Auto-update WordPress themes from GitHub. Free and open source.
Push to GitHub β Theme updates automatically. No FTP, no manual uploads.
WP Puller connects your WordPress theme to a GitHub repository. When you push changes, a webhook triggers and your live site updates within seconds. Works with both public and private repositories.
This is the free alternative to WP Pusher and Git Updater.
- Webhook-based deploys - Push to GitHub, site updates automatically
- Private repo support - Connect with a GitHub Personal Access Token
- Automatic backups - Snapshot before every update, one-click restore, or disable backups by setting retention to 0
- Subdirectory themes - Theme doesn't need to be at repo root
- Dual path deploys - Update child/addon and base theme in one pull
- Branch selection - Deploy from main, staging, production, or any branch
- Download
wp-puller.zipfrom Releases or directly .zip the "wp-puller" folder in repository. - WordPress admin β Plugins β Add New β Upload Plugin
- Upload ZIP, activate
Or manually upload the wp-puller folder to /wp-content/plugins/.
- Go to WP Puller in the admin sidebar
- Enter your GitHub repo URL:
https://github.com/you/your-theme - Select branch (usually
main) - If your theme is in a subdirectory, enter the primary path (e.g.,
theme/starter-theme) - Optional: set a second theme path when you need to deploy parent/base theme files as part of the same update
- Click Test Connection, then Save Settings
- Refreshing the page might be needed if you do not see the Connected indicator.
- Copy the Payload URL and Secret from WP Puller
- GitHub repo β Settings β Webhooks β Add webhook
- Paste the URL and secret
- Content type:
application/json - Events: Just the push event
- Save
Now every push to your branch triggers an automatic update.
Don't want webhooks? Click Check for Updates then Update Now whenever you want to pull the latest.
Set Backups to Keep to 0 in WP Puller settings to disable automatic backups.
For private repos, you need a GitHub Personal Access Token:
- GitHub β Settings β Developer settings β Personal access tokens β Fine-grained tokens
- Generate new token
- Select only the repository you need
- Permissions: Contents (read) and Metadata (read)
- Generate, copy, paste into WP Puller
- GitHub β Settings β Developer settings β Personal access tokens β Tokens (classic)
- Generate new token
- Select
reposcope - Generate, copy, paste into WP Puller
Your token is encrypted with AES-256-CBC before storage.
Theme files can be at the root:
your-repo/
βββ style.css
βββ functions.php
βββ index.php
βββ ...
Or in one or two subdirectories (set "Theme Path" and optional "Second Theme Path" in settings):
your-repo/
βββ other-stuff/
βββ theme/starter-theme/ β Theme Path: theme/starter-theme
βββ style.css
βββ functions.php
βββ ...
Each selected theme path needs a valid style.css with a Theme Name header.
Is this actually free? Yes. MIT license, no premium tier, no feature gates.
How does it compare to WP Pusher? Same core ideaβdeploy WordPress themes from GitHub. WP Puller is free and open source. WP Pusher has more features (plugins, GitLab, Bitbucket) but costs money.
What if an update breaks my site? Restore from the Backups section. WP Puller keeps automatic backups before every update.
Can I use this for plugins? Not yet. Theme-only for now.
Does it work with GitLab/Bitbucket? GitHub only.
Is my token secure? Encrypted at rest using your WordPress security salts. Never logged or transmitted except to GitHub.
// After successful update
do_action( 'wp_puller_theme_updated', $commit_data, $source );
// After backup restore
do_action( 'wp_puller_theme_restored', $backup_name );
// On init
do_action( 'wp_puller_init' );- Nonce verification on all AJAX
manage_optionscapability required- Webhook signatures verified (HMAC SHA-256)
- Tokens encrypted with AES-256-CBC
- All file operations via WP_Filesystem
- WordPress 5.0+
- PHP 8.4+
- OpenSSL extension (for token encryption)
Issues and PRs welcome. Fork it, make changes, submit a PR.
MIT. Do whatever you want with it.