Ipstenu (Mika Epstein) 5:36 pm on January 24, 2020
Tags: , instagram   

Instagram is accelerating the end…

Instagram is accelerating the end of their current APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways..

Per a notice on https://www.instagram.com/developer/ no new clients can register, and soon some basic functionality will be changed.

We will be reviewing plugins that call these functionalities and, if they are not updated, will close them in order to prevent adverse impact on users.

If you know you’re not going to want to fix this, please email plugins@wordpress.org, provide a link to the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party., and tell us you’d like us to close it. We know that Instgram (and Facebook) have been difficult to work with this last year, and fully respect and support your decisions here with regards to your plugins.

Here is Instagram’s announcement:

UPDATE: Starting October 15, 2019, new client registration and permission review on Instagram API platform are discontinued in favor of the Instagram Basic Display API.

To continuously improve Instagram users’ privacy and security, we are accelerating the deprecation of Instagram API Platform, making the following changes effective immediately. We understand that this may affect your business or services, and we appreciate your support in keeping our platform secure.

These capabilities will be disabled immediately (previously set for July 31, 2018 or December 11, 2018 deprecation). The following will be deprecated according to the timeline we shared previously:

  • Public Content – all remaining capabilities to read public media on a user’s behalf on December 11, 2018
  • Basic – to read a user’s own profile info and media in early 2020

For your reference, information on the new Instagram Graph API.

#instagram #api

Ipstenu (Mika Epstein) 10:39 pm on December 30, 2019
Tags: ,   

2019 Insights

There’s been a lot of quiet change going on for Plugins, so now is as good a time as any to get into it!

If you’re interested in any details missing, leave a comment. I do ask you try not to speculate too much into the why’s and wherefores of what people do with plugins. I’ve been at this a while, and the one thing I can promise is people do weird things.

New Email System

We finally migrated off of the old system and on to HelpScoutHelp Scout A 3rd party service we use to process emails for plugin reviews. in March, which allows us the ability to sort and organize emails into teams. It also lets us properly filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. bad actors so not everyone has to deal with them. We make heavy use of automated filters now, which has let us do the impossible …

New Team Members

We onboarded two new team members in November and have been easing them in to the weird workload of Plugins. They’ve been instrumental in sorting out what filters and team assignments do and don’t work well for Plugins.

New Tools

I’ve been using a new bash script to expedite scanning plugins. While we’d love to use WPCSWordPress Community Support A public benefit corporation and a subsidiary of the WordPress Foundation, established in 2016. (and I personally recommend it to for everyone), even with a heavily parred down version it hasn’t quite met our needs. The goal for next year is to move the bash script into a PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. we can use to automate a lot more.

New Replies

Our saved replies (the standard ones you get for closures and reviews) have all been cleaned up, spellchecked, and formatted for easier reading. Now, when you get an alert that your plugin has been closed, we attempt to direct you on exactly how to resolve the issues. This is still a bit of a work in progress, but we’ve made great strides on consistent tone and softer language.

New Restrictions

Sadly as many people found out, we got dinged hard by some trademark owners, and are taking action against people who violate trademarks. Around 1000 plugins were closed due to that, and it’s one of those things we can’t protect you from. We’ve changed the plugin uploader for new submissions to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. a lot of that.

Remember the basic rule: If it’s not your company/product/library, don’t begin your plugin Display Name or permalink with it!

(Trademark owners: Please ask the developer to changes things before coming to us. Communication will help everyone.)

The Stats!

A lot of people like this part. Here’s the overall outlook from 2019:

Chart showing the Requested, Rejected, Closed, Approved, and Pending plugins each week for 2019.

And in a slightly more consumable summary table:

RequestedRejectedClosedApprovedPending
Most in a week194109480118718
Least in a week1292925527
Average1612511776623
Year to Date8048122160383836N/A

We’ve had 1000 more plugins submitted in 2019 than 2018, however the Rejected and Approved numbers only went up by 100.

So where are the extra 800 plugins? On average, pending plugins did go down but only by about 25 a week. Most of the missing counts are there, but they’re also in the dreaded “Closed” section.

A higher than expected number of developers have submitted plugins for review and then asked them to be closed within a 6 month timeframe. This has led to us pushing back on people and making notes in their accounts about that kind of behavior. There hasn’t yet been a common thread to why that’s happening, so we’re keeping an eye out.

HelpScout Overall

HelpScout also helpfully provides their own statistics for how much we used them. This is just since March when we switched over:

  • Customers: 6665
  • Conversations per Day: 35
  • Busiest Day: Thursday
  • Email Conversations: 12,829
  • Messages Received: 17,439
  • Replies Sent: 18,931
  • Emails Created: 6650
  • Resolved: 6642
  • Resolved on First Reply: 31%
  • Closed: 11,818

HelpScout Saved Replies

We make heavy use of Saved Replies to speed up reviews and processing. These were brought in to use in chunks, and I’m omitting the exact numbers. They won’t do you any good to know we sent 2,679 “Approval after send” emails when you realize we also only sent 628 “Intro to new Review”. All that means is we pulled in the Approval email first. Next year these stats will be more useful.

All that said, I think having a look at what the most common sorts of issues are might be a little enlightening. Everything is ordered from most use to least.

Closed and Warned

These emails are sent out when a plugin is closed or the developer needs to be warned about issues/behavior.

  • Closed: Trademark Abuse (All)
  • Closed: Removal Request Completed
  • Closed: Security Exploit
  • Warning: Sockpuppets
  • Warning: Trademark Violation
  • Notice: Closed Becuase Email Bounced
  • Warning: Security Issue (NOT CLOSED)
  • Closed: General Guideline Violation

Reviews

All these emails are sent when a plugin is being reviewed.

  • Approval: Approval after send
  • Review: End Of Review (goes at the end of all reviews)
  • Review: Intro to new review (all new reviews start here)
  • Review: Please sanitize, escape, and validate your POST calls
  • Review: Generic function/class/define names
  • Review: Incomplete Readme
  • Review: Including your own CURL code
  • Review: Not using wp_enqueue commands
  • Review: Calling remote files (js, css, images, etc)
  • Review: Including Libraries Already In WP CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. (i.e. jquery)
  • Review: Calling file locations poorly (also hardcoding in paths)
  • Review: Including out of date libraries
  • Review: Undocumented use of a 3rd Party or external service
  • Review: Not using Nonces and/or checking permissions
  • Review: Using file_get_contents on remote files
  • Review: Calling core loading files directly (wp-config, wp-load, wp-blog- etc etc)
  • Review: Display Name infringes on trademarks (slug is fine)
  • Review: Using esc_ to sanitize (not esc_url)

Pended

A pended plugin is one we stop before even reviewing the code. This usually happens because someone’s infringing on trademarks, or using a personal account to submit a company owned plugin.

  • Pended: Name Infringes on Trademarks (slug and name need to be changed)
  • Pended: Never replied to previous review (was rejected)
  • Pended: Not Official Owner

Rejected

This should give you an idea of why plugins are rejected. Top of the list? People who don’t reply.

  • Rejected: Review never completed within 6 months
  • Rejected: Not Your Plugin (Tried to upload vs host)
  • Rejected: Generic for plugins we’re just not hosting
  • Rejected: Framework or Library Plugins
  • Rejected: New/renamed version of their own plugin

Miscellanous

The rest of the emails are lumped together. You’ll notice we have prefixes to what each email is. That helps us find them faster.

  • Notice: Plugin Restored
  • Reply: Plugin Slug Renamed
  • Reply: Rescan (Plugins must be checked before being reopened)
  • Thank You: Security Report
  • Thank You: Guideline Report
  • Reply: Don’t call people ‘sir’
  • Thank You: Generic, Will Review
  • Notice: AutoReply Sucks
  • Notice: Already Mailed Review
  • Approved: Resend Approval
  • Question: Why Close?
  • Reply: Cannot Rename Plugins (for people who email RIGHT after approval)

#statistics, #year-in-review

Josepha 4:07 pm on December 11, 2019  

Journal Entry: Sockpuppet Emails

Posting here with a journal entry for reference: I was pinged in a few tweet storms in the past week, so I took the liberty of reviewing the email template that seemed to kick off both conversations (sockpuppetSockpuppet A false online identity, typically created by a person or group in order to promote their own opinions or views. Generally used to promote or down-vote plugins en masse. activity). I edited it for clarity, flow, and WordPress Voice. The issues that prompted the complaints on Twitter have also been resolved through direct communication.

Ipstenu (Mika Epstein) 7:32 pm on November 5, 2019
Tags: ,   

X-post: Use of the “wp_update_attachment_metadata” filter as “upload is complete” hook

X-comment from +make.wordpress.org/core: Comment on Use of the "wp_update_attachment_metadata" filter as "upload is complete" hook

Ipstenu (Mika Epstein) 3:44 pm on October 10, 2019
Tags: ,   

X-post: WP 5.3: Introducing the spread operator

X-comment from +make.wordpress.org/core: Comment on WP 5.3: Introducing the spread operator

Ipstenu (Mika Epstein) 4:37 pm on October 7, 2019
Tags: ,   

X-post: Calling all testing plugins

X-comment from +make.wordpress.org/test: Comment on Calling all testing plugins

Josepha 3:57 pm on August 30, 2019
Tags: ,   

X-post: Component Maintainers in 5.3

X-comment from +make.wordpress.org/core: Comment on Component Maintainers in 5.3

Ipstenu (Mika Epstein) 5:35 pm on August 23, 2019
Tags:   

Reminder: Developers Must Comply with the FORUM Guidelines

The forums team has notified us of an uptick in developers unnecessarily reporting posts and reviews. This post is to remind you that if you chose to use the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ support forums and review systems, you are required to comply with their guidelines.

This means abuse of volunteer services, or misusing the ‘report this post’ feature will result in formal warnings from the plugins team. If the behaviour persists, your account will be suspended and your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. closed. This includes directly asking forum moderators to remove reviews via SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/ DMs. Yes, we know.

We know that sometimes people leave really annoying reviews that are frustrating and inaccurate. But attacking your users, calling them names, claiming they’re fake, and reporting the review is far less helpful than you might think. Bad reviews, reviews that should be support, and angry users are a part of maintaining a plugin. It’s the annoying part, and no one likes it, but if you’re giving your plugin away for use, people are going to have opinions.

A review is someone’s opinion of your plugin and the experience using the plugin.
A bad review WILL NOT BE DELETED. Negative feedback reviews will not be reviewed.

The only time a review is removed is when it is, of itself, in violation of the forums guidelines. Not liking your plugin is not a violation. It’s just someone who doesn’t like your plugin.
Please try to be more respectful of the volunteers’ time, and don’t needlessly flag forum posts and reviews for moderation. If you’re not sure if something is a violation, you can come to Slack and ask in the #forums channel.

Ipstenu (Mika Epstein) 4:00 pm on August 20, 2019
Tags: ,   

X-post: WP Notify Kick off meeting announcement

X-comment from +make.wordpress.org/core: Comment on WP Notify Kick off meeting announcement

Ipstenu (Mika Epstein) 10:46 pm on August 8, 2019
Tags: ,   

Trademark Enforcement

Many of you have received an email from us regarding pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. closures for trademark violations. These emails were absolutely not made in error.

Due to recent demands by trademark owners, we will now be more strictly enforcing trademark abuse when it comes to plugins. While it should be sufficient to tell you “Don’t abuse someone’s trademarks.” the reality is that those things are complex and confusing.

We will have altered our system to prevent the submission of those plugins that violate trademarks. This is not something we do lightly, however we have been compelled to close a great many plugins recently. It’s more efficient to prevent potential abuse than to clean it up after the fact.

How Trademarks Apply

Trademarks apply to the following aspects of your plugin:

  • The Slug – Your plugin slug may not begin with someone else’s trademarked (or commonly recognized) term
  • The URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org – You may not use someone’s trademark in your domain name
  • The Display Name – You may not begin the display name with someone else’s trademarked (or commonly recognized) term and, in many cases, you may not use the name AT ALL.
  • All Images – You may not use trademarked logos/images in your banner, screenshots, logos, etc

We do our best to take care of the first one – the slug – when you submit your plugin. Plugins approved pre 2015 with trademarks in the URL are ‘grandfathered’ in and permitted to remain. All plugins approved after 2015 are required to meet this restriction. All plugins, no matter when they were approved, must comply with trademark usage in display names and images.

We also keep our eye on similar names. There’s a concept known as brand confusion, so naming your company or plugin similar to another company (like Facerange, say) you can still be legally compelled to change the name. This is why, for example, you cannot use ‘pagespeed’ in your URL for a site optimization tool, even though Google’s only trademark is on ‘page speed’ (two words). The name is similar enough that we have been required to close plugins.

Additional Restrictions

In addition to the above, many brands have an above-and-beyond requirement. You must also avoid representing the brand in a way that:

  • Makes the brand the most distinctive or prominent feature
  • Implies partnership, sponsorship or endorsement
  • Puts the brand in a negative context as part of a script or storyline

Also many have statements like this when regarding applications specifically:

  • Don’t modify, abbreviate or translate the brand name to a different language or by using non-English characters, or use any logos to replace it.
  • Don’t combine shortened versions of the brand with your own brand.
  • Don’t use our ‘wordmark’

This is where it all gets crazy weird. But an example would be the brand Facerange. With the above restrictions, naming your plugin (which is an application) “WordRange” or “FacePress” and having it be a plugin to work with Facerange would be a violation of their terms.

It all comes back to making it painfully clear that you and your work have NO relationship to their products. Some allow you to use their product name wherever you want, and some won’t permit it at all. When in doubt, the best course of action is to assume you don’t have permission and not to use it.

Quick FAQ

Can I use ‘for BRAND’ in my plugin display name?

Sometimes. It depends on the brand. We don’t have a complete list, which makes this very complex. It’s important to pay attention to the rules for brand usage and application uses. Some brands have separate rules. In general, if they’ve trademarked their wordmark then no, you cannot use it for an application. And yes, a plugin is an application.

What’s a wordmark?

That’s the name. So Facerange’s wordmark would be “FACERANGE.”

I have permission from PayBuddy to use their wordmark/logo, is that okay?

We’d rather you not use it on your PLUGIN pages. It’s impossible for us to verify, and many agreements with brand owners are rescinded. Brand your webpage all you want, but leave their official logos and word marks off your plugin.

A brand contacted me directly and asked me to change things. Is that a real demand?

More than likely they are. They’ll usually include links and directions and contact information. Use that and comply with them, because if you don’t, they’ll come to us.

What about existing violations?

We’re handling them in batches. You don’t need to report them to us.

But if you haven’t closed them, why are you closing my plugin?

Because there are thousands of plugins and we do them in small batches for sanity. Also brand owners sometimes give us a priority list, and you just happened to be higher than someone else.

Don’t they get an SEO boost?

No. Write a better readme that uses the brands properly and contextually, and you’ll be fine.

Someone’s infringing on MY brand, what do I do?

Contact them first. Ask them to stop (nicely please). Link them to your brand documentation. If they ignore you, email us the same. We’ll close the plugin until they fix it.

We recommend you BE CLEAR about what you require. Remember, most people aren’t familiar with trademark laws and their intricacies, so it’s very easy for them to get confused.

#guidelines, #trademarks