Discover in this tutorial how to get and display all the plugins of a remote WordPress installation using the REST API.
In some cases you may be interested in displaying (or getting) all the plugins of a remote WordPress installation, including the version, author or other data.
That’s why in this tutorial you are going to learn how you can get a list of all the plugins of a remote WordPress installation. This would be the result:
Let’s see it:
Steps to display all plugins in a WordPress installation using the REST API
1. Create a password for the REST API
The first thing you need to do is to create a new application password.
To do this go (in the WordPress installation where you want to authenticate) to Users > Profile and scroll down to the “Application Passwords” section.
Then fill in the new password name field (it can be anything) and click on “Add a new application password”.
Once done, the password name and password will be displayed.
Be sure to copy it and keep it safe because it will not be displayed again.
2. Get the endpoint data and display it with a shortcode
Once you have the credentials to authenticate with the REST API you can make the call to the endpoint to get the plugins.
In addition, you are going to encapsulate this data inside a shortcode to be able to show the list wherever you want.
Add the following code at the end of functions.php or in your functionality plugin:
With this code you create a shortcode that allows you to display a list of all plugins on a remote WordPress installation using the [plugin_list] shortcode.
In the first part of the snippet you define the variables:
username= WordPress username.
$password= Application password obtained in the previous step.
$website_url= The URL of the website.
$request_url= The URL where the request is made. In this case it is the concatenation:
$website_url . '/wp-json/wp/v2/plugins/'which accesses the REST API plugin endpoint.
Remember to change the value of the following variables to those of your case.
Then you use the
wp_remote_request function to get the endpoint for plugins (with the
The authentication part is done in the headers using the
base64_encode function to encrypt the username and password.
Once you get the information sent by the API you use the
wp_remote_retrieve_body functions to extract the data from the body and
json_decode to decode it.
And when you have the array with the data you use a loop (foreach) to extract the information you are interested in.
In this case, 3 details about the plugin information:
- Plugin name
[name]> with plugin link
- Plugin version
- Author’s name
[author]> with link to it
But you can remove or add more to customize it to your liking. These are all the details you can display:
You have more information about it on official WordPress developer page.
For example, for the Akismet plugin it returns something like this:
Array (  => stdClass Object ( [plugin] => akismet/akismet [status] => active [name] => Akismet Anti-Spam [plugin_uri] => https://akismet.com/ [author] => Automattic [author_uri] => https://automattic.com/wordpress-plugins/ [description] => stdClass Object ( [raw] => Used by millions, Akismet is arguably the world's best way to protect your blog from spam. It keeps your blog protected even when you sleep. To get started: activate the Akismet plugin and go to the Akismet settings page to set your API key. [rendered] => Used by millions, Akismet is possibly the best way in the world to protect your blog from spam. It keeps your blog protected even when you sleep. To get started: activate the Akismet plugin and go to the Akismet settings page to set your API key. By Automattic. ) [version] => 4.2.2 [network_only] => [requires_wp] => [requires_php] => [textdomain] => akismet [_links] => stdClass Object ( [self] => Array (  => stdClass Object ( [href] => https://yourwebsite.com/wp-json/wp/v2/plugins/akismet/akismet ) ) ) ) )
So you can customize the details you prefer to be displayed.
If you have any questions or suggestions you can leave them in the comments.
There is only one step left to view the list.
2. Insert the shortcode where you want
The advantage of shortcodes is that you can insert them anywhere on the web.
You only have to type
[plugin_list] where you want it to be displayed.
- If you are using the classic editor, use the HTML tab to enter the shortcode.
- In case you are already using the new block editor (Gutenberg) you can add it to the normal paragraph block, the HTML block or the shortcode block. All of them will render the content correctly.
This would be an example of the listing that the shortcode would display:
Now you know how to use the REST API to get and display all the plugins of a remote WordPress installation.
Any questions? I read you in the comments.
And if you want to give me any suggestion for future tutorials, leave it in the contact form. Advantages of being a subscriber. 😉