Install public repos to WordPress
RepoMan adds selected WordPress plugins hosted in public GitHub repositories to the native Plugins > Add New search results.
When a search matches an entry in the bundled plugin-repos.json index, RepoMan displays the matching repositories ahead of WordPress.org results using standard WordPress plugin cards. Plugins are installed directly from their GitHub branch archives.
RepoMan automatically detects each repository’s default branch, with master and main used as fallbacks when necessary. During installation, the extracted GitHub archive directory is renamed to the configured plugin slug before WordPress selects the final installation destination.
Hosts, agencies, and developers can replace the bundled repository index by defining the REPOMAN_PLUGIN_INDEX_PATH constant with the path to a readable custom plugin-repos.json file. This allows a privately maintained plugin catalog to be used without modifying or forking RepoMan.
RepoMan also prevents WordPress.org update packages from being offered for plugins whose main file contains a GitHub Plugin URI or Update URI header, along with several explicitly protected plugin slugs. This protection applies whether those plugins are active or inactive.
RepoMan only exposes repositories listed in the bundled or configured index. It does not search all of GitHub, access private repositories, assess third-party code, or provide ongoing GitHub updates by itself.
- replaces raw string matching with WordPress's native
get_file_data()parser forGitHub Plugin URIandUpdate URImetadata - limits header inspection to the first 8 KB while continuing to silently skip plugin files that disappear or become unreadable during plugin operations
- silently skips plugin files that temporarily disappear or become unreadable during normal plugin installation, update, or removal operations
- scans each plugin main file once for both
GitHub Plugin URIandUpdate URIheaders - checks explicitly protected plugin slugs before scanning plugin files to avoid unnecessary file reads
- removes unused placeholder rating and rating-count values from the bundled plugin index while retaining zero-value defaults required by WordPress plugin cards
- skips and logs plugin entries whose slugs are missing or sanitize to an empty value
- keeps the first plugin entry for each sanitized slug and skips and logs later duplicates
Tested up to:bumped to 7.0
- removes the shared
repoman_installing_plugintransient andupgrader_post_installfolder rename used by earlier releases - maps each GitHub package URL to its configured plugin slug for the current PHP request and passes that slug through
upgrader_package_optionsonly for new plugin installs - validates the extracted plugin first, then renames its temporary GitHub archive folder during
upgrader_source_selectionat priority20before WordPress chooses the final install directory - uses the WordPress filesystem API for the folder move and returns explicit errors when the filesystem is unavailable, the target folder already exists, or the move fails
- prevents overlapping installs from sharing the wrong slug while leaving plugin updates, themes, WordPress.org packages, and unrelated installs unchanged
- prevents RepoMan plugins from repeating on later search pages and preserves WordPress.org result totals
- limits GitHub ZIP probe response bodies to one byte to reduce memory use during availability checks
- handles
WP_Errorand non-200 GitHub API or ZIP responses before parsing metadata or accepting download URLs
- rejects non-array top-level JSON values, skips malformed non-array entries, and returns an error when no valid plugin entries remain
- requires repository values to contain exactly one GitHub
owner/repopair using supported owner and repository characters - prevents punctuation-only or otherwise empty sanitized search terms from matching plugin slugs
- normalizes
plugin-repos.jsonformatting and alphabetical ordering
- added
littlebizzy/verified-customers
- added support for overriding the bundled plugin index using the
REPOMAN_PLUGIN_INDEX_PATHPHP constant - allows hosts and agencies to supply a custom
plugin-repos.jsonfile without forking RepoMan - default bundled index remains unchanged and is used automatically when no override is defined
- bumped
Tested up to:to 6.9
- added
littlebizzy/export-database
- added
littlebizzy/anti-spam
- tested up to WordPress 6.8
- removed
load_textdomainblock (we are not bundling translation files for now) - added
littlebizzy/secure-file-access
- removed the
repoman-slug prefix which caused installation errors - now hiding star ratings and active installs using modern
:hasCSS pseudo-class - now linking author names to author homepage with fallback to GitHub repos
- uncommented and sanitized
active_installslines after confirming no conflicts scan_plugin_main_file_for_now returns immediately if the file is missing or unreadable- various minor code optimization formatting improvements
- prefixed plugin slugs with
repoman-to enable targeted CSS - scoped CSS better to hide star ratings and active install counts on RepoMan tiles only
- experimented with commenting some
active_installslines in plugin data - added basic CSS to hide the install count
.column-downloadedin plugin tiles - linked author names to GitHub repos in
repoman_prepare_plugin_for_display()
- added
littlebizzy/contact-form
- added
littlebizzy/disable-search - removed
littlebizzy/disable-gutenberg(not ready yet) - added
Tested up toplugin header - added
Update URIplugin header
- added
codersaiful/woo-product-table
- added
littlebizzy/random-post-ids
- now blocks plugins with
Update URIstring from WP.org (same asGitHub Plugin URI) plugin-update-checkeralso hardcode protected from WP.org overwrites
- added
littlebizzy/metadata
- added
littlebizzy/disable-cart-fragments
- added
robertdevore/benchpress - added
robertdevore/email-validator-for-wordpress - added
robertdevore/frontend-post-order - added
robertdevore/gift-cards-for-woocommerce
- added
robertdevore/custom-update-request-modifier(first plugin without Git Updater support) - Note: plugins without Git Updater headers can't be protected from WP.org overwrites
- added
wp-privacy/wp-api-privacy
- added
repomanto skipped plugin namespace array - added
git-updaterto skipped plugin namespace array - added
wpe-secure-updaterto skipped plugin namespace array
- new functionality to block wordpress.org updates from specified array of plugin slugs
advanced-custom-fieldsis the first plugin added to this array- does not conflict with
wpe-secure-updaterplugin
- added
littlebizzy/disable-emojis
- added
littlebizzy/404-to-homepage
- fixed broken php tag
- added
rhubarbgroup/redis-cache
- added
discourse/wp-discourse
- added
Requires PHP: 7.0header - added
wp-graphql/wp-graphql - added
reduxframework/redux-framework
- changed name from "Repo Man" to "RepoMan" for better branding
- all
repo-manandrepo_maninstances in the code changed to simplyrepoman - textdomain is also now simply
repomanfor translation support
- automatically blocks all updates/notices from wordpress.org to any plugin with
GitHub Plugin URIin the main file - both activated and deactivated plugins that support Git Updater will be "blocked" from wordpress.org
- optimized loading order of all functions and filters
- added
boogah/biscotti - added
zouloux/bowl
- added
MisoAI/miso-wordpress-plugin - added
pods-framework/pods - added
thecodezone/dt-home
- changed from 2-space to 4-space json indentation
- added
pressbooks/pressbooks - added
mihdan/recrawler - added
WPCloudDeploy/wp-cloud-deploy - added
wp-sms/wp-sms
- added
littlebizzy/multisite-billing-manager - tweaked dummy data in the json file for consistency
- installing plugins from GitHub now supported based on the
repofield in theplugin-repos.jsonfile - GitHub repos will be automatically scanned for default,
masterandmainfallback branches urlfield in json data changed torepofield with owner/repo syntax- refined error handling if json file has parsing issues
- plugin folders will be force renamed during installation to match
repofield (if folder not exists) - various other code refactoring and cleanup
- simplified approach focused on plugin search results only (removed Public Repos tab)
- greatly improved search query matching rules with new scoring function
- tweaked logic for plugin data normalization and sanitizing
- added textdomain
repo-manfor translation support
- added error handling in case of empty
plugin-repos.jsonfile - added/changed to
wp_kses_post()fromesc_html()for admin notices
- added
urldecode()inside therepo_man_extend_search_resultsfunction
- Public Repos tab position is now dynamic depending on Search Results tab being active or not
- various minor security enhancements
- minor translation enhancements
- transitional release to prepare for 1.3.0 changes
- changed 3 actions/filters to use priority
12
- added LittleBizzy icon from GitHub to appropriate plugins in
plugin-repos.json - integrated json list into the native plugin search results (json list plugins should appear first)
- added
littlebizzy/disable-feeds - sorted
plugin-repos.jsonin alphabetical order
- enhanced json file location security using
realpath() - added error handing for json file and admin notices for clear user feedback
- more efficient rendering of top/bottom pagination
- display 36 plugins instead of 10 per page
- added fallback values for missing keys in the plugin data (e.g., slug, name, icon_url, author) to ensure that all plugins display properly even if some data is missing
- improved structure and display of plugin cards, including star ratings, action buttons, and compatibility information
- removed forced redirect to "Repos" tab as it was unnecessary and caused redirect loop on Multisite
- adds new tab under Add Plugins page for "Public Repos" (default tab)
- displays a few hand-picked plugins from GitHub
- hardcoded list of plugins using local
plugin-repos.json - public repo suggestions are more than welcome!
- supports PHP 7.0 to PHP 8.3
- supports Git Updater
- supports Multisite