WP Pusher is on a relentless mission to make it effortless for WordPress developers to connect their plugin and theme repositories hosted on GitHub and Bitbucket. Version 2.1.0 of the plugin eliminates the requirement to manually create a token with GitHub and introduces 1-click authentication via OAuth. This update makes setting up the plugin on a new site relatively painless.
It's going to be a lot easier to setup GitHub with a token in the next version of @WP_Pusher! pic.twitter.com/CK9Dyo0zle
— Peter Suhm (@petersuhm) February 4, 2016
In order to make the on-boarding process easier for new users, Peter Suhm, creator of WP Pusher, had to build a service that uses OAuth to handle authentication.
“It’s not possible to do OAuth from a WordPress plugin without shipping a secret token together with the code (which you do not want to do),” Suhm said. “So we built a small service, on our own server, that handles all the communication with GitHub and Bitbucket. We don’t store anything. Your GitHub and Bitbucket tokens are not stored on our servers.”
After determining that OAuth would be one of the safest ways to manage this, Suhm reached out to GitHub and they suggested the approach of building a small service to perform authentication. He’s now exploring different ways he can make both the code and service available to other developers.
“The whole infrastructure is built using the Laravel PHP framework and their excellent Socialite package,” Suhm said. “I’m thinking about either open sourcing the service (when it’s been online for a bit) or writing an in-depth tutorial on how to set up a similar thing. I also thought about offering the service to other WordPress plugin authors, since OAuth can be used for so many things, including Twitter, Facebook, Instagram and even WordPress.com authentication.”
Version 2.1.0 also adds a new Push-to-Deploy checkbox, which removes the requirement of manually setting up a webhook on GitHub or Bitbucket. WP Pusher now sets up the webhook automatically in the background.
“Setting up automatic updates is something I’ve gotten many support requests about,” Suhm said. “Now, all you have to do is check a checkbox and your plugin or theme will be updated every time you push a change to GitHub.”
Now that the plugin uses OAuth, it can be even more tightly integrated with GitHub and Bitbucket in future updates.
“The next big thing I want to work on, which is now possible, is to allow users to select and install a plugin or theme directly from GitHub – with just one click,” Suhm said.
The improvements offered in WP Pusher 2.1.0 make it even easier for new users to start deploying WordPress themes and plugins directly from GitHub without all the hassle of manually creating tokens and setting up webhooks. However, users still need a basic knowledge of Git in order to use the product. Suhm continues to offer free Git education for WordPress developers in hopes of expanding his customer base.
“WordPress devs are definitely starting to get interested in Git, as I had more than 1,000 developers sign up to my video course,” he said.
WP Pusher is free to use for open source code hosted in public repositories. Since Suhm doesn’t track his users, he doesn’t have exact numbers for how many sites are using the plugin. Although he would not disclose how many licenses he has sold, he estimates that approximately 1,000 developers have installed WP Pusher. Suhm’s customers range from small freelancers to agencies to large universities.
I am glad that other people realize how OAuth sucks in extremely specific ways. :)