WP Pusher 2.1.0 Offers Tighter Integration with GitHub and Bitbucket

WP Pusher is on a relentless mission to make it effortless for WordPress developers to connect their plugin and theme repositories hosted on GitHub and Bitbucket. Version 2.1.0 of the plugin eliminates the requirement to manually create a token with GitHub and introduces 1-click authentication via OAuth. This update makes setting up the plugin on a new site relatively painless.

In order to make the on-boarding process easier for new users, Peter Suhm, creator of WP Pusher, had to build a service that uses OAuth to handle authentication.

“It’s not possible to do OAuth from a WordPress plugin without shipping a secret token together with the code (which you do not want to do),” Suhm said. “So we built a small service, on our own server, that handles all the communication with GitHub and Bitbucket. We don’t store anything. Your GitHub and Bitbucket tokens are not stored on our servers.”

After determining that OAuth would be one of the safest ways to manage this, Suhm reached out to GitHub and they suggested the approach of building a small service to perform authentication. He’s now exploring different ways he can make both the code and service available to other developers.

“The whole infrastructure is built using the Laravel PHP framework and their excellent Socialite package,” Suhm said. “I’m thinking about either open sourcing the service (when it’s been online for a bit) or writing an in-depth tutorial on how to set up a similar thing. I also thought about offering the service to other WordPress plugin authors, since OAuth can be used for so many things, including Twitter, Facebook, Instagram and even WordPress.com authentication.”

Version 2.1.0 also adds a new Push-to-Deploy checkbox, which removes the requirement of manually setting up a webhook on GitHub or Bitbucket. WP Pusher now sets up the webhook automatically in the background.

“Setting up automatic updates is something I’ve gotten many support requests about,” Suhm said. “Now, all you have to do is check a checkbox and your plugin or theme will be updated every time you push a change to GitHub.”

Now that the plugin uses OAuth, it can be even more tightly integrated with GitHub and Bitbucket in future updates.

“The next big thing I want to work on, which is now possible, is to allow users to select and install a plugin or theme directly from GitHub – with just one click,” Suhm said.

The improvements offered in WP Pusher 2.1.0 make it even easier for new users to start deploying WordPress themes and plugins directly from GitHub without all the hassle of manually creating tokens and setting up webhooks. However, users still need a basic knowledge of Git in order to use the product. Suhm continues to offer free Git education for WordPress developers in hopes of expanding his customer base.

“WordPress devs are definitely starting to get interested in Git, as I had more than 1,000 developers sign up to my video course,” he said.

WP Pusher is free to use for open source code hosted in public repositories. Since Suhm doesn’t track his users, he doesn’t have exact numbers for how many sites are using the plugin. Although he would not disclose how many licenses he has sold, he estimates that approximately 1,000 developers have installed WP Pusher. Suhm’s customers range from small freelancers to agencies to large universities.

4 Comments


    1. Yes, but giving user/password info, which has to be stored in plain text, sucks more :) . It is much harder to set up generic service around it, but for the user the advantage is that he can expire the access for a specific service without having to change anything in other services and even without having access to the service to which he wants to deny access.

      Report


      1. The problem is that OAuth is not designed for something intended to be distributed to users. Basically, to use it, you have to have two web services talking to each other using an account from a third party. It’s poorly designed for use by WordPress plugins, really, because in such a case, there’s no third party. In order to use it effectively, the plugin author has to create and host a separate web service just for relaying authentication credentials around, in order to preserve the “secret” part of the authentication system. Badly designed, basically.

        Storing usernames and passwords is bad, but having to relay all authentication and quite a lot of the messaging through a third-party do-nothing web service isn’t much better, honestly.

        Report


      2. Maybe it is just an indication that security wise such “proxy” services are just not a good idea.

        Report

Comments are closed.