Git Repos Manager lets WordPress admins discover repositories tagged with wp-plugin, install SHA-256 verified release ZIPs through the native upgrader, and track managed plugins per release channel across single-site and multisite networks — with full WP-CLI coverage.
The interface works better as a standalone product preview than as a cramped hero aside. This gives the repository list, install actions, and source-profile controls enough horizontal room to read cleanly.
A WordPress-native admin screen for browsing eligible repositories, resolving release assets, and deciding which plugins should participate in ongoing update checks.
wp-plugin topic so discovery stays intentional.
.zip release asset with application/zip content type.
.sha256 sidecar
Managed installs verify the ZIP fingerprint against the matching .sha256 asset before extraction.
This product keeps GitHub as the source of truth without forcing admins into a foreign interface. Discovery, installation, release metadata, authenticated downloads, and update checks all stay inside WordPress conventions.
Repositories only appear when they are explicitly tagged with wp-plugin, which keeps the plugin list intentional instead of dumping every repo in an org.
Release ZIP assets are installed through the WordPress upgrader stack, so the experience stays familiar to admins and compatible with core plugin handling.
Admins mark repositories as Tracked to opt them into update checks. Tracking state is shown separately from WordPress activation, so network-active plugins are not confused with tracked repositories.
Per-source PATs unlock private repositories and authenticated downloads. Tokens are encrypted at rest with AES-256-GCM, masked in the UI, and resolved per repository owner. Classic ghp_, fine-grained github_pat_, and newer gh* token prefixes are all accepted.
Repository and release payloads are cached, a rate-limit lockout prevents thrashing the API, and the settings page exposes a force-check utility when you need fresh data now.
Auth failures, missing releases, bad ZIP assets, and not-found responses are surfaced with explicit admin-facing error messages instead of silent failure modes.
Set a default channel and override per plugin to choose between stable and pre-release tracks. The updater respects the configured channel when resolving the next release.
Manage sources, channels, cache, and plugin install/update/uninstall from the command line: wp gpw source, wp gpw channel, wp gpw cache flush, wp gpw plugins.
A dedicated Network Admin screen manages sources, encrypted tokens, tracked repos, cache, and diagnostics at the network level. A Sites column gives super admins lazy-loaded per-subsite activation details.
Managed installs and updates download the release ZIP plus its .sha256 sidecar, compute the fingerprint locally, and refuse extraction on mismatch. Verification state is surfaced in the admin UI and CLI output.
The setup flow is straightforward, but the product stays opinionated where it matters: source-level credentials, topic filtering, release asset validation, and explicit active-repo selection.
Add one or more GitHub user or organization targets. Each source can carry its own optional PAT. On multisite, use Network Admin -> Git Plugins.
Use the wp-plugin topic, create a release, attach a real .zip asset, and publish a matching .sha256 sidecar.
The plugin builds a clean list of eligible repositories, resolves the latest release on the chosen channel, and exposes install actions and a Tracked toggle.
Use Refresh or Force Refresh Cache from the settings page to flush cached GitHub data and re-run update checks — or drive the same workflows with wp gpw commands.
Each source stores a target name and optional PAT. That makes public orgs, private client repos, and mixed environments manageable without awkward credential reuse.
The installer prefers ZIP assets from the latest published release and falls back carefully, which means your release process stays explicit and auditable.
Install, uninstall, active-state saving, settings notices, and update integration all sit inside WordPress conventions instead of bolted-on custom flows.
The plugin resolves a token per repository owner, which is the right mental model when one admin instance needs to talk to multiple GitHub accounts or orgs.
The product story here is operational confidence: discover repos, install from release assets, keep selected plugins active for checks, and let WordPress core surface version changes in a familiar way.
Query configured users or orgs and filter down to repos that explicitly declare themselves as WordPress plugins.
Pull the newest release on the configured stable or pre-release channel, fall back to release lists when needed, and reject incomplete release metadata.
Download the ZIP plus its .sha256 sidecar, verify the fingerprint locally, then hand the archive to the native upgrader with GitHub auth headers scoped to approved hosts.
Only repositories marked Tracked are included in ongoing update checks. On multisite, tracking is network-wide while activation still follows site-active vs network-active rules.
The strongest part of the product is restraint. It narrows discovery, validates releases, scopes credentials by source, and handles bad API states explicitly.
When GitHub rate limiting is detected, requests pause instead of hammering the API. That protects both reliability and operator sanity.
PATs are encrypted at rest with AES-256-GCM, masked in the UI, and only decrypted for outbound calls. Authorization headers are injected exclusively for approved GitHub hosts, and salt-rotation detection prompts re-entry when keys change.
Managed installs require a matching .sha256 sidecar. The plugin computes the ZIP hash locally and aborts before extraction on mismatch, with verification state surfaced in the admin UI and WP-CLI output.
Settings and plugin action endpoints require WordPress capabilities (manage_options, install/delete plugin caps) and validate repository identifiers, plugin files, channel values, and multisite pagination before any action runs.
Missing releases, invalid repo names, auth failures, and transport problems surface as actionable WordPress notices instead of vague silent breakage.
On multisite, sources, encrypted tokens, tracked repos, cache, and diagnostics live at the network level — with a Sites column that lazy-loads per-subsite activation details for super admins.
Git Repos Manager is for teams that want WordPress-native installs and updates without giving up GitHub as the source of truth for plugin distribution.