WordPress.org

Making WordPress.org

Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#1695 closed enhancement (fixed)

Plugin Reviewer Admin Show UserCard

Reported by: Ipstenu Owned by: obenland
Milestone: Priority: normal
Component: Plugin Directory Keywords: has-screenshots
Cc:

Description

Right now we have the ability to see usercards for people who submit plugins, they look like the attached file. It would be VERY useful to have this in the plugin reviewer section (though we can still use the separate tool for most of it).

It basically lists out this:

User Information:

  • User’s Gravatar
  • Username, linked to their .org profile
  • “P2” link that links to search for mention of this author in the plugin team’s P2
  • “SP” link that links to search for mention of this author in the plugin team’s SupportPress
  • “profile” link that links to their .org profile
  • “support” link that links to their support forum profile page
  • IP address from which the plugin request originated from. This links to the Plugin Author IP Address Cross-Referencing tool, which helps to show which plugin authors share the same (or similar) IP address. This can help identify when someone is creating multiple accounts to introduce spam plugins. You can read more on the Tools Page.
  • Other IP addresses from which the plugin author has used to request other plugins, when applicable. For the same purpose as previously mentioned, these are linked to the Plugin Author IP Address Cross-Referencing tool. You can read more on the Tools Page.
  • The date the user created their WordPress.org account, and how many days ago that was. Useful in that a new account is more likely to be up to no good and thus worthy of extra scrutiny.

Plugin information:

The number of plugins the user currently has and a list of them all (Hover over a plugin name to get the explanation of its current state)

  • Each plugin name links to the plugin’s page
  • Each plugin is followed by a “P2” link (links to search for mention of the plugin in the plugin team’s P2) and a “SP” link (search for mention of the plugin in the plugin team’s SupportPress)

The plugins are colored:

  • Green plugins are approved (if appended with *, then no data has been committed to the plugin’s repo yet)
  • Blue plugins are requested and unapproved
  • Red plugins are closed
  • Red plugins with a strikethrough are rejected
  • Gray plugins are approved, but haven’t been updated in over 2 years

Warnings about THIS plugin:

  • Warning flags. This subsection breaks down automatically detected warning flags for the author and/or requested plugin into high, medium, and low levels. More detailed information about warning flags (including the specific things flagged) can be found in pluginrepo docs. Warning flags are meant to inform a review and aren’t necessarily intended as a substitute for a review.

https://make.wordpress.org/pluginrepo/documentation/plugin-moderation-queue/warning-flags-for-plugin-requests/

Attachments (3)

user-card.png (103.3 KB) - added by Ipstenu 3 years ago.
example.png (161.6 KB) - added by Ipstenu 3 years ago.
Screen Shot 2016-05-18 at 10.08.16 AM.png (59.0 KB) - added by Ipstenu 3 years ago.
Current Meta Box

Download all attachments as: .zip

Change History (13)

@Ipstenu
3 years ago

@Ipstenu
3 years ago

#1 @obenland
3 years ago

In 3099:

Plugin Directory: First pass at Author Card.

Brings over the user card plugin from the existing directory with some
modifications.

See #1695.

#2 @obenland
3 years ago

IP tracking and comparison still has to be worked out, as well as reliably determining whether a plugin has been submitted before.

#3 @coffee2code
3 years ago

It could be up for debate, but I'd have preferred some (maybe even most) of the spam-related criteria that trigger warning flags not be included in the public plugin, and instead be kept in a private mu-plugin that made use of hooks provided by the plugin.

As it stands, it serves as a checklist for things a would-be spammer or malicious user should do to avoid gaining automatic initial negative attention. And in the future when we detect other trends, having it public would be a window into exactly what we've detected and how long it takes us to react.

#4 @Ipstenu
3 years ago

While the odds are low that it would be picked up like that (repeat offenders aren't super smart), I think it's something that should be kept in a private MU plugin in case we have to add things like blocks against specific users who abuse the system etc et.

#5 @obenland
3 years ago

Yes that makes sense. We should also do a review of these flags after we've started implementing code checks on upload. I imagine the two critical flags for example should probably not even allow the plugin upload to go through in the first place.

#6 @obenland
3 years ago

In 3100:

Plugin Directory: Allow for third party content to be displayed.

Having an action here allows for more flexibility to enhance the author card in
the future.

H/t coffee2code.
See #1695.

This ticket was mentioned in Slack in #meta by obenland. View the logs.


3 years ago

@Ipstenu
3 years ago

Current Meta Box

#8 @Ipstenu
3 years ago

Current usercard looks good.

I would like to see a little more spacing on the [P2|SP] links?

[ P2 | SP ]

Just make it more clickable since it's tiny and I use my iPad for this stuff ;)

#9 @obenland
3 years ago

  • Owner set to obenland
  • Resolution set to fixed
  • Status changed from new to closed

In 3174:

Plugin Directory: Make links in author card tapable.

Give links a little bit more room so they are easier to tap on touch devices.

Fixes #1695.

#10 @samuelsidler
2 years ago

  • Milestone Plugin Directory v3 - M3 deleted

Milestone Plugin Directory v3 - M3 deleted

Note: See TracTickets for help on using tickets.