Opened 12 months ago

Closed 10 days ago

Last modified 10 days ago

#7065 closed enhancement (fixed)

Add additional notice to the Plugin Submission form

Reported by: lukecarbis's profile lukecarbis Owned by: dd32's profile dd32
Milestone: Priority: normal
Component: Plugin Directory Keywords:


Currently the plugin submission form includes a notice that shows how many plugins are awaiting review, and the current wait time.

Given that our wait times are currently very long, I propose adding a secondary notice to this page, with text along these lines:

We are currently experiencing long delays in plugin review times. To help us approve your plugin sooner, please ensure that you have read the Security chapter of the Plugin Handbook.

Our three most common reasons for not approving a plugin are:

If the code in your plugin falls into one of the above categories, your plugin will not be approved. The plugin review team will refer you back to these Handbook pages, adding further delay to the review process.

It's my hope that this type of notice will reduce the amount of submissions that require multiple reviews.

Attachments (1)

Screenshot 2023-06-15 at 6.10.49 am.png (260.8 KB) - added by lukecarbis 12 months ago.
Mockup of the notice

Download all attachments as: .zip

Change History (7)

12 months ago

Mockup of the notice

This ticket was mentioned in Slack in #meta by courtneyengle. View the logs.

12 months ago

#2 @SergeyBiryukov
12 months ago

  • Component changed from General to Plugin Directory
  • Type changed from feature request to enhancement

#3 @dd32
12 months ago

Part of me thinks this won't actually help, as all submitters say they've read the handbook, and well, obviously they haven't fully grokked it if they have (Based on reviewing the code that's often submitted).

For many developers, simply telling them to verify it isn't good enough, unless you specifically point out the code in question of theirs that is lacking it.

Even the best developers will miss some best practices sometimes, that's half the point of reviews.

Most developers are also submitting their plugin after developing it, not during, as a result reminding them at submission time doesn't seem like it'll be hitting them at the right time, unless you can tell them you're doing it wrong! right then and there.

While I'm not against adding such a notice, I question if it'll achieve the intended goals. In my opinion, encouraging testing using would be a better way forward, although we currently don't suggest it because it's not yet "released".

#4 @alanfuller
11 months ago

Given the cost of implementing such a notice versus the potential benefit of at least jogging a few into action, then I feel that it should be tried. Then measured if there is an impact (if possible )

My idea is the add a few checkboxes (maybe mandatory radio boxes default to not set ) so there is some interaction, with some common issues e.g.

Yes No
() () I have checked all user input is sanitized at first possible time (link to article on how to use PHPCS )
() () I have checked all output is escaped at the point of output (link to article on how to use PHPCS )
() () I have checked that form processes have had nonce verification (link to nonce )
() () I have written a detailed readme, including links to a public repository or and code that gets compiled ( link to sample readme.txt )
() () I have checked that I am not potentially tracking user data without prior user consent
() () Some other common Gotcha

#5 @dd32
10 days ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 13730:

Plugin Directory: Submission: Add a FAQ item of 'How can I expedite my plugin review?'.

Props lukecarbis.
Fixes #7065.

#6 @dd32
10 days ago

Although it's almost a year later, and the queue is almost under control, I've added an explicit FAQ callout on expediting plugin reviews (Since I've seen enough emails asking for their review to skip the queue).

This is not as front-and-center as the proposed banner in this ticket, but if a plugin developer is going to read the text on the page, I figure there's as much chance of reading this as they are the alert box.

Note: See TracTickets for help on using tickets.