Installing GravityKit Products via Composer
GravityKit products are available through a private Composer repository. This is intended for developers and teams who already use Composer to manage their WordPress dependencies. If you’re not familiar with Composer, you can install and update GravityKit plugins directly from the WordPress dashboard or via WP-CLI.
Prerequisites #
- Composer 2 or later (
composer --versionto check). See the Composer installation guide if you don’t have it yet. - Command-line access to your server or local development environment
- A GravityKit license key, available on your Account page
Quick Start #
If you already have a composer.json in your project, run these commands from your project root:
# Add the GravityKit repository
composer config repositories.gravitykit composer https://composer.gravitykit.com
# Store your credentials (license key + site URL)
composer config http-basic.composer.gravitykit.com YOUR_LICENSE_KEY https://example.com
# Install a plugin
composer require gravitykit/gravityviewReplace YOUR_LICENSE_KEY with your license key and https://example.com with the URL of the site where the license is activated.
Don’t have a composer.json yet? Run composer init first, then come back to the commands above.
After Composer finishes, the plugin files will be in your wp-content/plugins/ directory. You’ll still need to activate the plugin in WordPress (under Plugins → Installed Plugins), just as you would with any manually installed plugin.
Authentication #
The GravityKit Composer repository uses HTTP Basic Auth. Your license key is the username and your site URL is the password.
There are two ways to store your credentials:
Option 1: CLI command
composer config http-basic.composer.gravitykit.com YOUR_LICENSE_KEY https://example.comThis saves the credentials to an auth.json file in your project directory.
Option 2: Manual auth.json
Create an auth.json file in your project root:
{
"http-basic": {
"composer.gravitykit.com": {
"username": "YOUR_LICENSE_KEY",
"password": "https://example.com"
}
}
}Either way, add auth.json to your .gitignore. It contains credentials and should never be committed to version control.
Setting Up composer.json #
Your composer.json needs the GravityKit repository and the composer/installers package, which routes plugins into wp-content/plugins/:
{
"repositories": [
{
"type": "composer",
"url": "https://composer.gravitykit.com"
}
],
"require": {
"composer/installers": "^2.0",
"gravitykit/gravityview": "^2.54",
"gravitykit/advanced-filter": "*"
},
"config": {
"allow-plugins": {
"composer/installers": true
}
},
"extra": {
"installer-paths": {
"wp-content/plugins/{$name}/": ["type:wordpress-plugin"]
}
}
}If your project already requires composer/installers and has installer-paths configured, you only need to add the repository and the GravityKit packages to require.
Then run:
composer installTo add a plugin to an existing project without editing composer.json by hand:
composer require gravitykit/gravitychartsAvailable Packages #
All GravityKit plugins are available as Composer packages. Which packages you can access depends on your license tier.
gravitykit/advanced-elementor-widgetgravitykit/advanced-filtergravitykit/alphabetical-filtersgravitykit/dashboard-viewsgravitykit/datatablesgravitykit/diy-layoutgravitykit/featured-entriesgravitykit/gravity-forms-dynamic-lookupgravitykit/gravity-forms-elementor-widgetgravitykit/gravity-forms-entry-tagsgravitykit/gravity-forms-event-fieldgravitykit/gravity-forms-zero-spamgravitykit/gravityactionsgravitykit/gravityboardgravitykit/gravitycalendargravitykit/gravitychartsgravitykit/gravityeditgravitykit/gravityexportgravitykit/gravityexport-litegravitykit/gravityimportgravitykit/gravitymathgravitykit/gravitymigrategravitykit/gravityrevisionsgravitykit/gravityviewgravitykit/magic-linksgravitykit/mapsgravitykit/multiple-formsgravitykit/ratings-reviewsgravitykit/social-sharing-seo
Version Constraints #
You can pin to an exact version or use Composer’s version constraint syntax:
| Constraint | Meaning |
|---|---|
"*" | Latest available version |
"2.56" | Exact version |
"2.54.*" | Latest patch in the 2.54.x line |
"^2.54" | Compatible release (>=2.54, <3.0) |
"^2.54" is a good default: you get bug fixes and minor updates automatically while staying protected from breaking changes. Use an exact version like "2.56" when you want to control every update manually.
# Install an exact version
composer require gravitykit/gravityview:2.56
# Install latest patch in 2.54.x
composer require "gravitykit/gravityview:2.54.*"To see all available versions of a package:
composer show gravitykit/gravityview --allUpdating Plugins #
To pull the latest versions allowed by your constraints, run:
composer update gravitykit/*To update a single plugin:
composer update gravitykit/gravityviewThis updates the packages and writes the resolved versions to composer.lock. Commit composer.lock to version control so that composer install reproduces the exact same versions in every environment (staging, production, teammates’ machines).
Important: When you manage plugins via Composer, always update through Composer rather than the WordPress dashboard. The WordPress dashboard may still show available updates for GravityKit plugins, but applying those updates from the dashboard would overwrite the Composer-managed files and cause your composer.lock to fall out of sync with what’s actually installed.
CI/CD and Automated Deployments #
In CI/CD pipelines, store credentials in environment variables rather than committing them to your repository.
Composer reads the COMPOSER_AUTH environment variable, which accepts a JSON-encoded auth object:
COMPOSER_AUTH='{"http-basic":{"composer.gravitykit.com":{"username":"YOUR_LICENSE_KEY","password":"https://example.com"}}}'This takes precedence over any auth.json file on disk.
GitHub Actions
Store the JSON as a repository secret named COMPOSER_AUTH:
- name: Install dependencies
run: composer install --no-dev --optimize-autoloader
env:
COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH }}GitLab CI
deploy:
script:
- composer install --no-dev --optimize-autoloader
variables:
COMPOSER_AUTH: $COMPOSER_AUTH # Set in GitLab CI/CD > VariablesTroubleshooting #
401 Unauthorized
Credentials weren’t sent with the request. Make sure you’ve run composer config http-basic.composer.gravitykit.com or have a valid auth.json in your project. In CI, check that the COMPOSER_AUTH environment variable is set.
403 Forbidden
Credentials were rejected. This can mean the license key is incorrect, expired, or deactivated. Verify on your Account page that the license is active and the key is correct.
Package not found
The package may not be included in your license tier. Check which plugins are part of your plan on the Account page.
Could not find a matching version
The version you specified doesn’t exist. Run composer show gravitykit/gravityview --all to see available versions.
Credentials work locally but fail in CI
The COMPOSER_AUTH secret may not be set in your pipeline environment, or the JSON may contain unescaped characters. Validate the JSON before storing it as a secret.
composer/installers blocked by allow-plugins
Composer 2.2+ requires Composer plugins to be explicitly allowed before they can run. The composer/installers package is a Composer plugin that places WordPress plugins in wp-content/plugins/ instead of the default vendor/ directory. If it’s not in your allow-list, Composer blocks it and packages end up in the wrong location (or the install fails entirely).
To fix this, run:
composer config allow-plugins.composer/installers trueThis is a one-time setup. Most WordPress Composer projects (including Bedrock) already have this configured.
