You can access the list of Plugins of your P4 instance from your Admin Dashboard > Plugins.

KEY INFOs >> 

  1. Each plugin MUST pass the security review before being installed. More info at the bottom of the page
  2. DO NOT Enable automatic updates of any plugin. Updates are done via Composer for all P4 sites.
 

Are you a Dev? Please read me

Installation and updates of plugins is happening via the composer scripts. All the plugins that are present in all installations are defined in the common composer file.

Additionally, plugins that are installed only on a specific P4 site is defined in the composer file for that site. For example, Loco Translate is only installed on the handbook site, and is defined in the handbook composer file.

Open source plugins are being pulled from wpackagist.org . To add a plugin, you have to find the correct wpackagist record, copy the line and insert it in the composer file as the loco translate example above.


Plugins and Themes used in all P4 sites

Planet4 Master Theme

Theme made in-house. Contains both the presentation and the functionality of Planet4. On github

Planet4 Child Theme

Used in cases that we need to modify the presentation of a single site. We have one such plugin for each NRO and they can be seen on their respective github repositories.

Planet4 – Blocks

Our in-house made P4 plugin! Creates all the blocks that will be available for usage by Shortcake. On github.

Akismet Anti-Spam

Akismet is quite possibly the best way in the world to protect your blog from spam. Your site is fully configured and being protected, even while you sleep. More info in P4 > Settings.

CMB2

CMB2 will create metaboxes and forms with custom fields that will blow your mind. More info on the wp.org plugin page.

GDPR Comments

Allows administrators to anonymize the IPs of visitors who comment on the website, and retroactively delete the IPs from comments in the database.  Instructions on setup

Google Apps Login

Simple secure login for WordPress through users’ Google Apps accounts (uses secure OAuth2, and MFA if enabled). More info in Login to P4 or in the wp.org plugin page.

Greenpeace Media Library

Our in-house made P4 plugin that allows P4 connection with the awesome Greenpeace Media library. Check the plugin on github.

Redirection

Manage all your 301 redirects and monitor 404 errors. More on Redirects (LUCA ADD ME ONCE DONE!) or on the wp.org plugin page.

Shortcake (Shortcode UI)

User Interface for adding shortcodes. More info on the wp.org plugin page.

Timber

Required by the Planet4 master theme. The WordPress Timber Library allows you to write themes using the power of Twig templates. More info on the wp.org plugin page

WordFence

Anti-virus, Firewall and Malware Scan. More info on the wp.org plugin page.

KEY INFO“Live Traffic” in WordFence conflicts with Google Apps login (above). DO NOT ENABLE “Live Traffic”, otherwise the Google login won’t work.

 

WP Redis

WordPress Object Cache using Redis. Requires the PhpRedis extension (https://github.com/phpredis/phpredis). More info on the wp.org plugin page.

WP-Stateless

Upload and serve your WordPress media files from Google Cloud Storage. More info on the wp.org plugin page.


Plugins and Themes used in some P4 sites

WPML

Used in our sites that require more than one language. More info on Set up a Multi-Language P4 Site  or at https://wpml.org/

Loco Translate

Translate Planet4 themes and plugins directly in WordPress. Used only in this awesome handbook site. More info at Translate P4 theme, strings (commands) and plugins or in the wp.org plugin page.

IdeaPush

Allows submissions of ideas for feature requests directly in WordPress. Used only in this awesome handbook site. More info at Improving P4  or in the wp.org plugin page.


Plugins NOT used

SEO plugins

P4 has no SEO plugin installed or recommended.

SEO plugins do a lot of things, some of which are not even things that should be done (yes, trying to “trick” Google into thinking that a page is something different than it is, by modifying the title or the metadata for browser or search engines is a “disaster waiting to happen”).

We have identified several features that are also being offered by some SEO plugins, such as open graph data (PLANET-1888, released in v1.8 , handled by the p4 master theme) or write beautiful URLs (using core WP functionality with small taxonomy modifications handled in our master theme PLANET-1879, released in v1.9 ).

Our choice of operation is not “There is a plugin, let’s install it and see what it does”, but “We need feature A, let’s find the best way to deliver its functionality”.


The P4 Plugin review process

The philosophy of adding plugins to a P4 site can be summarized in the following:

We have described a process that should be followed every time a plugin is considered.

1) Decide on the features you want

2) Investigate if these can be done by WordPress core

3) If not, investigate what 3rd party plugins exist, and a do a functional fit analysis

4) Do a security analysis of the selected plugins, including reputation, maintenance history, and code analysis

5) Install them on the test server and do a thorough testing (using both automatic testing and manual testing) to see if they create problems in other areas of P4.

6) Get them installed on the relevant site, by having them being added to the relevant composer file

We will have to repeat that you must be very very very careful before adding plugins to your site, as you are endangering the whole greenpeace domain.

In case we find that you have installed a plugin that creates security issues or that it has been added without correct documentation (Functional fit and security analysis), we will remove it immediately to safeguard the rest of the website. 

In cases where a plugin is added only to one site and not to the planet4 core, there is an extra complication that needs to be taken in to serious consideration:
When a plugin is installed on a site only, independently from the planet4 core, then the sites owner/administrators (The NRO or the campaign, or the project team) has to take the responsibility for that plugin or extra code forever.
If the plugin has a security update, they need to update it. (Or if they don’t know how, to hire a developer or an agency to keep it up to date). Or we (the planet4 team) will have to remove it from the platform (even if this means broken functionality). So, any such plugin that you add, creates a future responsibility (and quite possibly a budget expenditure) for the owners/administrators of the site. Additionally, if your plugin at some point is not compatible with the core application or the infrastructure, it is not the Planet4 team’s responsibility to make the core compatible with your extra plugins.


Links & Resources