Reducing the Plugin Review team’s workload through automation

To help the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the Plugin Directory or can be cost-based plugin from a third-party Review team make the most of their contribution time and improve the security of all plugins distributed on The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization., MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team contributors have built a code scanner that detects potential security risks such as unescaped SQL queries in plugin code. This is installed as a plugin on, and displays results in a metaboxMetabox A post metabox is a draggable box shown on the post editing screen. Its purpose is to allow the user to select or enter information in addition to the main post content. This information should be related to the post in some way. on the plugin edit screen accessible to reviewers.

The Plugin Review team has been sharing feedback on the quality of the results, which has let Meta contributors to refine the tool to improve the noise-to-signal ratio that makes any automated checker a challenge.

Looking forward, our teams are discussing how often to run this scan (probably every time a new version of a plugin is detected), and how to semi-automate informing plugin authors about the results of the scans.

We’re excited that the Plugin Review team finds this tool useful, and that we’re making progress toward one of our Big Picture Goals for 2021 by decreasing manual work for contributor teams through better tooling.

If you’re a plugin developer and would like to help test the scanner on your own code, it’s available on GitHub.

Many thanks to the Plugin Review team for making the time to test and share the feedback that made this tooling improvement possible!