web root with minimal changes.

Bedrock is by far the most comprehensive, so the walkthrough below uses it.

Step-by-step with Bedrock

1. Create the projectcomposer create-project roots/bedrock my-site
2. Configure environment variables – copy .env.example to .env, then fill in DB_…, WP_HOME, WP_SITEURL, and salts.
3. Point the web-server document root to Bedrock’s web/ directory.
4. Visit https://example.test/wp/wp-admin and run the normal WordPress installer.

3 – Adding free plugins (WooCommerce & Flexible Shipping)

The easiest way to pull anything that lives on WordPress.org is WPackagist – a Composer mirror of the plugin directory.

1. Declare the repository

   {
     "repositories": [
       { "type": "composer", "url": "https://wpackagist.org" }
     ]
   }

2. Require your plugins

   composer require \
     wpackagist-plugin/woocommerce:^9.0 \
     wpackagist-plugin/flexible-shipping:^5.0

    

   woocommerce gives you the full shop suite, while flexible-shipping (by Octolize) adds powerful table-rate rules – all free on WordPress.org.
    

4 – Installing Octolize PRO plugins with Composer

Premium Octolize extensions – e.g. Flexible Shipping PRO – are distributed from a private Composer repository at
https://composer.octolize.dev. Access is secured by a bearer-token (your personal API key).

4.1 Getting your Octolize API key

1. Log in to your Octolize account: https://octolize.com/my-account/.
2. On the sidebar, click API Keys.
3. If you have an active subscription for the plugin you need, an API key is automatically created. Simply copy the Master API key displayed next to the subscription.
4. Copy your Master API key to your clipboard — this is the bearer value you will paste in the Composer auth step below.

4.2 One-time setup in Composer

# Tell Composer where the private repo lives
auth_host="composer.octolize.dev"
composer config repositories.octolize/plugins composer "https://${auth_host}"

# Store your key in global auth.json (do this on every machine/CI runner)
composer config --global --auth "bearer.${auth_host}" YOUR_MASTER_API_KEY_HERE

4.3 Require the PRO package

composer require octolize-plugin/flexible-shipping-pro

All Octolize premium packages share the octolize-plugin/* namespace, so future updates are as simple as:

composer update octolize-plugin/*

5 – Wrap-up

• Composer centralises every dependency — WordPress core, themes, free and paid plugins — into reproducible code.
• Bedrock gives WordPress a modern, Laravel-style directory layout and ships with sensible defaults.
• WPackagist mirrors the entire wordpress.org ecosystem, letting you version-pin plugins like WooCommerce or Flexible Shipping Free.
• Octolize’s private repo lets you fetch PRO extensions (e.g. Flexible Shipping PRO) the same way, secured by your personal Master API key.

Whether you run a tiny blog or a multi-store WooCommerce installation, adopting Composer today means safer updates, cleaner repos, and deployments that “just work.” Happy coding!