These docs have been generated using AI. Expect inaccuracies until we remove this banner.

Frequently Asked Questions

General

What is Troy?

Troy is an independent plugin distribution system for WordPress. Developers host their own repositories; users receive updates directly—no centralized directory required.

Why "Troy"?

Like the ancient city that withstood siege, Troy is built for independence and resilience. And yes, there's a horse involved—but this one's here to help.

Is Troy free?

Yes. All Troy components are MIT licensed. Free as in freedom, free as in beer.

Who's behind Troy?

CyberWire B.V., led by Sybre Waaijer—the developer behind The SEO Framework.

Technical

Does Troy replace WordPress.org?

No. Troy only handles plugins that explicitly opt in via a Troy header. Everything else continues through WordPress.org normally.

Can I host plugins on both WordPress.org and Troy?

Yes—this is a common and recommended setup.

Troy headers are inert metadata that WordPress.org ignores. You can publish the exact same plugin file on both platforms:

  • Sites with Troy Client → updates come from your Troy Server
  • Sites without Troy Client → updates come from WordPress.org

How it works:

  1. Add a Troy header to your plugin (WordPress.org allows this—it's just metadata they ignore)
  2. Upload to WordPress.org as usual
  3. Connect your WordPress.org plugin to Troy Server via Integrations
  4. Troy Server automatically imports new releases from WordPress.org

This keeps both platforms in sync. When you release on WordPress.org, Troy Server can auto-import the new version within minutes.

What you can't do:

Don't embed Troy Client installation code (via Troy Embed) in plugins hosted on WordPress.org. This violates their guidelines about plugins installing other plugins without explicit user consent. Instead, distribute Troy Client separately via a Troy Package.

Are Troy headers compatible with WordPress.org?

Yes. The Troy header is custom metadata that WordPress.org ignores entirely. Their plugin validator doesn't flag it, and it doesn't affect how your plugin functions on sites without Troy Client.

How is Troy different from Update URI?

Update URI: is a WordPress Core header that's banned on WordPress.org—but even if you use it elsewhere, it has critical flaws:

  1. WordPress.org can override it. If WordPress.org registers a plugin with your slug, their update takes precedence and your Update URI filter never runs. This is a supply chain attack vector.
  2. Data leaks first. WordPress sends all your plugin metadata to WordPress.org before the Update URI filter runs. Your plugin name, version, and site URL are already exposed.

Troy works differently:

  • Proactive filtering. Troy Client removes Troy plugins from the WordPress.org request before it's sent. WordPress.org never sees them.
  • No override possible. Troy handles updates through its own mechanism, completely separate from WordPress Core's update flow.
  • Inert headers. The Troy header is just metadata—it doesn't trigger any WordPress Core behavior that could be exploited.

Is Troy secure?

Troy is designed with security and privacy as core principles:

  • Encrypted in transit — All communication uses HTTPS exclusively
  • Privacy-preserving analytics — Statistics use rotating UUIDs and strip identifying information before transmission
  • No central data collection — Your plugin inventory stays between you and your chosen servers
  • Fully open source — Every component is available on GitHub for independent security audits

What about multisite?

Troy Client works on WordPress multisite. Network-activate it for site-wide coverage.

Troubleshooting

Updates aren't showing

  1. Troy Client active? — Updates require Troy Client
  2. Troy header present? — Your plugin needs Troy: server.com
  3. Transients stale? — WordPress caches update checks
  4. Server published? — Is the plugin public on your Troy Server?
  5. Version higher? — Server version must exceed installed version

→ Troy Client Troubleshooting

Plugin won't auto-install

If Troy Embed or Installer fails:

  1. Permissions — Does WordPress have write access to /plugins/?
  2. Host restrictions — Some hosts block programmatic installs
  3. Firewall — Can your server reach repo.deploytroy.org?

Fall back to manual: download ZIP, upload via Plugins → Add New.

GitHub sync errors

  1. Token valid? — Personal Access Tokens expire
  2. Format correct? — Use username/repo, not full URL
  3. Releases exist? — Tags alone aren't enough; create GitHub Releases

→ GitHub Integration

Community

What's on the roadmap?

See the public roadmap. Highlights: GitLab/Bitbucket support, theme distribution, analytics dashboard.

How can I contribute?

GitHub — Bug reports, pull requests, documentation. All welcome.

Where can I get help?

Learn moreLearn moreLearn more

Getting Started

IntroductionQuick Start

Troy Client

InstallationHow It WorksAPI ReferenceCode ReferenceTroubleshooting

Troy Server

InstallationAdding PluginsPackagesGitHub IntegrationAPI ReferenceCode ReferenceTroubleshooting

Plugin Devs

Troy HeadersDependenciesTroy EmbedTroy Installer

Advanced

Troy Client DaemonFAQ