Protect Version Controlled Updates

This plugin is built to be used on production servers which are version-controlled with Git. If plugins are updated directly on production, they can get out of sync with the repo, and later pushes to the server might “roll back” plugin updates which weren’t committed to the repo.

Users who try to update a plugin via the Plugins screen will get a modal window asking for confirmation. Admins can also block updates entirely, so users will still get the modal window but will only have a cancel button.

The modal title and modal content are admin-configurable through the options page.

Please understand, we’re not advocating not updating plugins. You should still update all the things with the quickness. Just do it in the repo and push the changes to the server.

If you’re running a version-controlled environment, I’m pretty sure that installing plugins is old hat to you. But just in case…

1. Upload the plugin files to the /wp-content/plugins/plugin-name directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the ‘Plugins’ screen in WordPress.
3. Use the Settings->PVCU Options screen to configure the plugin.

Does this auto-detect if I have a Git or SVN version-controllled server?

This plugin looks in all the normal spots for .git and/or .svn folders – the root, the wp-content folder, the plugins folder, the themes folder, and even in the current theme and the parent theme (if applicable).

If it doesn’t autodetect my installation, what then?

You can manually turn on the protection from the options screen.

Can I turn the protection off?

You can turn protection off individually for either plugins or themes.

Which pages are protected?

The plugins page (plugins.php), the plugin install page (plugin-install.php), and the general updates page (update-core.php). Future versions will protect the themes page (themes.php).

I can still update my theme from the Themes page, even with protection. What gives?

That’s a known issue. Future versions will protect theme updates from the Themes screen.

Does this protect plugin or theme deletion?

Not at this time, but that’s planned for a future version.

Does this protect core?

Not at this time, but that’s planned for a future version.

1. 

   The modal title and description are user-changable. Note that both the plugins and themes are set to "warn."

2. 

   The actual modal. Note that there's a cancel button and an update button.

3. 

   Setting both plugins and themes to "block."

4. 

   The actual modal, now with only a cancel button.

1.1

• Extensive refactoring of functions to allow for separate choices for plugins, themes, and core (upcoming release).
• Removed the checkbox to disable protection.
• Merged the protection disabling into the radio button choices for plugins and for themes.
• Updated JS to intercept form submissions for updates.

1.0

• Initial release