Update: Turning the Tide

Currently there are 1,241 plugins awaiting review.

We are painstakingly aware of this. We check that number every day and realise how this delay is affecting pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors. We are sharing an update to let you know what we are doing, not just to fix the current situation, but also to prevent a similar scenario in the future.

New Team Members

We have three new people in the team: Gustavo Bordoni, Gagan Deep Singh & Rob Rawley (thank you!) and we are still reviewing submissions. The experience we have gained onboarding two rounds of new team members, added to the fact that we now have a system in place, means that it will be a lot easier to repeat this process in the future.

Since we have 40+ submissions at this point, we are planning to close the “Apply to join the team” form at the end of September. If you are planning to apply to join the team, please do so before Oct 1st. We would like to extend our gratitude to all those how have taken a step forward and volunteered to join the team.

Self-reviews

We have also started emailing plugin authors whose plugins are currently in the queue and asked them to self-check their plugins to ensure they meet basic security standards. We find ourselves correcting the same three or four errors on +95% of plugins and this is not a good use of our time. Once authors confirm that their plugins meet these basic requirements, we will proceed with the review.

We want to thank those of you who are receiving these emails for your collaboration, as it will allow us to tackle the current backlog a lot faster.

Plugin Check plugin

In the same vein, we are just about to release have just released a Plugin Check plugin (PCP) to the WP.org as a regular plugin. This plugin will allow authors to self-review their plugins automatically and will provide them with feedback and links to fix common errors.

Once the PCP is merged with this other plugin that the Performance team has been working on, it will provide checks for a lot of other things. When this is completed, we will be in a better spot to take in feedback and make improvements.

In the short term, we are going to ask authors to test their plugins using the PCP before submitting them, but our goal is to integrate the plugin as part of the submission process and run automated checks.

The Plugin Check plugin is about to be released has been released as a regular repo plugin. Running it will become requirement soon, please take a look now.

Security Reports

We have made significant progress with the security reports backlog, and we are hoping to clear that queue in a matter of days. This will mean more hands available to focus on new plugin reviews and other tasks. We have also made some progress regarding the methods and formats in which researchers submit their reports which, in turns reduces the amount of time required to process these reports.

Bailing Water Vs Fixing the Leak

If you indulge me to share a sailing metaphor: When your boat has a leak, it is more effective to prioritize fixing the source of the leak rather than solely focusing on bailing out water, even though to external observers, it might appear as if no progress is being made. Bailing water can provide temporary relief and may give the appearance of actively addressing the issue, but it is essentially a band-aid solution that requires continuous effort.

During the last 6 months, the Plugin review team has worked on documenting its processes, training new members and improving its tools. Now, thanks to your patience and support, the tide is about to turn.

#update

Tackling team challenges together

TLDR: New team reps selected; strategies for working through the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party backlog; solid show of interest in joining the team.

The last few months since Mika announced she was stepping down from the team have been very exciting (and busy!) for all the new team members (@davidperez, @eherman24, @frantorres, @lukecarbis, @martatorre and @pacomarchante), and we wanted to share an update with you. 

The first couple of weeks were a bit nerve-wracking. We were daunted by the complexity of the task, the responsibility it entails, and the sheer volume of plugins that needed to be reviewed. But over time, we’ve become more comfortable with the processes and routines of plugin review.  We are very grateful we got all the support we needed from Mika, @otto42, @dd32, @zoonini, @mrfoxtalbot, and other contributors during this period. 

We’re also pleased to announce that after some discussion, Francisco Torres & Paco Marchante will be the new team reps. 

The challenges

When you start working on plugin reviews it suddenly strikes you how tremendously efficient Mika was at doing this. In the last year alone, She reviewed 5297 new plugins (that’s around 100 plugins per week). You have to take into account that most of the plugins the team receives require a back-and-forth of several emails before the plugin can be approved.

Fortunately, the team is quickly picking up its pace at reviewing plugins. At first, it would take us 2 hours to review each plugin, then 1 hour, and now we are down to 10-20 minutes for an initial review. It is important to remember that reviewing plugins is not just looking at the code, we also need to check for other things such as trademark violations and other guidelines regarding compliance.

Aside from plugin reviews, the team takes care of several other tasks: we review reports of guideline violations, reply to requests about closing or reassigning ownership of plugins, respond to questions in the #pluginreview SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel, work with the security team to address vulnerabilities, and send out (and monitor) pre-release emails to ensure all plugin authors are still reachable at their regular email address. We have spent a lot of time documenting and streamlining these tasks.

Solving these challenges

The first challenge we found during our onboarding was the fact that a lot of processes were not clearly documented. We asked A LOT of questions during this process and ensured that all the answers Mika shared with us were added to the team’s internal docs. This effort should make it a lot easier for new contributors to join the team down the road.

We have also improved our internal tools to catch the most common coding mistakes and have built our predefined responses into the output provided by this tool. We still review this content manually before sending out replies, but by merging the two tasks into one (reviewing the code and drafting the message) we have been able to cut down review time considerably.

Another thing we decided to do was speed up our first reviews. As it turns out, about half of all plugin authors don’t reply to the initial review email with feedback on what they need to fix. In order to tackle the backlog faster, we’re now spending less time on initial reviews. We begin checking issues that take us less time, and then as soon as we spot one or two issues with the plugin that would prevent it from being approved, we email the plugin author to ask them to fix the initial issues. If the author gets back to us with those first fixes, then we proceed with an in-depth review.

20+ Submissions

When the team was announced, an application form was created for those considering joining the team. We are excited to announce that we have received more than 20 submissions from generous contributors wanting to help. We are currently reviewing them and our goal is to expand the team in the near future.


To recap, we are making our best effort to reduce the current backlog by improving our tools and expanding the team. Our goal is to lower the waiting period significantly over the next few months. We sincerely want to thank you all for your patience and understanding during this transition period. 

#update

Plugin Review Team Update: The next phase begins

tl;dr My time on the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review team is ending. Meet the new members, and check out the application to join the team.

The time has come. As outlined in several other posts over the last few months (March, May), I’m stepping down from the Plugin Review team. It’s been a fun and wild ride for the last decade as the rep, and before that as someone who annoyed Otto until he made me learn how to properly review.

After several months of onboarding, I’m excited to welcome six new and enthusiastic team members: David Pérez, Evan Herman, Francisco Torres, Luke Carbis, Marta Torre, and Paco Marchante. These sponsored volunteers – a group of experienced WordPress developers from around the globe – are contributing over 50 hours a week to the project. 

Plugin Review across the WordPress project is a big task. We know we hit a pretty rough backlog, and even as the new team members start to catch up and shorten the queue, more folks are needed to help. If you have at least five hours a week to devote to the team and would like to join in the Plugin Review effort, you’re welcome to submit an application

Given the nature of the work the team does, joining this team is a little different than some of the others: each new member will go through a vetting process by current team members before being selected. Some of the things the team is looking for are: a solid track record as a plugin developer; the ability to communicate clearly, kindly and constructively – both with other developers and users; interest in improving tools and processes; and excellent collaborative and conflict-management skills. 

If you think this describes you, check out the submission form.

Stay tuned for more team news soon, including the announcement of the new team repTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts..

@zoonini contributed to this post.

#onboarding, #update

Plugin Review Team Update

tl;dr An update on the team which is a lot of onboarding, making tools work for multiple people at once, and more documentation than you can shake a stick at.

As much of the WordPress community knows by now, I will be stepping down soon, after over a dozen years (wow) of being part of the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team, including ten years as team repTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts..

During this transitional period, the Plugin Review team has been working on onboarding new members – and at the same time, on documenting the onboarding process itself. 

New team members

Given the need for the new team members to get up and running relatively quickly, the plugin review team invited contributors who have experience with plugins and code to join the team, thanks to recommendations from many community members. These contributors were vetted for good standing in the WordPress project, confirmed that they had the required skill set to review plugins and would respect the required level of security and confidentiality needed, and agreed to help refine the onboarding process to the Plugin Review team. 

There are now five new plugin team members at various stages of the onboarding process. Since the team is still in transition, we wanted to give people a chance to finish their onboarding and decide if the Plugin Review team is a good fit for them. This will avoid putting volunteers in the spotlight before they commit to this important and challenging role. 

Once plugin team members are fully onboarded, their names will be shared in the Plugin Review handbook.  

Documentation and onboarding 

The current team, alongside new members, has been collaboratively reviewing all existing public and private plugin documentation, making sure everything is clear, filling in any gaps that exist, and adding information about undocumented tools and processes.

At the same time, the team compiled an onboarding checklist, which is being used to help new members get up and running. While the first new team members go through the onboarding process and start handling initial tasks – such as looking at the bounced emails queue and reviewing their first plugins – they will also help to improve  the onboarding checklist and process documentation. Their experience will be very valuable in paving the path for future team members, making it easier to expand the team and delegate tasks more efficiently.

Tooling 

In addition to training new members, documenting processes, and developing a sustainable onboarding plan, folks from the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team have been working on tooling enhancements to help make plugin reviews more efficient and “portable.” For example, the home-grown scanner script that’s been used by me until now is being converted to a flexible web-based version, which will be simpler to maintain for multiple reviewers.

Other enhancements include:

Next steps

The Plugin Review team is focused on making the onboarding process smooth, documenting its workflows, improving its collaboration tools, and helping new members get familiar with all the necessary tasks.

We hope that all these improvements in tools and workflows will make it easier to recruit more people and scale up the team. This should in turn reduce the time plugin authors need to wait to have their plugins reviewed and approved.

So, what’s next?

Once the team is ready, we’ll make another post to announce the new members, propose a plan for vetting and onboarding additional members in the future, and open applications to join the team.

Massive thanks to the following people, who helped write this post: @angelasjin, @mrfoxtalbot, @sereedmedia, and @zoonini.

#notice, #onboarding, #update