Title: Make WordPress Plugins – Page 2 – Resources for WordPress.org plugin developers

---

 [  ](https://profiles.wordpress.org/desrosj/) [Jonathan Desrosiers](https://profiles.wordpress.org/desrosj/)
1:58 am _on_ June 25, 2025     
Tags: [make.wordpress.org/project ( 8 )](https://make.wordpress.org/plugins/tag/make-wordpress-org-project/),
[p2-xpost ( 85 )](https://make.wordpress.org/plugins/tag/p2-xpost/)   

# 󠀁[X-post: A Little (Late) Spring Cleaning](https://make.wordpress.org/plugins/2025/06/25/xpost-a-little-late-spring-cleaning/)󠁿

X-comment from [+make.wordpress.org/project](https://make.wordpress.org/project/):
Comment on [A Little (Late) Spring Cleaning](https://make.wordpress.org/project/2025/06/25/a-little-late-spring-cleaning/#comment-658)

 [  ](https://profiles.wordpress.org/peiraisotta/) [Isotta Peira](https://profiles.wordpress.org/peiraisotta/)
1:06 pm _on_ June 23, 2025     
Tags: [make.wordpress.org/community ( 9 )](https://make.wordpress.org/plugins/tag/make-wordpress-org-community/),
[p2-xpost ( 85 )](https://make.wordpress.org/plugins/tag/p2-xpost/)   

# 󠀁[X-post: The Incident Response Team is looking for new members](https://make.wordpress.org/plugins/2025/06/23/xpost-the-incident-response-team-is-looking-for-new-members/)󠁿

X-comment from [+make.wordpress.org/community](https://make.wordpress.org/community/):
Comment on [The Incident Response Team is looking for new members](https://make.wordpress.org/community/2025/06/23/the-incident-response-team-is-looking-for-new-members/#comment-32528)

 [  ](https://profiles.wordpress.org/desrosj/) [Jonathan Desrosiers](https://profiles.wordpress.org/desrosj/)
11:49 am _on_ June 4, 2025     
Tags: [make.wordpress.org/project ( 8 )](https://make.wordpress.org/plugins/tag/make-wordpress-org-project/),
[p2-xpost ( 85 )](https://make.wordpress.org/plugins/tag/p2-xpost/)   

# 󠀁[X-post: Criteria for Creating or Migrating Repositories under the WordPress GitHub Organization](https://make.wordpress.org/plugins/2025/06/04/xpost-criteria-for-creating-or-migrating-repositories-under-the-wordpress-github-organization/)󠁿

X-comment from [+make.wordpress.org/project](https://make.wordpress.org/project/):
Comment on [Criteria for Creating or Migrating Repositories under the WordPress GitHub Organization](https://make.wordpress.org/project/2025/06/04/criteria-for-creating-or-migrating-repositories-under-the-wordpress-github-organization/#comment-639)

 [  ](https://profiles.wordpress.org/frantorres/) [Francisco Torres](https://profiles.wordpress.org/frantorres/)
9:36 am _on_ May 29, 2025     
Tags: [contributor-day ( 3 )](https://make.wordpress.org/plugins/tag/contributor-day/)

# 󠀁[Plugins Team at WCEU 25 | Contributor Day](https://make.wordpress.org/plugins/2025/05/29/plugins-team-at-wceu-25-contributor-day/)󠁿

WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything
related to WordPress. They're one of the places where the WordPress community comes
together to teach one another what they’ve learned throughout the year and share
the joy. [Learn more](https://central.wordcamp.org/about/). Europe 2025 is coming
soon and we will have several tables dedicated to the plugins team in the contributor
dayContributor Day Contributor Days are standalone days, frequently held before 
or after WordCamps but they can also happen at any time. They are events where people
get together to work on various areas of [https://make.wordpress.org/](https://make.wordpress.org/)
There are many teams that people can participate in, each with a different focus.
[https://2017.us.wordcamp.org/contributor-day/](https://2017.us.wordcamp.org/contributor-day/)
[https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/](https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/)!

A big part of the team will be at Basel and we are ready to carry out different 
activities according to the interests of the community present there.

Our main topics for the contributor are:

## PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory 󠀁[https://wordpress.org/plugins/](https://wordpress.org/plugins/)󠁿 or can be cost-based plugin from a third-party. Check Plugin

Learn how it works and how to contribute to the project that is helping plugin authors
to check their plugins for different kinds of possible issues.

Prepare for the event in advance:

 * You’ll need a laptop and access to internet (there will be wi-fi and [swiss-style-plugs](https://en.wikipedia.org/wiki/SN_441011)
   there).
 * You’ll need a WordPress local environment.
 * Get familiar with the [official repository](https://github.com/WordPress/plugin-check/),
 * Install it in your local environment, in the readme you have [instructions on how to download and execute it](https://github.com/WordPress/plugin-check/?tab=readme-ov-file#contributing).
 * Get familiar with [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/)
   and best practices, as all the code need to comply with it.

## Documentation

Help out contributing to the documentation by detecting areas not covered by the
current documentation and contribute suggesting changes to it.

Prepare for the event in advance:

 * You’ll need a laptop and access to internet (there will be wi-fi and [swiss-style-plugs](https://en.wikipedia.org/wiki/SN_441011)
   there).
 * Get familiar with the documentation regarding the plugins team.
    - Plugin Handbook: [Website](https://developer.wordpress.org/plugins/), [Github](https://github.com/WordPress/developer-plugins-handbook).
    - Guidelines: [Website](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/),
      [Github](https://github.com/WordPress/wporg-plugin-guidelines).
    - Reviewer’s Handbook: [Website](https://make.wordpress.org/plugins/handbook/),
      [Github](https://github.com/WordPress/plugins-handbook).
 * Get familiar with the [basic markdown syntax](https://github.com/javiercasares/wordpress-handbook-markdown).
 * Get familiar with [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/)
   and best practices, as documentation examples need to comply with it.

## Handbook

Learn about the best practices for developing plugins for WordPress.

Prepare for the event in advance: Gather your questions!

## General talk

Talk among the community about questions regarding the directory, how the team works,
guidelines, etc.

Prepare for the event in advance: Get familiar with the [Plugin Directory Guidelines](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/).

---

We are looking forward to seeing you there!

[#contributor-day](https://make.wordpress.org/plugins/tag/contributor-day/)

 [  ](https://profiles.wordpress.org/frantorres/) [Francisco Torres](https://profiles.wordpress.org/frantorres/)
7:19 pm _on_ May 26, 2025      

# 󠀁[Announcing the Next Plugin Review Team Reps](https://make.wordpress.org/plugins/2025/05/26/announcing-the-next-plugin-review-team-reps/)󠁿

We’re happy to announce that **[@davidperez](https://profiles.wordpress.org/davidperez/)**
and **[@frantorres](https://profiles.wordpress.org/frantorres/)** are **stepping
in as the next team reps** for the WordPress.orgWordPress.org The community site
where WordPress code is created and shared by the users. This is where you can download
the source code for WordPress core, plugins and themes as well as the central location
for community conversations and organization. [https://wordpress.org/](https://wordpress.org/)
PluginPlugin A plugin is a piece of software containing a group of functions that
can be added to a WordPress website. They can extend functionality or add new features
to your WordPress websites. WordPress plugins are written in the PHP programming
language and integrate seamlessly with WordPress. These can be free in the WordPress.
org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. Review Team!

Plugin team reps help coordinate the team’s duty, coordinate communication with 
the community, and ensure important updates and community activities stay on track.

**Over the past two years**, the new team has **made important progress** — incorporating
new members, [reducing the plugin queue](https://make.wordpress.org/plugins/2023/09/19/update-turning-the-tide/),
[creating and improving tools](https://make.wordpress.org/plugins/2024/09/17/introducing-plugin-check-pcp/),
streamlining the reviews and refining processes — thanks to the collective effort
of everyone involved.

Looking ahead, the team is **preparing to [tackle new challenges](https://make.wordpress.org/plugins/2025/05/21/the-wordpress-ecosystem-is-growing-new-plugin-submissions-have-doubled-in-2025/)**,
which we believe will include: the impact of AI, further tool enhancements, proactive
reviews, and improving documentation.

A big thank you **[to the entire team](https://make.wordpress.org/plugins/handbook/the-team/)
for their dedication**, to the contributions through the “[Five for the future](https://wordpress.org/five-for-the-future/)”
program and to all **plugin authors for keeping their plugins secure, compatible,
and compliant**. Together, we are evolving the WordPress plugin ecosystem!

 [  ](https://profiles.wordpress.org/davidperez/) [David Perez](https://profiles.wordpress.org/davidperez/)
5:16 pm _on_ May 21, 2025      

# 󠀁[The WordPress Ecosystem is Growing: New Plugin Submissions Have Doubled in 2025](https://make.wordpress.org/plugins/2025/05/21/the-wordpress-ecosystem-is-growing-new-plugin-submissions-have-doubled-in-2025/)󠁿

## This year, the number of plugins submitted has grown by 87% compared to last year

🌱 We have great news from the Plugins team. The submission of new plugins in WordPress
has almost doubled this year, helping the WordPress ecosystem to grow.

The WordPress developer community is celebrating as they maintain and increase their
submissions to be reviewed and published in the WordPress directory.

As you can see in the graph below, we detected this increase since last September,
and we can observe the impact of AI as well as achievements made by the team, such
as having automated tools and improvements to the internal Scanner, which, in our
view, have contributed to the rise in pluginPlugin A plugin is a piece of software
containing a group of functions that can be added to a WordPress website. They can
extend functionality or add new features to your WordPress websites. WordPress plugins
are written in the PHP programming language and integrate seamlessly with WordPress.
These can be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. submissions to the official directory.

[[

## The Rise of AI 🤖 in the Plugin Directory

🤓 It’s clear that AI is influencing plugin submissions to the directory. Here, 
we analyze plugins that have “AI” in their title, showing the use of Artificial 
Intelligence integrated into WordPress.

As seen in this chart, growth is exponential, with many plugins directly using AI
to offer features within the directory.

[[

If we were to group them by functionality and ordered by number of submissions, 
we’d have these categories:

💬 Chatbots / Virtual Agents
✍️ Content Generators🛒 Ecommerce / WooCommerce🔍 SEO
🖼️ Multimedia Generation (images, 3D, etc.)📝 Forms / Inputs✨ Summaries / Highlights
❓ FAQ / Q&A Generators🌐 Translation / Multilingual🏷️ TaxonomyTaxonomy A taxonomy
is a way to group things together. In WordPress, some common taxonomies are category,
link, tag, or post format. [https://codex.wordpress.org/Taxonomies#Default_Taxonomies](https://codex.wordpress.org/Taxonomies#Default_Taxonomies).
Management (categories/tags)📋 Titles and Metadata

We highly appreciate developers betting on WordPress to include Artificial Intelligence
and improve integration and functionalities for users.

## The Impact of AI on Plugin Development

Artificial intelligence has become a key tool to speed up and improve plugin development
in WordPress. From writing code to generating ideas, here are some standout ways
AI is helping:

 * **Code Assistance**: AI tools assist developers by providing contextual suggestions,
   code snippets, and guidance on the use of WordPress-specific functions, hooksHooks
   In WordPress theme and development, hooks are functions that can be applied to
   an action or a Filter in WordPress. Actions are functions performed when a certain
   event occurs in WordPress. Filters allow you to modify certain functions. Arguments
   used to hook both filters and actions look the same. and APIs.
 * **Code Debugging and Review:** AI can analyze your code and suggest improvements
   for performance, security, or WordPress standards compliance. It can help understand
   Plugin Check Plugin warnings and offer specific solutions.
 * **Auxiliary Content and Documentation:** Automatically generate parts of documentation,
   FAQs, changelogs, or tutorials for end users.

## Improvements to the Team’s Internal Scanner

We’ve upgraded our internal tool focusing on three pillars: better detection, more
examples, and AI integration.

We revamped the tool that assists our manual reviews by catching more issues and
checking more detection points, while customizing examples to make it easier for
developers to find solutions.

Remember, the main security issues stem from lack of sanitization, escaping, and
nonce usage.

Finally, we’ve added AI to detect duplicate or similar plugin names in the directory,
making the team more productive.

## Free Tool for WordPress Developers

Since last year, we have the [Plugin Check Plugin tool](https://wordpress.org/plugins/plugin-check/),
which lets you review your own plugin. Plugin Check Plugin is an official tool that
automatically checks if your plugin meets WordPress.orgWordPress.org The community
site where WordPress code is created and shared by the users. This is where you 
can download the source code for WordPress core, plugins and themes as well as the
central location for community conversations and organization. [https://wordpress.org/](https://wordpress.org/)
directory requirements and best practices.

More info is available in the [detailed introductory post](https://make.wordpress.org/plugins/2024/09/17/introducing-plugin-check-pcp/).

Since September 2024, Plugin Check Plugin has been integrated for [automatic reviews directly on WordPress.org](https://make.wordpress.org/plugins/2024/10/01/plugin-check-and-2fa-now-mandatory-for-new-plugin-submissions/),
improving review speed and reducing issues by 41% when approving a plugin.

## Team Effort: Less Average Waiting Time

Even though we’ve received twice as many new plugin submissions, we should applaud
the team’s dedication to keeping the time for first reviews low.

A short waiting time for plugin review encourages developers to publish in the directory
and offers many advantages:

 * Faster publishing cycle: Less time between idea and public availability.
 * Better developer experience: Less waiting to validate ideas reduces frustration,
   increases motivation, and strengthens the WordPress community.
 * Incentive to innovate more: Our community becomes more competitive with an agile
   process, encouraging experimentation and initial version releases.

This year, we are also managing to keep the average waiting time for the first review
at a minimum. We work hard every day to maintain this commitment and avoid long 
delays that could discourage new plugin development.

_This post was written by [@davidperez](https://profiles.wordpress.org/davidperez/)
and reviewed by [@frantorres](https://profiles.wordpress.org/frantorres/) and [@rabmalin](https://profiles.wordpress.org/rabmalin/)_

 [  ](https://profiles.wordpress.org/desrosj/) [Jonathan Desrosiers](https://profiles.wordpress.org/desrosj/)
1:11 pm _on_ March 4, 2025     
Tags: [make.wordpress.org/test ( 2 )](https://make.wordpress.org/plugins/tag/make-wordpress-org-test/),
[p2-xpost ( 85 )](https://make.wordpress.org/plugins/tag/p2-xpost/)   

# 󠀁[X-post: Help Test WordPress 6.8](https://make.wordpress.org/plugins/2025/03/04/xpost-help-test-wordpress-6-8/)󠁿

X-comment from [+make.wordpress.org/test](https://make.wordpress.org/test/): Comment
on [Help Test WordPress 6.8](https://make.wordpress.org/test/2025/03/04/help-test-wordpress-6-8/#comment-3300)

 [  ](https://profiles.wordpress.org/frantorres/) [Francisco Torres](https://profiles.wordpress.org/frantorres/)
4:31 pm _on_ February 20, 2025     
Tags: [directory ( 15 )](https://make.wordpress.org/plugins/tag/directory/)

# 󠀁[Plugin author now linked to WordPress.org profiles](https://make.wordpress.org/plugins/2025/02/20/plugin-author-now-linked-wp-profiles/)󠁿

The way the pluginPlugin A plugin is a piece of software containing a group of functions
that can be added to a WordPress website. They can extend functionality or add new
features to your WordPress websites. WordPress plugins are written in the PHP programming
language and integrate seamlessly with WordPress. These can be free in the WordPress.
org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. author information is displayed 
in the directory has changed; it’s now linked to the plugin owner’s public WordPress.
orgWordPress.org The community site where WordPress code is created and shared by
the users. This is where you can download the source code for WordPress core, plugins
and themes as well as the central location for community conversations and organization.
[https://wordpress.org/](https://wordpress.org/) profile.

We refer to the field that is displayed under the plugin title and is preceded by
either a icon depicting a person or the text ‘By’, this represents the author of
the plugin.

[⌊A screenshot of what the plugin information looks like in the plugin listings 
of the directory.⌉⌊A screenshot of what the plugin information looks like in the
plugin listings of the directory.⌉[

[⌊A screenshot of what the plugin information looks like in the header of a single
plugin page.⌉⌊A screenshot of what the plugin information looks like in the header
of a single plugin page.⌉[

## Who’s the author?

### Previously

This value was taken from the plugin’s headers, from the “Author” and “Author URI”
fields.

This made it possible for plugin authors to display any name and link to any website.

### Now

This value is taken directly from the plugin owner’s profile. It shows the owner’s
display name as set on their WordPress.org profile and a link to their profile.

This way, the plugin attribution you see is directly linked to the plugin owner’s
WordPress.org profile.

## FAQ

**Can plugins pages still include external links?**

Yes, as long as those links do not contravene the guidelines. External links can
be included in the readme file so that they’re displayed on the plugin page, and
plugin authors can also add links on their WordPress.org profile page.

**Does this change apply retroactively to existing plugins?**

Yes, this is a change to the way it is displayed throughout the directory.

**Can multiple authors be credited for a single plugin?**

While only the plugin owner’s display name and profile will be shown under the plugin
title, multiple contributors can still be listed on the **“Contributors & Developers**”
section. This can be set in the “Contributors” field in the [plugin’s readme file](https://developer.wordpress.org/plugins/wordpress-org/how-your-readme-txt-works/#readme-header-information).

**Can plugin teams still list their company / team / group / brand name instead 
of a personal profile?**

Yes, a company/team/group/entity can have **one** account to manage their plugins,
In this case, they should consider the following:

 * Accounts belonging to a company/team/group/entity are **not allowed to participate
   in forums**. Community forums are a space for people, not companies or groups.
   Members can have personal accounts to participate in forums. They can be added
   as Support Reps in the advanced section of the plugin.
 * All plugins owned by a company/team/group/entity **must be under the same account**.
   This means that if they have 8 plugins, those 8 plugins must be under the same
   account, not under different accounts. When having different brands, you will
   need to decide what you want to display on all plugins, and users will be able
   to see all plugins published under that name.

**I need to change how the author is displayed, what can I do?**

If the plugin is associated with the correct WordPress.org account, you can simply
change the display name in your WordPress.org profile.

If this is not the case, [you can transfer your plugin to another account](https://developer.wordpress.org/plugins/wordpress-org/transferring-your-plugin-to-a-new-owner/).
Just remember that if you have multiple plugins, you are expected to transfer all
of them so that they are owned by one account (see the previous FAQ for more information).

[#directory](https://make.wordpress.org/plugins/tag/directory/)

 [  ](https://profiles.wordpress.org/davidperez/) [David Perez](https://profiles.wordpress.org/davidperez/)
4:05 pm _on_ December 31, 2024      

# 󠀁[A Year in the Plugins Review Team – 2024](https://make.wordpress.org/plugins/2024/12/31/a-year-in-the-plugins-review-team-2024/)󠁿

It’s been a transformative year of growth in the WordPress Plugins Directory, particularly
as the Plugins Team welcomed several new members onboard. Throughout this time, 
we remained focused on our primary goals: enhancing security, improving the review
process, and fostering community engagement.

Our security efforts have focused on creating tools to benefit all developers, including
the introduction of mandatory PluginPlugin A plugin is a piece of software containing
a group of functions that can be added to a WordPress website. They can extend functionality
or add new features to your WordPress websites. WordPress plugins are written in
the PHP programming language and integrate seamlessly with WordPress. These can 
be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. Check for new plugin submissions,
2FA in SVNSVN Short for "SubVersioN", it's the code management system used to maintain
the plugins hosted on WordPress.org. It's similar to git. and our renovated Internal
Scanner Tool. These features, detailed[ here](https://make.wordpress.org/plugins/2024/10/01/plugin-check-and-2fa-now-mandatory-for-new-plugin-submissions/),
enhance security and streamline the submission process. Additionally, the SVN Password
feature has become a critical measure to prevent account theft and related issues.

When it comes to reviews, it remains our most time-intensive task, reflecting our
commitment to maintaining quality and trust within the Plugins directory.

Since September 2023, the plugin review queue—once around 1,300—has seen significant
improvements thanks to enhanced tools, refined workflows, and better submissions.
In October 2024, the queue even briefly hit zero. The Plugin Check plugin has been
key, enabling developers to improve code quality and security pre-submission, which
in turn has sped up reviews. Over the past year, 2,983 plugins have been approved,
and the number of reviews required per plugin has increased. That means that we 
now detect more issues per plugin.

The [Plugin Check plugin](https://wordpress.org/plugins/plugin-check/) has significantly
reduced the time for reviews, bringing the average wait time down from 37 weeks 
to 9 weeks, **even as plugin submissions have almost doubled**. In the past year,
we’ve reviewed 7,382 plugins—59,1% more than the previous year—while detecting more
issues through both automated and manual reviews than ever before. This has resulted
in faster, more thorough reviews despite the increased volume of submissions.

We have continued refining our Internal Scanner tool, a magnificent legacy created
by Mika Epstein, to streamline reviews and boost productivity. Recent updates, encompassing
over 400 commits, include new checks for issues like sanitize and escape, along 
with enhanced examples and personalized guides to help plugin authors effectively
resolve identified issues.

The tool now features over 200 checks, detecting a wide range of potential security-
related issues while also supporting reviewers in conducting thorough manual reviews.

The issues highlighted in the chart below account for approximately 80% of all issues
detected.

[[

For more reading about these and other common issues, you can [click here](https://developer.wordpress.org/plugins/wordpress-org/common-issues/).

With regard to improving the plugin development community, we have focused on migrating
and maintaining the Developer Handbook to GitHubGitHub GitHub is a website that 
offers online implementation of git repositories that can easily be shared, copied
and modified by other developers. Public repositories are free to host, private 
repositories require a paid subscription. GitHub introduced the concept of the ‘
pull request’ where code changes done in branches by contributors can be reviewed
and discussed before being merged by the repository owner. [https://github.com/](https://github.com/)
which can now accept contributions. 

The team is also participating in the Plugins tables at various contributor days
at WordCamps, helping and encouraging users to create their plugins whilst using
WordPress best practices.

We will aim to do this type of review each year, and until the next one, please 
remember to use [Plugin Check](https://make.wordpress.org/plugins/2024/09/17/introducing-plugin-check-pcp/)!
Adding it to your development workflow will save you effort, and countless hours.
As [our roadmap](https://make.wordpress.org/plugins/2024/12/24/plugin-check-goals-roadmap/)
outlines, we promise to increase its capacity, and usefulness.

Post written and reviewed by [@janmtm](https://profiles.wordpress.org/janmtm/) [@chriscct7](https://profiles.wordpress.org/chriscct7/)
[@frantorres](https://profiles.wordpress.org/frantorres/) [@davidperez](https://profiles.wordpress.org/davidperez/)

 [  ](https://profiles.wordpress.org/chriscct7/) [chriscct7](https://profiles.wordpress.org/chriscct7/)
3:52 pm _on_ December 24, 2024      

# 󠀁[Plugin Check Goals & Roadmap](https://make.wordpress.org/plugins/2024/12/24/plugin-check-goals-roadmap/)󠁿

PluginPlugin A plugin is a piece of software containing a group of functions that
can be added to a WordPress website. They can extend functionality or add new features
to your WordPress websites. WordPress plugins are written in the PHP programming
language and integrate seamlessly with WordPress. These can be free in the WordPress.
org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. Check, a multi-team effort within
the WordPress project, is designed to allow plugin authors to check the plugins 
they develop to catch and self-service commonly found issues seen in plugin initial
submissions and re-reviews for WordPress Plugin Directory Guideline violations, 
security issues, and plugin development best practices. If you have not already 
done so, I recommend reading the [Introducing Plugin Check (PCP) post](https://make.wordpress.org/plugins/2024/09/17/introducing-plugin-check-pcp/)
and the post outlining [PCP becoming a pre-submission requirement for new plugins to Plugin Directory](https://make.wordpress.org/plugins/2024/10/01/plugin-check-and-2fa-now-mandatory-for-new-plugin-submissions/)
before reading the rest of this post.

## Goals of Plugin Check

The goals of the Plugin Check Plugin (PCP) within the Plugins Team are primarily
to:

 * Allow developers to self-service issues found in initial plugin reviews
 * Improve the security of plugin code
 * Promote best practices within plugins and ensure Directory Guidelines compliance

Let’s dive into each of these to explore them in more detail, and talk about how
they correspond to goals found in the roadmap for Plugin Check.

### Allow Developers to Self-Service Issues Found in Initial Plugin Reviews

The majority of the issues that are caught with plugins in the initial review of
a new plugin are violations of the Guidelines or issues with Plugin Directory rules(
such as: not using a unique prefix for names of classes/functions; an invalid readme;
plugin versions in the readme not matching the plugin headerHeader The header of
your site is typically the first thing people will experience. The masthead or header
art located across the top of your page is part of the look and feel of your website.
It can influence a visitor’s opinion about your content and you/ your organization’s
brand. It may also look different on different screen sizes.; etc).

Our goal is to allow plugin developers to test for the majority of these before 
they submit their plugin with one click using Plugin Check. As a backup, a more 
limited set of these checks (the ones that almost or neverdeliver a false positive)
are automatically run against a plugin before it can be submitted into the queue(
this part is already live on WordPress.orgWordPress.org The community site where
WordPress code is created and shared by the users. This is where you can download
the source code for WordPress core, plugins and themes as well as the central location
for community conversations and organization. [https://wordpress.org/](https://wordpress.org/)).

This process helps developers address issues before submission, reducing back-and-
forth and speeding up reviews. It saves time for the Plugins Team and allows new
plugins to go live on the repository more quickly. To improve upon this, one of 
the goals for Plugin Check is to further this goal by adding more checks, making
the UXUX UX is an acronym for User Experience - the way the user uses the UI. Think‘
what they are doing’ and less about how they do it. of the plugin better, and building
more ways for plugin authors to build Plugin Check into their development flow.

### Improving The Security of Plugin Code

While no static analysis or rule set tool will ever be able to catch 100% of security
vulnerabilities in plugins, our goal with Plugin Check is to aggressively work on
tackling the ones we see most commonly. The majority of security issues generally
found in plugins are things like missing nonce/capability checks or missing sanitization/
escaping/validation— issues that are oftentimes easier to build detection around.
By helping developers catch and address potential security issues, especially before
release, we can make plugins more secure overall.

During Phase 1 of the security categoryCategory The 'category' taxonomy lets you
group posts / content together that share a common bond. Categories are pre-defined
and broad ranging. rollout for developers submitting plugins for security re-review,
the team has observed that even the limited checks in Plugin Check significantly
improve plugin security and reduce the time reviewers spend on these reviews by 
minimizing follow-up messages.

In Phase 2, we will focus on adding more comprehensive checks for additional common
security issues found in the .org repository.

### Promote best practices within plugins and ensure Directory Guidelines compliance

The Plugin Directory now hosts over 60,000 plugins crafted by a diverse group of
authors, ranging from first-time developers to seasoned commercial plugin companies.
These plugins span a wide spectrum—some offer simple quick fixes, while others are
robust SaaS replacements. They also reflect varying levels of community involvement,
from WordPress CoreCore Core is the set of software required to run WordPress. The
Core Development Team builds WordPress. Committers to software companies integrating
their services with WordPress.

Because the Plugin Review Team reviews plugins from authors with varying levels 
of experience, we occasionally encounter plugins that violate the Plugin Directory
Guidelines or contain code that deviates from WordPress development or security 
best practices. Most violations or oversights come from authors unfamiliar with 
the Guidelines, so the team approaches these cases as teaching opportunities rather
than punitive actions.

With WordPress Core and GutenbergGutenberg The Gutenberg project is the new Editor
Interface for WordPress. The editor improves the process and experience of creating
new content, making writing rich content much simpler. It uses ‘blocks’ to add richness
rather than shortcodes, custom HTML etc. [https://wordpress.org/gutenberg/](https://wordpress.org/gutenberg/)
evolving rapidly, even experienced plugin authors may struggle to keep up with the
latest best practices. While the Plugin Team and Core Teams provide resources like
Make Posts and pre-release emails to communicate key updates, the Plugin Check project
aims to simplify this process. Plugin Check allows authors to quickly scan their
plugins for performance improvements and best practice opportunities.

The Plugin Team has collaborated with teams like the Performance Team, co-developers
of Plugin Check, to identify performance enhancements and catch common Directory
guideline violations. In Phase 2, we plan to expand these checks and collaborate
with additional teams to further support plugin authors.

We’ve recommended that plugin developers integrate Plugin Check into their development
workflow and have worked to make it as accessible as possible by enabling multiple
ways to run it:

 * As a standard WordPress plugin (with UIUI UI is an acronym for User Interface-
   the layout of the page the user interacts with. Think ‘how are they doing that’
   and less about what they are doing.)
 * As a WordPress CLICLI Command Line Interface. Terminal (Bash) in Mac, Command
   Prompt in Windows, or WP-CLI for WordPress. command
 * As a one click GitHubGitHub GitHub is a website that offers online implementation
   of git repositories that can easily be shared, copied and modified by other developers.
   Public repositories are free to host, private repositories require a paid subscription.
   GitHub introduced the concept of the ‘pull request’ where code changes done in
   branches by contributors can be reviewed and discussed before being merged by
   the repository owner. [https://github.com/](https://github.com/) Action (to integrate
   with development workflows — [repository link](https://github.com/WordPress/plugin-check-action)/
   [GitHub Marketplace link](https://github.com/marketplace/actions/wordpress-plugin-check))

We’ll continue improving Plugin Check in Phase 2 by simplifying output customization
for easier integration.

## Phase 2 Roadmap Overview

In Phase 1, Plugin Check was released to the community as a plugin available through
WordPress.org. It became a requirement for new plugin submissions to the Plugin 
Directory and for relisting plugins that were pulled due to security issues, requiring
all Security category checks to be passed.

In Phase 2, Plugin Check will expand to cover updates made by plugin authors to 
plugins already in the Directory. The initial rollout will include a post-SVNSVN
Short for "SubVersioN", it's the code management system used to maintain the plugins
hosted on WordPress.org. It's similar to git. check-in process, where Plugin Check
will email plugin authors about detected issues and notify Plugin Team members based
on severity.

Specific rollout timelines and processes for Phase 2 will be shared in a future 
Make Plugins post as its release approaches.

To roll out Phase 2, the Plugins Team will prioritize essential updates to Plugin
Check, considered prerequisites for this phase. These updates will collectively 
define the Phase 2 priorities.

 1. **Improve Documentation and Messaging**: Ensure every Plugin Check rule has clear
    documentation and intuitive messaging to make it self-service. Each check should
    explain what is wrong, how to fix it, and where to find updated resources. This
    reduces questions about individual checks.
 2. **Develop Conditional Rule Application**: Create a system to exclude or conditionally
    apply rules. This allows flexibility for custom check categories and handles evolving
    guidelines, such as varying prefix length requirements based on a plugin’s addition
    to the Directory.
 3. **Enhance User Interface**: Improve Plugin Check’s UI to help plugin authors quickly
    understand check categories, distinguish required vs. optional checks, and create
    a cohesive experience for custom rulesets added by developers or companies.
 4. **Introduce Experimental Checks**: Add an experimental checks feature to let plugin
    authors betaBeta A pre-release of software that is given out to a large group of
    users to trial under real conditions. Beta versions have gone through alpha testing
    in-house and are generally fairly close in look, feel and function to the final
    product; however, design changes often occur as part of the process.-test new rules
    before they become mandatory. This helps identify edge cases, encourages contributions
    from new developers, and supports iterative rule development.
 5. **Build Retroactive Directory Integration**: Enable Plugin Check to run on plugins
    already in the Directory after a release. Alerts based on the severity of issues
    detected will notify the Plugin Team and/or plugin authors. This integration ensures
    ongoing improvement of plugins, leveraging the success of Plugin Check for new 
    submissions and enhancing the overall quality of the Directory.

We’re excited to kick off development of Phase 2 of Plugin Check! If you’re a plugin
author, we encourage you to integrate Plugin Check into your development workflow.
The GitHub Action is a great starting point, and running Plugin Check against your
existing plugins can help identify improvement opportunities ([repository link](https://github.com/WordPress/plugin-check-action)/
[GitHub Marketplace link](https://github.com/marketplace/actions/wordpress-plugin-check)).
Additionally, spreading awareness is crucial—tell other plugin authors you know 
about Plugin Check. The more developers who use it, the better the tool becomes 
for the entire community.

For those interested in contributing directly to Plugin Check, you can find the 
GitHub repository [here](https://github.com/wordPress/plugin-check/). Whether you
have ideas for new checks, want to write or test code, or help improve documentation,
there are always tasks needing assistance. We’re grateful for any contributions 
to help improve Plugin Check and support the WordPress ecosystem.

## Post navigation

[← Older posts](https://make.wordpress.org/plugins/page/3/?output_format=md)

[Newer posts →](https://make.wordpress.org/plugins/?output_format=md)