This plugin cannot be published on the official WordPress repository, as their guidelines forbid plugins that implement custom update mechanisms. Once installed, it will behave like any other plugin, and future updates will be delivered directly from wp-content.io.

Installation

1

Download the plugin

Download the plugin from the official website: https://wp-content.io/external-repositories. You’ll get a .zip file ready to install.
2

Install it on your WordPress site

In your WordPress admin, go to Plugins > Add New, click Upload Plugin, and select the downloaded ZIP file. Then click Install Now, and activate the plugin once the installation completes.
3

Enter your API key

After activation, you’ll be redirected to the plugin settings page. Paste your API key to connect your site to your organization. A default readonly key was automatically created when you set up your organization.

Configuration

The screen below allows you to configure external sources for plugin and theme updates. Each tab represents a different source. You can connect multiple registries (for example, several wp-content.io accounts or custom APIs) to the same site.
  • Name: A unique label for this repository. It can be anything — for example, your organization name.
  • Registry URL: Choose between the official wp-content.io registry or a custom API endpoint compatible with the same structure (API Reference).
  • API Key: A read-only key is required for security. If SECURE_AUTH_KEY is defined in your wp-config.php, the key will be encrypted in the database.
  • Supports: Toggle whether this source should manage plugins, themes, or both.
  • Enabled: Allows you to temporarily disable a repository. When unchecked, no update checks will be made for that source.
Once connected, the current site’s domain is automatically added to your organization’s allowed domains. You can revoke access at any time from your dashboard.

Programmatic Configuration

Starting from version 1.1.2, the External Repositories plugin introduces new hooks that allow you to define repository sources and manage plugin visibility directly via code. This is useful for advanced setups or automated deployments.

Adding repositories with code

You can define one or more repositories using the external_repositories filter. Repositories added this way will not appear in the plugin’s admin interface, but will be active and used for updates. 
add_filter( 'external_repositories', function( $repositories ) {
    $repositories[] = [
        'name'             => 'ACME', // Must be unique across all repositories
        'api_key'          => 'your-api-key',
        'url'              => 'https://registry.wp-content.io/',
        'supports_themes'  => true,
        'supports_plugins' => true,
    ];
    return $repositories;
} );
If url, supports_themes, or supports_plugins are not specified, the following defaults are applied: 
[
    'url'              => 'https://registry.wp-content.io/',
    'supports_themes'  => true,
    'supports_plugins' => true,
]
The name must be unique, even across repositories defined in the plugin settings UI.

Hiding the plugin from the Plugins screen

If you want to hide the plugin from the standard Plugins screen — for example, to avoid accidental deactivation — you can use the hide_external_repositories_plugin filter: 
add_filter( 'hide_external_repositories_plugin', '__return_true' );
We recommend placing this configuration code inside a small MU plugin (wp-content/mu-plugins/custom-repos.php) to ensure it’s always loaded and easy to share across projects.