I am well aware of the confusion caused by releasing this today, but this isnāt a joke.
Starting April 2020 you have the ability to close your own plugin without having to email us and explain why!
How do I close a plugin?
Log in with a committer account and go to the ADVANCED tab on your plugin. There, you will see a CLOSE THIS PLUGIN section that looks like this:
Read the warning. If you understand that the change is permanent, and you still want to close the plugin, press the button. Like magic, your plugin will be closed.
Who can close a plugin?
Anyone who has COMMIT access to a plugin. So now is the time for you to check who you gave commit access to, and prune the list. Please keep in mind, if you are managing a company plugin, it needs to be owned by a company account who has commit access. This is for your own legal protection.
Can I reopen the plugin?
Not without emailing the plugins team (plugins@wordpress.org) and explaining why you changed your mind.
The purpose of this requirement is to limit abuse (it does warn you the closure is intended to be permanent) and create a better experience for users. If people are constantly closing and reopening plugins, it makes users doubt the stability and security of the plugin.
What if I donāt have access to a commit account? How can I close my plugin?
Email plugins@wordpress.org and explain what the situation is, weāll help you sort it out.
Instagram is accelerating the end of their current API.
Per a notice on https://www.instagram.com/developer/ no new clients can register, and soon some basic functionality will be changed.
We will be reviewing plugins that call these functionalities and, if they are not updated, will close them in order to prevent adverse impact on users.
If you know youāre not going to want to fix this, please email plugins@wordpress.org, provide a link to the plugin, and tell us youād like us to close it. We know that Instgram (and Facebook) have been difficult to work with this last year, and fully respect and support your decisions here with regards to your plugins.
Here is Instagramās announcement:
UPDATE: Starting October 15, 2019, new client registration and permission review on Instagram API platform are discontinued in favor of the Instagram Basic Display API.
To continuously improve Instagram usersā privacy and security, we are accelerating the deprecation of Instagram API Platform, making the following changes effective immediately. We understand that this may affect your business or services, and we appreciate your support in keeping our platform secure.
These capabilities will be disabled immediately (previously set for July 31, 2018 or December 11, 2018 deprecation). The following will be deprecated according to the timeline we shared previously:
Public Content ā all remaining capabilities to read public media on a userās behalf on December 11, 2018
Basic ā to read a userās own profile info and media in early 2020
Thereās been a lot of quiet change going on for Plugins, so now is as good a time as any to get into it!
If youāre interested in any details missing, leave a comment. I do ask you try not to speculate too much into the whyās and wherefores of what people do with plugins. Iāve been at this a while, and the one thing I can promise is people do weird things.
New Email System
We finally migrated off of the old system and on to HelpScout in March, which allows us the ability to sort and organize emails into teams. It also lets us properly filter bad actors so not everyone has to deal with them. We make heavy use of automated filters now, which has let us do the impossible ā¦
New Team Members
We onboarded two new team members in November and have been easing them in to the weird workload of Plugins. Theyāve been instrumental in sorting out what filters and team assignments do and donāt work well for Plugins.
New Tools
Iāve been using a new bash script to expedite scanning plugins. While weād love to use WPCS (and I personally recommend it to for everyone), even with a heavily parred down version it hasnāt quite met our needs. The goal for next year is to move the bash script into a PHP plugin we can use to automate a lot more.
New Replies
Our saved replies (the standard ones you get for closures and reviews) have all been cleaned up, spellchecked, and formatted for easier reading. Now, when you get an alert that your plugin has been closed, we attempt to direct you on exactly how to resolve the issues. This is still a bit of a work in progress, but weāve made great strides on consistent tone and softer language.
New Restrictions
Sadly as many people found out, we got dinged hard by some trademark owners, and are taking action against people who violate trademarks. Around 1000 plugins were closed due to that, and itās one of those things we canāt protect you from. Weāve changed the plugin uploader for new submissions to block a lot of that.
Remember the basic rule: If itās not your company/product/library, donāt begin your plugin Display Name or permalink with it!
(Trademark owners: Please ask the developer to changes things before coming to us. Communication will help everyone.)
The Stats!
A lot of people like this part. Hereās the overall outlook from 2019:
And in a slightly more consumable summary table:
Requested
Rejected
Closed
Approved
Pending
Most in a week
194
109
480
118
718
Least in a week
129
2
9
25
527
Average
161
25
117
76
623
Year to Date
8048
1221
6038
3836
N/A
Weāve had 1000 more plugins submitted in 2019 than 2018, however the Rejected and Approved numbers only went up by 100.
So where are the extra 800 plugins? On average, pending plugins did go down but only by about 25 a week. Most of the missing counts are there, but theyāre also in the dreaded āClosedā section.
A higher than expected number of developers have submitted plugins for review and then asked them to be closed within a 6 month timeframe. This has led to us pushing back on people and making notes in their accounts about that kind of behavior. There hasnāt yet been a common thread to why thatās happening, so weāre keeping an eye out.
HelpScout Overall
HelpScout also helpfully provides their own statistics for how much we used them. This is just since March when we switched over:
Customers: 6665
Conversations per Day: 35
Busiest Day: Thursday
Email Conversations: 12,829
Messages Received: 17,439
Replies Sent: 18,931
Emails Created: 6650
Resolved: 6642
Resolved on First Reply: 31%
Closed: 11,818
HelpScout Saved Replies
We make heavy use of Saved Replies to speed up reviews and processing. These were brought in to use in chunks, and Iām omitting the exact numbers. They wonāt do you any good to know we sent 2,679 āApproval after sendā emails when you realize we also only sent 628 āIntro to new Reviewā. All that means is we pulled in the Approval email first. Next year these stats will be more useful.
All that said, I think having a look at what the most common sorts of issues are might be a little enlightening. Everything is ordered from most use to least.
Closed and Warned
These emails are sent out when a plugin is closed or the developer needs to be warned about issues/behavior.
Closed: Trademark Abuse (All)
Closed: Removal Request Completed
Closed: Security Exploit
Warning: Sockpuppets
Warning: Trademark Violation
Notice: Closed Becuase Email Bounced
Warning: Security Issue (NOT CLOSED)
Closed: General Guideline Violation
Reviews
All these emails are sent when a plugin is being reviewed.
Approval: Approval after send
Review: End Of Review (goes at the end of all reviews)
Review: Intro to new review (all new reviews start here)
Review: Please sanitize, escape, and validate your POST calls
Review: Display Name infringes on trademarks (slug is fine)
Review: Using esc_ to sanitize (not esc_url)
Pended
A pended plugin is one we stop before even reviewing the code. This usually happens because someoneās infringing on trademarks, or using a personal account to submit a company owned plugin.
Pended: Name Infringes on Trademarks (slug and name need to be changed)
Pended: Never replied to previous review (was rejected)
Pended: Not Official Owner
Rejected
This should give you an idea of why plugins are rejected. Top of the list? People who donāt reply.
Rejected: Review never completed within 6 months
Rejected: Not Your Plugin (Tried to upload vs host)
Rejected: Generic for plugins weāre just not hosting
Rejected: Framework or Library Plugins
Rejected: New/renamed version of their own plugin
Miscellanous
The rest of the emails are lumped together. Youāll notice we have prefixes to what each email is. That helps us find them faster.
Notice: Plugin Restored
Reply: Plugin Slug Renamed
Reply: Rescan (Plugins must be checked before being reopened)
Thank You: Security Report
Thank You: Guideline Report
Reply: Donāt call people āsirā
Thank You: Generic, Will Review
Notice: AutoReply Sucks
Notice: Already Mailed Review
Approved: Resend Approval
Question: Why Close?
Reply: Cannot Rename Plugins (for people who email RIGHT after approval)
Posting here with a journal entry for reference: I was pinged in a few tweet storms in the past week, so I took the liberty of reviewing the email template that seemed to kick off both conversations (sockpuppet activity). I edited it for clarity, flow, and WordPress Voice. The issues that prompted the complaints on Twitter have also been resolved through direct communication.
