Revised Guidelines Are Live

We soft-launched them on the 20th, just to make sure we didn’t mess anything up. Those last few spelling and grammar edits are killer. However yes, the guidelines, reviewed and revised by the community are now the official Plugin Developer Guidelines.

While I can hope they’re easily understood by all, I know that’s a fond wish. I’m leaving the repository on Github open for the time being, in order to allow people who spot late breaking issues to report them. If you do spot problems, please open an issue on the GitHub Repo or email plugins@wordpress.org and let us know.

In addition to just rewriting the guidelines, we took the time to codify the expectations of developers and cost of not abiding by the guidelines, as well as a reminder that we do remove plugins for security issues. We are doing our best to be transparent of what we expect from you and, in return, what you can expect from us.

Finally, THANK YOU. Everyone who helped write this, edit it, and who was patient understanding I was chasing down people to get their sign-off on what might be construed as massive changes, I greatly appreciate the time you spent on this project. It’s a massive undertaking to re-write guidelines in the public eye, in a way that won’t pull the rug out from anyone. Our goal was to clarify, not totally change, but also to address the needs of an ever changing technology.

Our goal, as always, remains to provide a safe place for all WordPress users – from the non-technical to the developer – to download plugins that are consistent with the goals of the WordPress project.

Please take the time to read the Detailed Plugin Guidelines.

#guidelines

Plugin Directory Chat: Nov 2

Next plugin directory chat 2016-11-02

We skipped this week and we will next meet at 2016-11-02 22:00:00 UTC

#directory

The Perils of Partnership

If you’ve ever received an email offering to partner with you or to join an affiliate network or to help you earn money for your plugin, it’s probably a scam.

In the last three months, we’ve seen a serious uptick in emails like “please join our affiliate network” or “I can help you earn money” or “increase your plugin’s SEO” sent to plugin developers. On review, every last one that looked iffy has turned out to be by a nefarious or malicious group of people, who want to either install backdoors into plugins or black hat SEO links.

These deals should sound too good to be true, and they are. They can irreparably harm you, your reputation, and your standing on WordPress.org. Our reaction, when we see it, is to remove the plugin and revoke all SVN access from the developers involved. We don’t always restore access, especially if we feel you may fall for such a scam again or your online behavior is inherently insecure.

I know some of you are reading this thinking “Who falls for stupid stuff like that!” and the reality is anyone. All it takes is one mistake, one moment where you’re not thinking all the way through, and you’ve shot yourself in the foot.

There are some simple tips you can take to protect yourself.

  • Never let anyone else use your SVN account. If you work with a team, everyone should use their own account. This will help you track changes too.
  • Look up the people. Check that they seem legit. Are they using wordpress in their domain name (which you know is not permitted)? Do they already have any plugins? Are they active in the community?
  • What other kinds of plugins do they own? If the plugins are all over the place, ask yourself: Why would they want MY plugin? Companies that make a grab for a lot of different plugins are often trying to find ones with a high user count in order to spam.
  • Preview the code. Never add anything you’re not 100% sure is safe. If the code that gets added has links that look like http://api.wp' . '-example.com/api/upd' . 'ate or 'ht'.'tp://wpcdn.example.com/api/update/ then it’s not trustworthy (those aren’t the real URLs).
  • Does the email look like a form letter? WordPress is such a small community that people generally reach out like human beings. If someone’s spam-blasting a form, it’s sketchy.
  • Check spelling and grammar. If it’s `Wordpress` with a lower case P, or `JetPack` with an uppercase one, it might just be an innocent mistake, but it might not. Businesses should care about these things. After all, you do.

Above all, if you see something, say something. If you get an email like that, forward it on to plugins@wordpress.org with as much information as possible. We would love to see some code samples, for example, as we can add it to our scan routines.

#reminder, #security

When emailing zips please make sure your email…

When emailing zips, please make sure your email client and email service provider allow this.

Increasingly, we have seen people testifying that they emailed us a file with a zip, but we never receive it. In doing some research, we’ve found that mail providers are now silent-killing large emails! While the settings can be overwritten, please keep this in mind when you email people your zips.

If you have the ability to check your mail logs, you may be rudely surprised. I know I was.

#email, #notice

Plugin Directory Chat on Oct 5th

I know, it got quiet. There were things.

Plugin directory chat on 2016-10-05

They’ll be picking back up next month though! Come with your thinking hats on. Can’t make it? Leave comments on the above post 😁

#plugin-directory, #reminder

Forums Status Update (Sept 12)

Subscriptions should be working again.

Feeds have _moved_ and I’m really sorry about that. Hopefully we’ll get an nginx redirect in there sooner rather than later but basically it’s this: https://wordpress.org/support/plugin/akismet/feed/

We’re using WordPress now, so any time you see a view you want to follow in RSS, slap `/feed/` on the end and it will probably work.

There’s also this URL: https://wordpress.org/support/plugin/akismet/active however, as you will notice, there is no ‘feed’ for it. Those are custom (non default WP) views and are all support threads with Closed and Resolvedt filtered out, then sorted by last reply. We’re working on feeds for those and the old plugin committer feeds. I want that back too. Right now, I suggest you use the per-plugin feed to get a list of your new bugs etc, and then subscribe to the post (or add it to favorites).

Sadly, ‘cost overruns’ have been the story of this migration. We had hoped to be done with everything by the 5th, but that proved a gross underestimate.

We know there are a lot of ‘smaller’ features everyone loves and have gotten used to making their lives easier that we’re now doing without. It sucks. Trust me here, the mods have ‘lost’ more tools than anyone else. This upgrade had to happen, though.

Also the reason I’m closing these posts to comments when I make them is I have no additional information to provide. Historically, if I leave them open people will posts complaints and rants (which I can do nothing about save sympathize), bug report (which we either already know about, or should have been posted elsewhere), or ‘thanks’ (which we all appreciate, but get spammy). And pinging me on Slack won’t get you any answers more than I’ve posted. This is what I know as I know it.

All I have for you now is a plea to be patient. This is a massive undertaking that for a long time was deemed impossible. But slowly, as we clean up the mess, things will get better and the pros of the move will reveal themselves. Like having Akismet actually catch spam for a change.

Please check Support Forums: Meta Trac before filing a bug report/complaint. And if you have suggestions for fixes, jump in and let us know! The bonus of being on bbPress now is that if there are plugins that can do what we need, we can actually use them!

Thanks.

#forums, #support

WP_Hook: Next Generation Actions and Filters

WordPress 4.7 will contain a significant re-architecture of how hooks work. Please read the post on make/core for the full details, and test your plugins!

WP_Hook: Next Generation Actions and Filters

#testing

Forums Status Update (Sept 7)

Happy 4.6.1 day.

  • Reviews are back.
  • Plugin authors and contributors are listed as authors and contributors
  • RSS feeds for individual plugin forums are working
  • Topic subscriptions should be working. Existing subs are still being imported.

The direct urls to your reviews will be https://wordpress.org/support/plugin/akismet/reviews/#new-post — I don’t know if that’s forever.

The amount of data being imported is causing everything to take longer than expected, in order to do this without crashing the servers. Which would be bad. That’s also why some posts are showing out of order. This is the biggest bbPress install ever, I suspect…

ETA on everything? We don’t know. It’s all taking longer than we hoped.

Akismet has also been acting a prat and spamming people so if that happens, swing by the #forums slack and ask if they can have a look for you 🙂 Please ask nicely and offer coffee.

Forum Update Status (Sept 5)

Summary: A great many things have been improved. Paramount was getting the data over (done!), syncing review stars with their new post IDs (done), and making the forums run faster (in progress).

Support Forums Upgrade Status (2016/09/05):

Please note: There was no way to actually test this properly before moving over, so while this is frustrating for everyone, the moderators have had to be quite aggressive in deleting repetitive reports of what’s broken. If you’ve found something that isn’t on the bugs and broken things list, please leave a reply there. Otherwise the answer is “As soon as we can get it done, it’ll be done.”

If you want to be super helpful, please make sure your fellow developers read the posts 🙂

#forums

Plugin Reviews Disabled (And More about the Support Forums)

Reviews will be broken until about September 5.

This is directly related to the support forum maintenance.

Per @jmdodd:

We’ll do our best to keep this window short, but for now the choice was between closing reviews for 4 days or closing all of the support forums for 24 to 48 hours.

The Meta team felt (and I personally agree) that it is far more important to have support forums than the reviews. And the support forums were unsustainable. So while this is a wrench in your plugins, it’s far far better than no forums at all for Labor Day Weekend.

Updated Sept 2 0233

From @otto42

Consider this an announcement: all plugin/theme connections to the forums are currently considered broken. We expected that. It will take a few days to restore this, and that’s considered acceptable losses, for now. We will be working to fix these issues over the next few days, and it will be corrected as we get to it. In other words, we are aware of the issues and working to fix them.

Updated Sept 2 1628

You may have noticed you can’t do some things in the forums anymore. This is known. Please read Forum Bugs and Broken Things before you complain. Here’s a list of what you’re probably trying to figure out. ALL of these are being working on. Don’t fret. Enjoy your weekend.

  • Plugin authors can’t sticky
  • Plugin committer/author support views don’t work
  • Plugin authors can’t resolve threads
  • Pinned topics are unpinned in plugin forums
  • Plugin Authors aren’t labelled as Plugin Authors
  • Cannot subscribe to plugin forums

#forums, #reviews