Opened 6 weeks ago

Closed 13 days ago

#7561 closed enhancement (worksforme)

Plugin Review Tool - Best Practices - check if your plugin will pass the review guidelines

Reported by: flexseth's profile flexseth Owned by:
Milestone: Priority: normal
Component: Plugin Directory Keywords:


Problem statement

While looking at the documentation I noticed there are a lot of steps it takes to pass plugin review to have a plugin listed on the repository.

In some cases, the info is on various pages. I'd like to propose a way to consolidate this information and automate it for plugin authors to create plugins that follow best practices.

Considerations for the plugin review team

  • Naming conventions
  • Duplication of another plugin
  • WordPress coding standards
  • Accessibility standards
  • Internationalization
  • Implementing security standards
  • Live preview mode via the WordPress Playground

Plugin Review Best Practices

What if there was a canonical plugin that showcased best practices in regard to security, validation, suggested a good (visual) plugin header, and also allowed plugin authors to test their plugin against guidelines?

It could be a two-part tool. One part is guidance on how to create a plugin (step-by-step walkthrough), the other would be a check to see if you are doing things correctly.

Plugin review tool made public?

Reviews are done via the Dashboard on the directory. Only reviewers and admins have access to this.

What if the tool was made public?

Having the review tool public could shorten the review process by allowing plugins that have passed the review tool addressed first.

Additionally, as new specifications are launched around plugin review or more best practices unearthed, they could be updated by the community on the plugin.

Change History (3)

#1 @alanfuller
6 weeks ago

There is already a plugin that does or tries to do some at least of the second part of your suggestion.

You can contribute here

The first part - a step by step walk through I don't think needs to be a plugin but one well written document, maybe with some video guides, of course that takes a bit of effort.

Last edited 6 weeks ago by alanfuller (previous) (diff)

#2 @chriscct7
6 weeks ago

PCP's security and guidelines section are already enforced to be passed for plugins pulled for security.

Currently new plugin submissions self certify compliance, however Meta, Plugins and Systems have been working to make it a requirement for new plugin submissions, something we expect to have live in the near future. On upload of a new plugin submissions zip file, it will run the plugin in the zip against it and if it doesn't pass, the plugin author will not be able to submit the plugin -- the system will block it

Last edited 6 weeks ago by chriscct7 (previous) (diff)

#3 @dd32
13 days ago

  • Resolution set to worksforme
  • Status changed from new to closed

I don't think there's any actionable outcomes in this ticket. I'm going to close this ticket, but if there's specific points that you feel need to be raised in documentation, I would suggest approaching #pluginreview on slack.

Between the developer docs and the Plugin Check plugin which we're increasing the visibility of slowly, it achieves most of the points raised.


Note: See TracTickets for help on using tickets.