Troy Client is a lightweight WordPress plugin that enables your site to receive plugin updates from decentralized Troy Server repositories in addition to WordPress.org.
You may have received Troy Client when installing The SEO Framework via our bundled installer, or alongside Extension Manager. This article explains what it does, why it exists, and how it affects your site.
Why does Troy Client exist?
Traditionally, WordPress plugins that aren’t on WordPress.org must update themselves — the update logic is built into the plugin. This works, but it has a critical weakness: if the plugin breaks or is inactive, it can’t receive updates. A fatal error, accidental deactivation, or server issue can leave you stuck on a broken version with no way to receive a fix.
Troy Client solves this by separating the update mechanism from the plugins it updates. Troy Client’s only job is to check for updates and deliver them. If The SEO Framework or Extension Manager has an issue, Troy Client can still fetch and install a fix.
Additionally, Troy Client allows plugin developers to distribute updates independently of WordPress.org. This gives developers more control over their distribution pipeline and ensures users always receive updates, regardless of what happens on centralized platforms.
How does Troy Client work?
Troy Client looks for plugins that have a Troy: header in their main plugin file. This header tells Troy Client which server to contact for updates. For example:
<?php
/**
* Plugin Name: The SEO Framework
* Troy: repo.theseoframework.com
*/When WordPress checks for updates, Troy Client intercepts the request for plugins with Troy: headers and fetches update information from the specified repository instead of WordPress.org.
Updates are delivered through WordPress’s standard update mechanism — you’ll see them in the Dashboard just like any other plugin update.
What’s the performance impact?
Troy Client is designed to be lightweight:
- Front-end impact is negligible (about 0.29ms). A typical WordPress site takes 1500x that time to render. Troy Client doesn’t load assets or run queries on the front-end.
- Hooks only fire when WordPress checks for updates or makes HTTP calls — not on every page load.
- No database queries on regular page views.
- Shared update logic — multiple Troy-enabled plugins share one updater instead of each bundling their own.
In practice, you won’t notice any performance difference.
Why can’t I deactivate or remove Troy Client?
When you have plugins installed that depend on Troy Client for updates, deactivating Troy Client would break their update path. To prevent you from accidentally stranding plugins without an update source, Troy Client protects itself from removal while dependencies exist.
You can see which plugins depend on Troy Client by visiting Tools → Site Health → Info → Troy Client.
To remove Troy Client:
- Deactivate and delete all Troy-enabled plugins (e.g., Extension Manager). Troy Client lists the dependent plugins.
- If you want to keep The SEO Framework, reinstall it from WordPress.org — this version doesn’t come bundled with Troy Client.
- Now you can deactivate and delete Troy Client.
What data does Troy Client send?
Troy Client sends the minimum data needed for update delivery:
- Rotating site ID — a random identifier that changes weekly, no persistent fingerprinting
- Plugin slugs and versions — only Troy-enabled plugins, not your entire install list
- PHP and WordPress versions — used to determine compatibility before offering updates
- Locale preferences — which translations you need
Troy Client never sends your domain name, email addresses, usernames, site settings, or full plugin lists. All communication is HTTPS-only.
For full details, see the Troy Privacy documentation.
Learn more about Troy
Troy is an open-source project created by Sybre Waaijer (the creator of The SEO Framework) to give plugin developers independence from centralized distribution platforms.