Installing custom MU plugins that are single-file PHP scripts

[corzel]

Hi,

If someone needs to install a custom mu-plugin with a single php file, according to documentation: "WordPress only looks for PHP files right inside the mu-plugins directory, and (unlike for normal plugins) not for files in subdirectories". By default SlickStack delete and recreate mu-plugins folder every day, so if you copy manually your mu-plugin this will be erased all the time.

So, to install it you can follow the following steps:

1. Zip your php file: my_mu-plugin.php -> my_mu-plugin.zip
2. Upload the zip file somewhere accessible in your server or externally. I used my own uploads directory. https://mydomain.xyz/wp-content/uploads/my_mu-plugin.zip
3. Edit ss-config: SS_MU_PLUGINS="custom"

Add new lines at the end of mu-plugins list, change XX for the next number of the list. As a destination directory put the name of you PHP file.

MU_PLUGIN_XX_SOURCE="https://mydomain.xyz/wp-content/uploads/my_mu-plugin.zip"
MU_PLUGIN_XX_DIR="my_mu-plugin.php"

4. Run ss-install-wordpress-mu-plugins sudo bash /var/www/ss-install-wordpress-mu-plugins

5. Check if your php file is in mu-plugins folder. The modification date/time must be the same (+- secs) than autoloader.php & xxx-notices.php

That's is all.

[jessuppi]

Thanks so much for the detailed information and testing this @corzel

You bring up a good point too, about whether SlickStack should have better support for single-file MU plugins. I don't think they are very common in most cases, although I see them for services like MainWP or ManageWP, etc. But if you have any specific coding suggestions that might make support easier, let us know.

But for now, anyway, your solution seems to work great. The reason we started to delete all /mu-plugins/ contents a few years ago is because my hosting service LittleBizzy would sometimes have customers install some plugin or theme (or their freelancers might do that) and eventually it would cause problems with our hosting config. For example, certain theme agencies like Elegant Themes now have these MU scripts they sort of "secretly" install to give their support agents access to your WordPress website without a password required... it's very shady and bad practice IMO.

So we got a little bit over-aggressive with deleting certain files and folders, which I've tried to relax with SlickStack in the past several months to better support more situations.

But I don't want to simply "skip" any single-file PHP files from our deletion process due to security concerns. I've considered white-listing certain single-file scripts for services like MainWP or ManageWP, however.

Anyway, more feedback on this is welcome, but I will close this for now since your solution works :)