* WordPress Plugin Install Administration API
* @subpackage Administration
* Retrieves plugin installer pages from the WordPress.org Plugins API.
* It is possible for a plugin to override the Plugin API result with three
* filters. Assume this is for plugins, which can extend on the Plugin Info to
* offer more choices. This is very powerful and must be used with care when
* overriding the filters.
* The first filter, {@see 'plugins_api_args'}, is for the args and gives the action
* as the second parameter. The hook for {@see 'plugins_api_args'} must ensure that
* The second filter, {@see 'plugins_api'}, allows a plugin to override the WordPress.org
* Plugin Installation API entirely. If `$action` is 'query_plugins' or 'plugin_information',
* an object MUST be passed. If `$action` is 'hot_tags' or 'hot_categories', an array MUST
* Finally, the third filter, {@see 'plugins_api_result'}, makes it possible to filter the
* response object or array, depending on the `$action` type.
* Supported arguments per action:
* | Argument Name | query_plugins | plugin_information | hot_tags | hot_categories |
* | -------------------- | :-----------: | :----------------: | :------: | :------------: |
* | `$slug` | No | Yes | No | No |
* | `$per_page` | Yes | No | No | No |
* | `$page` | Yes | No | No | No |
* | `$number` | No | No | Yes | Yes |
* | `$search` | Yes | No | No | No |
* | `$tag` | Yes | No | No | No |
* | `$author` | Yes | No | No | No |
* | `$user` | Yes | No | No | No |
* | `$browse` | Yes | No | No | No |
* | `$locale` | Yes | Yes | No | No |
* | `$installed_plugins` | Yes | No | No | No |
* | `$is_ssl` | Yes | Yes | No | No |
* | `$fields` | Yes | Yes | No | No |
* @param string $action API action to perform: 'query_plugins', 'plugin_information',
* 'hot_tags' or 'hot_categories'.
* @param array|object $args {
* Optional. Array or object of arguments to serialize for the Plugin Info API.
* @type string $slug The plugin slug. Default empty.
* @type int $per_page Number of plugins per page. Default 24.
* @type int $page Number of current page. Default 1.
* @type int $number Number of tags or categories to be queried.
* @type string $search A search term. Default empty.
* @type string $tag Tag to filter plugins. Default empty.
* @type string $author Username of an plugin author to filter plugins. Default empty.
* @type string $user Username to query for their favorites. Default empty.
* @type string $browse Browse view: 'popular', 'new', 'beta', 'recommended'.
* @type string $locale Locale to provide context-sensitive results. Default is the value
* @type string $installed_plugins Installed plugins to provide context-sensitive results.
* @type bool $is_ssl Whether links should be returned with https or not. Default false.
* Array of fields which should or should not be returned.
* @type bool $short_description Whether to return the plugin short description. Default true.
* @type bool $description Whether to return the plugin full description. Default false.
* @type bool $sections Whether to return the plugin readme sections: description, installation,
* FAQ, screenshots, other notes, and changelog. Default false.
* @type bool $tested Whether to return the 'Compatible up to' value. Default true.
* @type bool $requires Whether to return the required WordPress version. Default true.
* @type bool $requires_php Whether to return the required PHP version. Default true.
* @type bool $rating Whether to return the rating in percent and total number of ratings.
* @type bool $ratings Whether to return the number of rating for each star (1-5). Default true.
* @type bool $downloaded Whether to return the download count. Default true.
* @type bool $downloadlink Whether to return the download link for the package. Default true.
* @type bool $last_updated Whether to return the date of the last update. Default true.
* @type bool $added Whether to return the date when the plugin was added to the wordpress.org
* repository. Default true.
* @type bool $tags Whether to return the assigned tags. Default true.
* @type bool $compatibility Whether to return the WordPress compatibility list. Default true.
* @type bool $homepage Whether to return the plugin homepage link. Default true.
* @type bool $versions Whether to return the list of all available versions. Default false.
* @type bool $donate_link Whether to return the donation link. Default true.
* @type bool $reviews Whether to return the plugin reviews. Default false.
* @type bool $banners Whether to return the banner images links. Default false.
* @type bool $icons Whether to return the icon links. Default false.
* @type bool $active_installs Whether to return the number of active installations. Default false.
* @type bool $group Whether to return the assigned group. Default false.
* @type bool $contributors Whether to return the list of contributors. Default false.
* @return object|array|WP_Error Response object or array on success, WP_Error on failure. See the
* {@link https://developer.wordpress.org/reference/functions/plugins_api/ function reference article}
* for more information on the make-up of possible return values depending on the value of `$action`.
function plugins_api( $action, $args = array() ) {
// Include an unmodified $wp_version.
require ABSPATH . WPINC . '/version.php';
if ( is_array( $args ) ) {
if ( 'query_plugins' === $action ) {
if ( ! isset( $args->per_page ) ) {
if ( ! isset( $args->locale ) ) {
$args->locale = get_user_locale();
if ( ! isset( $args->wp_version ) ) {
$args->wp_version = substr( $wp_version, 0, 3 ); // x.y
* Filters the WordPress.org Plugin Installation API arguments.
* Important: An object MUST be returned to this filter.
* @param object $args Plugin API arguments.
* @param string $action The type of information being requested from the Plugin Installation API.
$args = apply_filters( 'plugins_api_args', $args, $action );
* Filters the response for the current WordPress.org Plugin Installation API request.
* Passing a non-false value will effectively short-circuit the WordPress.org API request.
* If `$action` is 'query_plugins' or 'plugin_information', an object MUST be passed.
* If `$action` is 'hot_tags' or 'hot_categories', an array should be passed.
* @param false|object|array $result The result object or array. Default false.
* @param string $action The type of information being requested from the Plugin Installation API.
* @param object $args Plugin API arguments.
$res = apply_filters( 'plugins_api', false, $action, $args );
$url = 'http://api.wordpress.org/plugins/info/1.2/';
$ssl = wp_http_supports( array( 'ssl' ) );
$url = set_url_scheme( $url, 'https' );
'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' ),
$request = wp_remote_get( $url, $http_args );
if ( $ssl && is_wp_error( $request ) ) {
if ( ! wp_is_json_request() ) {
/* translators: %s: Support forums URL. */
__( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.' ),
__( 'https://wordpress.org/support/forums/' )
) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ),
headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE
$request = wp_remote_get( $http_url, $http_args );
if ( is_wp_error( $request ) ) {
/* translators: %s: Support forums URL. */
__( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.' ),
__( 'https://wordpress.org/support/forums/' )
$request->get_error_message()
$res = json_decode( wp_remote_retrieve_body( $request ), true );
if ( is_array( $res ) ) {
// Object casting is required in order to match the info/1.0 format.
} elseif ( null === $res ) {
/* translators: %s: Support forums URL. */
__( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.' ),
__( 'https://wordpress.org/support/forums/' )
wp_remote_retrieve_body( $request )
if ( isset( $res->error ) ) {
$res = new WP_Error( 'plugins_api_failed', $res->error );
} elseif ( ! is_wp_error( $res ) ) {
* Filters the Plugin Installation API response results.
* @param object|WP_Error $res Response object or WP_Error.
* @param string $action The type of information being requested from the Plugin Installation API.
* @param object $args Plugin API arguments.
return apply_filters( 'plugins_api_result', $res, $action, $args );
* Retrieve popular WordPress plugin tags.
function install_popular_tags( $args = array() ) {
$key = md5( serialize( $args ) );
$tags = get_site_transient( 'poptags_' . $key );
$tags = plugins_api( 'hot_tags', $args );
if ( is_wp_error( $tags ) ) {
set_site_transient( 'poptags_' . $key, $tags, 3 * HOUR_IN_SECONDS );
function install_dashboard() {
/* translators: %s: https://wordpress.org/plugins/ */
__( 'Plugins extend and expand the functionality of WordPress. You may automatically install plugins from the <a href="%s">WordPress Plugin Directory</a> or upload a plugin in .zip format by clicking the button at the top of this page.' ),
__( 'https://wordpress.org/plugins/' )
<?php display_plugins_table(); ?>
<div class="plugins-popular-tags-wrapper">
<h2><?php _e( 'Popular tags' ); ?></h2>
<p><?php _e( 'You may also browse based on the most popular tags in the Plugin Directory:' ); ?></p>
$api_tags = install_popular_tags();
echo '<p class="popular-tags">';
if ( is_wp_error( $api_tags ) ) {
echo $api_tags->get_error_message();
// Set up the tags in a way which can be interpreted by wp_generate_tag_cloud().
foreach ( (array) $api_tags as $tag ) {
$url = self_admin_url( 'plugin-install.php?tab=search&type=tag&s=' . urlencode( $tag['name'] ) );
'link' => esc_url( $url ),
'id' => sanitize_title_with_dashes( $tag['name'] ),
'count' => $tag['count'],
$tags[ $tag['name'] ] = (object) $data;
echo wp_generate_tag_cloud(
/* translators: %s: Number of plugins. */
'single_text' => __( '%s plugin' ),
/* translators: %s: Number of plugins. */
'multiple_text' => __( '%s plugins' ),
echo '</p><br class="clear" /></div>';
* Displays a search form for searching plugins.
* @since 4.6.0 The `$type_selector` parameter was deprecated.
* @param bool $deprecated Not used.
function install_search_form( $deprecated = true ) {
$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
$term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
<form class="search-form search-plugins" method="get">
<input type="hidden" name="tab" value="search" />
<label class="screen-reader-text" for="typeselector"><?php _e( 'Search plugins by:' ); ?></label>
<select name="type" id="typeselector">
<option value="term"<?php selected( 'term', $type ); ?>><?php _e( 'Keyword' ); ?></option>
<option value="author"<?php selected( 'author', $type ); ?>><?php _e( 'Author' ); ?></option>
<option value="tag"<?php selected( 'tag', $type ); ?>><?php _ex( 'Tag', 'Plugin Installer' ); ?></option>
<label class="screen-reader-text" for="search-plugins"><?php _e( 'Search Plugins' ); ?></label>
<input type="search" name="s" id="search-plugins" value="<?php echo esc_attr( $term ); ?>" class="wp-filter-search" placeholder="<?php esc_attr_e( 'Search plugins...' ); ?>" />
<?php submit_button( __( 'Search Plugins' ), 'hide-if-js', false, false, array( 'id' => 'search-submit' ) ); ?>
function install_plugins_upload() {
<div class="upload-plugin">
<p class="install-help"><?php _e( 'If you have a plugin in a .zip format, you may install or update it by uploading it here.' ); ?></p>
<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url( 'update.php?action=upload-plugin' ); ?>">
<?php wp_nonce_field( 'plugin-upload' ); ?>
<label class="screen-reader-text" for="pluginzip"><?php _e( 'Plugin zip file' ); ?></label>
<input type="file" id="pluginzip" name="pluginzip" accept=".zip" />
<?php submit_button( __( 'Install Now' ), '', 'install-plugin-submit', false ); ?>
* Show a username form for the favorites page
function install_plugins_favorites_form() {
$user = get_user_option( 'wporg_favorites' );
$action = 'save_wporg_username_' . get_current_user_id();
<p><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
<input type="hidden" name="tab" value="favorites" />
<label for="user"><?php _e( 'Your WordPress.org username:' ); ?></label>
<input type="search" id="user" name="user" value="<?php echo esc_attr( $user ); ?>" />
<input type="submit" class="button" value="<?php esc_attr_e( 'Get Favorites' ); ?>" />
<input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" />
* Display plugin content based on plugin list.
* @global WP_List_Table $wp_list_table
function display_plugins_table() {
switch ( current_filter() ) {
case 'install_plugins_favorites':
if ( empty( $_GET['user'] ) && ! get_user_option( 'wporg_favorites' ) ) {
case 'install_plugins_recommended':
echo '<p>' . __( 'These suggestions are based on the plugins you and other users have installed.' ) . '</p>';
case 'install_plugins_beta':
/* translators: %s: URL to "Features as Plugins" page. */
'<p>' . __( 'You are using a development version of WordPress. These feature plugins are also under development. <a href="%s">Learn more</a>.' ) . '</p>',
'https://make.wordpress.org/core/handbook/about/release-cycle/features-as-plugins/'
<form id="plugin-filter" method="post">
<?php $wp_list_table->display(); ?>
* Determine the status we can perform on a plugin.
* @param array|object $api Data about the plugin retrieved from the API.
* @param bool $loop Optional. Disable further loops. Default false.
* Plugin installation status data.
* @type string $status Status of a plugin. Could be one of 'install', 'update_available', 'latest_installed' or 'newer_installed'.
* @type string $url Plugin installation URL.
* @type string $version The most recent version of the plugin.
* @type string $file Plugin filename relative to the plugins directory.
function install_plugin_install_status( $api, $loop = false ) {
// This function is called recursively, $loop prevents further loops.
if ( is_array( $api ) ) {
// Default to a "new" plugin.
* Check to see if this plugin is known to be installed,
* and has an update awaiting it.
$update_plugins = get_site_transient( 'update_plugins' );
if ( isset( $update_plugins->response ) ) {
foreach ( (array) $update_plugins->response as $file => $plugin ) {
if ( $plugin->slug === $api->slug ) {
$status = 'update_available';
$version = $plugin->new_version;
if ( current_user_can( 'update_plugins' ) ) {
$url = wp_nonce_url( self_admin_url( 'update.php?action=upgrade-plugin&plugin=' . $update_file ), 'upgrade-plugin_' . $update_file );
if ( 'install' === $status ) {
if ( is_dir( WP_PLUGIN_DIR . '/' . $api->slug ) ) {
$installed_plugin = get_plugins( '/' . $api->slug );
if ( empty( $installed_plugin ) ) {
if ( current_user_can( 'install_plugins' ) ) {
$url = wp_nonce_url( self_admin_url( 'update.php?action=install-plugin&plugin=' . $api->slug ), 'install-plugin_' . $api->slug );
$key = array_keys( $installed_plugin );
// Use the first plugin regardless of the name.
// Could have issues for multiple plugins in one directory if they share different version numbers.
$update_file = $api->slug . '/' . $key;
if ( version_compare( $api->version, $installed_plugin[ $key ]['Version'], '=' ) ) {
$status = 'latest_installed';
} elseif ( version_compare( $api->version, $installed_plugin[ $key ]['Version'], '<' ) ) {
$status = 'newer_installed';
$version = $installed_plugin[ $key ]['Version'];
// If the above update check failed, then that probably means that the update checker has out-of-date information, force a refresh.
delete_site_transient( 'update_plugins' );
return install_plugin_install_status( $api, true );
// "install" & no directory with that slug.
if ( current_user_can( 'install_plugins' ) ) {
$url = wp_nonce_url( self_admin_url( 'update.php?action=install-plugin&plugin=' . $api->slug ), 'install-plugin_' . $api->slug );
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
