Plugins
A list of currently used 3rdparty plugins and a policy for future selections
You can access the list of Plugins of your P4 instance from your Admin Dashboard > Plugins.
DO NOT Enable automatic updates of any plugin. Updates are done via Composer for all P4 sites.
Installation and updates of plugins is happening via the composer scripts. All the plugins that are present in all installations are defined in the common composer file. Additionally, plugins that are installed only on a specific P4 site is defined in the composer file for that site. For example, Loco Translate is only installed on the handbook site, and is defined in the handbook composer file.
Open source plugins are being pulled from wpackagist.org. To add a plugin, you have to find the correct wpackagist record, copy the line and insert it in the composer file as the loco translate example above.
Policy & review process
The philosophy of adding plugins to a Planet 4 website can be summarized in the following:
WordPress is not inherently unsafe. The vast majority of security or incompatibility issues on WordPress sites come from badly written or not maintained plugins.
We have described a process that should be followed every time a plugin is considered to be included in Planet 4:
Decide on the features you want
Investigate if these can be done by WordPress core
If not, investigate what 3rd party plugins exist, and a do a functional fit analysis
Do a security analysis of the selected plugins, including reputation, maintenance history, and code analysis (see template). Document this process for each plugin.
Install them locally or on a test/dev site and do a thorough testing (using both automatic testing and manual testing) to see if they create problems in other areas of Planet 4.
Get them installed on the relevant site, by having them being added to the relevant composer file.
Best practices
This is a collection of best practices we gathered through the years of developing Planet 4 themes and plugins. Reach out to the Planet 4 team if you need more help with any of these topics.
License
Planet 4 is an Open Source project and all the themes and plugins being developed by us should also be. Publishing the code on Github is not enough. All repositories should include a LICENSE
file, indicating which Open Source license is being used for that particular repository.
If you are developing your own plugin, you can choose any open source license. In Planet 4 we use GPL, so you can just copy its text version into a LICENSE file in your repository.
When initially creating the repository, Github also prompts you to pick one and if you do it will add this LICENSE file in the repository.
Open Source
Open Source is not just about the license. If you think your plugin can potentially be useful for other NROs or even other organizations, you can also try to code it in a way that doesn't include hardcoded references to your website.
Coding standards
Planet 4 has defined some coding standards for php, javascript and css code. Below are some pointers to files you can include in your repository root folder. This will help other contributors but also your code editor.
Editorconfig example (you can check if your editor needs a plugin for this)
Composer
Each plugin needs a composer.json
file. This is required for adding the plugin to packagist. Below is a very simple example of how this could look. For more detailed examples, check composer's relevant documentation.
Naming
All Planet 4 specific repositories should be prefixed with planet4-
, the NRO abbreviation (eg. gpca-
) and its Wordpress function (eg. plugin-
).
Then you just add the name that best describes what it does (eg. planet4-gpch-plugin-blocks
).
If you are developing a plugin that can be used by the wider Wordpress community, you can instead prefix it with wp-
(eg. wp-gravityforms-controlshift
).
Branches
Most of our repositories use the Github Flow git branch workflow. In practice that means that we start from one main
branch that reflects the current state of development which can be deployed in a dev environment.
Any new feature is being developer in a new branch that is being merged to main
when is completed. A new tag is being create when the code is considered stable enough to be deployed in production.
Check deployment documentation on how you can define what is being depoyed in which environment.
Plugins used in all websites
Akismet Anti-Spam
Akismet is quite possibly the best way in the world to protect your blog from spam. Your site is fully configured and being protected, even while you sleep. More info in P4 > Settings.
Cloudflare
Used to integrate with our CDN and in particular with its Automatic Platform Optimizations feature.
CMB2
CMB2 will create metaboxes and forms with custom fields that will blow your mind. More info on the wp.org plugin page.
ElasticPress
Offers enhanced search capabilities and performance by integrating with Elasticsearch.
Gravity Forms
The core plugin that our Form Builder feature is built upon.
Google Apps Login
Simple secure login for WordPress through users’ Google Apps accounts (uses secure OAuth2, and MFA if enabled). More info in Login to P4 or in the wp.org plugin page.
Redirection
Manage all your 301 redirects and monitor 404 errors. More on Redirects on the wp.org plugin page.
Timber
Required by the Planet4 master theme. The WordPress Timber Library allows you to write themes using the power of Twig templates. More info on the wp.org plugin page.
Sentry
Reporting PHP and JavaScript issues to Sentry, a monitoring and error tracking software.
WP Redis
WordPress Object Cache using Redis. Requires the PhpRedis extension. More info on the wp.org plugin page.
WP-Stateless
Upload and serve your WordPress media files from Google Cloud Storage. More info on the wp.org plugin page.
Yoast Duplicate Post
Easy cloning posts and pages, including the ability to rewrite & republish.
Plugins used in some sites
WPML
Used in our sites that require more than one language. More info on Set up a Multi-Language P4 Site or at wpml.org.
Loco Translate
Translate Planet4 themes and plugins directly in WordPress. Used only in this awesome handbook site. More info at Translate P4 theme, strings (commands) and plugins or in the wp.org plugin page.
IdeaPush
Allows submissions of ideas for feature requests directly in WordPress. Used only in this awesome handbook site. More info at Improving P4 or in the wp.org plugin page.
Plugins not used
SEO plugins
Planet 4 has no SEO plugin installed or recommended. SEO plugins do a lot of things, some of which are not even things that should be done (eg. trying to "trick" Google into thinking that a page is something different than it is).
We have identified several features that are also being offered by some SEO plugins, such as open graph data (documented at PLANET-1888 or write beautiful URLs (using core WP functionality with small taxonomy modifications documented at PLANET-1879.
There are however several SEO features available on Planet 4. These include a specific title, description and image for social media, canonical links, excerpts and more. In case you're missing SEO features, do let them know in the Feature Requests page of the P4 Handbook. Please note: Our choice of operation is not "There is a plugin, let’s install it and see what it does", but “We need feature A, let’s find the best way to deliver its functionality”.
Last updated