Opened 6 months ago

Last modified 6 months ago

#7065 new enhancement

Add additional notice to the Plugin Submission form

Reported by: lukecarbis's profile lukecarbis Owned by:
Milestone: Priority: normal
Component: Plugin Directory Keywords:


Currently the plugin submission form includes a notice that shows how many plugins are awaiting review, and the current wait time.

Given that our wait times are currently very long, I propose adding a secondary notice to this page, with text along these lines:

We are currently experiencing long delays in plugin review times. To help us approve your plugin sooner, please ensure that you have read the Security chapter of the Plugin Handbook.

Our three most common reasons for not approving a plugin are:

If the code in your plugin falls into one of the above categories, your plugin will not be approved. The plugin review team will refer you back to these Handbook pages, adding further delay to the review process.

It's my hope that this type of notice will reduce the amount of submissions that require multiple reviews.

Attachments (1)

Screenshot 2023-06-15 at 6.10.49 am.png (260.8 KB) - added by lukecarbis 6 months ago.
Mockup of the notice

Download all attachments as: .zip

Change History (5)

6 months ago

Mockup of the notice

This ticket was mentioned in Slack in #meta by courtneyengle. View the logs.

6 months ago

#2 @SergeyBiryukov
6 months ago

  • Component changed from General to Plugin Directory
  • Type changed from feature request to enhancement

#3 @dd32
6 months ago

Part of me thinks this won't actually help, as all submitters say they've read the handbook, and well, obviously they haven't fully grokked it if they have (Based on reviewing the code that's often submitted).

For many developers, simply telling them to verify it isn't good enough, unless you specifically point out the code in question of theirs that is lacking it.

Even the best developers will miss some best practices sometimes, that's half the point of reviews.

Most developers are also submitting their plugin after developing it, not during, as a result reminding them at submission time doesn't seem like it'll be hitting them at the right time, unless you can tell them you're doing it wrong! right then and there.

While I'm not against adding such a notice, I question if it'll achieve the intended goals. In my opinion, encouraging testing using would be a better way forward, although we currently don't suggest it because it's not yet "released".

#4 @alanfuller
6 months ago

Given the cost of implementing such a notice versus the potential benefit of at least jogging a few into action, then I feel that it should be tried. Then measured if there is an impact (if possible )

My idea is the add a few checkboxes (maybe mandatory radio boxes default to not set ) so there is some interaction, with some common issues e.g.

Yes No
() () I have checked all user input is sanitized at first possible time (link to article on how to use PHPCS )
() () I have checked all output is escaped at the point of output (link to article on how to use PHPCS )
() () I have checked that form processes have had nonce verification (link to nonce )
() () I have written a detailed readme, including links to a public repository or and code that gets compiled ( link to sample readme.txt )
() () I have checked that I am not potentially tracking user data without prior user consent
() () Some other common Gotcha

Note: See TracTickets for help on using tickets.