Managing WordPress and WordPress plugins with Composer means that your project is locked onto specific versions and that updates can’t be made from the WordPress admin.
Bedrock, and other stacks that use Composer with WordPress, allow developers to manage WordPress and WordPress plugins as dependencies that are tracked in version control. If you make an update that breaks your site, reverting your changes is able to be done very quickly.
While this offers a lot of benefits, the downside is that core and plugin updates can take a little more work which can become tedious the more WordPress websites you manage. Do you script Composer updates to all your sites? Do you manually make the updates? Both of those solutions are typically performed once you’ve determined what needs to be updated, rather than being triggered when a new update is released.
Automated Composer dependency updates
Dependencies.io is an automated dependency update service, similar to Greenkeeper and Renovate. Dependenices.io has something the other services don’t offer: support for PHP dependencies managed by Composer.
Dependenices.io monitors your repositories for updates and then submits pull requests with updates to the
composer.lock files with the latest versions of your dependencies.
The configuration for Dependencies.io allows you to determine which versions (major vs minor) to automatically update for each of your dependencies.
After signing up on Dependencies.io and enabling the service on your repositories, configuring it is as simple as placing a file called
dependencies.yml in the root of your repository:
# dependencies.yml # See https://www.dependencies.io/docs/ version: 2 dependencies: - type: php path: / # /site for a Bedrock & Trellis site manifest_updates: filters: - name: "roots/wordpress" versions: "Y.Y.Y" - name: ".*" versions: "L.Y"
If you deploy your WordPress site with a continuous integration workflow, then the updates from Dependencies.io pull requests will be automatically deployed once you merge the changes.
Dependencies.io is a paid service, but the pricing is more than reasonable considering the benefits and time savings that come with not needing to touch your Composer files to make updates:
- $4.99/mo for 1 repo
- $19.99/mo for 5 repos
- $59.99/mo for 20 repos
- Custom pricing for up to 300 repos
Check out Dependencies.io to save yourself some time — especially if you’re an agency or freelancer who manages multiple sites.
*Dependencies.io did not ask for or pay for this post. I was looking to automate Bedrock’s WordPress updates and found this service and gave it a shot.