Welcome to the official blog for the PluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team.
The review team acts as gate-keepers and fresh eyes on newly submitted plugins, as well as reviewing any reported security or guideline violations.
We can be reached by email at plugins@wordpress.orgWordPress.orgThe community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, or via the #pluginreview channel on Slack.
Between December 31 2019 and December 28 2020, we have:
8486 plugins submitted (up from 8048)
1338 plugins rejected (up from 1221)
3317 plugins closed (down from 6038)
676 plugins pending review on average week to week (up from 623)
It’s not a huge increase in workload, and unlike last year, we have only three spikes of massive closures.
Here’s an overview in table format:
Requested
Rejected
Closed
Approved
Pending
Most in a week
221
111
600
132
790
Least in a week
128
2
10
41
560
Average
169
28
65
69
676
YEAR TOTAL
8486
1338
3317
3451
595
Overall, the load was slightly up but nothing to phone homePhone homeA plugin that “phones home” sends back tracking information to the plugin developer once it’s installed on a site. This may include IP addresses, usernames, or other data. about.
The number one reason a pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party is closed is, still, bounced emails. The number two reason is security, followed by general guidelines and trademarks.
The number one reason a plugin is pended for approval is sanitization/validation related (remember you have to do both – sanitize and validate – because otherwise people will put ‘dog’ in for a value of how many hats they need).
Looking Back at 2020
We had some wins and some losses.
First, here’s what didn’t go great:
New Team Members — this was probably the worst year for that, seeing as real life kicked everyone around. Of the people onboarded, one remains semi-active.
Tools — I did not manage to convert my shell script to something mass-consumable, but I did make significant progress in improving it
Trademarks — Legal representatives from multiple companies have forced us to be harsher and more strict with trademark usage. There’s very little we can do here.
Now here’s what did go well!
HelpscoutHelp ScoutA 3rd party service we use to process emails for plugin reviews. — This has been a godsend. We’ve managed to improve a lot of automation with it, speeding up everyone’s work.
.Org Tools
There are a lot more checks for trademarks in slugs and display names now, so people can’t even submit violations.
We added a lot of code to allow people to better manage their own plugins. For example, you can close your own plugin as well as change the primary owner.
Helpscout
As mentioned last year, we make heavy use of Saved Replies to speed up reviews and processing. Here again, in order from most used to least, are the most commonly used replies:
Reviews
These are sent out during reviews to help identify issues:
Review: Please sanitize, escape, and validate your POST calls
Review: Undocumented use of a 3rd Party or external service
Review: Including Libraries Already In WP CoreCoreCore is the set of software required to run WordPress. The Core Development Team builds WordPress. (including jquery)
Review: Including out of date libraries
Review: Including your own CURL code
Review: Calling file locations poorly (also hardcoding in paths)
Review: Whole $_POST processing
Review: Including full vendor/demo/documentation folders
Review: Using esc_ to sanitize (not esc_url)
Review: Plugin uses Error Reporting in public
Review: Display Name infringes on trademarks (slug is fine)
Review: Using variables/defines for text-domains (this breaks glotpress)
Review: Allowing Direct File Access to plugin files
Review: Not using Nonces and/or checking permissions
Review: Plugin is still calling localhost
Review: Your admin dashboard has an iframeiframeiFrame is an acronym for an inline frame. An iFrame is used inside a webpage to load another HTML document and render it. This HTML document may also contain JavaScript and/or CSS which is loaded at the time when iframe tag is parsed by the user’s browser.
Rejected
These are the most common reasons a plugin was rejected:
Rejected: New/renamed version of their own plugin
Rejected: Not Your Plugin (Tried to upload vs host)
Pended
The top three reasons a plugin is pended before we even review it:
Pended: Name Infringes on Trademarks (slug and name need to be changed)
Pended: Not Official Owner
Pending: Website incomplete (coming soon/demo)
Replies
These are common replies to common issues.
Reply: Rescan (Plugins must be checked before being reopened)