David Perez 9:44 pm on January 7, 2026  

A Year in the Plugins Team – 2025

If there is one thing worth highlighting this year, it is how AI has impacted the WordPress pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party ecosystem. This impact is evident both in the number of submissions sent for review to be published in the directory, and in how the team is implementing AI-based analysis processes to help deliver improved workflows with a certain level of automation.

The WordPress “Plugin Review Team” proposed a name change to the “Plugins Team” to better reflect the broader scope of its responsibilities, which went beyond reviewing new plugin submissions. At that time, the team was also working on improving tools such as the Internal Scanner and the Plugin Check Plugin, incorporating automated and AI-assisted checks, and collaborating closely with the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team to resolve open tickets and enhance features of the plugin directory. The change aimed to align the team’s name with its expanded role in improving the overall quality, reliability, and security of plugins in the ecosystem.

Increase in the number of directory submissions

The number of submissions sent for review has doubled compared to last year. While last year we had an average of 150 weekly submissions, in the final weeks of this year the 300 mark has been surpassed, with volumes stabilising at around 330 submissions per week.

This situation continues to challenge the team to keep the queue for a first review under one week, even with this doubled volume of submissions.

To meet this goal, we have focused on improving the team’s two main tools: Internal Scanner and the Plugin Check Plugin.

Summary of WordPress Plugin Reviews in 2025

In 2025, the WordPress Plugins Team reviewed 12,713 plugins, representing a 40.6% increase compared to 2024. This confirms a continued and substantial growth of the plugin ecosystem, with significantly more submissions entering the review process.

During the year author responsiveness improved slightly compared to 2024, sadly 38.7% of the plugins we reviewed received no reply from their authors, which remains a relatively high proportion. Although this percentage decreased by over 10% in respect to 2024, it continues to be a major factor that prevents volunteers from making better use of their time.

Despite this, plugin approvals increased in absolute and relative terms. Out of the 7,882 plugins that followed the review process, a total of 5,415 plugins were approved, up 66.2% from the previous year with 3,259 approvals. Overall, 69.5% of reviewed plugins were approved (63.4% in 2024), showing a clear improvement in approval rates. Highlighting once again that active developer engagement strongly correlates with successful approval.

The review process in 2025 was also more intensive and thorough. The total number of reviews carried out grew by 52.2%, exceeding 58,000, as each plugin normally requires more than one review before it’s ready for approval.

The number of issues identified during reviews increased by 15.1%, reaching 59,137 issues. This rise reflects deeper scrutiny rather than a decline in quality. In fact, the average number of issues per plugin decreased, indicating that submissions were generally better prepared. This improvement is even clearer for approved plugins, which required significantly fewer issues to be resolved on average than in previous years.

In summary, 2025 was a year of scale, stronger review practices, and gradual quality improvement, but also one of growing operational demands:

  • Plugin reviews increased by 40.6%
  • Plugin approvals rose by 66.2%
  • Detected issues increased by 15.1%
  • Average issues per plugin declined, especially for approved plugins
  • Nearly 4 in 10 plugins reviewed by the team received no reply from their author.

Overall, we have a more mature and quality-focused review process, supported by automation and better-prepared submissions, while also highlighting the need to further address responsiveness and review capacity as the ecosystem continues to expand.

Internal Scanner incorporates AI

The internal scanner is the in-house tool that the team uses to review plugins. It searches for hundreds of possible issues that the reviewers either confirm or dismiss when creating a report. As part of the improvements to this central tool for our day-to-day plugin reviews, we have worked on reducing review time, particularly for highly repetitive and time-consuming processes such as:

  • Verifying that the plugin name does not conflict with existing published plugins.
  • Ensuring branding is used correctly and complies with guidelines.
  • Verifying plugin ownership.

During this year, we added more than 80 new features and checks to our internal tools, as well as incorporating over 100 improvements and behavioral changes. Our focus was on expanding automated checks, enhancing AI-assisted reviews, minimizing false positives, and significantly improving performance and scalability (e.g. bulk scans, caching, and parallel execution). We also created new tools to help streamline communication with authors who contact us via the support inbox.

Plugin Check Plugin strengthens its role as an author-focused tool

Since the launch of this plugin, we have continuously improved it by adding new checks and refining existing ones.
In 2025, the main advancements include:

  • 5 major versions released in 2025
  • New security checks: 5+ (nonce verification, direct DB queries, forbidden functions, minified files, wp_safe_redirect)
  • New code quality checks: 10+ (prefixing, textdomain improvements, localhost detection, etc.)
  • Expanded license support: added ISC, MPL-2.0, and The Unlicense
  • CLICLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress. improvements: strict output format, ignore codes, slug argument
  • PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. compatibility: enhanced support for PHP 8.1+

The plugin has evolved from a basic validator into a security-focused tool with improved code quality checks, better CLI support, and stronger validation against WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ plugin directory requirements.

PCP now performs security reports on plugin updates

Since October, and in collaboration with the Meta team, we have implemented PCP to run automatic scans on every new plugin version update.

This new strategy aligns with the team’s objective of establishing proactive measures to improve the overall security of the WordPress plugin ecosystem.

At present, an internal report is generated, but our next goal is for authors to receive a report outlining the main detected issues, enabling them to actively improve the security of their plugins. We expect to see this enhancement rolled out in the coming weeks.We continue to recommend that authors follow best practices such as the WordPress Coding Standards and set up automated workflows—such as GitHub Actions—to have their plugins reviewed by Plugin Check as part of their development process.

Conclusion

In conclusion, it has been a year in which we have experienced significant growth in the number of plugins submitted, while the team has remained the same size. The queue has stayed stable thanks to improvements in the tools, which have allowed us to be far more productive.

In addition, authors now have an essential tool to validate their developments before they are submitted to the directory. PCP will help us improve the plugin ecosystem by checking updates in the WordPress plugin directory.

It has also been a year of AI supporting the development of WordPress plugins. Many community members have become involved in plugin development for the first time. This increases the diversity of the plugin directory and shows that AI has lowered the barriers to entry without compromising plugin quality (since the “barrier” for plugin approval has not been lowered).

One of the key challenges for 2026 will be identifying how AI can support the community in improving plugins and strengthening their security, while ensuring this progress delivers genuine, positive impact. At the same time, the team is seeing an unprecedented increase in plugin submissions for review, with record numbers arriving each week. Our challenge will be to scale our team and processes to handle this growth effectively, while maintaining the standards and practices that have always guided our contribution.

This post was written by @davidperez and reviewed by @frantorres

David Perez 4:25 pm on October 29, 2025  

The Plugin Check Plugin now creates automatic security reports after each plugin update

As an important part of the internet, the WordPress community, actively thinks about the security of the ecosystem. Community members, developers, specialized companies, and independent researchers all play a role in maintaining the security of the environment.

In the Plugins Team, we’re passionate not only with improving the tools we already work with, but also with making them public so the community can use them when developing and building plugins.

That’s why the Plugins Team, Performance Team, and MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. Team launched the Plugin Check plugin, a tool that runs checks on your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and generates a report so developers can apply proper security measures and improve the plugin overall.

On September 17th of 2024, we introduced automatic detection of issues for new plugins that fail to meet the minimum required checks. This feature provides developers with guidance on how to resolve these issues before the Plugins Team conducts a manual review.

This has helped improve the quality of plugin submissions before they even reach a human reviewer. Thanks to AI support during manual reviews using our Internal Scanner, plus the team’s effort to complete more reviews, the queue hasn’t grown despite receiving more than double the number of plugins compared to last year.

We are now running Plugin Check for ALL plugins updates, new and already approved.

Since Monday, October 27th, thanks to the Meta team, we’ve implemented automatic detection on wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ for issues related to security, compatibility and compliance.

Right now, this information is available internally for the team, who will evaluate it and send reports to authors as needed. During this phase, we will observe how PCPs behave during updates and we will improve as we see fit.

Once we’ve evaluated the performance of PCP with plugin updates, the goal is to deliver via email a security report to authors right after they update their plugin. Our aim is to promote and maintain good development practices across the entire WordPress ecosystem.

To wrap up: this week marks a small but meaningful step forward in improving the security of plugins hosted on wordpress.org. We look forward to the community taking this opportunity to double-check their plugins when sending an update – or even before.

This post was written by David Perez and reviewed by Francisco Torres.

David Perez 5:28 pm on August 31, 2025  

Stats of Plugins Team after WordCamp US

After WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. US, we have prepared some insights about our team and we wanted to share it with the community.

These are the insights from the Plugins Team:

  • We now have 60,187 plugins published in the directory.
  • Today, we received as many new plugins and completed as many reviews as we did in the entire last year.
  • We have received 7,670 new submissions this year, which is 87.3% more than in the same period last year.
  • Since the start of the year, we have had an average of 235 new submissions per week. In the same period last year, there were 124 new plugins.
  • The queue is less than one week, even though we have received many more submissions.
  • On average, we spend 6.19 review cycles to approve a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, which is 11.2% fewer reviews per plugin compared to last year.
  • 85.3% of first reviews made this year were initiated by an automated system that uses algorithms and AI to perform the first review of the plugin, requiring only minimal input from human reviewers, saving us time.
  • 64.2% of plugin authors successfully engaged with the review process, which is 17.1% higher than the year before.
  • Out of the plugin authors that followed the review process, 60.27% were approved.

In summary, although the number of submitted plugins is increasing, the team’s effort remains steady, thanks in part to AI automation in certain areas. Our goal is to continue improving by implementing AI in more checks, as well as introducing proactive scanning of the current Plugins Directory.

All this data was prepared on the 31th of August.

Written by @davidperez, reviewed by @frantorres

Dion Hulse 3:12 am on August 11, 2025  

Plugin Rollout: Phased Releases

Through #8009-meta we’ve started work on adding Phased / Staged pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party releases to plugins utilising Release Confirmation.

What is phased releases? In short, this allows for your plugin update to be released to a smaller subset of sites prior to full release to all sites.

Why would you want to use it? Sometimes plugin updates can inadvertently break user workflows or run into conflicts with other plugins. Often these issues are not known until after a plugin update is released, and lots of users have already installed the update, this allows for a short timeframe where hopefully engaged users will report issues to you sooner.

How? Initially this has been limited to plugins using Release confirmations. This means a plugin has to explicitly opt-in to using this feature at the time of the plugin’s update release.
To start with, only one strategy is offered, Delay Auto-updates for 24 hours – This disables the WordPress plugin automatic updates for the first 24 hours of a plugin release. Site Administrators can still click on “Update” to install the latest version, as it’s hoped that these users would spot any issues that result from using the updated version.

Release Confirmation showing a rollout strategy selection.
Example of the Rollout Strategy selection included in Release Confirmations.

Technical Limitations

  1. To ease the potential of user confusion, this has been initially launched focusing on disabling automatic updates, rather than disabling the update entirely for a WordPress site.
  2. Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ can only instruct WordPress 6.6+ sites not to automatically update the plugin.
  3. Currently WordPress.org can track the number of plugin updates (Through the Active installs / Active versions statistics), but can’t differentiate between a user-initiated/manual update and an automatic update.
  4. It’s up to 3rd-party update tooling to respect the WordPress 6.6+ flag to disable automatic updates, it’s unknown whether any of these tools respect it. Anything that runs the WordPress Automatic updater should support it.

What will future iterations bring?

What functionality is offered here will heavily depend upon author feedback in using the feature, or what would encourage them to do so. Examples of what this could be include..

  • Strategies that rollout updates to a percentage of sites. For example, 1% per hour, or gradually increasing to 20% over 3 days and the final 80% on day 4.
  • Improvements to find out if there’s been any issues reported in the update. For example:
    • Are plugin reviews overly negative?
    • Have any PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. Warnings/Fatal errors been reported automatically (not implemented)
    • Have WordPress updates been rolling back to their previous version (in the cases of fatal errors)
  • Statistics of how many sites have updated to the new version. Could be a rounded number (like the existing Active Installs) or simply a percentage (like the Active Versions chart). Eg: Plugin: 100k Active installs; Latest version: 80k+ or 80%.

Questions for Plugin Authors

  • Do you plan to use this feature? If not, What would convince you to?
  • What improvements would you like to see?
    For example: What strategies? What additional information? What would tell you your plugin update is a success?
  • Would you like to see manual/user-initiated update availability also disabled?

Thank you to the handful of plugin authors who have already made use of this feature.

Edits: An image of the UIUI UI is an acronym for User Interface - the layout of the page the user interacts with. Think ‘how are they doing that’ and less about what they are doing. added a few hours later.

David Perez 4:01 pm on July 28, 2025  

Requiring the README to be written in English

Every day, we review a significant number of plugins, and since last year, we have been receiving many more requests each week. In addition, our team is made up of a diverse group with different languages and alphabets.

For this reason, our team uses English as the official language within the community and for communication with authors during the review process.

As part of the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party review, we also check the readme.txt file, which contains all the important information about the plugin, such as its name, version, description, authors, and other relevant details. This file is essential for the management and documentation of the plugin, both for developers and users. It also serves as the basis for the plugin’s page published in the directory, which is also visible on wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//plugins/.

The plugin directory supports translations using English as the base language. Each plugin can be translated through translate.wordpress.org, offering versions in different languages for both the plugin information and the user interface. For more information, you can refer to the GlotPress documentation.

From now on, we will ask authors to provide the plugin information in readme.txt in English.

The main reasons for this are:

  • It facilitates reviews and effective communication with the team.
  • English serves as the base for translating your plugin into different languages. This ensures your plugin can be translated once it’s published.
  • It unifies the Plugin Directory interface, avoiding the creation of sections in different languages and alphabets.

This decision has been agreed upon by the team with the goal of serving the general interest and making it easier to translate plugins.

Post writen by @davidperez, reviewed by @rabmalin and @frantorres

David Perez 7:30 am on July 12, 2025  

Team Name Change to “Plugins Team”

Since the team transition that took place in June 2023, the goals of the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team have continued to grow. This change has been internally agreed upon, and we’re excited about the new name.

Here’s a quick summary of our main focus areas:

Review of New Plugin Submissions to the Directory

This has remained our primary task and takes up most of our time. We’re now receiving over 87% more weekly plugin submissions. Our goal is to keep the queue as short as possible and ensure a balanced workload across the team.

Improvement of Internal Tools

The Scanner tool has undergone major upgrades, now performing over 220 automated checks on plugins. This makes the review process more efficient and reliable. We’ve also introduced AI checks for plugin names, helping ensure clear and trademark-compliant naming from the start.

Creation and Improvement of Community Tools

Since Plugin Check Plugin was introduced to the community, it’s become increasingly integrated into workflows, helping plugin authors self-review their plugins and boosting the overall quality and security of the WordPress ecosystem.

The team is now actively contributing to its development, adding new checks, and we’re proposing to use it during plugin updates and commits as well.

Improvement of the Plugin Directory

We’ll be working closely with the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team to help review open tickets and propose new features we believe will improve plugin reliability and security.

We’ve come to feel that the name “Plugin Review Team” no longer reflects everything we do. That’s why we’re proposing a simplified name: “Plugins Team.” Interestingly, the Themes Team made a similar change some time ago.

So we propose updating the name across various community spaces:

  • Page Title: https://make.wordpress.org/plugins/
  • Mentions across wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ websites
  • Community references: Moving forward, we kindly ask the community to refer to us as the Plugins Team.

We believe this small change is well deserved, given all the efforts the team has made to improve the WordPress plugin ecosystem. We’re looking forward to continuing to grow and evolve.

Post written by @davidperez, reviewed by @frantorres and @rabmalin

David Perez 5:16 pm on May 21, 2025  

The WordPress Ecosystem is Growing: New Plugin Submissions Have Doubled in 2025

This year, the number of plugins submitted has grown by 87% compared to last year

🌱 We have great news from the Plugins team. The submission of new plugins in WordPress has almost doubled this year, helping the WordPress ecosystem to grow.

The WordPress developer community is celebrating as they maintain and increase their submissions to be reviewed and published in the WordPress directory.

As you can see in the graph below, we detected this increase since last September, and we can observe the impact of AI as well as achievements made by the team, such as having automated tools and improvements to the internal Scanner, which, in our view, have contributed to the rise in pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party submissions to the official directory.

The Rise of AI 🤖 in the Plugin Directory

🤓 It’s clear that AI is influencing plugin submissions to the directory. Here, we analyze plugins that have “AI” in their title, showing the use of Artificial Intelligence integrated into WordPress.

As seen in this chart, growth is exponential, with many plugins directly using AI to offer features within the directory.

If we were to group them by functionality and ordered by number of submissions, we’d have these categories:

💬 Chatbots / Virtual Agents
✍️ Content Generators
🛒 Ecommerce / WooCommerce
🔍 SEO
🖼️ Multimedia Generation (images, 3D, etc.)
📝 Forms / Inputs
✨ Summaries / Highlights
❓ FAQ / Q&A Generators
🌐 Translation / Multilingual
🏷️ TaxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. Management (categories/tags)
📋 Titles and Metadata

We highly appreciate developers betting on WordPress to include Artificial Intelligence and improve integration and functionalities for users.

The Impact of AI on Plugin Development

Artificial intelligence has become a key tool to speed up and improve plugin development in WordPress. From writing code to generating ideas, here are some standout ways AI is helping:

  • Code Assistance: AI tools assist developers by providing contextual suggestions, code snippets, and guidance on the use of WordPress-specific functions, hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. and APIs.
  • Code Debugging and Review: AI can analyze your code and suggest improvements for performance, security, or WordPress standards compliance. It can help understand Plugin Check Plugin warnings and offer specific solutions.
  • Auxiliary Content and Documentation: Automatically generate parts of documentation, FAQs, changelogs, or tutorials for end users.

Improvements to the Team’s Internal Scanner

We’ve upgraded our internal tool focusing on three pillars: better detection, more examples, and AI integration.

We revamped the tool that assists our manual reviews by catching more issues and checking more detection points, while customizing examples to make it easier for developers to find solutions.

Remember, the main security issues stem from lack of sanitization, escaping, and nonce usage.

Finally, we’ve added AI to detect duplicate or similar plugin names in the directory, making the team more productive.

Free Tool for WordPress Developers

Since last year, we have the Plugin Check Plugin tool, which lets you review your own plugin. Plugin Check Plugin is an official tool that automatically checks if your plugin meets WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ directory requirements and best practices.

More info is available in the detailed introductory post.

Since September 2024, Plugin Check Plugin has been integrated for automatic reviews directly on WordPress.org, improving review speed and reducing issues by 41% when approving a plugin.

Team Effort: Less Average Waiting Time

Even though we’ve received twice as many new plugin submissions, we should applaud the team’s dedication to keeping the time for first reviews low.

A short waiting time for plugin review encourages developers to publish in the directory and offers many advantages:

  • Faster publishing cycle: Less time between idea and public availability.
  • Better developer experience: Less waiting to validate ideas reduces frustration, increases motivation, and strengthens the WordPress community.
  • Incentive to innovate more: Our community becomes more competitive with an agile process, encouraging experimentation and initial version releases.

This year, we are also managing to keep the average waiting time for the first review at a minimum. We work hard every day to maintain this commitment and avoid long delays that could discourage new plugin development.

This post was written by @davidperez and reviewed by @frantorres and @rabmalin

Francisco Torres 7:19 pm on May 26, 2025  

Announcing the Next Plugin Review Team Reps

We’re happy to announce that @davidperez and @frantorres are stepping in as the next team reps for the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team!

Plugin team reps help coordinate the team’s duty, coordinate communication with the community, and ensure important updates and community activities stay on track.

Over the past two years, the new team has made important progress — incorporating new members, reducing the plugin queue, creating and improving tools, streamlining the reviews and refining processes — thanks to the collective effort of everyone involved.

Looking ahead, the team is preparing to tackle new challenges, which we believe will include: the impact of AI, further tool enhancements, proactive reviews, and improving documentation.

A big thank you to the entire team for their dedication, to the contributions through the “Five for the future” program and to all plugin authors for keeping their plugins secure, compatible, and compliant. Together, we are evolving the WordPress plugin ecosystem!

Francisco Torres 4:31 pm on February 20, 2025
Tags:   

Plugin author now linked to WordPress.org profiles

The way the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party author information is displayed in the directory has changed; it’s now linked to the plugin owner’s public WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ profile.

We refer to the field that is displayed under the plugin title and is preceded by either a icon depicting a person or the text ‘By’, this represents the author of the plugin.

A screenshot of what the plugin information looks like in the plugin listings of the directory.
A screenshot of what the plugin information looks like in the header of a single plugin page.

Who’s the author?

Previously

This value was taken from the plugin’s headers, from the “Author” and “Author URI” fields.

This made it possible for plugin authors to display any name and link to any website.

Now

This value is taken directly from the plugin owner’s profile. It shows the owner’s display name as set on their WordPress.org profile and a link to their profile.

This way, the plugin attribution you see is directly linked to the plugin owner’s WordPress.org profile.

FAQ

Can plugins pages still include external links?

Yes, as long as those links do not contravene the guidelines. External links can be included in the readme file so that they’re displayed on the plugin page, and plugin authors can also add links on their WordPress.org profile page.

Does this change apply retroactively to existing plugins?

Yes, this is a change to the way it is displayed throughout the directory.

Can multiple authors be credited for a single plugin?

While only the plugin owner’s display name and profile will be shown under the plugin title, multiple contributors can still be listed on the “Contributors & Developers” section. This can be set in the “Contributors” field in the plugin’s readme file.

Can plugin teams still list their company / team / group / brand name instead of a personal profile?

Yes, a company/team/group/entity can have one account to manage their plugins, In this case, they should consider the following:

  • Accounts belonging to a company/team/group/entity are not allowed to participate in forums. Community forums are a space for people, not companies or groups. Members can have personal accounts to participate in forums. They can be added as Support Reps in the advanced section of the plugin.
  • All plugins owned by a company/team/group/entity must be under the same account. This means that if they have 8 plugins, those 8 plugins must be under the same account, not under different accounts. When having different brands, you will need to decide what you want to display on all plugins, and users will be able to see all plugins published under that name.

I need to change how the author is displayed, what can I do?

If the plugin is associated with the correct WordPress.org account, you can simply change the display name in your WordPress.org profile.

If this is not the case, you can transfer your plugin to another account. Just remember that if you have multiple plugins, you are expected to transfer all of them so that they are owned by one account (see the previous FAQ for more information).

#directory

David Perez 4:05 pm on December 31, 2024  

A Year in the Plugins Review Team – 2024

It’s been a transformative year of growth in the WordPress Plugins Directory, particularly as the Plugins Team welcomed several new members onboard. Throughout this time, we remained focused on our primary goals: enhancing security, improving the review process, and fostering community engagement.

Our security efforts have focused on creating tools to benefit all developers, including the introduction of mandatory PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Check for new plugin submissions, 2FA in SVNSVN Short for "SubVersioN", it's the code management system used to maintain the plugins hosted on WordPress.org. It's similar to git. and our renovated Internal Scanner Tool. These features, detailed here, enhance security and streamline the submission process. Additionally, the SVN Password feature has become a critical measure to prevent account theft and related issues.

When it comes to reviews, it remains our most time-intensive task, reflecting our commitment to maintaining quality and trust within the Plugins directory.

Since September 2023, the plugin review queue—once around 1,300—has seen significant improvements thanks to enhanced tools, refined workflows, and better submissions. In October 2024, the queue even briefly hit zero. The Plugin Check plugin has been key, enabling developers to improve code quality and security pre-submission, which in turn has sped up reviews. Over the past year, 2,983 plugins have been approved, and the number of reviews required per plugin has increased. That means that we now detect more issues per plugin.

The Plugin Check plugin has significantly reduced the time for reviews, bringing the average wait time down from 37 weeks to 9 weeks, even as plugin submissions have almost doubled. In the past year, we’ve reviewed 7,382 plugins—59,1% more than the previous year—while detecting more issues through both automated and manual reviews than ever before. This has resulted in faster, more thorough reviews despite the increased volume of submissions.

We have continued refining our Internal Scanner tool, a magnificent legacy created by Mika Epstein, to streamline reviews and boost productivity. Recent updates, encompassing over 400 commits, include new checks for issues like sanitize and escape, along with enhanced examples and personalized guides to help plugin authors effectively resolve identified issues.

The tool now features over 200 checks, detecting a wide range of potential security-related issues while also supporting reviewers in conducting thorough manual reviews.

The issues highlighted in the chart below account for approximately 80% of all issues detected.

For more reading about these and other common issues, you can click here.

With regard to improving the plugin development community, we have focused on migrating and maintaining the Developer Handbook to GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ which can now accept contributions. 

The team is also participating in the Plugins tables at various contributor days at WordCamps, helping and encouraging users to create their plugins whilst using WordPress best practices.

We will aim to do this type of review each year, and until the next one, please remember to use Plugin Check! Adding it to your development workflow will save you effort, and countless hours. As our roadmap outlines, we promise to increase its capacity, and usefulness.

Post written and reviewed by @janmtm @chriscct7 @frantorres @davidperez