Reviewer Handbook

Sneaking this in just before WordCamp US, if you’ve seen the redesign of this make site, then you may have seen the link to the handbook.

This is a rough draft – it’s not perfect and it doesn’t cover all contingencies. However, yes, that is indeed our handbook. It’s built to the new directory, which we’re not fully using yet, and it has some information that may surprise you. For example, did you know we could see every IP address you’ve ever used to submit a plugin?

On Contributor Day, I’ll be asking victims– volunteers to help with it, to explain things more clearly, and to make this something that can be used to (eventually) include more reviewers.

Speaking of, before you ask for the status, here it is: Not yet.

Once the new directory is live, and once the existing reviewers have worked out the best flow, then we will bring in some existing developers to join us. But it’s not going to suddenly be a flood gate. We’re trying to avoid hitting a backlog as bad as the theme team has, and I’ve been closely watching how they handle reviews and trying to see what we can do to navigate that kind of a delay. Obviously ‘more reviewers!’ isn’t the only answer, and right now I feel that the right fix for plugins is a more streamlined system. I have a plan. I’m sure it won’t last the first day against the enemy (i.e. plugins).

See you all soon at WordCamp US!

#notice #handbook

User Testing the Directory Revamp

Does the directory currently have a kind of ‘meh’ UX? Yes. Yes it does. We know it. We know search is chancy at best, and people (especially developers) get grumbly when they can’t find what they want.

Well. Here’s your chance to step up and help us fix it.

Plugin Directory User Testing – Round 1

The tl;dr here is @mapk had some tasks for he asked people to run through to try and report on. Using that information, we’ll figure out what has to be changed, what’s going to have to be lived with, and what can and cannot be improved.

But it won’t get better without YOUR help.

So if you care about the usability of the Plugin Directory, please help. Speak up and try the tests yourself. Figure out what’s broken and speak up on it. We need to know.

Revised Guidelines Are Live

We soft-launched them on the 20th, just to make sure we didn’t mess anything up. Those last few spelling and grammar edits are killer. However yes, the guidelines, reviewed and revised by the community are now the official Plugin Developer Guidelines.

While I can hope they’re easily understood by all, I know that’s a fond wish. I’m leaving the repository on Github open for the time being, in order to allow people who spot late breaking issues to report them. If you do spot problems, please open an issue on the GitHub Repo or email plugins@wordpress.org and let us know.

In addition to just rewriting the guidelines, we took the time to codify the expectations of developers and cost of not abiding by the guidelines, as well as a reminder that we do remove plugins for security issues. We are doing our best to be transparent of what we expect from you and, in return, what you can expect from us.

Finally, THANK YOU. Everyone who helped write this, edit it, and who was patient understanding I was chasing down people to get their sign-off on what might be construed as massive changes, I greatly appreciate the time you spent on this project. It’s a massive undertaking to re-write guidelines in the public eye, in a way that won’t pull the rug out from anyone. Our goal was to clarify, not totally change, but also to address the needs of an ever changing technology.

Our goal, as always, remains to provide a safe place for all WordPress users – from the non-technical to the developer – to download plugins that are consistent with the goals of the WordPress project.

Please take the time to read the Detailed Plugin Guidelines.

#guidelines

Plugin Directory Chat: Nov 2

Next plugin directory chat 2016-11-02

We skipped this week and we will next meet at 2016-11-02 22:00:00 UTC

#directory

The Perils of Partnership

If you’ve ever received an email offering to partner with you or to join an affiliate network or to help you earn money for your plugin, it’s probably a scam.

In the last three months, we’ve seen a serious uptick in emails like “please join our affiliate network” or “I can help you earn money” or “increase your plugin’s SEO” sent to plugin developers. On review, every last one that looked iffy has turned out to be by a nefarious or malicious group of people, who want to either install backdoors into plugins or black hat SEO links.

These deals should sound too good to be true, and they are. They can irreparably harm you, your reputation, and your standing on WordPress.org. Our reaction, when we see it, is to remove the plugin and revoke all SVN access from the developers involved. We don’t always restore access, especially if we feel you may fall for such a scam again or your online behavior is inherently insecure.

I know some of you are reading this thinking “Who falls for stupid stuff like that!” and the reality is anyone. All it takes is one mistake, one moment where you’re not thinking all the way through, and you’ve shot yourself in the foot.

There are some simple tips you can take to protect yourself.

  • Never let anyone else use your SVN account. If you work with a team, everyone should use their own account. This will help you track changes too.
  • Look up the people. Check that they seem legit. Are they using wordpress in their domain name (which you know is not permitted)? Do they already have any plugins? Are they active in the community?
  • What other kinds of plugins do they own? If the plugins are all over the place, ask yourself: Why would they want MY plugin? Companies that make a grab for a lot of different plugins are often trying to find ones with a high user count in order to spam.
  • Preview the code. Never add anything you’re not 100% sure is safe. If the code that gets added has links that look like http://api.wp' . '-example.com/api/upd' . 'ate or 'ht'.'tp://wpcdn.example.com/api/update/ then it’s not trustworthy (those aren’t the real URLs).
  • Does the email look like a form letter? WordPress is such a small community that people generally reach out like human beings. If someone’s spam-blasting a form, it’s sketchy.
  • Check spelling and grammar. If it’s `Wordpress` with a lower case P, or `JetPack` with an uppercase one, it might just be an innocent mistake, but it might not. Businesses should care about these things. After all, you do.

Above all, if you see something, say something. If you get an email like that, forward it on to plugins@wordpress.org with as much information as possible. We would love to see some code samples, for example, as we can add it to our scan routines.

#reminder, #security

When emailing zips please make sure your email…

When emailing zips, please make sure your email client and email service provider allow this.

Increasingly, we have seen people testifying that they emailed us a file with a zip, but we never receive it. In doing some research, we’ve found that mail providers are now silent-killing large emails! While the settings can be overwritten, please keep this in mind when you email people your zips.

If you have the ability to check your mail logs, you may be rudely surprised. I know I was.

#email, #notice

Plugin Directory Chat on Oct 5th

I know, it got quiet. There were things.

Plugin directory chat on 2016-10-05

They’ll be picking back up next month though! Come with your thinking hats on. Can’t make it? Leave comments on the above post 😁

#plugin-directory, #reminder

Forums Status Update (Sept 12)

Subscriptions should be working again.

Feeds have _moved_ and I’m really sorry about that. Hopefully we’ll get an nginx redirect in there sooner rather than later but basically it’s this: https://wordpress.org/support/plugin/akismet/feed/

We’re using WordPress now, so any time you see a view you want to follow in RSS, slap `/feed/` on the end and it will probably work.

There’s also this URL: https://wordpress.org/support/plugin/akismet/active however, as you will notice, there is no ‘feed’ for it. Those are custom (non default WP) views and are all support threads with Closed and Resolvedt filtered out, then sorted by last reply. We’re working on feeds for those and the old plugin committer feeds. I want that back too. Right now, I suggest you use the per-plugin feed to get a list of your new bugs etc, and then subscribe to the post (or add it to favorites).

Sadly, ‘cost overruns’ have been the story of this migration. We had hoped to be done with everything by the 5th, but that proved a gross underestimate.

We know there are a lot of ‘smaller’ features everyone loves and have gotten used to making their lives easier that we’re now doing without. It sucks. Trust me here, the mods have ‘lost’ more tools than anyone else. This upgrade had to happen, though.

Also the reason I’m closing these posts to comments when I make them is I have no additional information to provide. Historically, if I leave them open people will posts complaints and rants (which I can do nothing about save sympathize), bug report (which we either already know about, or should have been posted elsewhere), or ‘thanks’ (which we all appreciate, but get spammy). And pinging me on Slack won’t get you any answers more than I’ve posted. This is what I know as I know it.

All I have for you now is a plea to be patient. This is a massive undertaking that for a long time was deemed impossible. But slowly, as we clean up the mess, things will get better and the pros of the move will reveal themselves. Like having Akismet actually catch spam for a change.

Please check Support Forums: Meta Trac before filing a bug report/complaint. And if you have suggestions for fixes, jump in and let us know! The bonus of being on bbPress now is that if there are plugins that can do what we need, we can actually use them!

Thanks.

#forums, #support

Forums Status Update (Sept 7)

Happy 4.6.1 day.

  • Reviews are back.
  • Plugin authors and contributors are listed as authors and contributors
  • RSS feeds for individual plugin forums are working
  • Topic subscriptions should be working. Existing subs are still being imported.

The direct urls to your reviews will be https://wordpress.org/support/plugin/akismet/reviews/#new-post — I don’t know if that’s forever.

The amount of data being imported is causing everything to take longer than expected, in order to do this without crashing the servers. Which would be bad. That’s also why some posts are showing out of order. This is the biggest bbPress install ever, I suspect…

ETA on everything? We don’t know. It’s all taking longer than we hoped.

Akismet has also been acting a prat and spamming people so if that happens, swing by the #forums slack and ask if they can have a look for you 🙂 Please ask nicely and offer coffee.

Forum Update Status (Sept 5)

Summary: A great many things have been improved. Paramount was getting the data over (done!), syncing review stars with their new post IDs (done), and making the forums run faster (in progress).

Support Forums Upgrade Status (2016/09/05):

Please note: There was no way to actually test this properly before moving over, so while this is frustrating for everyone, the moderators have had to be quite aggressive in deleting repetitive reports of what’s broken. If you’ve found something that isn’t on the bugs and broken things list, please leave a reply there. Otherwise the answer is “As soon as we can get it done, it’ll be done.”

If you want to be super helpful, please make sure your fellow developers read the posts 🙂

#forums