Make WordPress Plugins

Updates from February, 2015 Toggle Comment Threads | Keyboard Shortcuts

  • Ipstenu (Mika Epstein) 7:25 pm on February 27, 2015 Permalink |
    Tags: , ratings, , reviews   

    Ratings Rebuilt 

    Did your ratings suddenly change dramatically? Hopefully not, but if they did, it’s because the ratings for all plugins were recently reset and rebuilt earlier this week. All ratings now correspond exactly with existing, non-deleted, reviews.

    As Otto put it:

    Back when we launched the review system 2.5 years ago, we tied ratings to reviews. However, up until that point, we had existing ratings in the system. At the time, some argued that the ratings should be wiped and everybody start fresh. I argued for the opposite, that we should leave the existing ratings in place until such time as we had enough reviews in the system to build up a good body of ratings.

    That time has finally come. What you see now is the ratings that correspond to your reviews. The data comes directly from the reviews themselves, and is accurate. Any ratings previously left over from the pre-review world are no longer available.

    Additionally, the ratings now will accurately reflect the actions of the moderation team. If a review is deleted for whatever reason, then the associated rating for it will not be reflected in the results.

    Please keep in mind, this means that all of the people who thought making sockpuppets to spam the reviews with 5-stars on their own plugins (or 1-stars on their competitors) have had the biggest swings. It should go without saying that you should never leave multiple reviews on your own product (we’re pretty sure you like it 😉 ) and you should never attempt to hide behind proxies and fake accounts to leave reviews. Be honest. It works out better.

    • Drew Jaynes 11:11 pm on February 27, 2015 Permalink | Log in to Reply

      Awesome! Thanks for the update @ipstenu :)

    • jeangalea 3:27 am on February 28, 2015 Permalink | Log in to Reply

      These changes are very welcome, thanks! I also notice that there is now an estimate of the number of installs on the main page of every plugin, rather than the amount of times it has been downloaded. How is that figure being calculated? I’d like to know how accurate it is.

    • Varun Sridharan 8:07 am on February 28, 2015 Permalink | Log in to Reply

      Awesome!.. thanks for good update .. @ipstenu

    • WPSecureOps 11:40 am on February 28, 2015 Permalink | Log in to Reply

      Oops, we’ve some weird error on our plugin’s stats page:
      “Cannot read property ‘title’ of undefined×”

      Any ideas what can be causing that?

      • WPSecureOps 11:41 am on February 28, 2015 Permalink | Log in to Reply

        In case that this is helpful: Chrome Version 40.0.2214.111 (64-bit) (OSX)

      • Samuel Wood (Otto) 5:31 pm on February 28, 2015 Permalink | Log in to Reply

        This has nothing to do with the ratings, as the stats are a separate change still being worked on. However, the people in the know about that have been notified of the issue and will look at it soon. :)

        • WPSecureOps 5:30 pm on March 1, 2015 Permalink | Log in to Reply

          At least, i’m happy that I was able to help to report another problem then :)

          Good luck with the new stats, they look awesome, especially this new version specific bar!

    • Varun Sridharan 1:58 am on March 1, 2015 Permalink | Log in to Reply

      Can i please know how do you calculate `Active Installs: Less than 10`. because
      https://wordpress.org/plugins/wpsecureops-easy-firewall/ = is used by more that 10 live sites. but in that status its only less than 10 ??

      • Ipstenu (Mika Epstein) 2:23 am on March 1, 2015 Permalink | Log in to Reply

        That code isn’t complete yet, which Otto said in the post above. Obviously there’s an issue, since the graph isn’t even showing. Don’t spend your time worrying about this yet, we’ll post and explain it when it’s done.

        Now if you have a question about the RATINGS, please let us know. That’s done and that’s why we posted here :)

      • WPSecureOps 5:33 pm on March 1, 2015 Permalink | Log in to Reply

        You are using our plugin on more than 10 live sites?!

        WOW! We are really happy to hear that !!!!

        If you have any feedback/suggestions/need of help or simply want to say “Hi!”, don’t hesitate to ping us at support@wpsecureops.com :)

        PS: Sorry for going a bit off topic, but …. :)

    • Joachim Jensen (Intox Studio) 5:09 pm on March 1, 2015 Permalink | Log in to Reply

      I wondered why the total number went down for Content Aware Sidebars, but the average rating didn’t change. This “cleanup” is appreciated very much!
      I’ve noticed a few plugins with very questionable reviews though, and those have not been removed? I won’t call out anyone, but I’ll be glad to give the info to @ipstenu so you can check it out?

    • Chad Butler 10:15 pm on March 2, 2015 Permalink | Log in to Reply

      Thanks for the update Mika. I am really glad to see this change implemented as it will improve the usefulness of the rating system.

    • Ajay 12:43 pm on March 6, 2015 Permalink | Log in to Reply

      Mika, this cleanup is definitely a good one. Helped improve ratings on most of my plugins. However, there remains one issue that might be worth considering. Some plugins have very few reviews. Shouldn’t there be a threshold post which you start displaying ratings? e.g. maybe 10 reviews/ratings?

  • Ipstenu (Mika Epstein) 5:31 pm on December 20, 2012 Permalink |
    Tags: gpl,   

    GPL and the Repository 

    All plugins hosted in the WordPress.org repository must be compatible with GPLv2 or later. That means all code that is on our servers, from images to CSS to JS to the PHP code, has to meet that requirement. This is an extra requirement than just the standard one of derivative code, but we strongly feel that proprietary content has no need to be in our repository. If your code needs to be split licensed, or you have to included proprietary code for any reason, we can’t host you on .org, but that has no bearing on how neat and cool your code might be.

    For a list of various licenses, and their compatibility with GPLv2 please read this: http://www.gnu.org/licenses/license-list.html – We know not all of you are lawyers, and thankfully that list makes it easy to check what licenses do and don’t mesh. If something doesn’t have a license, ask the author please, and don’t assume.

    The following code bases are popular (which is to say we see submissions with them pretty regularly), but at the time of this post, are not licensed GPL-compatible. None of this means you can’t or shouldn’t use this code on your sites or plugins, just that we can’t host it here if you do.

    If there are plugins you find using these (or any non-GPL-Compatible) code bases in their plugin, please email plugins AT wordpress.org and we’ll get in touch with the developer. If you’re the author of one of those code bases, please consider re-releasing your code under a GPLv2 Compatible license! We’d love to be able to host your work here.

    • Mike Schinkel 5:44 pm on December 20, 2012 Permalink | Log in to Reply

      Great points @ipstenu.

      It would be helpful if you could explicitly clarify something though. In some cases the required functionality is really only available via commercially licensed software; I’m working on just such a plugin right now. I assume that it’s acceptable to publish a GPLv2+ licensed plugin that requires the commercially licensed software as a library but that puts the onus on the user to acquire a copy of said commercially licensed software? Thanks in advance.


      • Ipstenu (Mika Epstein) 6:17 pm on December 20, 2012 Permalink | Log in to Reply

        Mike – That’s a real sticky situation, and we try to judge each one individually. If the entire purpose of the plugin requires you to download non GPL software, we probably won’t approve it. But if some additional functionality requires it (like Viper’s Video Quicktags says you have to download FLV if you want to use that), it’s okay.

        • Mike Schinkel 8:04 pm on December 20, 2012 Permalink | Log in to Reply

          Really? Not what I expected to hear.

          I have an Export Post Content to MS Word plugin I’m working on for a client and it requires PHPDOCX and I have been thinking it would be nice to package it up and put in the plugin repository for those who need MS Word export.

          P.S. Of course I guess I could limit the functionality significantly and bundle their LGPLversion but that’s take recoding work and I might not get to it anytime soon.

          • Ipstenu (Mika Epstein) 8:20 pm on December 20, 2012 Permalink | Log in to Reply

            I did say probably. It’s a lot of case-by-case, but we’re trying to avoid situations where you download plugins that outright don’t work, because you have to install other stuff. (Obvious exceptions would be bridge software, that connects WP to other apps.)

            • Jane Wells 1:27 pm on December 24, 2012 Permalink

              we’re trying to avoid situations where you download plugins that outright don’t work


          • imranpak 1:50 pm on March 6, 2013 Permalink | Log in to Reply

            Hello Mike,

            Please share that plugin with me.



    • Charleston Software Associates 5:46 pm on December 20, 2012 Permalink | Log in to Reply

      jQuery Lightbox? There are a ton of plugins I’ve used for client sites that include that script.

      Does this mean if a plugin sources the script from another source, like Google Code for example, it still is not GPL compliant? For example, the files bundled with the plugin do not contain the actual jQuery Lightbox code but simply a for example?

      I don’t think any of my plugins are doing this but good to know what the nuances are. Especially since I’m planning a WordPress driven streaming radio plugin + companion client plugin and considered some of the very items you have on this list!

      • Charleston Software Associates 5:48 pm on December 20, 2012 Permalink | Log in to Reply

        Keep forgetting my code block on comments!

        • but simply use an a href = “..otherURL/jqlightbox.js” for example
      • Ipstenu (Mika Epstein) 6:19 pm on December 20, 2012 Permalink | Log in to Reply

        Read the URL we linked to. Says pretty clearly

        “This work is licensed under a Creative Commons Attribution-Share Alike 2.5 Brazil License.”

        That’s not compatible. However remember this rule is only to be hosted on .org. We’re not talking about using for clients, just in plugins we host for you :) Does that make sense?

        Edit: As long as the code ins’t included in the plugin we have on .org, it’s okay. We do discourage telling people to download it from external sources (see Mike’s comment above you), but we take them case-by-case.

        • Charleston Software Associates 7:11 pm on December 20, 2012 Permalink | Log in to Reply

          @Ipsentnu – Thanks Mika, I get it. I meant that I’m using plugins found on the .org directory that contain jQuery Lightbox scripts IN the trunk svn repo hosted on the .org site. Many of those (see related comments) are carrying along scripts that specifically cite licenses that are NOT GPLv2 compatible, like the jQuery Lightbox script you reference in the original post.

          Now that those client sites are deployed I’m not so interested in that SPECIFIC issue. However my media streaming system will require pieces that are not readily available in GPLv2 format. I guess, based on your response to Mike, that I’ll have to find a way to marginalize those pieces and keep them out of the repo.

          Is it OK to say “if you want to use feature X” you will need to download “Y”? In my case I’d need a creative way to get the FLV player installed for the client listener. Thinking out loud here… Maybe hooks + filters that look for a “ride along” plugin that simply extends the feature set with “FLV fallback for non-HTML5 browsers”.

          Sorry for all the posts. I’m working on a big project and was planning on using WordPress as a key piece for the backend & front-end UI elements. Fully understanding this is kind of important before development starts in earnest next month.

          • Lance
          • Ipstenu (Mika Epstein) 7:41 pm on December 20, 2012 Permalink | Log in to Reply

            The answer is ‘maybe.’

            If the entire use of your plugin hinges on non GPL code, then probably not. If it’s just an extra feature, then probably yes.

            And like I said, if you see plugins in the .org repo that are using those specific versions of the code (check the links, lots of people use the same names), then please email us :)

      • Charleston Software Associates 6:53 pm on December 20, 2012 Permalink | Log in to Reply

        Lets try some examples just so I am really clear on this. I’d hate to put a lot of time into a plugin and have it not listed here after months of work because of a license conflict.

        This plugin (a fairly popular one) has a modified port of jQuery Lightbox:

        The modified port is itself questionable because it does not retain the original license but instead says “BSD license for details refer to license.txt” (license.txt is missing, BTW which is ANOTHER subtle but important point about software licenses, I’ll leave that discussion for later). The Gnu link provided makes it sound like Original BSD is NOT compatible with GPL only “Modified BSD” or “3-Clause BSD” is compatible.

        This can/will get confusing in a hurry. Maybe WordPress should host a list of known licenses that will not be accepted and post it somewhere near the plugin authors/submission page. The Gnu list is a great start but could be made easier to follow for non-legalish people like myself.

        • Lance
        • Samuel Wood (Otto) 7:11 pm on December 20, 2012 Permalink | Log in to Reply

          There is more than one project named “jQuery Lightbox”, because “Lightbox” itself was quite popular and spawned more than one imitator. Some of these imitators are compatible, some are not. The one you linked to is compatible. The one Mika linked to is not.

          Regarding “BSD”: nobody uses the “original BSD” license, pretty much ever. When somebody says “BSD-licensed”, it’s an almost 100% certain bet that they are referring to the modified BSD license. I have *never* seen a use of the original BSD license, ever.

          WordPress has no plans to make any sort of list of which licenses are acceptable or not, because we don’t have to. That list on gnu.org is fairly extensive and covers the vast majority of licenses out there. Any others we can evaluate on a case by case basis.

      • Charleston Software Associates 7:00 pm on December 20, 2012 Permalink | Log in to Reply

        Here is another one… as noted, this gets confusing in a hurry…


        This plugin clearly cites AGPL version 3.

        AGPL v3 *is* GPL compatible, but here is the catch, it is specifically NOT GPLv2 compatible, thus the entire plugin is considering “not GPLv2″ compatible.

        Am I understanding this correctly?

        • Ipstenu (Mika Epstein) 7:45 pm on December 20, 2012 Permalink | Log in to Reply

          Do me a huge favor. Take a deep breath :) You sound like you’re panicking here, and there’s no need to. We’re not making cancer fighting tools here, just code. All this can be fixed and sorted out, if we all stay calm and take our time.

          AGPL is messy. We’ll have to look into that one closely. I don’t have an answer for you right now.

          And note: GPLv2 or later. GPLv3 is okay.

          Edit: Actually he can just upgrade to the MIT version of the code – https://github.com/balupton/jquery-lightbox – I’ll email him.

          • Charleston Software Associates 8:36 pm on December 20, 2012 Permalink | Log in to Reply

            Thanks Mika. Not panicked, just trying to get clarification with some examples for reference.

            Another company I worked with had plugin listings pulled from .org for non-compliance. Related premium add-on sales went from $250/day to $0 instantaneously. Before I put months of effort into my new project I want to make sure I do all I can to maintain a good relationship with .org.

            It is 100% clear now. There may be some gray area that will be evaluated on a case-by-case basis. In over-simplified terms, don’t use the directory as a “free advert” for non-GPLv2 stuff.

    • toscho 2:47 am on December 21, 2012 Permalink | Log in to Reply

      Please close the last link. :)

    • Fabien 11:44 am on December 21, 2012 Permalink | Log in to Reply

      Many thanks to you for what you are doing for the free software community ! Long live the GPL !

    • takien 4:02 pm on February 8, 2013 Permalink | Log in to Reply

      Hello, I’m writing ClipArt plugin (submitted to .org and currently being reviewed).

      What plugin does:

      • Search clipart images from openclipart.org, (Images is licensed as Creative Common).
      • Save image into user’s WordPress, and insert into post if they wish.

      Will this cause a problem? While images are not hosted here (wordpress.org).

      Thank you.

      • Ipstenu (Mika Epstein) 7:56 pm on February 8, 2013 Permalink | Log in to Reply

        The images are different.

        We care if the code and images in the plugin itself are GPL compatible. If the stuff you install to your site later via image uploads isn’t, well that’s on you :) That should be fine. (FYI, we’re backlogged on reviews by a couple days)

    • chassett 5:47 pm on October 3, 2013 Permalink | Log in to Reply

      I read all of the existing comments, and want to outline another case and see if it is OK. I am writing a plug-in that will “iframe” content delivered from our web servers. The parent code that hosts the iframe will reside on wordpress.org and all of its code is GPL compatible. However, the iframe it serves up from our web servers contains Highchart charting software. The code served up in the iframe is not included in our plugin and is not hosted at wordpress.org. Is this OK? BTW, thanks for this thread, obviously very important.

      • Ipstenu (Mika Epstein) 8:33 pm on October 3, 2013 Permalink | Log in to Reply

        Yes and no, but it’s less an issue of the GPL and more one of the iframe. If you consider how YouTube is embedded, it’s in a frame, btu it’s called via an api, so there’s not exactly iframe IN the code to be abused (we don’t like iframes much for that reason)

        Please email plugins@wordpress.org if you need more information about that.

        In so far as GPL goes, you SHOULD be okay :)

    • paoltaia 2:15 pm on April 17, 2014 Permalink | Log in to Reply

      Quick question, if I release a plugin on wordpress.org 100% GPL and sell extensions for this plugin on my website with a Split GPL (excluding css, js and images) are we infringing wordpress licence?
      If the answer is yes, will the main plugin be taken down from wordpress repository?

compose new post
next post/next comment
previous post/previous comment
show/hide comments
go to top
go to login
show/hide help
shift + esc