#1695 closed enhancement (fixed)
Plugin Reviewer Admin Show UserCard
Reported by: | Ipstenu | Owned by: | obenland |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Plugin Directory | Keywords: | has-screenshots |
Cc: |
Description
Right now we have the ability to see usercards for people who submit plugins, they look like the attached file. It would be VERY useful to have this in the plugin reviewer section (though we can still use the separate tool for most of it).
It basically lists out this:
User Information:
- User’s Gravatar
- Username, linked to their .org profile
- “P2” link that links to search for mention of this author in the plugin team’s P2
- “SP” link that links to search for mention of this author in the plugin team’s SupportPress
- “profile” link that links to their .org profile
- “support” link that links to their support forum profile page
- IP address from which the plugin request originated from. This links to the Plugin Author IP Address Cross-Referencing tool, which helps to show which plugin authors share the same (or similar) IP address. This can help identify when someone is creating multiple accounts to introduce spam plugins. You can read more on the Tools Page.
- Other IP addresses from which the plugin author has used to request other plugins, when applicable. For the same purpose as previously mentioned, these are linked to the Plugin Author IP Address Cross-Referencing tool. You can read more on the Tools Page.
- The date the user created their WordPress.org account, and how many days ago that was. Useful in that a new account is more likely to be up to no good and thus worthy of extra scrutiny.
Plugin information:
The number of plugins the user currently has and a list of them all (Hover over a plugin name to get the explanation of its current state)
- Each plugin name links to the plugin’s page
- Each plugin is followed by a “P2” link (links to search for mention of the plugin in the plugin team’s P2) and a “SP” link (search for mention of the plugin in the plugin team’s SupportPress)
The plugins are colored:
- Green plugins are approved (if appended with *, then no data has been committed to the plugin’s repo yet)
- Blue plugins are requested and unapproved
- Red plugins are closed
- Red plugins with a strikethrough are rejected
- Gray plugins are approved, but haven’t been updated in over 2 years
Warnings about THIS plugin:
- Warning flags. This subsection breaks down automatically detected warning flags for the author and/or requested plugin into high, medium, and low levels. More detailed information about warning flags (including the specific things flagged) can be found in pluginrepo docs. Warning flags are meant to inform a review and aren’t necessarily intended as a substitute for a review.
Attachments (3)
Change History (13)
#2
@
8 years ago
IP tracking and comparison still has to be worked out, as well as reliably determining whether a plugin has been submitted before.
#3
@
8 years ago
It could be up for debate, but I'd have preferred some (maybe even most) of the spam-related criteria that trigger warning flags not be included in the public plugin, and instead be kept in a private mu-plugin that made use of hooks provided by the plugin.
As it stands, it serves as a checklist for things a would-be spammer or malicious user should do to avoid gaining automatic initial negative attention. And in the future when we detect other trends, having it public would be a window into exactly what we've detected and how long it takes us to react.
#4
@
8 years ago
While the odds are low that it would be picked up like that (repeat offenders aren't super smart), I think it's something that should be kept in a private MU plugin in case we have to add things like blocks against specific users who abuse the system etc et.
#5
@
8 years ago
Yes that makes sense. We should also do a review of these flags after we've started implementing code checks on upload. I imagine the two critical flags for example should probably not even allow the plugin upload to go through in the first place.
This ticket was mentioned in Slack in #meta by obenland. View the logs.
8 years ago
#8
@
8 years ago
Current usercard looks good.
I would like to see a little more spacing on the [P2|SP] links?
[ P2 | SP ]
Just make it more clickable since it's tiny and I use my iPad for this stuff ;)
In 3099: