Using Composer With WordPress

DZone 's Guide to

Using Composer With WordPress

In this tutorial, we're going to investigate using Composer as the dependency manager for WordPress.

· Web Dev Zone ·
Free Resource

What Is Composer?

Composer is a dependency manager for PHP which allows you to easily manage any third party libraries within your application. You can specify an exact version you want to use on any of the third party packages. Composer will then look up the tag version of this package and download that version into your application.

When developing with WordPress you are dependent on multiple third party libraries for your website to work, things like the core WordPress code and the specific version you're running. Third party plugins from wordpress.org can change the functionality of your website so you're dependent on these running the latest version. This is the reason why composer can be used to manage the updates of your plugins, themes, and the core WordPress code on your WordPress site.

As this is a dependency manager for PHP, you don't have to limit yourself to just WordPress plugins; you can use Composer to manage generic PHP libraries.

Using Composer within WordPress will mean that when developing the application you don't need to commit any third party libraries to your own source control, reducing any bloat in your project.

Installing Composer

To install composer on Linux or UNIX system follow the instructions in the link below.

Install On Linux

If you have a Windows system use the following link for instructions on how to install composer.

Install On Windows

WordPress Packagist

This is a site that mirrors the WordPress.org plugin and theme directories and allows you to use them as a composer repository. By using WordPress Packagist, you can get access to any plugin or theme on WordPress.org from using Composer.

To use this all you have to do is add this as a new repository in your composer.json file.

    "name": "acme/brilliant-wordpress-site",
    "description": "My brilliant WordPress site",
    "require": {
    "autoload": {
        "psr-0": {
            "Acme": "src/"

To install WordPress core you need to add the repository "johnpbloch/wordpress": "4.5.2" in the require config in Composer.

"require": {
        "johnpbloch/wordpress": "4.5.2",

By adding the extra config you can specify where Composer installs packages, allowing you to move WordPress into a different location on your server to help improve the security of your application.

The below will install dependencies in these locations:

  • Must use plugins - web/app/mu-plugins
  • Plugins - web/app/plugins
  • Themes - web/app/themes
  • WordPress core - web/wp
"extra": {
    "installer-paths": {
      "web/app/mu-plugins/{$name}/": ["type:wordpress-muplugin"],
      "web/app/plugins/{$name}/": ["type:wordpress-plugin"],
      "web/app/themes/{$name}/": ["type:wordpress-theme"]
    "wordpress-install-dir": "web/wp"

Bedrock Roots Project

If you're looking at running composer on your WordPress projects the best place I've found to get started is the Bedrock project by Roots.io.

Bedrock is a boilerplate for new WordPress development processes with Composer used for the dependency management. Some of the features include:

  • Better folder structure
  • Dependency management with Composer
  • Easy WordPress configuration with environment specific files
  • Environment variables with Dotenv
  • Autoloader for mu-plugins (use regular plugins as mu-plugins)
  • Enhanced security (separated web root and secure passwords with wp-password-bcrypt)

Updating WordPress Plugins

When WordPress needs to update a plugin from the admin area it will require you enter your FTP settings into the admin area. Having FTP enabled like this can be a security loophole on your server so you might be in the situation where this is closed down on some server. This is where using Composer can make it very easy to update your plugins.

With Composer, you can log into your server via SSH and run the command:

composer update

This will then download the version of the plugin specified in your composer.json file.

composer, core, dependency, development, package manager, php, processes, wordpress

Published at DZone with permission of Paul Underwood , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}