Menu
Cart

WpAgencyKit · Docs

WPAK-Deploy2WP

One-click deploys from GitHub with private repos and automatic rollback.

4 articles
Best Practices

Releases and versioning

  • Use SemVer for tags and releases (v1.2.3).
  • Keep a consistent changelog.
  • Publish releases with clear notes.

Security

  • Use tokens with minimum permissions.
  • Enable the repo whitelist with wpak_deploy2wp_allowed_repos.
  • Configure the webhook with a secret and HMAC signature.

Update stability

  • Include checksums (a .sha256 asset) when possible.
  • Avoid “draft” or “pre-release” releases unless needed.
  • Test updates in staging.
  • Use the Update Policy: Production = stable-only, Staging/Test = prereleases allowed.

Performance

  • Do not force checks too frequently.
  • Keep caching and rate limiting enabled.

Operations

  • Use the “System Info” page for diagnostics.
  • Check logs after each automatic update.
GitHub Personal Access Token Setup

This guide explains how to create and use a GitHub token for private repositories or higher API limits.

Recommended token (fine-grained)

  1. Go to GitHub > Settings > Developer settings > Personal access tokens.
  2. Select “Fine-grained tokens” and create a new token.
  3. Select only the required repository.
  4. Recommended minimum permissions:
  • Repository permissions: Contents: Read
  • Metadata: Read
  1. Save the token.

Classic token

  1. Go to GitHub > Settings > Developer settings > Personal access tokens.
  2. Select “Tokens (classic)” and create a new token.
  3. Minimum scope for private repos: repo.

Where to save the token

  • WordPress admin: “Global GitHub token”.
  • config.php for specific plugins:
'my-plugin' => [
    'repo' => 'username/my-plugin',
    'token' => 'ghp_xxxxx'
]

Note

  • Never share the token in public code.
  • Rotate the token periodically.
Use Cases

1. Single public plugin

Configure the plugin in config.php without a token:

'my-plugin' => [
    'repo' => 'username/my-plugin',
    'branch' => 'main'
]

2. Private plugins with a global token

Save a global token in the admin and add plugins without per-repo tokens.

3. Real-time updates via webhook

Configure the GitHub webhook and use tags to release new versions.

4. Multi-plugin with manual checks

Use the “Check updates” button for a global refresh.

5. Automatic rollback

If an update fails, the system restores the previous version from backup.

6. Staging prerelease channel

Set Site profile to Staging/Test to accept prereleases (beta/RC and other prerelease tags).

Webhook Setup

Check plugins in real time when a release is published or a tag is created on GitHub.

Endpoint

https://yourdomain.com/wp-json/wpak-deploy2wp/v1/webhook

Secret (recommended)

Set the secret in wp-config.php:

define('WPAK_DEPLOY2WP_WEBHOOK_SECRET', 'your-secret');

GitHub setup

  1. Go to the repository > Settings > Webhooks > Add webhook.
  2. Payload URL: the endpoint above.
  3. Content type: application/json.
  4. Secret: the configured secret.
  5. Events: enable Release and Create.
  6. Save.

Supported events

  • release (action published).
  • create (only tag).

Update Policy (important)

  • Production blocks all prereleases (beta/RC and other prerelease tags).
  • Staging/Test allows prereleases.
  • Notify-only will show an admin notice instead of auto-installing.

Test

  • Use the “Test” button in GitHub to send an event.
  • Check plugin logs in WordPress.
  • Verify the X-Hub-Signature-256 signature.

Login

5 premium plugins. One payment. Yours forever.

The market moved to subscriptions. We didn’t.

Get the Bundle — from €199

✓ One-time payment  ·  ✓ All 5 plugins included  ·  ✓ Lifetime OTA updates 

✓ All 5 plugins · ✓ Lifetime OTA updates · ✓ Staging always free · ✓ AI BYOK no hidden costs 

What’s included in the Bundle

All 5 plugins, on every site in your plan, from day one.

WPAK-SEO logo

WPAK-SEO

Full SEO toolkit: AI bulk meta, content audit, 404 monitor, internal-link graph, XML sitemap, technical checks. BYOK OpenAI / Anthropic. Zero markup.

WPAK-Translate logo

WPAK-Translate

Unlimited AI languages with 5 providers (DeepL, OpenAI, Claude, Gemini, OpenRouter). Batch API (−50% cost). Memory, glossary, WooCommerce ready.

WPAK-Cookies logo

WPAK-Cookies

Self-hosted GDPR consent with 20 tracker presets, one-click site scanner and auto-generated Cookie Policy. Local consent log — no SaaS.

WPAK-Menu-Conditions logo

WPAK-Menu-Conditions

Conditional menus & modals by role, device, or login state. Prerendered modal content, cache-aware. Zero page builder dependency.

WPAK-Deploy2WP logo

WPAK-Deploy2WP

One-click deploys from GitHub. Native private repos, MonoRepo & SingleRepo. Deployment logs + automatic rollback. No DevOps required.

Everything. Always.

No add-ons. No hidden tiers. No tool that “unlocks” only with extra payment. Buy the bundle, get everything.

How much does your agency save?

Compared to what you’re probably already paying every year.

SaaS Alternative Subscription cost/year
Yoast SEO Premium €99/year
TranslatePress Business (+ Extra Languages) €179/year
Iubenda GDPR (Starter) €89/year
Git Updater Pro €120/year
JetMenu (Crocoblock, per site) €59/year
TOTAL subscriptions/year €546/year

WPAK Agency Bundle — €299 once.

Year 1 saving: €247. From year 2 onwards: €546 less every single year.

Also available: 4DEV €199 (4 sites) · 120Agency €399 (120 sites)

Choose your plan

One payment. No renewal. Ever.

4DEV

€199

one-time · no renewal

Sites included

4 sites

  • All 5 plugins
  • Lifetime OTA updates
  • Staging always free
  • 6 months support included
Get 4DEV
MOST POPULAR

40Agency

€299

one-time · no renewal

Sites included

40 sites

  • All 5 plugins
  • Lifetime OTA updates
  • Staging always free
  • 6 months support included
Get 40Agency

120Agency

€399

one-time · no renewal

Sites included

120 sites

  • All 5 plugins
  • Lifetime OTA updates
  • Staging always free
  • 6 months support included
Get 120Agency

All plans include the same 5 plugins, same lifetime updates, same free staging. The only variable is how many sites you can activate.

Support & Updates — the difference

✓ Lifetime updates. The 5 plugins keep receiving security patches, WordPress-compatibility fixes and new features for as long as WpAgencyKit exists — delivered over-the-air, no manual re-download. Your plugins never stop working.

✓ 6 months of direct support included. 1-to-1 help via email when you need it — debugging, onboarding, advanced use cases. No tier wall, no ticket queue priority games.

After the first 6 months, direct support can be extended with a separate plan (details coming soon). Documentation, changelogs and community resources remain available to everyone, always.

Included in the Agency Bundle

5 premium plugins. One payment. Yours forever.

Get the Bundle — from €199

✓ All 5 plugins  ·  ✓ Lifetime OTA updates  ·  ✓ Staging always free

The market moved to subscriptions.
We didn’t.

WPAgencyKit is a Brand Product by
AEIOUY di Furlotti Davide
VAT: IT03141100341 · Parma · PR · Italy

info@wpagencykit.org

Product

Support & Legal

English (UK) | Italiano | Français | Español | Deutsch | Português (Portugal) | Português (Brasil)

Cookie settings

Choose by category.

We only use the right cookies, we promise. The technical ones are there to make the site work as it should, the others – only if you give us the ok – to make your experience more comfortable and tailored. "We're not here to spy on you, just to remember who you are." You choose: accept all, reject or customize.

Strictly Necessary Required
These cookies are essential for the website to function properly and cannot be disabled.
Preferences
These cookies allow the website to remember choices you make and provide enhanced functionality and personalization.
Analytics
These cookies help us understand how visitors interact with the website, helping us improve our website and services.
Marketing
These cookies are used to track visitors across websites to display relevant advertisements.