FAIR

Federated and Independent Repositories

Package Installator

Plugin Banner

Package Installator

by Thomas Lloancy

Download
Description

Package Installator empowers WordPress administrators to manage system-level packages, such as PHP extensions, directly from the WordPress admin dashboard. It features a modern, React-based interface with a searchable table, animated progress bars, and detailed command output for installing and uninstalling packages via SSH.

Key Features

  • Modern UI: React-based interface with search functionality and animated progress bars.
  • Package Management: Install or uninstall packages like php-xml, php-mbstring, php-curl, and more.
  • SSH Integration: Secure SSH connections using private key or password authentication.
  • Real-time Feedback: AJAX updates for package status, progress, and detailed command logs.
  • Expandable Logs: View raw command output for each package operation.
  • SSH Status: Visual indicators for SSH connection status on both settings and package manager pages.
    Important Note: Currently compatible only with Debian-based distributions (e.g., Debian, Ubuntu) using apt. Future versions will support other Linux distributions (Red Hat, Fedora, Arch, etc.) with tools like yum, dnf, and pacman.
    Warning: This plugin executes system commands via SSH, which can impact your server. Ensure proper SSH configuration and test on a staging environment.

Dependencies

Includes all dependencies: React, Axios, React-Select, phpseclib3.
No Composer or npm required.

⚠️ Avertissements de sécurité très importants

  • Ce plugin exécute des commandes root via SSH depuis WordPress.
  • Une vulnérabilité (XSS, vol de session, compte admin compromis) pourrait permettre une prise de contrôle totale du serveur.
  • N’utilisez PAS en production sans :
    • HTTPS forcé
    • 2FA sur tous les comptes admin
    • Restriction IP sur l’admin WP
    • Liste blanche stricte des commandes autorisées
    • Sauvegardes régulières (fichiers + base)
  • Testez uniquement sur staging au début.

1.1.0 – December 2025

  • Full internationalization (i18n) support with French and English translations
  • Command history logging with database table
  • Non-interactive root command executor
  • Improved session handling and security
  • Updated for WordPress 6.9 compatibility

1.0.0

  • Initial release with React UI, SSH package management, and support for Debian-based systems.
  • Features animated progress bars, expandable command output, and SSH status indicators.

Arbitrary Section

Future Plans

  • Support for Red Hat, Fedora, Arch, and other Linux distributions.
  • Enhanced error handling and user feedback.
  • Real-time log streaming for long-running operations.
  • Support for additional package managers (yum, dnf, pacman).

Contact

For contributions or issues, contact Tlloancy at [tlloancy@deter-mi.net].

  1. Upload the plugin to /wp-content/plugins/wordpress-package-installator/ or install it via the WordPress plugins screen.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress.
  3. Configure SSH credentials (host, username, port, private key, or password) in the “SSH Settings” submenu under “Package Installator”.
  4. Navigate to the “Package Installator” menu to manage packages.

Permissions Setup

`bash

sudo chown -R www-data:www-data /var/www/html/wordpress/wp-content/plugins/wordpress-package-installator
sudo chmod -R 755 /var/www/html/wordpress/wp-content/plugins/wordpress-package-installator
`

Why is it only compatible with Debian?

The plugin uses apt for package management. Future updates will detect the Linux distribution and use appropriate tools (e.g., yum, dnf, pacman).

How do I configure SSH?

In the “SSH Settings” submenu, enter your SSH host, username, port, and choose between private key or password authentication. Ensure the SSH user has sudo privileges for apt.

What if a package is already installed?

The plugin uses dpkg-query to check package status and updates the UI accordingly. If a package is already installed, it will be marked as “Installé” with 100% progress.

Is it safe to use?

The plugin executes system commands via SSH. Secure your SSH credentials and test on a non-production server. Always back up your system before use.

Can I add more packages?

Edit the $packages array in includes/ajax-handlers.php to include additional packages relevant to your environment.

1.2.1 – March 2026 (Terminal refresh fix + Site Health compatibility)

  • PHP session is now opened only on the Terminal and Log pages (via conditional check in admin_init hook)
  • session_write_close() is called systematically after every session usage (via shutdown hook + manual calls where needed)
  • Terminal authentication now persists correctly across page refreshes without blocking REST API or loopback requests
  • Fixed “Access denied – Session expired or insufficient rights” error when running commands after a refresh
  • Removed global session lock Critical issues in Site Health (active PHP session + REST API timeout) are resolved
  • Co-authored-by: Grok & User (we own the plot twist)

Note: After validating your WordPress password on the Terminal page, you remain logged in on refresh as long as the browser session cookie (PHPSESSID) is active.
Version 1.2.0 : refonte complète de la gestion des sessions PHP pour corriger les problèmes Site Health (REST API timeout + session active détectée).

Compatibilité actuelle : Debian/Ubuntu (apt). Support futur pour d’autres distributions prévu.

Back to top