There’s been a lot of quiet change going on for Plugins, so now is as good a time as any to get into it!

If you’re interested in any details missing, leave a comment. I do ask you try not to speculate too much into the why’s and wherefores of what people do with plugins. I’ve been at this a while, and the one thing I can promise is people do weird things.

New Email System

We finally migrated off of the old system and on to HelpScout in March, which allows us the ability to sort and organize emails into teams. It also lets us properly filter bad actors so not everyone has to deal with them. We make heavy use of automated filters now, which has let us do the impossible …

New Team Members

We onboarded two new team members in November and have been easing them in to the weird workload of Plugins. They’ve been instrumental in sorting out what filters and team assignments do and don’t work well for Plugins.

New Tools

I’ve been using a new bash script to expedite scanning plugins. While we’d love to use WPCS (and I personally recommend it to for everyone), even with a heavily parred down version it hasn’t quite met our needs. The goal for next year is to move the bash script into a PHP plugin we can use to automate a lot more.

New Replies

Our saved replies (the standard ones you get for closures and reviews) have all been cleaned up, spellchecked, and formatted for easier reading. Now, when you get an alert that your plugin has been closed, we attempt to direct you on exactly how to resolve the issues. This is still a bit of a work in progress, but we’ve made great strides on consistent tone and softer language.

New Restrictions

Sadly as many people found out, we got dinged hard by some trademark owners, and are taking action against people who violate trademarks. Around 1000 plugins were closed due to that, and it’s one of those things we can’t protect you from. We’ve changed the plugin uploader for new submissions to block a lot of that.

Remember the basic rule: If it’s not your company/product/library, don’t begin your plugin Display Name or permalink with it!

(Trademark owners: Please ask the developer to changes things before coming to us. Communication will help everyone.)

The Stats!

A lot of people like this part. Here’s the overall outlook from 2019:

And in a slightly more consumable summary table:

	Requested	Rejected	Closed	Approved	Pending
Most in a week	194	109	480	118	718
Least in a week	129	2	9	25	527
Average	161	25	117	76	623
Year to Date	8048	1221	6038	3836	N/A

We’ve had 1000 more plugins submitted in 2019 than 2018, however the Rejected and Approved numbers only went up by 100.

So where are the extra 800 plugins? On average, pending plugins did go down but only by about 25 a week. Most of the missing counts are there, but they’re also in the dreaded “Closed” section.

A higher than expected number of developers have submitted plugins for review and then asked them to be closed within a 6 month timeframe. This has led to us pushing back on people and making notes in their accounts about that kind of behavior. There hasn’t yet been a common thread to why that’s happening, so we’re keeping an eye out.

HelpScout Overall

HelpScout also helpfully provides their own statistics for how much we used them. This is just since March when we switched over:

• Customers: 6665
• Conversations per Day: 35
• Busiest Day: Thursday
• Email Conversations: 12,829
• Messages Received: 17,439
• Replies Sent: 18,931
• Emails Created: 6650
• Resolved: 6642
• Resolved on First Reply: 31%
• Closed: 11,818

HelpScout Saved Replies

We make heavy use of Saved Replies to speed up reviews and processing. These were brought in to use in chunks, and I’m omitting the exact numbers. They won’t do you any good to know we sent 2,679 “Approval after send” emails when you realize we also only sent 628 “Intro to new Review”. All that means is we pulled in the Approval email first. Next year these stats will be more useful.

All that said, I think having a look at what the most common sorts of issues are might be a little enlightening. Everything is ordered from most use to least.

Closed and Warned

These emails are sent out when a plugin is closed or the developer needs to be warned about issues/behavior.

• Closed: Trademark Abuse (All)
• Closed: Removal Request Completed
• Closed: Security Exploit
• Warning: Sockpuppets
• Warning: Trademark Violation
• Notice: Closed Becuase Email Bounced
• Warning: Security Issue (NOT CLOSED)
• Closed: General Guideline Violation

Reviews

All these emails are sent when a plugin is being reviewed.

• Approval: Approval after send
• Review: End Of Review (goes at the end of all reviews)
• Review: Intro to new review (all new reviews start here)
• Review: Please sanitize, escape, and validate your POST calls
• Review: Generic function/class/define names
• Review: Incomplete Readme
• Review: Including your own CURL code
• Review: Not using wp_enqueue commands
• Review: Calling remote files (js, css, images, etc)
• Review: Including Libraries Already In WP Core (i.e. jquery)
• Review: Calling file locations poorly (also hardcoding in paths)
• Review: Including out of date libraries
• Review: Undocumented use of a 3rd Party or external service
• Review: Not using Nonces and/or checking permissions
• Review: Using file_get_contents on remote files
• Review: Calling core loading files directly (wp-config, wp-load, wp-blog- etc etc)
• Review: Display Name infringes on trademarks (slug is fine)
• Review: Using esc_ to sanitize (not esc_url)

Pended

A pended plugin is one we stop before even reviewing the code. This usually happens because someone’s infringing on trademarks, or using a personal account to submit a company owned plugin.

• Pended: Name Infringes on Trademarks (slug and name need to be changed)
• Pended: Never replied to previous review (was rejected)
• Pended: Not Official Owner

Rejected

This should give you an idea of why plugins are rejected. Top of the list? People who don’t reply.

• Rejected: Review never completed within 6 months
• Rejected: Not Your Plugin (Tried to upload vs host)
• Rejected: Generic for plugins we’re just not hosting
• Rejected: Framework or Library Plugins
• Rejected: New/renamed version of their own plugin

Miscellanous

The rest of the emails are lumped together. You’ll notice we have prefixes to what each email is. That helps us find them faster.

• Notice: Plugin Restored
• Reply: Plugin Slug Renamed
• Reply: Rescan (Plugins must be checked before being reopened)
• Thank You: Security Report
• Thank You: Guideline Report
• Reply: Don’t call people ‘sir’
• Thank You: Generic, Will Review
• Notice: AutoReply Sucks
• Notice: Already Mailed Review
• Approved: Resend Approval
• Question: Why Close?
• Reply: Cannot Rename Plugins (for people who email RIGHT after approval)

#statistics, #year-in-review