Plugin Developer FAQ

Topics

Submissions and Approval Submissions and Approval

How long does it take to get a plugin approved? How long does it take to get a plugin approved?

There’s no official average, as no two plugins are the same. If your plugin is small and all the code is correct, it should be approved within seven days. If your plugin has any code issues, it will take as long as it takes for you to correct the issues. Either way, you will get an email from plugins@wordpress.org with the status, so please add that to your email whitelist and patiently wait for our response.

Top ↑

If my plugin has a problem, how long do I have to fix it? If my plugin has a problem, how long do I have to fix it?

We allow for seven days from the time we contact you regarding the issue to when we expect you to be finished with corrections. It’s one of the only ways we have to keep the queue small. If you need to take more than seven days, we’ll reject your request and you can resubmit after you’re done.

Top ↑

Are there specific things you’re looking for that I should avoid? Are there specific things you’re looking for that I should avoid?

We look for some pretty obvious things, all of which are listed in our guidelines. Most can be summed up as “Don’t be a spammer,” but to touch on the ones people do the most:

  • Not including a readme.txt file when acting as a service.
    A readme.txt file is the primary source for the information displayed for the plugin in the Plugins Directory. It should be present and should explain how to use the plugin and what plugin does, even if you think it’s obvious.
  • Not testing the plugin with WP_DEBUG
    We test your plugin with WP_DEBUG on. You should, too, before you submit. If the plugin doesn’t work, we push back.
  • Including custom versions of packaged JavaScript libraries
    WordPress comes with a great number of default scripts (including jQuery) which we ask you not include in your plugin. Use ours.
  • Calling external files
    All plugins should be as self-contained as possible. Obviously, if your plugin relies on a service on your own servers (like Twitter), then calling JS remotely is fine. However, if you’re attempting to offload images and JS to a CDN without providing a service, we do not permit this.
  • “Powered By” links
    All links on the forward facing aspect of a website must be “Opt In.” This means your plugin may not default to link back to your site, or any other, on the part of the website that visitors see.
  • Phoning home
    This is bigger than just not tracking users, but also not including files that send any data back to your servers (like iframes) unless that is a requirement for how your plugin works. Even then, we may ask about it.

Top ↑

Are there plugins you don’t accept? Are there plugins you don’t accept?

A plugin should be something directly beneficial to the user. It shouldn’t ask users to edit files, and it should just work out of the box.

Top ↑

Can I change my plugin’s name? Can I change my plugin’s name?

Yes and no. You can change the display name, but the slug — that part of the plugin URL that is yours — cannot be changed once a plugin is approved. So if you submit “My cool tool” as the name, your URL will be https://wordpress.org/plugins/my-cool-tool/ and that will also be the folder name on everyone’s site.

To change the display name, edit your main plugin file and change the value of “Plugin Name:” to the new name. You may also want to edit your header in your readme.txt

Top ↑

Are there names you don’t permit? Are there names you don’t permit?

We don’t allow ‘WordPress’ in plugin names as it’s redundant and somewhat obvious that you’re a WordPress plugin. We also generally disallow using ‘plugin’ for the same reasons. Only English letters and Arabic numbers are permitted in the slug, so you cannot have, for example, Chinese or Arabic letters in the URL, for compatibility issues. We don’t permit version numbers in plugin names either.

We also disallow naming a plugin fully after a web service, tool, or library unless it’s submitted by someone officially representing said web service, tool, or library. Especially if the plugin relates to that very thing. Similarly you cannot begin the slug of your plugin with someone else’s trademarked term.

Be creative and come up with your own unique name.

Top ↑

I already have a plugin, but I want to redo it! I just submit again, right? I already have a plugin, but I want to redo it! I just submit again, right?

We’d rather you actually just rewrite the existing plugin. Make it a major version release. We can’t rename plugins, so a new one wouldn’t carry over any existing users, reviews, support topics, ratings, downloads, favorites, etc.

Top ↑

I made a mistake and submitted a plugin with the wrong name. How can I fix it? I made a mistake and submitted a plugin with the wrong name. How can I fix it?

Email plugins@wordpress.org and explain the situation. We can either close the plugin and let you resubmit, or you can change the display name. We try to catch typos in names before we approve anything, but we make mistakes too.

Top ↑

Using The SVN Repository Using The SVN Repository

Top ↑

In what directory should I put my files? In what directory should I put my files?

Put your code files directly in the trunk/ directory of your repository. Whenever you release a new version, tag that release by copying the current trunk revision to a new subdirectory of the tags/ directory.

Make sure you update trunk/readme.txt to reflect the new stable tag.

Images for the readme (such as screenshots, plugin headers, and plugin icons), belong in the assets/ directory (which you may need to create) in the root of your SVN checkout. This will be on the same level as tags/ and trunk/, for example.

Top ↑

Can’t I put my files in a subdirectory of trunk/? Can’t I put my files in a subdirectory of trunk/?

You can, but don’t. The .zip file the WordPress.org Plugin Directory creates will automatically wrap all your files inside a directory, so there is no need to put your files into a subdirectory.

If you have complicated plugin with lots of files, you can of course organize them into subdirectories, but the readme.txt file and the root plugin file should go straight into trunk/.

Top ↑

How should I name my tags (a.k.a. releases)? How should I name my tags (a.k.a. releases)?

Your Subversion tags should look like version numbers. Specifically, they should only contain numbers and periods. 2.8.4 is a good lookin’ tag, my neato releaso is a bad lookin’ tag. Inflexible? Yup. Easy to handle and sanitize? You bet! We recommend you use Semantic Versioning to keep track of releases.

Note that we’re talking about Subversion tags here, not readme.txt tags. Those can obviously be any words you like.

Top ↑

What should be in my changelog? What should be in my changelog?

A changelog is a log or record of all or all notable changes made to your plugin, including records of changes such as bug fixes, new features, etc. If you need help formatting your changelogs, we recommend Keep A Changelog as  that’s the format used by many products out there.

Top ↑

How many versions should I keep in my changelog? How many versions should I keep in my changelog?

Always keep the current major release in your change log. For example, if your current version is 3.9.1, you’ll want that and 3.9 in the change log. Older versions should be removed and migrated to a changelog.txt file. That will allow them to be accessible to users, while keeping your readme shorter and more pertinent. At most, keep the most recent version of your plugin and one major version back in your readme’s changelog. Your changelog.txt will not be visible within the WordPress.org Plugin Directory, but that’s okay. Most users just want to know what’s new.

Top ↑

Can I specify what version of my plugin the WordPress.org Plugin Directory should use? Can I specify what version of my plugin the WordPress.org Plugin Directory should use?

Yes, by specifying the Stable Tag field in your trunk directory’s readme.txt file.

Top ↑

Where does the WordPress.org Plugin Directory get its data? Where does the WordPress.org Plugin Directory get its data?

From the information you specify in the plugin file and in the readme.txt file, and from the Subversion repository itself.

Read about how the readme.txt works for more information.

Top ↑

How do plugins include videos on their plugin description pages? How do plugins include videos on their plugin description pages?

For YouTube and Vimeo videos, simply paste the video link on a line by itself in your description. Note that the video must be set to allow embedding for the embed process to work.

For videos hosted by the WordPress.com VideoPress service, use the wpvideo shortcode. Shortcodes can also be used for YouTube and Vimeo, if needed, just like in WordPress.

Top ↑

I made some changes to my SVN repository. How long will it take for the WordPress.org Plugin Directory to reflect those changes? I made some changes to my SVN repository. How long will it take for the WordPress.org Plugin Directory to reflect those changes?

The WordPress.org Plugin Directory updates every few minutes. However, it may take longer for your changes to appear depending on the size of the update queue. Please give it at least 6 hours before contacting us.

Top ↑

Can I include SVN externals in my plugin? Can I include SVN externals in my plugin?

Nope, sorry. You can add svn externals to your repository, but they won’t get added to the downloadable zip file.

Top ↑

How do I make one of those cool banners for my plugin page? How do I make one of those cool banners for my plugin page?

You can make your own plugin headers by uploading the correctly named files into the assets folder.

Read about plugin headers for more information.

Top ↑

How do I make a plugin icon? How do I make a plugin icon?

You can make your own plugin icons by uploading the correctly named files into the assets folder.

Read about plugin icons for more information.

Top ↑

The Support Forums The Support Forums

Top ↑

How do I get notified for forums posts? How do I get notified for forums posts?

Go to https://wordpress.org/support/plugin/YOURPLUGIN and scroll down to the bottom of the list of posts. There you will see an option for the RSS link, as well as a sign up for emails.

Signup links for email/rss

Click the subscribe link for emails, or use the RSS link in your favorite reader.

Top ↑

How do I get notified for all my plugins? How do I get notified for all my plugins?

If you’re tracking the WordPress forums, https://wordpress.org/support/view/plugin-committer/YOURID will list all of the support requests and reviews for any plugin you have commit access.

Not a comitter, just someone listed as an author? Use https://wordpress.org/support/view/plugin-contributor/YOURID

Those are RSS only. If you need email, go to https://profiles.wordpress.org/YOURID/profile/notifications/ and put in the terms you want to be emailed for.

Top ↑

Closed Plugins Closed Plugins

Top ↑

How do I close my plugin? How do I close my plugin?

If you ask for your plugin to be removed, you will not get it back unless you can justify your situation. Closing a plugin by request is intended to be permanent.

Email plugins@wordpress.org from an account with commit access and link to your plugin. If your email does not match someone with commit access to the plugin, you will be asked to send from a different email.

Top ↑

What happens when a plugin is closed? What happens when a plugin is closed?

When a plugin is closed, the front-facing URL for the plugin redirects to the main plugin directory and the zips are no longer generated. No one will be able to download the plugin via the website, nor will they be able to install it via the WordPress admin. The SVN repository will remain accessible to allow others to download and fork the code if desired, per the tenets of the directory.

Top ↑

Why was my plugin closed? Why was my plugin closed?

It was either a guideline violation, your behavior on the .org systems, or a security issue. In all cases, you should have received an email from plugins@wordpress.org explaining why.

Top ↑

Why was someone else’s plugin closed? Why was someone else’s plugin closed?

We do not publicize why we close plugins to anyone but the plugin developers and the WordPress core developers. Don’t bother asking. This is for safety reasons. If we publicized why we closed a plugin, everyone would know about vulnerabilities. If we chose not to say ‘it was for security’ then every time we said ‘we can’t tell you’ the world would know it was for security. Basically, it would make things less safe for everyone.

Top ↑

Can I get someone else’s plugin closed? Can I get someone else’s plugin closed?

If you report an security issue or a guideline violation in a plugin to plugins@wordpress.org, we will review the report and take appropriate action. Most of the time, this involves closing a plugin.

Top ↑

Someone posted a copy of my plugin! What do I do? Someone posted a copy of my plugin! What do I do?

Email plugins@wordpress.org with a link to the stolen plugin, and either a link to where we can download yours or attach the zip. We will compare the two files, as well as all the coding history we have, to determine if the plugin is, indeed, theft, or just an uncredited fork. Please keep in mind, if you licensed your plugin as GPLv2 or later, then it’s perfectly permissible to fork your work, as long as copyright remains intact and you’re credited.

Top ↑

How can I send a security report? How can I send a security report?

Email plugins@wordpress.org a clear and concise description of the issue. Make sure to explain how you verified this is an exploit (links to the plugin listing on sites like secunia.com are perfect). If you provide a link to your report, DO NOT delete it! We will passed it on directly to the developers of the plugin.

Top ↑

Can I get a bounty for finding a bug in a plugin? Can I get a bounty for finding a bug in a plugin?

We have no relationship with any bug bounty programs, so we don’t file your reports etc to them. The only one with which we work is hackerone.com/automattic and that’s for bugs related to Automattic properties. Everything else is on your own, don’t ask us to submit things.

Top ↑

Do you help file or provide CVEs? Do you help file or provide CVEs?

No. We do not have the ability to assist with that at this time.

Top ↑

My plugin was closed, can I reopen it? My plugin was closed, can I reopen it?

Maybe. If it was closed for a security reason, fix the issue, reply to the email, and most of the time we’ll reopen the plugin. If it was close for guideline violations, it depends on the severity and nature of the violation. Repeat offenders are less likely to have a plugin reopened, for example, than first-timers.

If you asked for the plugin to be closed, you will be expected to explain why the change of heart. Plugins are intended to remain closed when a developer requests it, and not reopened again a month later.

Top ↑

Plugin Ownership Plugin Ownership

Top ↑

How do I give someone else access to my plugin? How do I give someone else access to my plugin?

If you want to add users as committers, that is give them access to update code, you will need to go to https://wordpress.org/plugins/YOURPLUGIN/admin and add their username in as a committer.

If you want them to show up as an author, you will need to add their username to the readme.txt file.

Top ↑

How do I remove someone’s access from my plugin? How do I remove someone’s access from my plugin?

Anyone with commit access can do this. Go to https://wordpress.org/plugins/YOURPLUGIN/admin and hover over their ID. A delete link will appear. Click on it.

Top ↑

How can I take over an abandoned plugin? How can I take over an abandoned plugin?

We permit users to adopt existing plugins that are no longer currently developed.

We ask you try to connect with the original developers first, so they can add you. In some case, that’s not possible and you should start with fixing the plugin. Make sure it meets coding standards, is secure, and update the copyright information to include yourself. Then you can contact us regarding plugin adoption.

We offer no guarantee that you will be given anyone’s plugin.

Top ↑

What happens if a plugin developer dies? What happens if a plugin developer dies?

When a developer is determined to have died, they are removed from their own plugins in order to prevent the unethical from gaining access and harming users. If they are the only developer, the plugin is closed. All attempts are made to find their friends and coworkers, to offer them a chance to adopt the code first, but if no one reliable or willing can be found the plugin is closed.