Welcome to the official blog for the PluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team.
The review team acts as gate-keepers and fresh eyes on newly submitted plugins, as well as reviewing any reported security or guideline violations.
We can be reached by email at plugins@wordpress.orgWordPress.orgThe community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, or via the #pluginreview channel on Slack.
Plugin Check and 2FA Now Mandatory For New Plugin Submissions
On September 17th, David Perez wrote a post on Make Plugins introducing Plugin Check (PCP), which also detailed how pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors could get started using Plugin Check within their development process. The article also explained our new 1-Click GitHubGitHubGitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Action, hosted in the GitHub Marketplace. If you have not already read his post, I would recommend reading it first.
Over the last year, the Plugins Team, in concert with other teams (MetaMetaMeta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress., Performance, and Systems among others), have been working on promoting best practices plugins hosted within the Plugin Directory, and improving its security of the Plugins Directory, while reducing the review queue for new plugins. Today, we’re excited to announce some changes to the process for submitting a new plugin into the WordPress.orgWordPress.orgThe community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ Plugin Directory which furthers these goals.
Firstly, as we announced on September 3, 2024, Two Factor Authentication (2FA) is now required on all plugin owner and committer accounts, as of today, October 1, 2024. This means that it must be enabled on a WordPress.org account that would like to submit a new plugin into the Plugin Directory. Instructions for enabling 2FA on your WordPress.org account can be found on that announcement post. We encourage all plugin owners and committers to turn on 2FA for their WordPress.org accounts if you have not already, as well as using the new SVN password feature. Please also audit your plugins for committers who may not need commit access anymore, and familiarize yourself with the Release Confirmation feature. You can learn about performing the last two steps in the post, Keeping Your Plugin Committer Accounts Secure.
Secondly, as of today, when you submit a new plugin to the Plugins Directory, it will first be run through Plugin Check’s Plugin Repo categoryCategoryThe 'category' taxonomy lets you group posts / content together that share a common bond. Categories are pre-defined and broad ranging.. If the new plugin has an error level item in this category, the submission will be blocked from being submitted for review, until it is fixed. The Plugin Team’s goal over the last year has been working on reducing the review queue length for new plugins. Alongside onboarding new team members and improving processes, adding Plugin Check to pre-check all new submissions now allows the team to reduce the initial queue by making it easy for plugin authors to identify and fix those issues most commonly seen in new plugins issues. The Plugin Repo category in Plugin Check catches recurring issues like mismatched versions between the plugin headerHeaderThe header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. and the readme.txt file, plugins using the wrong text domain, and using the wrong ‘Tested To’ values in the readme file. To be clear, the addition of Plugin Check as a pre-check will not replace manual review of all plugins, or change any of those processes, but instead it allows us to save time. By increasing the percentage of plugins submitted for review that require no changes, this reduces the number of changes needed overall.
An example of what this pre-check looks like is found below:
We’ve run Plugin Check behind-the-scenes on lots of plugins to refine it’s detection, but as with any new process, there may be some false positives. These will be fixed in the first few days, and we thank everyone in advance for their patience.
Over time, we will incorporate more checks into the plugin, for the pre-submission process, by adding additional checks for common Guideline Violations into the Plugin Repo category currently being used, and enabling the Security category as an additional requirement as well.
While this pre-submission check applies only to new plugins being submitted into the WordPress.org Directory, our goal is to continue to expand our use of Plugin Check on existing plugins as well. In the last several months, we have already required all plugins that were pulled from the Plugin Directory for a security vulnerability, to pass the Security category before it can be re-listed. This is, regardless of the connection of items it flags to the originally reported vulnerability. We have seen extremely positive results from doing this.
Lastly, we will be publishing a roadmap for the Plugin Check plugin, on how it will be run more broadly on existing plugins, in a future dedicated post. In the meantime, we recommend that developers integrate the use of Plugin Check into their active development workflows. You can also help us make Plugin Check even better by contributing to it on it’s GitHub Repo.