Plugin Guideline Change

With the advent of the new directory being on the horizon, which allows us to easily hard-limit the number of plugin tags displayed, we have taken the time to change the guidelines.

While minor updates to the guidelines (with regard to spelling, grammar, etc) are common, major changes are rare and we are striving to be more transparent about them. Hence this post 🙂

Guideline 12 (readme links) clarified to cover spam and tags.

The guideline now reads as follows:

12. Public facing pages on WordPress.org (readmes) may not spam.

Public facing pages, including readmes and translation files, may not be used to spam. Spammy behavior includes (but is not limited to) unnecessary affiliate links, tags to competitors plugins, use of over 12 tags total, blackhat SEO, and keyword stuffing.

Links to directly required products, such as themes or other plugins required for the plugin’s use, are permitted within moderation. Similarly, related products may be used in tags but not competitors. If a plugin is a WooCommerce extension, it may use the tag ‘woocommerce.’ However if the plugin is an alternative to Akismet, it may not use that term as a tag. Repetitive use of a tag or specific term is considered to be keyword stuffing, and is not permitted.

Write your readmes for people, not bots.

In all cases, affiliate links must be disclosed and must directly link to the affiliate service, not a redirect or cloaked URL.

The previous version had the title of “… may not contain “sponsored” or “affiliate” links or third party advertisements” which was too specific and yet not direct enough as to what the intent was. We sincerely mean “Do not use your readme to spam.” Tag abuse, keyword stuffing, and blackhat SEO practices are all spamming.

While we still ask you to use no more than 12 tags, once we move to the new directory, we will simply not display the overage. You should clean that up now. The code is such that there will not be a way to grant exceptions. This is by intent. You don’t need 30 tags, folks.

Guideline 13 (formerly number of tags) now references using included libraries

Since we no longer needed a separate guideline for tags, we have completely changed this guideline to address an issue of security.

13. The plugin should make use of WordPress’ default libraries.

WordPress includes a number of useful libraries, such as jQuery, Atom Lib, SimplePie, PHPMailer, PHPass, and more. For security and stability reasons, plugins may not include those libraries in their own code, but instead must use the versions of those libraries packaged with WordPress.

For a list of all javascript libraries included in WordPress, please review Default Scripts Included and Registered by WordPress.

This issue has become incredibly important when you consider that roughly 90 plugins had to be contacted and closed regarding the use of PHPMailer. They had included the entire library and not kept it updated. I’m aware that we use a forked version of that specific library and I have raised core trac ticket #39714 to address this issue.

While we do not (yet) have a public page to list all 3rd party libraries, I’ve raised meta trac ticket #2431 to hopefully get this sanely documented.

#guidelines

Want to Close Your Plugins? Email!

Hi everyone, it’s winter at last, and there’s snow in the mountains! This is the perfect time to sit by the fire and look at your plugins and get rid of the ones you don’t want to be on the hook for any more.

Did you make a plugin for an event that happened a long time ago, like the 2008 Olympics? Did you make a featured plugin that got wrapped into core and you’re done?

Email plugins@wordpress.org with a link to the plugin and we’ll close it for you!

Doing this means you won’t get any new people complaining about how the plugin doesn’t work and disables itself in WP 4.3 and up (even though you documented it…). It’s less work for you and it’s okay to EoL plugins. We’ll close ’em for you and you’ll be done.

A lovely winter present for everyone.

(If you think the plugin has a use and life, but you don’t want to support it anymore, consider adding the tag ‘adopt me’ to your readme. Just update your readme file with that and maybe someone will come and offer a new home for your old plugin. Check out https://wordpress.org/plugins/tags/adopt-me to see the plugins out there looking for you!)

#reminder

[FIXED] Banners and Images Broken In the Old Directory?

There was a glitch the other day and anyone who updated in the hour or so window got goobered. We’re looking to see if we can automagically fix it but if you see your plugin looks sad and image-less, drop a link to it here and we’ll have someone hit it with a hammer for you.

Update! They found the 66(!!) affected plugins and are on the job!

Sorry about that 🙁 On the plus side, it works fine in the new directory!

#fixed #bug

Reminder: Make Sure Your Email Is Up To Date

I know the 4.7 ‘please test’ email went out a bit late (WordCamp US, blame Wapuu), but we did send it and just like last time, we’ve taken action the replies.

  • If you reply and ask for a plugin to be closed, we close it.
  • If your email auto-replies, we warn you once. If you were warned previously, we close your plugin(s).
  • If your email bounces we close your plugin or, if there are multiple developers involved, remove your account and notify them.

These actions are taken for security. If we have no way of getting in touch with you, or if your email is invalid, it puts your users at risk. Not to mention getting 2500 auto-replies is pretty frustrating.

Remember, it is a requirement that we be able to contact you. We don’t mind if the email is a group mail, but it should never auto-reply to anything from WordPress.org. Just whitelist us (and yes, you can do that with ZenDesk read this ticket for details) and make sure nothing from .org gets a bounce reply. This will also make our servers faster, which I know you’d like.

If you can’t do that, you’ll need to change your email to something else. Do to that, go to https://wordpress.org/support/users/YOURID/edit/ as the user in question and edit the email. Done.

On a happier note, less than 100 people had to be contacted this time around! It only took me 2 hours to sort it out, versus last time which was much higher. The majority of the issues came from new plugin developers, which is understandable, but a few of the long-standing devs had a rude awakening this morning, I’m sure.

Thank you everyone for understanding.

#notice #policy

WordCamp US/2016 Recap

First of all I suck for not getting everyone’s names. I’m lucky I remember mine…

This marks my first year as the rep of the Plugin Directory Team and we’ve made some phenomenal headway. We’ve re-written the detailed plugin guidelines to be more understandable and clear for everyone. We’ve actually written a handbook! We never had one before. And Team Apollo has been brilliant getting the new directory from a pipe dream to a beta test reality. Thank you everyone for getting us here.

At WordCamp US 2016 Contributor Day, we had over 20 people going over the brand new Handbook, which lead to the creation of the Glossary and a lot of edits! So a huge thank you to everyone who was here. I really appreciate it. We also had a few people reviewing plugins as practice for the first time. I look forward to their results. Good luck, folks!

Right now the new directory is in public beta. That means if you go check it out wordpress.org/plugins-wp/ you’ll see the brave new world for plugins, and we hope you can help us test things out. If you find bugs in search, please report them on Meta Trac #1692

The Plugin Developer Documentation has been updated to address the changes (mostly to your Plugin Assets) and the Handbook was written with this new interface in mind.

Which leads us to the eternal question… when will the directory open up to new reviewers?

I’ve said it before and I’ll say it again, the opening of the plugin team to new members will happen after the new directory is complete. This is just a technical necessity. The current system works but it has serious limitations that are just prohibitive to adding more people. That made writing a handbook for a process that doesn’t exist rather interesting. My goal is, once the directory is live, to iron out the how-to-review and then get some experienced developers in to review but not approve, to see if we can come up with a process closer to the Theme Review Team, but not fall to backlog.

This will take a lot of experimentation and patience.

Hang in there.

#contributor-day

Just a quick note.. Due…

Just a quick note.. Due to the Thanksgiving Holidays followed up by the entire team being at WordCamp US in Philadelphia this weekend, plugin approvals and even emails to the team will be delayed. Don’t worry, we’ll deal with the backlog when we all return home to our comfort zones. 🙂

Reviewer Handbook

Sneaking this in just before WordCamp US, if you’ve seen the redesign of this make site, then you may have seen the link to the handbook.

This is a rough draft – it’s not perfect and it doesn’t cover all contingencies. However, yes, that is indeed our handbook. It’s built to the new directory, which we’re not fully using yet, and it has some information that may surprise you. For example, did you know we could see every IP address you’ve ever used to submit a plugin?

On Contributor Day, I’ll be asking victims– volunteers to help with it, to explain things more clearly, and to make this something that can be used to (eventually) include more reviewers.

Speaking of, before you ask for the status, here it is: Not yet.

Once the new directory is live, and once the existing reviewers have worked out the best flow, then we will bring in some existing developers to join us. But it’s not going to suddenly be a flood gate. We’re trying to avoid hitting a backlog as bad as the theme team has, and I’ve been closely watching how they handle reviews and trying to see what we can do to navigate that kind of a delay. Obviously ‘more reviewers!’ isn’t the only answer, and right now I feel that the right fix for plugins is a more streamlined system. I have a plan. I’m sure it won’t last the first day against the enemy (i.e. plugins).

See you all soon at WordCamp US!

#notice #handbook

User Testing the Directory Revamp

Does the directory currently have a kind of ‘meh’ UX? Yes. Yes it does. We know it. We know search is chancy at best, and people (especially developers) get grumbly when they can’t find what they want.

Well. Here’s your chance to step up and help us fix it.

Plugin Directory User Testing – Round 1

The tl;dr here is @mapk had some tasks for he asked people to run through to try and report on. Using that information, we’ll figure out what has to be changed, what’s going to have to be lived with, and what can and cannot be improved.

But it won’t get better without YOUR help.

So if you care about the usability of the Plugin Directory, please help. Speak up and try the tests yourself. Figure out what’s broken and speak up on it. We need to know.

Revised Guidelines Are Live

We soft-launched them on the 20th, just to make sure we didn’t mess anything up. Those last few spelling and grammar edits are killer. However yes, the guidelines, reviewed and revised by the community are now the official Plugin Developer Guidelines.

While I can hope they’re easily understood by all, I know that’s a fond wish. I’m leaving the repository on Github open for the time being, in order to allow people who spot late breaking issues to report them. If you do spot problems, please open an issue on the GitHub Repo or email plugins@wordpress.org and let us know.

In addition to just rewriting the guidelines, we took the time to codify the expectations of developers and cost of not abiding by the guidelines, as well as a reminder that we do remove plugins for security issues. We are doing our best to be transparent of what we expect from you and, in return, what you can expect from us.

Finally, THANK YOU. Everyone who helped write this, edit it, and who was patient understanding I was chasing down people to get their sign-off on what might be construed as massive changes, I greatly appreciate the time you spent on this project. It’s a massive undertaking to re-write guidelines in the public eye, in a way that won’t pull the rug out from anyone. Our goal was to clarify, not totally change, but also to address the needs of an ever changing technology.

Our goal, as always, remains to provide a safe place for all WordPress users – from the non-technical to the developer – to download plugins that are consistent with the goals of the WordPress project.

Please take the time to read the Detailed Plugin Guidelines.

#guidelines

Plugin Directory Chat: Nov 2

Next plugin directory chat 2016-11-02

We skipped this week and we will next meet at 2016-11-02 22:00:00 UTC

#directory