Hi, I’m Scott Reilly, representative for the Plugins Directory team. Our group of volunteers is tasked with administrating and supporting the WordPress.org Plugins Directory.
The team currently consists of the following members:
- Mark Riley (podz)
- Otto (otto42)
- Mika Epstein (ipstenu)
- Scott Reilly (coffee2code)
- Pippin Williamson (mordauk)
In addition, we receive frequent and invaluable contributions from most members of the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. team in the form of security reviews and weighing in on policy decisions. Frequent such contributors include, but are not limited to: Jon Cave (duck_), Andrew Nacin (nacin), Peter Westwood (westi), Mark Jaquith (markjaquith), and Jane Wells (jane).
As of this writing, longest-time member Mark Riley is the officially designated lead team repTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts. and I am the secondary. Mark has recently stepped back from his extremely active involvement with the team. Pippin is our newest member. We’re always on the lookout for additional members to the team, though full membership grants capabilities that require adequate vetting of candidates. Anyone can actually volunteer on their own to review plugins in the directory and report to us any issues discovered (via plugins@wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/).
In general, we:
- Process all incoming pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party requests. All new plugins receive at least a cursory review by one of the team members. We check for guideline violations and coding best-practices. If a plugin is deficient in some manner, and isn’t outright spam or malicious, we work with the plugin authors to address the issues.
- Handle all incoming support requests sent to the plugins@wordpress.org email address. Through the use of our own SupportPress installation, everyone on the team can view and participate in handling all incoming and outgoing emails. Emails generally fall under one of the following categories: new plugin in-processing/review, discovered/reported security exploit, discovered/reported guideline violation(s), and questions about the plugin repository/SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. and/or plugin pages (their usage or problems encountered).
- Develop and manage tools for scanning commits and the plugin repository. Here we’re looking for guideline violations or security exploits in older plugins (before the review process became as stringent) and in all of the active updates for all current plugins (for changes made since their initial review), as well as newly discovered/defined exploits and violations.
- Pro-actively monitoring security exploit databases and announcements for any that relate to plugins in the repository and then helping authors rectify those security concerns.
- Log and discuss Plugin Directory happenings on a private P2P2 P2 or O2 is the term people use to refer to the Make WordPress blog. It can be found at https://make.wordpress.org/.. Due to the sensitive nature of some of our discussions (namely plugin security and active exploits, discussion of email exchanges held with plugin authors, display of user emails, and efforts for combating the spammers that seek to exploit the Directory) we don’t feel as though such discussions should be held in the open.
- Utilize https://make.wordpress.org/plugins/ as the publicly-accessible P2 to disseminate news, tutorials, advisories, etc for plugin developers. Admittedly, this P2 has not seen much use yet.
- Work with the WordPress.org make/metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team (huge overlap as Otto, Nacin, and myself are effectively on both) to suggest tools to facilitate doing the various tasks listed above as well as improvements to plugin-related user-facing aspects of WordPress.org such as the Plugins Directory site and APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways., plugin developer tools, and the make/plugins P2.