Alvaro Gómez 4:09 pm on September 19, 2023
Tags: update ( 4 )

Update: Turning the Tide

Currently there are 1,241 plugins awaiting review.

We are painstakingly aware of this. We check that number every day and realise how this delay is affecting pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors. We are sharing an update to let you know what we are doing, not just to fix the current situation, but also to prevent a similar scenario in the future.

New Team Members

We have three new people in the team: Gustavo Bordoni, Gagan Deep Singh & Rob Rawley (thank you!) and we are still reviewing submissions. The experience we have gained onboarding two rounds of new team members, added to the fact that we now have a system in place, means that it will be a lot easier to repeat this process in the future.

Since we have 40+ submissions at this point, we are planning to close the “Apply to join the team” form at the end of September. If you are planning to apply to join the team, please do so before Oct 1st. We would like to extend our gratitude to all those how have taken a step forward and volunteered to join the team.

Self-reviews

We have also started emailing plugin authors whose plugins are currently in the queue and asked them to self-check their plugins to ensure they meet basic security standards. We find ourselves correcting the same three or four errors on +95% of plugins and this is not a good use of our time. Once authors confirm that their plugins meet these basic requirements, we will proceed with the review.

We want to thank those of you who are receiving these emails for your collaboration, as it will allow us to tackle the current backlog a lot faster.

Plugin Check plugin

In the same vein, ~~we are just about to release~~ have just released a Plugin Check plugin (PCP) to the WP.org as a regular plugin. This plugin will allow authors to self-review their plugins automatically and will provide them with feedback and links to fix common errors.

Once the PCP is merged with this other plugin that the Performance team has been working on, it will provide checks for a lot of other things. When this is completed, we will be in a better spot to take in feedback and make improvements.

In the short term, we are going to ask authors to test their plugins using the PCP before submitting them, but our goal is to integrate the plugin as part of the submission process and run automated checks.

The Plugin Check plugin ~~is about to be released~~ has been released as a regular repo plugin. Running it will become requirement soon, please take a look now.

Security Reports

We have made significant progress with the security reports backlog, and we are hoping to clear that queue in a matter of days. This will mean more hands available to focus on new plugin reviews and other tasks. We have also made some progress regarding the methods and formats in which researchers submit their reports which, in turns reduces the amount of time required to process these reports.

Bailing Water Vs Fixing the Leak

If you indulge me to share a sailing metaphor: When your boat has a leak, it is more effective to prioritize fixing the source of the leak rather than solely focusing on bailing out water, even though to external observers, it might appear as if no progress is being made. Bailing water can provide temporary relief and may give the appearance of actively addressing the issue, but it is essentially a band-aid solution that requires continuous effort.

During the last 6 months, the Plugin review team has worked on documenting its processes, training new members and improving its tools. Now, thanks to your patience and support, the tide is about to turn.

#update

Matteo Enna 7:06 pm on September 19, 2023

Thank you 🙂
FutrX 10:43 pm on September 19, 2023

Thanks
MD Noruzzaman 1:50 am on September 20, 2023

Thanks for taking this nice initiative.
WpHex 6:59 am on September 20, 2023

thanks for sharing
ThemeAtelier 8:33 am on September 20, 2023

Thanks for sharing.
Milan Petrovic 10:51 am on September 20, 2023

Thanks for the update. You also need better status reporting for plugins that have started the review.

I submitted my pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party in June, and in early August, I got an email from the review team to fix some issues. I emailed back on August 10 with the updated plugin, and since then, I have not heard back, the status on the ‘Add your plugin’ page still says that I need to reply to the email sent by the review team.

If the plugin begins the review process, it should get priority when the author replies with the update and now it looks like it goes back into main queue, which just increases the process by months.
- Francisco Torres 2:42 pm on September 20, 2023
  
  Hi Milan, it doesn’t goes back to the main queue, it’s prioritized and it should be replied to soon.
  
  There is a new team, members are still learning. The team is still adapting the workflow and tools and with is such a big queue, things are not going as fast as we would like to.
  
  After this answer, the next ones should be faster.
  - Milan Petrovic 3:34 pm on September 20, 2023
    
    Thanks. I have just sent another reply with once an updated pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. I have run the Plugin Check plugin to scan it too.
Tom J Nowell 11:29 am on September 20, 2023

I’m concerned the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party-check plugin on .org that was linked to is closed, and the githubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ repository for it is massively out of date and mentions further development is happening in a 10up github repository.

Why is development work is being done on a 10up agency repository and not in the https://github.com/WordPress/plugin-check/ repository on branches?
- Gustavo Bordoni 1:58 pm on September 20, 2023
  
  @tjnowell there is quite a bit of history there, I am going to try to summarize it here so it clears up a little bit of why we are pointing to the 10up repository, which is temporary thing.
  
  What happened is that a while back the Performance Team started working on a version of the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Check that was being maintained on the 10up Organization on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/.
  
  Both the Performance team and the Plugin team were working on versions of the same plugin in parallel, without necessarily knowing about the other teams efforts.
  
  More recently we decided that the Performance team plugin had a lot more history on Issues and Pull Requests that we didn’t want to loose by porting their code to our repository.
  
  So there are some administrative tasks that need to be cleared so we can move the `10up/plugin-check` to `WordPress/plugin-check` without loosing the history.
  
  Once the above is done it will be all in the WordPress organization.
  
  We are sorry for the confusion, it also has to do with us trying to keep up with the queue while trying to get these initiatives rolling so we can truly resolve the backlog.
  
  The WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ plugin is not launched yet because we want to launch there once we have the repository confusion cleared.
David Artiss 2:46 pm on September 22, 2023

Thanks for the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party – this is a great idea.

Will there be documentation that might help a developer with some of the less obvious issues that it throws up. For example, trying it against one of my own plugins I see…

The following readme parser warnings were detected: contributor_ignored

I have no idea what this means, so some guidance on this would be great.
- Milan Petrovic 3:12 pm on September 22, 2023
  
  For me, pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party-check returns that readme.txt is missing, and the file is obviously included. And in some cases, running the check multiple times will randomly skip some files and results. The plugin is OK, but it still has bugs.
  - Jeffrey Paul 4:04 pm on September 22, 2023
    
    @gdragon can you share which pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party you ran that for so we can see what might be going wrong?
    - Milan Petrovic 4:10 pm on September 22, 2023
      
      Whenever I run the check for any pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, I get that the readme file is missing. But, for each file in the plugin, I see the full path to the file, and for readme.txt, the path is only this: FILE: readme.txt. This is the case for any plugin. I am using the latest plugin-check from GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/.
  - Alvaro Gómez 4:14 pm on September 22, 2023
    
    @gdragon, @jeffpaul, at the moment, the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party expects an all-lowercase readme, that’s likely what is causing the error.
    
    We are going to modify it to make the check “case-insensitive”, since the repo itself does not care.
    - Milan Petrovic 4:19 pm on September 22, 2023
      
      My readme files are all lowercase, and I also checked about 20 plugins (few are mine, the res from the repository) I have in the installation with pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party-check; all have the same error.
      - Alvaro Gómez 4:34 pm on September 22, 2023
        
        Mmmm… I have tested quite a few plugins and have not seen that specific error yet, @gdragon.
        
        Could you please open an issue and provide as many details as possible (pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party names, environment, etc).
        
        Thank you!
      - Milan Petrovic 4:48 pm on September 22, 2023
        
        I have created the issue:
        https://github.com/10up/plugin-check/issues/271
- Alvaro Gómez 4:18 pm on September 22, 2023
  
  @dartiss, Absolutely! we plan to include more details and links to our documentation alongside the errors (and make them translatable, ofc)
nicelinker 8:50 pm on September 30, 2023

thanks for sharing

Comments are closed.

Communication

New Team Members

Self-reviews

Plugin Check plugin

Security Reports

Bailing Water Vs Fixing the Leak

Share this: