Skip to content

Private or Commercial WordPress Plugins as Composer Dependencies

Bedrock (and by extension Trellis) uses Composer to manage its dependencies, which includes WordPress themes and plugins. This is great for version control as many WordPress plugins are easily available via WordPress Packagist, but what happens when you need to add a private, commercial, or paid plugin to your site? This guide will explain a simple way to add private plugins to your site via Composer.

There are many ways to add private or paid plugins to your Bedrock-based project. Popular methods include:

For the purposes of this document we will focus only on the first option: private Git repositories. We welcome contributed guides covering these methods or others.

Note: We recommend hosting private and commercial plugins in private Git repositories. GitHub offers private repositories for free and BitBucket includes them in its limited free plan. The following guide assumes you’re using a GitHub private repository.

# Create a private GitHub repository for your plugin

Create the repository as normal and clone the empty repository to your computer.

$ git clone

Create composer.json

In your empty repository, create a file named composer.json with the following content (edited to include your correct user, repository, and plugin information):

  "name": "YourGithubUsername/example-plugin",
  "description": "",
  "keywords": ["wordpress", "plugin"],
  "homepage": "",
  "authors": [
      "name": "Original Plugin Author's Name",
      "homepage": ""
  "type": "wordpress-plugin",
  "require": {
    "php": ">=8.0"

Composer can create a skeleton composer.json for you: Just run composer init in your empty directory.

# Copy plugin files into your repository

Copy all the plugin’s files into your new repository.

# Commit your plugin to Git and push your changes to GitHub

Run each of the following commands from your repository directory:

Add all of your plugin’s files to Git.

$ git add .

Commit your changes

Include the plugin’s version number in your commit message so that you can easily reference it later!

$ git commit .

# Tag the release

Composer will need a way to know the version of a plugin. Fortunately, it understands git tags and can interpret them correctly if they use semantic versioning, so we’ll be using those.

Let’s assume you’re pushing SearchWP version 2.9.14. That means we’ll be creating the 2.9.14 tag. Remember, tags are tied to commits, so be sure to commit all your changes before creating the tag.

$ git tag 2.9.14

Push your changes, and your tags to GitHub:

$ git push --tags

Tags pushed to GitHub will automatically be turned into “Releases,” a feature of GitHub. You can also create releases manually on the GitHub website.

Edit your Bedrock composer.json file, add your repository and plugin

In your Bedrock site’s composer.json

  • Add a new your GitHub repository to the repositories section referencing your GitHub repository:
  "repositories": [


      "type": "vcs",
      "url": ""


  • Add your plugin to the require section using the version number you named your release after:
  "require": {


    "YourGitHubUsername/example-plugin": "2.9.14",



# Update your dependencies

Run composer update in your Bedrock directory to get your new plugin.

Join the discussion on Roots Discourse


Last updated

Support Roots

Help us continue to build and maintain our open source projects. We’re a small team of independent developers and every little bit helps.

Sponsor Roots on GitHub