Welcome to the official blog for the PluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team.
The review team acts as gate-keepers and fresh eyes on newly submitted plugins, as well as reviewing any reported security or guideline violations.
We can be reached by email at plugins@wordpress.orgWordPress.orgThe community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, or via the #pluginreview channel on Slack.
It’s been a transformative year of growth in the WordPress Plugins Directory, particularly as the Plugins Team welcomed several new members onboard. Throughout this time, we remained focused on our primary goals: enhancing security, improving the review process, and fostering community engagement.
Our security efforts have focused on creating tools to benefit all developers, including the introduction of mandatory PluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Check for new plugin submissions, 2FA in SVNSVNShort for "SubVersioN", it's the code management system used to maintain the plugins hosted on WordPress.org. It's similar to git. and our renovated Internal Scanner Tool. These features, detailed here, enhance security and streamline the submission process. Additionally, the SVN Password feature has become a critical measure to prevent account theft and related issues.
When it comes to reviews, it remains our most time-intensive task, reflecting our commitment to maintaining quality and trust within the Plugins directory.
Since September 2023, the plugin review queue—once around 1,300—has seen significant improvements thanks to enhanced tools, refined workflows, and better submissions. In October 2024, the queue even briefly hit zero. The Plugin Check plugin has been key, enabling developers to improve code quality and security pre-submission, which in turn has sped up reviews. Over the past year, 2,983 plugins have been approved, and the number of reviews required per plugin has increased. That means that we now detect more issues per plugin.
The Plugin Check plugin has significantly reduced the time for reviews, bringing the average wait time down from 37 weeks to 9 weeks, even as plugin submissions have almost doubled. In the past year, we’ve reviewed 7,382 plugins—59,1% more than the previous year—while detecting more issues through both automated and manual reviews than ever before. This has resulted in faster, more thorough reviews despite the increased volume of submissions.
We have continued refining our Internal Scanner tool, a magnificent legacy created by Mika Ipstein, to streamline reviews and boost productivity. Recent updates, encompassing over 400 commits, include new checks for issues like sanitize and escape, along with enhanced examples and personalized guides to help plugin authors effectively resolve identified issues.
The tool now features over 200 checks, detecting a wide range of potential security-related issues while also supporting reviewers in conducting thorough manual reviews.
The issues highlighted in the chart below account for approximately 80% of all issues detected.
For more reading about these and other common issues, you can click here.
With regard to improving the plugin development community, we have focused on migrating and maintaining the Developer Handbook to GitHubGitHubGitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ which can now accept contributions.
The team is also participating in the Plugins tables at various contributor days at WordCamps, helping and encouraging users to create their plugins whilst using WordPress best practices.
We will aim to do this type of review each year, and until the next one, please remember to use Plugin Check! Adding it to your development workflow will save you effort, and countless hours. As our roadmap outlines, we promise to increase its capacity, and usefulness.
