In Moodle 2.3 a new feature was implemented to enable site admins get alerts when a plugin that they were using in their Moodle site had been updated in the plugin directory. This would send the admin an email about the update. It was also possible to check for available updates through the admin user interface too. See release notes.
In Moodle 2.4 this was brought a step further. Not only did Moodle tell the site admin that a plugin update was available, but they could now update it through the admin user interface. This was a great step forward.
Now with Moodle 2.5 has take this feature to its next natural step, and enables a site admin to search for and install plugins from the Moodle Plugin Directory directly rather than having to upload via FTP. It is also possible to upload a zip of a plugin and not just pull from the plugins directory.
So what about checking the plugin?
The new system makes it much easier to manage the add-ons in the Moodle site. Once you select the plugin to install it will copy it to the server and validate it. There is a set of technical checks it goes through to validate and once it is complete you can then proceed to install.
Moodle then goes through the normal upgrade process.
Once installed, it is the same as if you had done it manually.
The below video shows the process by which a site admin installs the block Progress Bar into the Moodle site just using the web interface.
Some things to note.
To make use of the feature requires certain permissions on the server to work which many managed hosts will not provide as it means that code they have not approved and audited themselves can be installed on a Moodle for which they are responsible. This is fair enough as it would be unreasonable to ask someone to stand over an installation that they do not control.
Also, it should be understood that as with any code change to a site it is always prudent to have a full site backup before any change is made. Where this feature is available in other applications like wordpress it always recommends that step too. When installing the add-on you have to tick an acknowledgement about this topic.
“I understand that it is my responsibility to have full backups of this site prior to installing add-ons. I accept and understand that add-ons (especially but not only those originating in unofficial sources) may contain security holes, can make the site unavailable, or cause private data leaks or loss.”
Lastly, it should be noted that where admins are using source code repositories such as GIT to manage their code this feature is not really usable on the live site, however would be useful in a test site where people want to try out a plugin before formally requesting inclusion into the managed implementation.
If you do not want to have the web-based admins install add-ons from the interface, you can just add the following line to your config.php
$CFG->disableonclickaddoninstall = true;