feat: Add tool for updating single and multiple WordPress plugins

[Ref34t]

Description

This Pull Request introduces a new tool, update_plugins, to the WordPress MCP framework. This tool enables AI assistants to programmatically initiate updates for one or more specified WordPress plugins. It aims to enhance the MCP's capabilities by providing a robust and controlled mechanism for plugin management, directly leveraging WordPress core update functionalities.

Motivation

Currently, the WordPress MCP provides resources to retrieve plugin information but lacks a direct mechanism for AI assistants to trigger plugin updates. This new tool addresses that gap, allowing for more comprehensive and automated management of WordPress installations through AI-driven interfaces. This feature is crucial for maintaining site security and performance by ensuring plugins are kept up-to-date.

Technical Implementation Details

New File

• includes/Tools/McpPluginUpdateTools.php: This file contains the McpPluginUpdateTools class, which implements the core logic for the update_plugins tool.

Modifications

• includes/Core/WpMcp.php: This file was modified to:
  • Include the McpPluginUpdateTools class via a use statement.
  • Instantiate McpPluginUpdateTools within the init_default_tools() method, ensuring the tool is registered with the MCP framework upon initialization.

Tool Details

• Tool Name: update_plugins
• Description: Updates one or more WordPress plugins.
• Parameters:
  • plugin_slugs (array|string, required): A single plugin slug (e.g., 'akismet') or an array of plugin slugs (e.g., ['akismet', 'woocommerce']) to be updated. Plugin slugs can be obtained from the plugin-info resource.
• Output:
  The tool returns a JSON array of objects, where each object contains the status of an update attempt for a specific plugin. For each plugin, the output includes:
  • plugin_slug (string): The slug of the plugin that was targeted for update.
  • status (string): The result of the update operation. Possible values include success, failed, not_found, or no_update_available.
  • message (string): A human-readable message providing more details about the update status, including any error messages if the update failed.

Error Handling

The tool handles the following error conditions:

• No Plugin Slugs Provided: If the plugin_slugs parameter is empty or not provided, the tool returns a failed status with an appropriate message.
• Invalid Plugin Slug: If a provided plugin slug does not correspond to an installed plugin, the status for that plugin will be not_found.
• No Update Available: If a plugin is found but no update is currently available, the status will be no_update_available.
• Update Failure: If an update operation fails for any reason (e.g., file permissions, compatibility issues, wp_update_plugin returning a WP_Error), the status will be failed, and an appropriate error message will be provided.

Testing Plan

✅ Live Testing Completed

This feature has been thoroughly tested in a live WordPress environment during development. The following tests were performed:

Successfully Updated Plugins with Version Tracking:

• WP Mail SMTP: Updated successfully (version info now displayed)
• All-in-One WP Migration: v7.89 → v7.96
• Code Block Pro: v1.26.6 → v1.27.7
• Task Manager: v1.0.0 → v3.0.2 (major version jump)
• Testimonial Block: v0.1.0 → v1.0.0 (beta to stable release)
• WPForms Lite: v1.9.3.2 → v1.9.6.2

Plugins Already Up-to-Date:

• Advanced Custom Fields
• Leads Toolkit
• My Custom Block
• My Gutenberg Blocks
• Smart Post Logger
• WordPress MCP

Verified Response Format:

• ✅ old_version field correctly populated
• ✅ new_version field correctly populated
• ✅ Enhanced success messages include version information
• ✅ reactivated status properly reported
• ✅ Proper handling of "no update available" scenarios

Test Environment:

• Local WordPress development site (wordpress-local.test)
• Mixed plugin ecosystem (official plugins, custom plugins, premium plugins)
• Various update scenarios tested (minor updates, major version jumps, beta-to-stable transitions)

All tests confirmed the feature works as expected and provides valuable version tracking information that was previously missing.

Unit Testing

• Validate input parameters for plugin_slugs (empty, single string, array of strings).
• Verify correct identification of existing and non-existing plugins.
• Simulate scenarios for update availability and non-availability.
• Mock wp_update_plugin() to ensure correct calls and error handling for success and failure cases.
• Confirm output format adherence for all status types (success, failed, not_found, no_update_available).

Integration Testing

• Verify update_plugins tool registration with MCP.
• Conduct end-to-end tests with real plugin slugs to confirm successful updates.
• Test error propagation from wp_update_plugin() through the MCP tool's output.

Manual Testing

• Test single plugin updates.
• Test multiple plugin updates simultaneously.
• Test with non-existent plugins.
• Test with plugins for which no update is currently available.
• Evaluate behavior under insufficient WordPress permissions.

Future Considerations

• Rollback Functionality: Explore adding a mechanism to revert plugin updates in case of issues.
• Pre-update Checks: Implement more comprehensive pre-update checks (e.g., compatibility with current WordPress/PHP versions).
• Update Hooks: Integrate with WordPress update hooks for more detailed progress and status updates during long-running operations.

Checklist:

• Code follows WordPress coding standards.
• All new code is thoroughly commented with PHPDoc.
• Unit tests are written for new functionality (if applicable).
• Integration tests are considered and planned.
• Documentation is updated (if applicable).
• Changes are backward compatible.
• Security considerations have been addressed.

[Ref34t]

Hey @galatanovidiu did you have a chance to check this?

[galatanovidiu]

Hey @galatanovidiu did you have a chance to check this?

Sorry for the late reply.

I was on vacation, then I had to catch up with my daily work.

Thank you for this comprehensive PR! I can see you've put a lot of work into it. The plugin update functionality will be a valuable addition to the WordPress MCP framework.

I will try to review this PR today or tomorrow.

[galatanovidiu]

Sorry again for not getting back to you sooner. I have too many things to.

I just wanted to let you know that everything works well for me.
Only one suggestion for when you have time.
Could we please add a test for this?. I've created a PR that contains a test that is highly vibe-coded. You can see it here: https://github.com/Automattic/wordpress-mcp/pull/100/files#diff-8a1efcf96a7527dee3098d53780b72ac1429d0aa9d5923b237a1b6f35be1f456.

I will close my PR after we merge yours.

Thank you very much for taking the time to build this tool.