Plugin Developer FAQ

Topics

Submissions and Reviews Submissions and Reviews

Where do I submit my plugin? Where do I submit my plugin?

Go to the Add page and upload your zip. Your file should be under 10 megs and be a complete plugin. We do not accept placeholders or plugins that aren’t ready to be used.

Top ↑

What happens after submission? What happens after submission?

You will get an automated email telling you about the submission immediately. At that point, someone will manually download and review your code. If we find no issues with the security, documentation, or presentation, your plugin will be approved. If we determine there are issues, you will receive a second email with details explaining what needs to be fixed.

Top ↑

What will my plugin URL be? What will my plugin URL be?

When you submit a plugin, you get an automated email telling you what the slug will be. This is populated based on the value of Plugin Name in your main plugin file (the one with the plugin headers). If you set yours as Plugin Name: Boaty McBoatface then your URL will be wordpress.org/plugins/boaty-mcboatface and your slug will be boaty-mcboatface for example. If there is an existing plugin with your name, then you’ll get a warning on submission.

Once your plugin is approved, it cannot be renamed. Please chose wisely.

Top ↑

Why did I get a different slug than I was told? Why did I get a different slug than I was told?

Sometimes we notice typos and fix them for you. Other times, the name you chose has an obvious issue and cannot be used. For example, if you submit “WooCommerce Tango Salsa Add-on” that would make your slug woocommerce-tango-salsa-add-on by default. If you don’t work for WooCommerce, we would just change that to woo-tango-salsa-add-on for you. If, however, your zip was named woo-tango-salsa,  or you use a textdomain or class name with an intentional spelling, then we’d likely use that.

Basically we’ll fix the stuff we know is wrong for you, and if we’re ever not sure, we’ll email you and ask. For the obvious errors, we will fix that or you.

Top ↑

What if I submitted the plugin with the wrong user ID? What if I submitted the plugin with the wrong user ID?

Just reply to the email right away and let us know. We can transfer ownership for you. If you forget to do this, you can fix it yourself by adding the correct account as a committer and then having that account remove your own.

Top ↑

How long does it take to get a plugin approved? How long does it take to get a plugin approved?

There’s no official average, as no two plugins are the same. If your plugin is small and all the code is correct, it should be approved within fourteen days. If your plugin has any code issues, it will take as long as it takes for you to correct the issues. Either way, you will get an email from plugins@wordpress.org with the status, so please add that to your email whitelist and patiently wait for our response.

Top ↑

If my plugin has a problem, how long do I have to fix it? If my plugin has a problem, how long do I have to fix it?

As long as it takes. There’s no timeline and as long as we know you’re working on it, we’ll leave the review open.

Top ↑

Why was my plugin rejected after six months? Why was my plugin rejected after six months?

If you never reply to our review within 6 months, we may reject it, in order to keep the pending queue under 1000. If you’ve replied, even once, even to tell us you’re working on the code, we won’t reject.

Top ↑

I finally fixed my plugin. Should I resubmit? I finally fixed my plugin. Should I resubmit?

No. Reply to the email. Even if it’s been a year and a half.

Top ↑

Why can’t I submit more than one plugin at a time? Why can’t I submit more than one plugin at a time?

You are only permitted to have one plugin in the review queue at a time to prevent abuse. Since all plugins get an initial review within two weeks, this should not be a hardship.

Top ↑

I need my plugin approved by a specific date, what should I do? I need my plugin approved by a specific date, what should I do?

Submit it as early as possible. Unless the plugin is meant to address a security or legal issue, we don’t permit queue jumping. If it is related to one of those, please email plugins@wordpress.org and explain the situation.

Top ↑

Are there specific things that I should avoid doing? Are there specific things that I should avoid doing?

We look for some pretty obvious things, all of which are listed in our guidelines. Most can be summed up as “Don’t be a spammer,” but to touch on the ones people do the most:

  • Not including a readme.txt file when acting as a service
  • Not testing the plugin with WP_DEBUG
  • Including custom versions of packaged JavaScript libraries
  • Calling external files unnecessarily
  • “Powered By” links
  • Phoning home

Again, this is a brief overview. Please read the guidelines, as the full list is quite detailed.

Top ↑

Are there plugins you don’t accept? Are there plugins you don’t accept?

We don’t accept plugins that do ‘nothing,’ are illegal, or encourage bad behavior. This includes black hat SEO spamming, content spinners, hate-plugins, and so on.

Similarly we do not accept framework plugins or library plugins. If your plugin has to require other plugins or themes to edit themselves in order to use your plugin, it’s a library. If your plugin is a template from which more code can be built by customizing the files directly, it’s a framework or boilerplate. Frameworks and libraries should be packaged with each plugin (hopefully in a way that doesn’t conflict with other plugins using the framework or libraries). At least until core supports plugin dependencies.

We also don’t accept 100% copies of other people’s work or plugins that duplicate functionality found in WordPress Core. Basically, your plugin should do something new, or in a new way, or solve a specific issue.

Top ↑

Can I change my plugin’s name? Can I change my plugin’s name?

Yes and no. You can change the display name, but the slug — that part of the plugin URL that is yours — cannot be changed once a plugin is approved. That’s why we warn you, multiple times, upon submission.

To change the display name, edit your main plugin file and change the value of “Plugin Name:” to the new name. You may also want to edit your header in your readme.txt

Top ↑

Are there names you don’t permit? Are there names you don’t permit?

Vulgar or offensive plugin names (display names or slugs) will not be permitted.

Top ↑

Are there words I can’t use in my plugin slugs? Are there words I can’t use in my plugin slugs?

There are! Besides the aforementioned vulgarities, we have the following restrictions:

  • Plugins may not use ‘WordPress’ or ‘Plugin’ in their slugs except under extreme situations
  • Plugins may not use version numbers in plugin slugs
  • Due to system limitations, only English letters and Arabic numbers are permitted in the slug
  • Plugins may not start with a trademarked term or name of a specific project/library/tool unless submitted by an official representative

We encourage everyone to be creative and come up with unique names. As of March 2017, we will automatically correct any plugin that has an unacceptable name. If there’s a question to the best name, we will contact you to be sure.

Top ↑

I made a mistake and submitted a plugin with the wrong name. How can I fix it? I made a mistake and submitted a plugin with the wrong name. How can I fix it?

You should have gotten an email on submission telling you to contact us. Reply to that or email plugins@wordpress.org and explain the situation. We can correct plugin slugs before approval, so we are often able to fix that for you. If not, we’ll let you know what to do. We try to catch typos in names before we approve anything, but we make mistakes too.

Top ↑

I already have a plugin, but I want to redo it! I just submit again, right? I already have a plugin, but I want to redo it! I just submit again, right?

No. Instead, you should rewrite the existing plugin. Make it a major version release. We can’t rename plugins or transfer users, so a new one wouldn’t carry over any existing users, reviews, support topics, ratings, downloads, favorites, etc. Basically you’d leave all your current users out in the cold, and that’s rather mean.

Top ↑

Using The SVN Repository Using The SVN Repository

Top ↑

When does my plugin go ‘live’? When does my plugin go ‘live’?

As soon as you push code to the SVN folders, your plugin will be live. Don’t push code if you’re not ready, as there’s no ‘off’ switch except to close the plugin.

Top ↑

Where do I put my files? Where do I put my files?

Put your code files directly in the trunk/ directory of your repository. Whenever you release a new version, tag that release by copying the current trunk revision to a new subdirectory of the tags/ directory.

Make sure you update trunk/readme.txt to reflect the new stable tag.

Images for the readme (such as screenshots, plugin headers, and plugin icons), belong in the assets/ directory (which you may need to create) in the root of your SVN checkout. This will be on the same level as tags/ and trunk/, for example.

Top ↑

Can I put my files in a subdirectory of trunk/? Can I put my files in a subdirectory of trunk/?

No. Doing that will cause the zip generator to break.

If you have complicated plugin with lots of files, you can of course organize them into subdirectories, but the readme.txt file and the root plugin file should go straight into trunk/.

Top ↑

How should I name my tags (a.k.a. releases)? How should I name my tags (a.k.a. releases)?

Your Subversion tags should look like version numbers. Specifically, they should only contain numbers and periods. 2.8.4 is a good lookin’ tag, my neato releaso is a bad lookin’ tag. Inflexible? Yup. Easy to handle and sanitize? You bet! We recommend you use Semantic Versioning to keep track of releases.

Note that we’re talking about Subversion tags here, not readme.txt tags. Those can obviously be any words you like.

Top ↑

How many tags should I keep in SVN? How many tags should I keep in SVN?

As few as possible. Very rarely does anyone need your old code in the release repository. Remember, SVN is not meant for your code versioning. You can use Github for stuff like that. SVN should have your current release versions, but you don’t need all the minor releases to all the previous versions. Just the last one or two for them is good.

Top ↑

Can I include SVN externals in my plugin? Can I include SVN externals in my plugin?

Nope, sorry. You can add svn externals to your repository, but they won’t get added to the downloadable zip file.

Top ↑

Your WordPress.Org Page Your WordPress.Org Page

Top ↑

When does the page go live? When does the page go live?

As soon as your code is pushed to SVN.

Top ↑

Where does the WordPress.org Plugin Directory get its data? Where does the WordPress.org Plugin Directory get its data?

From the information you specify in the plugin file and in the readme.txt file, and from the Subversion repository itself. Read about how the readme.txt works for more information.

You should also make full use of the Plugin Headers in your main plugin file. Those will define how your username shows up on the WordPress.org hosting page, as well as in the WordPress Admin. We recommend using all those headers to fully document your plugin.

Top ↑

Can I specify what version of my plugin the WordPress.org Plugin Directory should use? Can I specify what version of my plugin the WordPress.org Plugin Directory should use?

Yes, by specifying the Stable Tag field in your trunk directory’s readme.txt file.

Top ↑

What should be in my changelog? What should be in my changelog?

A changelog is a log or record of all or all notable changes made to your plugin, including records of changes such as bug fixes, new features, etc. If you need help formatting your changelogs, we recommend Keep A Changelog as  that’s the format used by many products out there.

Top ↑

How many versions should I keep in my changelog? How many versions should I keep in my changelog?

Always keep the current major release in your change log. For example, if your current version is 3.9.1, you’ll want that and 3.9 in the change log. Older versions should be removed and migrated to a changelog.txt file. That will allow them to be accessible to users, while keeping your readme shorter and more pertinent. At most, keep the most recent version of your plugin and one major version back in your readme’s changelog. Your changelog.txt will not be visible within the WordPress.org Plugin Directory, but that’s okay. Most users just want to know what’s new.

Top ↑

How do plugins include videos on their plugin description pages? How do plugins include videos on their plugin description pages?

For YouTube and Vimeo videos, simply paste the video link on a line by itself in your description. Note that the video must be set to allow embedding for the embed process to work.

For videos hosted by the WordPress.com VideoPress service, use the wpvideo shortcode. Shortcodes can also be used for YouTube and Vimeo, if needed, just like in WordPress.

Top ↑

How long does it take for the Plugin Directory to reflect my changes? How long does it take for the Plugin Directory to reflect my changes?

The WordPress.org Plugin Directory updates every few minutes. However, it may take longer for your changes to appear depending on the size of the update queue. Please give it at least 6 hours before contacting us.

Top ↑

How do I make one of those cool banners for my plugin page? How do I make one of those cool banners for my plugin page?

You can make your own plugin headers by uploading the correctly named files into the assets folder.

Read about plugin headers for more information.

Top ↑

How do I make a plugin icon? How do I make a plugin icon?

You can make your own plugin icons by uploading the correctly named files into the assets folder.

Read about plugin icons for more information.

Top ↑

Can I change my plugin’s URL/slug? Can I change my plugin’s URL/slug?

No, you cannot change it once it’s approved. This is why we warn you multiple times and in fact tell you what the slug will be in the automated email following submission. It also displays on the post-submission page. We literally cannot change your slug after approval, as it would break SVN.

The only recourse we have would be to close your plugin and have you submit a new one with the correct slug. However, we do not advocate this for plugins that have users, as there’s no way to migrate them to a new plugin, nor can we redirect them. Unless there’s an egregious typo, language, or legal issue related to your slug, we are unlikely to permit this for a new plugin.

The majority of plugins don’t actually need a new URL, and instead just want to edit their display name.

Top ↑

How do I change my plugin’s display name? How do I change my plugin’s display name?

You do this in two places. First, change it in the readme. Then change it in the plugin main file. Done.

Top ↑

Can I make my display name anything? Can I make my display name anything?

No. You can’t use vulgarities or slurs or other intentionally abusive language. You also cannot claim, or appear to claim, to be an official source if you’re not. For example, if you’ve made a plugin that connects to the Forzbaz Service, you should call your plugin “Connector to Frozbaz Service” – in this way, you have made it clear you are making a plugin for a service, rather than being the service.

If you’re combining multiple services (a payment gateway to a popular ecommerce plugin, for example), we strongly recommend you come up with an original, unique, display name.

Top ↑

Can I use WordPress or Plugin in my display name? Can I use WordPress or Plugin in my display name?

Yes, but we’d rather you didn’t. It’s incredibly redundant and doesn’t actually help your SEO in any way, shape, or form. We already put WordPress and Plugin in your page title.

Top ↑

Should I use the trademark or registered symbol in my plugin name? Should I use the trademark or registered symbol in my plugin name?

Assuming you actually did apply for trademarks, you certainly can but it’s not commonly done. Not even Google or Facebook do that. Simply by using your trademark term and having a log of it (like your SVN log), you have usually done the needed legal action required to protect your brand. Consult a lawyer for details.

Top ↑

The Support Forums The Support Forums

Top ↑

How do I get notified for forums posts? How do I get notified for forums posts?

Go to https://wordpress.org/support/plugin/YOURPLUGIN and scroll down to the bottom of the list of posts. There you will see an option for the RSS link, as well as a sign up for emails.

Signup links for email/rss

Click the subscribe link for emails, or use the RSS link in your favorite reader.

Top ↑

How do I get notified for all my plugins? How do I get notified for all my plugins?

If you’re tracking the WordPress forums, https://wordpress.org/support/view/plugin-committer/YOURID will list all of the support requests and reviews for any plugin you have commit access.

Not a comitter, just someone listed as an author? Use https://wordpress.org/support/view/plugin-contributor/YOURID

Those are RSS only. If you need email, go to https://profiles.wordpress.org/YOURID/profile/notifications/ and put in the terms you want to be emailed for.

Top ↑

How do I give a support account access to my plugin? How do I give a support account access to my plugin?

You can add Support Representatives to your plugin. Support representatives can mark forum topics as resolved or sticky (same as plugin authors and contributors), but don’t have commit access to the plugin.

The UI for managing plugin support reps can be found in Advanced View on the plugin page, next to managing committers. Once someone is added as a support rep, they will get a Plugin Support badge when replying to the plugin support topics or reviews.

Top ↑

Will you delete bad reviews or comments on my plugin? Will you delete bad reviews or comments on my plugin?

Generally no. A review is a reflection of an individual’s experience with your product. If they didn’t like it, that’s not for us to change. If you feel that a review is invalid (such as for a different plugin), reply and add the tag modlook to the post. A member of the forums team will investigate.

Top ↑

What is ‘Sockpuppeting’? What is ‘Sockpuppeting’?

That’s what happens when someone makes multiple accounts on the forums, usually to give themselves a number of 5-star reviews, or create fake support tickets to appear more responsive. Sockpuppeting is against our guidelines and will result in the reviews and posts being removed, but also may result in your account and all plugins being removed. Don’t do it and don’t flagrantly accuse others of doing it.

Top ↑

Closed Plugins Closed Plugins

Top ↑

How do I close my plugin? How do I close my plugin?

If you ask for your plugin to be removed, you will not get it back unless you can justify your situation. Closing a plugin by request is intended to be permanent.

Email plugins@wordpress.org from an account with commit access and link to your plugin. If your email does not match someone with commit access to the plugin, you will be asked to send from a different email.

Top ↑

What happens when a plugin is closed? What happens when a plugin is closed?

When a plugin is closed, the front-facing URL for the plugin redirects to the main plugin directory and the zips are no longer generated. No one will be able to download the plugin via the website, nor will they be able to install it via the WordPress admin. The SVN repository will remain accessible to allow others to download and fork the code if desired, per the tenets of the directory.

Top ↑

Why was my plugin closed? Why was my plugin closed?

It was either a guideline violation, your behavior on the .org systems, or a security issue. In all cases, you should have received an email from plugins@wordpress.org explaining why.

Top ↑

Why was someone else’s plugin closed? Why was someone else’s plugin closed?

We do not publicize why we close plugins to anyone but the plugin developers and the WordPress core developers. Don’t bother asking. This is for safety reasons. If we publicized why we closed a plugin, everyone would know about vulnerabilities. If we chose not to say ‘it was for security’ then every time we said ‘we can’t tell you’ the world would know it was for security. Basically, it would make things less safe for everyone.

Top ↑

Can I get someone else’s plugin closed? Can I get someone else’s plugin closed?

If you report an security issue or a guideline violation in a plugin to plugins@wordpress.org, we will review the report and take appropriate action. Most of the time, this involves closing a plugin.

Top ↑

Someone posted a copy of my plugin! What do I do? Someone posted a copy of my plugin! What do I do?

Email plugins@wordpress.org with a link to the stolen plugin, and either a link to where we can download yours or attach the zip. We will compare the two files, as well as all the coding history we have, to determine if the plugin is, indeed, theft, or just an uncredited fork. Please keep in mind, if you licensed your plugin as GPLv2 or later, then it’s perfectly permissible to fork your work, as long as copyright remains intact and you’re credited.

Top ↑

Will you close another plugin for violating my brand/trademark? Will you close another plugin for violating my brand/trademark?

Probably.

We do our best to uphold copyright and trademark requirements, as well as prevent brand confusion. Before plugin are approved, we often require them to make some of the more obvious changes. That said, there is a limit to how ‘different’ a URL or name can be when we have 60,000 plugins in the directory, and when some terms are quite common (like ‘popup’ or ‘all-in-one’). Because of that, we require developers to change the plugin’s display name to no longer cause conflict or confusion.

If someone is clearly infringing on your copyright or trademark or existing brand, be it by display name or use of trademarked images, please email us at plugins@wordpress.org with some proof and we will contact the developer and require changes.

We do expect these to be reasonable requests. That is, if you send us a complaint and list 12 plugins that all use the term ‘best contact form’ because that’s your plugin name, we will review the plugins and only close them if they’re using the phrase excessively. If they use it once (i.e. “This is the best contact form plugin in the Faroe Islands”) then it’s acceptable. If they’re keyword stuffing the phrase, we’re more likely to close them for keyword stuffing. Simply, if your plugin name is super generic, this is going to happen, and it’s usually not an infringement case.

Top ↑

How can I send a security report? How can I send a security report?

Email plugins@wordpress.org a clear and concise description of the issue. Make sure to explain how you verified this is an exploit (links to the plugin listing on sites like secunia.com are perfect). If you provide a link to your report, DO NOT delete it! We will passed it on directly to the developers of the plugin.

Top ↑

Do you provide bounties for finding bugs in a plugin? Do you provide bounties for finding bugs in a plugin?

No.

We have no relationship with any bug bounty programs, so we don’t file your reports etc to them. The only one with which we work is hackerone.com/automattic and that’s for bugs related to Automattic properties. Everything else is on your own, don’t ask us to submit things.

Top ↑

Do you help file or provide CVEs? Do you help file or provide CVEs?

No. We do not have the ability to assist with that at this time.

Top ↑

My plugin was closed, can I reopen it? My plugin was closed, can I reopen it?

Maybe. If it was closed for a security reason, fix the issue, reply to the email, and most of the time we’ll reopen the plugin unless it has more security issues or severe guideline issues. If it was close for guideline violations, it depends on the severity and nature of the violation. Repeat offenders are less likely to have a plugin reopened, for example, than first-timers.

If you asked for the plugin to be closed, you will be expected to explain why the change of heart. Plugins are intended to remain closed when a developer requests it, and not reopened again a month later.

Top ↑

All my plugins were closed! How can I get them back? All my plugins were closed! How can I get them back?

It’s exceptionally rare that we close all of a developer’s plugins. In general it happens because of the following:

  1. Email issues
    1. The email bounced and we were unable to get in touch with you
    2. Your email sent us auto-replies and we’d warned you at least twice to fix that
  2. Guideline issues
    1. You had been previously censured for violations and given a final warning
    2. You delivered the directory with legal threats
    3. Your violation was deemed ‘egregious’ (death threats, etc)
  3. You asked us to close all your plugins

If you’re having email issues, you have to resolve them. If you asked us to close them, you have to explain why the change of heart.

As for that last one… Generally you don’t get to come back from that. If we deliver you a final warning for your behaviour and, within less than a year, you start up again with the issues (or fail to resolve all the issues we mentioned), we’re unlikely to reopen your plugins. Take them seriously.

 

Top ↑

Plugin Ownership Plugin Ownership

Top ↑

How do I give someone else access to my plugin? How do I give someone else access to my plugin?

If you want to add users as committers, that is give them access to update code, you will need to go to https://wordpress.org/plugins/YOURPLUGIN/advanced and add their username in as a committer.

If you want them to show up as an author, you will need to add their username to the readme.txt file.

Top ↑

How do I remove someone’s access from my plugin? How do I remove someone’s access from my plugin?

Anyone with commit access can do this. Go to https://wordpress.org/plugins/YOURPLUGIN/advanced and hover over their ID. A delete link will appear. Click on it.

Top ↑

How can I take over an abandoned plugin? How can I take over an abandoned plugin?

We permit users to adopt existing plugins that are no longer currently developed.

We ask you try to connect with the original developers first, so they can add you. In some case, that’s not possible and you should start with fixing the plugin. Make sure it meets coding standards, is secure, and update the copyright information to include yourself. Then you can contact us regarding plugin adoption.

We offer no guarantee that you will be given anyone’s plugin.

Top ↑

Are these offers to buy my plugin legit? Are these offers to buy my plugin legit?

Short answer: Probably not.

Many developers receive unsolicited emails or offers to purchase their plugin. We have found the vast majority of these to be fraudulent and do not recommend you follow up with them.

While legitimate offers do come, they’re usually from the official company to whom a plugin is related, or from a well established plugin company. The ones that start “We’re reaching out to the WordPress community …” or “We are looking to acquire existing WordPress plugins …” should not be trusted. Such purchases have often destroyed the reputation of the plugin (and the original developer) by engaging in sleazy tactics such as tracking users or other serious guideline violations.

If you do choose to sell your plugin (or give it away to someone else), please make sure the new owners understand all the guidelines of the repository. Should they violate our terms the plugin will be removed, and we may not give it back depending on the level of the violation. Whomever has commit access to a plugin has the ownership and responsibility of it’s behavior for users. Spamming, inserting tracking data, and adding junk features are the fastest way to ruin your plugin.

We advocate only giving your plugin to people you personally have vetted, and that you trust with being responsible with your code and your users.

Top ↑

What happens when a plugin developer dies? What happens when a plugin developer dies?

When a developer is determined to have died, they are removed from their own plugins in order to prevent the unethical from gaining access and harming users. If they are the only developer, the plugin may be closed. All attempts are made to find their friends and coworkers, to offer them a chance to adopt the code first, but if no one reliable or willing can be found the plugin is closed.