How to Find and Install Hundreds of Free WordPress Plugins from GitHub

The WordPress Plugin Directory isn’t the only place where you can download plugins. While the official repository is – for most people – the go-to place for free plugins, there are lots of fantastic lesser known projects hosted at GitHub that fly under the radar.

Many developers choose GitHub to collaborate on a wide range of software projects and many of them share the resulting plugins. GitHub also gives developers the opportunity to follow and build upon projects, and report bugs.

Installing, updating and searching for plugins on GitHub isn’t quite as easy as finding and activating plugins through your admin dashboard, but it’s still a fairly straightforward process.

In this post, I’ll show you how to install a plugin from GitHub, how to search for plugin projects, and how to keep any plugins you download from GitHub updated. I’ll also go through possible risks in acquiring plugins from GitHub and offer some tips for safer searching.

How to Search for Plugins

Since GitHub hosts lots of software that’s unrelated to WordPress, it can be difficult to find exactly what you need. Unlike the official WordPress repository, your searches in GitHub compete with hundreds of other unrelated projects so even including extra search terms like “WordPress” and “plugin” won’t turn up accurate results.

The GitHub homepage
There’s a treasure trove of WordPress plugins on GitHub.

While you could keep at it or try searching through Google, there’s a much easier way to search through GitHub to find the perfect plugin. You can use the GitHub Plugin Search, er, plugin by Paul Clark.

While it overrides WordPress’ inherent plugin search feature, it adds an advanced search for plugins in GitHub.

The plugin connects to Plugins > Add New in the backend of your site where you usually search the WordPress.org directory.

It may be a bit inconvenient, but you can still search for plugins through WordPress.org so you don’t have to worry – you can still install plugins from the official directory.

Since this plugin also happens to be hosted at GitHub, it’s not as straightforward as searching for it in your admin, but there’s still a simple way to install it as well as other plugins.

Installing Plugins from GitHub

Start by navigating to the plugin’s page in GitHub, then click the Download ZIP button on the right.

The Download ZIP button is highlighted in GitHub.
You can download plugins from GitHub in one click.

Save it to your computer and login to your WordPress site. Go to Plugins > Add New and click the Upload Plugin button beside the heading.

Click the Choose File button and open the plugin file. Click Install Now and wait for a message to display, letting you know the plugin installed successfully.

Upload plugin page
Uploading a plugin from GitHub is easy.

Finally, activate it to start using it right away. Depending on the plugin and its compatibility with Multisite, you maybe be able to activate it network-wide and either access it through your super admin dashboard or site-to-site.

Updating GitHub Plugins

Keep in mind that plugins from GitHub can’t be automatically updated like plugins from the WordPress directory. When a new update is released, you will need to keep an eye on it in GitHub in order to update the plugin yourself, although there is another option to help automate the process.

By installing a plugin such as Coen Jacobs’ WordPress GitHub Plugin Updater or Andy Fragen’s GitHub Updater plugin, you can keep the plugins you install up-to-date.

The WordPress GitHub Plugin Updater was created to provide a similar updating experience to WordPress’ inherent updater. It works on plugins that have the line include_once('updater.php'); added somewhere in their code.

The GitHub Updater plugin also works for plugins found on Bitbucket and GitLab. Your plugins can get updated if a couple lines are included in the style.css file of all the GitHub plugins you have installed.

The only difference between this code and the lines you that should appear in the GitHub plugin you have installed is that the URI’s should point to the correct ones for the plugin you’re using.

While not all plugins you find would have these necessary lines already added, you could add them yourself or ask the developer to include it by submitting the request on their GitHub plugin’s page. Just remember that if you add the lines yourself, updating the plugin would erase the changes you made.

Risks of Using Plugins from GitHub

Downloading and installing plugins from GitHub can be a great way to discover new capabilities for WordPress that may not otherwise be readily available, but it does come with some risks.

No matter where you decide to download your plugins, it’s important to ensure you trust the developer or team that created it. Not only to ensure regular updates are available, but because inexperienced developers could leave holes in their code that make it easier for hackers to exploit and gain access to your site.

Plugins that are added to the WordPress Plugin Directory are reviewed prior to inclusion to make sure the minimum coding requirements are met to ensure both quality and security. If a plugin doesn’t pass inspection, it’s not submitted to the directory.

On top of that, updates aren’t guaranteed to roll out on a regular basis. It all depends on the developer’s time, finances and many other factors. While many argue it’s not a perfect system, it does help to have some level of quality assurance.

On GitHub, anyone can submit code and there is no holding period where code is reviewed before being published. This means that anyone can build a plugin with malicious code and make it instantly available for download to unsuspecting users.

All the other concerns still apply on top of that as well. Updates aren’t guaranteed and there isn’t anyone you can go to where you can submit your concerns about malicious code being used, unlike WordPress’ huge community and Automattic. On GitHub, you’re completely on your own.

No matter where plugins are downloaded, it’s up to the user to do their due diligence and make sure they don’t download anything that’s full of malware, spam or viruses. It’s important to research the developer or the company that created the plugin and take a look at their track record.

It’s also important to take a peek at the code yourself if you can to ensure it’s quality and integrity. It’s also a good idea to run a Google search and take a look at the feedback that’s already out there posted on developer blogs and networks.

The WordPress Support Forum, and sites such as Stack Exchange for WordPress and the WPMU DEV community forum, are great places to ask questions and get feedback and support from others in the tech and WordPress industry. That’s one of the best parts about being a part of an open source project like WordPress – the community surrounding it is often unparalleled to other industries.

Wrapping Up

GitHub offers hundreds of plugins on top of what’s already available in the WordPress Plugin directory. Head over now and do a search – you never know what you might turn up. Also, thanks to helpful plugins that help make it easier to search for, download and update plugins downloaded from GitHub, it’s only getting easier to find ways to extend WordPress outside the official repository.

Have you downloaded any plugins from GitHub? Have you had any experiences with malicious code? What are thoughts on using plugins to search for more plugins on GitHub? Share your experience in the comments below.