X-post: A Little (Late) Spring Cleaning

X-comment from +make.wordpress.org/project: Comment on A Little (Late) Spring Cleaning

X-post: The Incident Response Team is looking for new members

X-comment from +make.wordpress.org/community: Comment on The Incident Response Team is looking for new members

X-post: Criteria for Creating or Migrating Repositories under the WordPress GitHub Organization

X-comment from +make.wordpress.org/project: Comment on Criteria for Creating or Migrating Repositories under the WordPress GitHub Organization

Plugins Team at WCEU 25 | Contributor Day

WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. Europe 2025 is coming soon and we will have several tables dedicated to the plugins team in the contributor dayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/.!

A big part of the team will be at Basel and we are ready to carry out different activities according to the interests of the community present there.

Our main topics for the contributor are:

PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Check Plugin

Learn how it works and how to contribute to the project that is helping plugin authors to check their plugins for different kinds of possible issues.

Prepare for the event in advance:

Documentation

Help out contributing to the documentation by detecting areas not covered by the current documentation and contribute suggesting changes to it.

Prepare for the event in advance:

Handbook

Learn about the best practices for developing plugins for WordPress.

Prepare for the event in advance: Gather your questions!

General talk

Talk among the community about questions regarding the directory, how the team works, guidelines, etc.

Prepare for the event in advance: Get familiar with the Plugin Directory Guidelines.


We are looking forward to seeing you there!

#contributor-day

Announcing the Next Plugin Review Team Reps

We’re happy to announce that @davidperez and @frantorres are stepping in as the next team reps for the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team!

Plugin team reps help coordinate the team’s duty, coordinate communication with the community, and ensure important updates and community activities stay on track.

Over the past two years, the new team has made important progress — incorporating new members, reducing the plugin queue, creating and improving tools, streamlining the reviews and refining processes — thanks to the collective effort of everyone involved.

Looking ahead, the team is preparing to tackle new challenges, which we believe will include: the impact of AI, further tool enhancements, proactive reviews, and improving documentation.

A big thank you to the entire team for their dedication, to the contributions through the “Five for the future” program and to all plugin authors for keeping their plugins secure, compatible, and compliant. Together, we are evolving the WordPress plugin ecosystem!

The WordPress Ecosystem is Growing: New Plugin Submissions Have Doubled in 2025

This year, the number of plugins submitted has grown by 87% compared to last year

🌱 We have great news from the Plugins team. The submission of new plugins in WordPress has almost doubled this year, helping the WordPress ecosystem to grow.

The WordPress developer community is celebrating as they maintain and increase their submissions to be reviewed and published in the WordPress directory.

As you can see in the graph below, we detected this increase since last September, and we can observe the impact of AI as well as achievements made by the team, such as having automated tools and improvements to the internal Scanner, which, in our view, have contributed to the rise in pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party submissions to the official directory.

The Rise of AI 🤖 in the Plugin Directory

🤓 It’s clear that AI is influencing plugin submissions to the directory. Here, we analyze plugins that have “AI” in their title, showing the use of Artificial Intelligence integrated into WordPress.

As seen in this chart, growth is exponential, with many plugins directly using AI to offer features within the directory.

If we were to group them by functionality and ordered by number of submissions, we’d have these categories:

💬 Chatbots / Virtual Agents
✍️ Content Generators
🛒 Ecommerce / WooCommerce
🔍 SEO
🖼️ Multimedia Generation (images, 3D, etc.)
📝 Forms / Inputs
✨ Summaries / Highlights
❓ FAQ / Q&A Generators
🌐 Translation / Multilingual
🏷️ TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. Management (categories/tags)
📋 Titles and Metadata

We highly appreciate developers betting on WordPress to include Artificial Intelligence and improve integration and functionalities for users.

The Impact of AI on Plugin Development

Artificial intelligence has become a key tool to speed up and improve plugin development in WordPress. From writing code to generating ideas, here are some standout ways AI is helping:

  • Code Assistance: AI tools assist developers by providing contextual suggestions, code snippets, and guidance on the use of WordPress-specific functions, hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. and APIs.
  • Code Debugging and Review: AI can analyze your code and suggest improvements for performance, security, or WordPress standards compliance. It can help understand Plugin Check Plugin warnings and offer specific solutions.
  • Auxiliary Content and Documentation: Automatically generate parts of documentation, FAQs, changelogs, or tutorials for end users.

Improvements to the Team’s Internal Scanner

We’ve upgraded our internal tool focusing on three pillars: better detection, more examples, and AI integration.

We revamped the tool that assists our manual reviews by catching more issues and checking more detection points, while customizing examples to make it easier for developers to find solutions.

Remember, the main security issues stem from lack of sanitization, escaping, and nonce usage.

Finally, we’ve added AI to detect duplicate or similar plugin names in the directory, making the team more productive.

Free Tool for WordPress Developers

Since last year, we have the Plugin Check Plugin tool, which lets you review your own plugin. Plugin Check Plugin is an official tool that automatically checks if your plugin meets WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ directory requirements and best practices.

More info is available in the detailed introductory post.

Since September 2024, Plugin Check Plugin has been integrated for automatic reviews directly on WordPress.org, improving review speed and reducing issues by 41% when approving a plugin.

Team Effort: Less Average Waiting Time

Even though we’ve received twice as many new plugin submissions, we should applaud the team’s dedication to keeping the time for first reviews low.

A short waiting time for plugin review encourages developers to publish in the directory and offers many advantages:

  • Faster publishing cycle: Less time between idea and public availability.
  • Better developer experience: Less waiting to validate ideas reduces frustration, increases motivation, and strengthens the WordPress community.
  • Incentive to innovate more: Our community becomes more competitive with an agile process, encouraging experimentation and initial version releases.

This year, we are also managing to keep the average waiting time for the first review at a minimum. We work hard every day to maintain this commitment and avoid long delays that could discourage new plugin development.

This post was written by @davidperez and reviewed by @frantorres and @rabmalin

X-post: Help Test WordPress 6.8

X-comment from +make.wordpress.org/test: Comment on Help Test WordPress 6.8

Plugin author now linked to WordPress.org profiles

The way the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party author information is displayed in the directory has changed; it’s now linked to the plugin owner’s public WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ profile.

We refer to the field that is displayed under the plugin title and is preceded by either a icon depicting a person or the text ‘By’, this represents the author of the plugin.

A screenshot of what the plugin information looks like in the plugin listings of the directory.
A screenshot of what the plugin information looks like in the header of a single plugin page.

Who’s the author?

Previously

This value was taken from the plugin’s headers, from the “Author” and “Author URI” fields.

This made it possible for plugin authors to display any name and link to any website.

Now

This value is taken directly from the plugin owner’s profile. It shows the owner’s display name as set on their WordPress.org profile and a link to their profile.

This way, the plugin attribution you see is directly linked to the plugin owner’s WordPress.org profile.

FAQ

Can plugins pages still include external links?

Yes, as long as those links do not contravene the guidelines. External links can be included in the readme file so that they’re displayed on the plugin page, and plugin authors can also add links on their WordPress.org profile page.

Does this change apply retroactively to existing plugins?

Yes, this is a change to the way it is displayed throughout the directory.

Can multiple authors be credited for a single plugin?

While only the plugin owner’s display name and profile will be shown under the plugin title, multiple contributors can still be listed on the “Contributors & Developers” section. This can be set in the “Contributors” field in the plugin’s readme file.

Can plugin teams still list their company / team / group / brand name instead of a personal profile?

Yes, a company/team/group/entity can have one account to manage their plugins, In this case, they should consider the following:

  • Accounts belonging to a company/team/group/entity are not allowed to participate in forums. Community forums are a space for people, not companies or groups. Members can have personal accounts to participate in forums. They can be added as Support Reps in the advanced section of the plugin.
  • All plugins owned by a company/team/group/entity must be under the same account. This means that if they have 8 plugins, those 8 plugins must be under the same account, not under different accounts. When having different brands, you will need to decide what you want to display on all plugins, and users will be able to see all plugins published under that name.

I need to change how the author is displayed, what can I do?

If the plugin is associated with the correct WordPress.org account, you can simply change the display name in your WordPress.org profile.

If this is not the case, you can transfer your plugin to another account. Just remember that if you have multiple plugins, you are expected to transfer all of them so that they are owned by one account (see the previous FAQ for more information).

#directory

A Year in the Plugins Review Team – 2024

It’s been a transformative year of growth in the WordPress Plugins Directory, particularly as the Plugins Team welcomed several new members onboard. Throughout this time, we remained focused on our primary goals: enhancing security, improving the review process, and fostering community engagement.

Our security efforts have focused on creating tools to benefit all developers, including the introduction of mandatory PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Check for new plugin submissions, 2FA in SVNSVN Short for "SubVersioN", it's the code management system used to maintain the plugins hosted on WordPress.org. It's similar to git. and our renovated Internal Scanner Tool. These features, detailed here, enhance security and streamline the submission process. Additionally, the SVN Password feature has become a critical measure to prevent account theft and related issues.

When it comes to reviews, it remains our most time-intensive task, reflecting our commitment to maintaining quality and trust within the Plugins directory.

Since September 2023, the plugin review queue—once around 1,300—has seen significant improvements thanks to enhanced tools, refined workflows, and better submissions. In October 2024, the queue even briefly hit zero. The Plugin Check plugin has been key, enabling developers to improve code quality and security pre-submission, which in turn has sped up reviews. Over the past year, 2,983 plugins have been approved, and the number of reviews required per plugin has increased. That means that we now detect more issues per plugin.

The Plugin Check plugin has significantly reduced the time for reviews, bringing the average wait time down from 37 weeks to 9 weeks, even as plugin submissions have almost doubled. In the past year, we’ve reviewed 7,382 plugins—59,1% more than the previous year—while detecting more issues through both automated and manual reviews than ever before. This has resulted in faster, more thorough reviews despite the increased volume of submissions.

We have continued refining our Internal Scanner tool, a magnificent legacy created by Mika Epstein, to streamline reviews and boost productivity. Recent updates, encompassing over 400 commits, include new checks for issues like sanitize and escape, along with enhanced examples and personalized guides to help plugin authors effectively resolve identified issues.

The tool now features over 200 checks, detecting a wide range of potential security-related issues while also supporting reviewers in conducting thorough manual reviews.

The issues highlighted in the chart below account for approximately 80% of all issues detected.

For more reading about these and other common issues, you can click here.

With regard to improving the plugin development community, we have focused on migrating and maintaining the Developer Handbook to GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ which can now accept contributions. 

The team is also participating in the Plugins tables at various contributor days at WordCamps, helping and encouraging users to create their plugins whilst using WordPress best practices.

We will aim to do this type of review each year, and until the next one, please remember to use Plugin Check! Adding it to your development workflow will save you effort, and countless hours. As our roadmap outlines, we promise to increase its capacity, and usefulness.

Post written and reviewed by @janmtm @chriscct7 @frantorres @davidperez

Plugin Check Goals & Roadmap

PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Check, a multi-team effort within the WordPress project, is designed to allow plugin authors to check the plugins they develop to catch and self-service commonly found issues seen in plugin initial submissions and re-reviews for WordPress Plugin Directory Guideline violations, security issues, and plugin development best practices. If you have not already done so, I recommend reading the Introducing Plugin Check (PCP) post and the post outlining PCP becoming a pre-submission requirement for new plugins to Plugin Directory before reading the rest of this post.

Goals of Plugin Check

The goals of the Plugin Check Plugin (PCP) within the Plugins Team are primarily to:

  • Allow developers to self-service issues found in initial plugin reviews
  • Improve the security of plugin code
  • Promote best practices within plugins and ensure Directory Guidelines compliance

Let’s dive into each of these to explore them in more detail, and talk about how they correspond to goals found in the roadmap for Plugin Check.

Allow Developers to Self-Service Issues Found in Initial Plugin Reviews

The majority of the issues that are caught with plugins in the initial review of a new plugin are violations of the Guidelines or issues with Plugin Directory rules (such as: not using a unique prefix for names of classes/functions; an invalid readme; plugin versions in the readme not matching the plugin headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes.; etc).

Our goal is to allow plugin developers to test for the majority of these before they submit their plugin with one click using Plugin Check. As a backup, a more limited set of these checks (the ones that almost or neverdeliver a false positive) are automatically run against a plugin before it can be submitted into the queue (this part is already live on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/). 

This process helps developers address issues before submission, reducing back-and-forth and speeding up reviews. It saves time for the Plugins Team and allows new plugins to go live on the repository more quickly. To improve upon this, one of the goals for Plugin Check is to further this goal by adding more checks, making the UXUX UX is an acronym for User Experience - the way the user uses the UI. Think ‘what they are doing’ and less about how they do it. of the plugin better, and building more ways for plugin authors to build Plugin Check into their development flow.

Improving The Security of Plugin Code

While no static analysis or rule set tool will ever be able to catch 100% of security vulnerabilities in plugins, our goal with Plugin Check is to aggressively work on tackling the ones we see most commonly. The majority of security issues generally found in plugins are things like missing nonce/capability checks or missing sanitization/escaping/validation— issues that are oftentimes easier to build detection around. By helping developers catch and address potential security issues, especially before release, we can make plugins more secure overall.

During Phase 1 of the security categoryCategory The 'category' taxonomy lets you group posts / content together that share a common bond. Categories are pre-defined and broad ranging. rollout for developers submitting plugins for security re-review, the team has observed that even the limited checks in Plugin Check significantly improve plugin security and reduce the time reviewers spend on these reviews by minimizing follow-up messages.

In Phase 2, we will focus on adding more comprehensive checks for additional common security issues found in the .org repository.

Promote best practices within plugins and ensure Directory Guidelines compliance

The Plugin Directory now hosts over 60,000 plugins crafted by a diverse group of authors, ranging from first-time developers to seasoned commercial plugin companies. These plugins span a wide spectrum—some offer simple quick fixes, while others are robust SaaS replacements. They also reflect varying levels of community involvement, from WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Committers to software companies integrating their services with WordPress.

Because the Plugin Review Team reviews plugins from authors with varying levels of experience, we occasionally encounter plugins that violate the Plugin Directory Guidelines or contain code that deviates from WordPress development or security best practices. Most violations or oversights come from authors unfamiliar with the Guidelines, so the team approaches these cases as teaching opportunities rather than punitive actions.

With WordPress Core and GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ evolving rapidly, even experienced plugin authors may struggle to keep up with the latest best practices. While the Plugin Team and Core Teams provide resources like Make Posts and pre-release emails to communicate key updates, the Plugin Check project aims to simplify this process. Plugin Check allows authors to quickly scan their plugins for performance improvements and best practice opportunities.

The Plugin Team has collaborated with teams like the Performance Team, co-developers of Plugin Check, to identify performance enhancements and catch common Directory guideline violations. In Phase 2, we plan to expand these checks and collaborate with additional teams to further support plugin authors.

We’ve recommended that plugin developers integrate Plugin Check into their development workflow and have worked to make it as accessible as possible by enabling multiple ways to run it:

  • As a standard WordPress plugin (with UIUI UI is an acronym for User Interface - the layout of the page the user interacts with. Think ‘how are they doing that’ and less about what they are doing.)
  • As a WordPress CLICLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress. command
  • As a one click GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Action (to integrate with development workflows — repository link / GitHub Marketplace link)

We’ll continue improving Plugin Check in Phase 2 by simplifying output customization for easier integration.

Phase 2 Roadmap Overview

In Phase 1, Plugin Check was released to the community as a plugin available through WordPress.org. It became a requirement for new plugin submissions to the Plugin Directory and for relisting plugins that were pulled due to security issues, requiring all Security category checks to be passed.

In Phase 2, Plugin Check will expand to cover updates made by plugin authors to plugins already in the Directory. The initial rollout will include a post-SVNSVN Short for "SubVersioN", it's the code management system used to maintain the plugins hosted on WordPress.org. It's similar to git. check-in process, where Plugin Check will email plugin authors about detected issues and notify Plugin Team members based on severity.

Specific rollout timelines and processes for Phase 2 will be shared in a future Make Plugins post as its release approaches.

To roll out Phase 2, the Plugins Team will prioritize essential updates to Plugin Check, considered prerequisites for this phase. These updates will collectively define the Phase 2 priorities.

  1. Improve Documentation and Messaging: Ensure every Plugin Check rule has clear documentation and intuitive messaging to make it self-service. Each check should explain what is wrong, how to fix it, and where to find updated resources. This reduces questions about individual checks.
  2. Develop Conditional Rule Application: Create a system to exclude or conditionally apply rules. This allows flexibility for custom check categories and handles evolving guidelines, such as varying prefix length requirements based on a plugin’s addition to the Directory.
  3. Enhance User Interface: Improve Plugin Check’s UI to help plugin authors quickly understand check categories, distinguish required vs. optional checks, and create a cohesive experience for custom rulesets added by developers or companies.
  4. Introduce Experimental Checks: Add an experimental checks feature to let plugin authors betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process.-test new rules before they become mandatory. This helps identify edge cases, encourages contributions from new developers, and supports iterative rule development.
  5. Build Retroactive Directory Integration: Enable Plugin Check to run on plugins already in the Directory after a release. Alerts based on the severity of issues detected will notify the Plugin Team and/or plugin authors. This integration ensures ongoing improvement of plugins, leveraging the success of Plugin Check for new submissions and enhancing the overall quality of the Directory.

We’re excited to kick off development of Phase 2 of Plugin Check! If you’re a plugin author, we encourage you to integrate Plugin Check into your development workflow. The GitHub Action is a great starting point, and running Plugin Check against your existing plugins can help identify improvement opportunities (repository link / GitHub Marketplace link). Additionally, spreading awareness is crucial—tell other plugin authors you know about Plugin Check. The more developers who use it, the better the tool becomes for the entire community.

For those interested in contributing directly to Plugin Check, you can find the GitHub repository here. Whether you have ideas for new checks, want to write or test code, or help improve documentation, there are always tasks needing assistance. We’re grateful for any contributions to help improve Plugin Check and support the WordPress ecosystem.