Back to blog

Sunday, January 12, 2025

Introducing Troy: Take Back Control of Your Code

Posted by

Sybre Waaijer

@sybrew@CyberWire
Sybre Waaijer
cover

A Simple Truth

Your code is yours. The people who use it deserve to receive your updates. No one should stand between you and the people who trust your work.

That's why we built Troy.

The Problem

WordPress has a wonderful ecosystem. Millions of sites, thousands of plugins, a vibrant community. But somewhere along the way, plugin distribution became centralized. One directory. One set of guidelines. One approval process. One organization deciding who gets to ship code.

This works—until it doesn't.

Plugins get removed for policy violations, sometimes without warning. Guidelines shift. Review queues stretch for weeks. Developers invest months into products only to find themselves locked out of their own update pipeline.

We've watched this happen. We've seen good developers caught in situations they didn't create. And we asked ourselves: why does updating a WordPress plugin require permission from anyone?

A Different Path

Troy is built on a simple idea: developers should control their own distribution.

With Troy, you host your own plugin repository. You decide when updates ship. You own the relationship with your users. There's no approval process, no waiting period, no uncertainty about whether your plugin will still be available next month.

Troy Server turns any WordPress installation into a plugin repository. Upload a ZIP, connect GitHub, and your plugins are ready to distribute.

Troy Client connects WordPress sites to Troy servers. Install it once, and every plugin with a Troy header receives updates automatically—right in the WordPress dashboard, just like plugins from WordPress.org.

Troy is an opt-in sideloading system. Developers choose to use it by adding a Troy: header to their plugins. It doesn't replace WordPress.org or affect plugins that don't opt in—it's an additional distribution channel for developers who want independence.

Why MIT?

WordPress is GPL. Most of its ecosystem follows that license. We chose differently.

The GPL has served open source well, but it comes with obligations. Code under GPL must stay GPL. Derivatives inherit the license. For some projects, that's fine. For others, it's a constraint that shapes decisions in ways that don't always serve the people using the code.

MIT is simpler. Use the code. Modify it. Ship it in commercial products. Build something new. The only requirement is keeping the copyright notice.

We believe open source works best when it's freely given—not because a license demands it, but because sharing makes the ecosystem stronger. Troy is a gift. Do what you will with it.

Privacy, Impersonal

Troy collects statistics—download counts, version distribution, PHP versions. This helps developers understand their user base. But we do it thoughtfully:

  • No domain names. We don't track where plugins are installed.
  • Rotating IDs. Every week, each site generates a new anonymous identifier.
  • HTTPS only. All communication is encrypted.

You'll never see a dashboard with your users' domains. That information doesn't exist because we don't collect it.

The Technical Bits

For site owners, Troy Client is a standard WordPress plugin. Install it, activate it, done. Any plugin with a Troy: header in its main file will receive updates automatically.

For developers, Troy Server needs a bit more horsepower. WordPress 6.8+, PHP 8.4+, MySQL 8.0.19+. Modern requirements for a modern system. Upload plugins manually, connect GitHub repositories for automatic releases, or use the REST API for custom integrations.

For those who want magic, Troy Embed is a code snippet you add to your plugin. It installs Troy Client silently when users activate your plugin. No extra steps for them—they install your plugin, and updates just work.

The full documentation is at /docs.

Who's Behind This?

Troy is built by CyberWire B.V.. I'm Sybre Waaijer, and you might know me from The SEO Framework—a WordPress SEO plugin I've maintained since 2014.

A decade of building WordPress plugins teaches you things. It teaches you that good code matters, but so does reliability. It teaches you that users trust developers to ship updates, and that trust is precious. It teaches you that the infrastructure of distribution can become a single point of failure.

Troy is the infrastructure I wish had existed years ago. Now it does.

What's Next

This is version 0.0.1184. The foundation. We have plans:

  • GitLab and Bitbucket integration
  • Enhanced theme support
  • More detailed analytics
  • One-click deployment workflows

But first, we want Troy to work reliably for the developers who need it. If that's you—if you've ever worried about your update pipeline, if you've ever wanted independence from centralized directories—give Troy a try.

Getting Started

Site owners: Install Troy Client. That's it.

Developers: Set up Troy Server. Add your plugins. Tell your users to install Troy Client (or use Troy Embed to do it automatically).

Everyone else: Read the introduction. Ask questions on GitHub Discussions. Explore the code—it's all open source.

A Final Thought

The WordPress ecosystem is stronger when developers have choices. When no single entity controls distribution. When the tools for sharing code are as free as the code itself.

Troy isn't an attack on WordPress.org. It's an addition to the ecosystem. Another option. A backup. A parallel path.

Your code is yours. Your users deserve your updates. Troy makes that possible.

Welcome to the new normal.

Troy is available now. MIT licensed. Free forever.