Welcome to the official blog for the PluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team.
The review team acts as gate-keepers and fresh eyes on newly submitted plugins, as well as reviewing any reported security or guideline violations.
We can be reached by email at plugins＠wordpress.orgWordPress.orgThe community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, or via the #pluginreview channel on Slack.
We are currently adding new team members as invite only. Please stay tuned!
Between December 31 2019 and December 28 2020, we have:
8486 plugins submitted (up from 8048)
1338 plugins rejected (up from 1221)
3317 plugins closed (down from 6038)
676 plugins pending review on average week to week (up from 623)
It’s not a huge increase in workload, and unlike last year, we have only three spikes of massive closures.
Here’s an overview in table format:
Most in a week
Least in a week
Overall, the load was slightly up but nothing to phone home about.
The number one reason a pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party is closed is, still, bounced emails. The number two reason is security, followed by general guidelines and trademarks.
The number one reason a plugin is pended for approval is sanitization/validation related (remember you have to do both – sanitize and validate – because otherwise people will put ‘dog’ in for a value of how many hats they need).
Looking Back at 2020
We had some wins and some losses.
First, here’s what didn’t go great:
New Team Members — this was probably the worst year for that, seeing as real life kicked everyone around. Of the people onboarded, one remains semi-active.
Tools — I did not manage to convert my shell script to something mass-consumable, but I did make significant progress in improving it
Trademarks — Legal representatives from multiple companies have forced us to be harsher and more strict with trademark usage. There’s very little we can do here.
Now here’s what did go well!
Helpscout — This has been a godsend. We’ve managed to improve a lot of automation with it, speeding up everyone’s work.
There are a lot more checks for trademarks in slugs and display names now, so people can’t even submit violations.
We added a lot of code to allow people to better manage their own plugins. For example, you can close your own plugin as well as change the primary owner.
As mentioned last year, we make heavy use of Saved Replies to speed up reviews and processing. Here again, in order from most used to least, are the most commonly used replies:
These are sent out during reviews to help identify issues:
Review: Please sanitize, escape, and validate your POST calls
Review: Using variables/defines for text-domains (this breaks glotpress)
Review: Allowing Direct File Access to plugin files
Review: Not using Nonces and/or checking permissions
Review: Plugin is still calling localhost
These are the most common reasons a plugin was rejected:
Rejected: New/renamed version of their own plugin
Rejected: Not Your Plugin (Tried to upload vs host)
The top three reasons a plugin is pended before we even review it:
Pended: Name Infringes on Trademarks (slug and name need to be changed)
Pended: Not Official Owner
Pending: Website incomplete (coming soon/demo)
These are common replies to common issues.
Reply: Rescan (Plugins must be checked before being reopened)
There’s been a lot of quiet change going on for Plugins, so now is as good a time as any to get into it!
If you’re interested in any details missing, leave a comment. I do ask you try not to speculate too much into the why’s and wherefores of what people do with plugins. I’ve been at this a while, and the one thing I can promise is people do weird things.
New Email System
We finally migrated off of the old system and on to HelpScout in March, which allows us the ability to sort and organize emails into teams. It also lets us properly filterFilterFilters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. bad actors so not everyone has to deal with them. We make heavy use of automated filters now, which has let us do the impossible …
New Team Members
We onboarded two new team members in November and have been easing them in to the weird workload of Plugins. They’ve been instrumental in sorting out what filters and team assignments do and don’t work well for Plugins.
I’ve been using a new bash script to expedite scanning plugins. While we’d love to use WPCSWordPress Coding StandardsA collection of PHP_CodeSniffer rules (sniffs) to validate code developed for WordPress. It ensures code quality and adherence to coding conventions, especially the official standards for WordPress Core. (and I personally recommend it to for everyone), even with a heavily parred down version it hasn’t quite met our needs. The goal for next year is to move the bash script into a PHPPHPPHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php.pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party we can use to automate a lot more.
Our saved replies (the standard ones you get for closures and reviews) have all been cleaned up, spellchecked, and formatted for easier reading. Now, when you get an alert that your plugin has been closed, we attempt to direct you on exactly how to resolve the issues. This is still a bit of a work in progress, but we’ve made great strides on consistent tone and softer language.
Sadly as many people found out, we got dinged hard by some trademark owners, and are taking action against people who violate trademarks. Around 1000 plugins were closed due to that, and it’s one of those things we can’t protect you from. We’ve changed the plugin uploader for new submissions to blockBlockBlock is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. a lot of that.
Remember the basic rule: If it’s not your company/product/library, don’t begin your plugin Display Name or permalink with it!
(Trademark owners: Please ask the developer to changes things before coming to us. Communication will help everyone.)
A lot of people like this part. Here’s the overall outlook from 2019:
And in a slightly more consumable summary table:
Most in a week
Least in a week
Year to Date
We’ve had 1000 more plugins submitted in 2019 than 2018, however the Rejected and Approved numbers only went up by 100.
So where are the extra 800 plugins? On average, pending plugins did go down but only by about 25 a week. Most of the missing counts are there, but they’re also in the dreaded “Closed” section.
A higher than expected number of developers have submitted plugins for review and then asked them to be closed within a 6 month timeframe. This has led to us pushing back on people and making notes in their accounts about that kind of behavior. There hasn’t yet been a common thread to why that’s happening, so we’re keeping an eye out.
HelpScout also helpfully provides their own statistics for how much we used them. This is just since March when we switched over:
Conversations per Day: 35
Busiest Day: Thursday
Email Conversations: 12,829
Messages Received: 17,439
Replies Sent: 18,931
Emails Created: 6650
Resolved on First Reply: 31%
HelpScout Saved Replies
We make heavy use of Saved Replies to speed up reviews and processing. These were brought in to use in chunks, and I’m omitting the exact numbers. They won’t do you any good to know we sent 2,679 “Approval after send” emails when you realize we also only sent 628 “Intro to new Review”. All that means is we pulled in the Approval email first. Next year these stats will be more useful.
All that said, I think having a look at what the most common sorts of issues are might be a little enlightening. Everything is ordered from most use to least.
Closed and Warned
These emails are sent out when a plugin is closed or the developer needs to be warned about issues/behavior.
Closed: Trademark Abuse (All)
Closed: Removal Request Completed
Closed: Security Exploit
Warning: Trademark Violation
Notice: Closed Becuase Email Bounced
Warning: Security Issue (NOT CLOSED)
Closed: General Guideline Violation
All these emails are sent when a plugin is being reviewed.
Approval: Approval after send
Review: End Of Review (goes at the end of all reviews)
Review: Intro to new review (all new reviews start here)
Review: Please sanitize, escape, and validate your POST calls