Image David Perez 9:44 pm on January 7, 2026  

A Year in the Plugins Team – 2025

If there is one thing worth highlighting this year, it is how AI has impacted the WordPress pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party ecosystem. This impact is evident both in the number of submissions sent for review to be published in the directory, and in how the team is implementing AI-based analysis processes to help deliver improved workflows with a certain level of automation.

The WordPress “Plugin Review Team” proposed a name change to the “Plugins Team” to better reflect the broader scope of its responsibilities, which went beyond reviewing new plugin submissions. At that time, the team was also working on improving tools such as the Internal Scanner and the Plugin Check Plugin, incorporating automated and AI-assisted checks, and collaborating closely with the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team to resolve open tickets and enhance features of the plugin directory. The change aimed to align the team’s name with its expanded role in improving the overall quality, reliability, and security of plugins in the ecosystem.

Increase in the number of directory submissions

The number of submissions sent for review has doubled compared to last year. While last year we had an average of 150 weekly submissions, in the final weeks of this year the 300 mark has been surpassed, with volumes stabilising at around 330 submissions per week.

Image

This situation continues to challenge the team to keep the queue for a first review under one week, even with this doubled volume of submissions.

To meet this goal, we have focused on improving the team’s two main tools: Internal Scanner and the Plugin Check Plugin.

Summary of WordPress Plugin Reviews in 2025

In 2025, the WordPress Plugins Team reviewed 12,713 plugins, representing a 40.6% increase compared to 2024. This confirms a continued and substantial growth of the plugin ecosystem, with significantly more submissions entering the review process.

During the year author responsiveness improved slightly compared to 2024, sadly 38.7% of the plugins we reviewed received no reply from their authors, which remains a relatively high proportion. Although this percentage decreased by over 10% in respect to 2024, it continues to be a major factor that prevents volunteers from making better use of their time.

Despite this, plugin approvals increased in absolute and relative terms. Out of the 7,882 plugins that followed the review process, a total of 5,415 plugins were approved, up 66.2% from the previous year with 3,259 approvals. Overall, 69.5% of reviewed plugins were approved (63.4% in 2024), showing a clear improvement in approval rates. Highlighting once again that active developer engagement strongly correlates with successful approval.

The review process in 2025 was also more intensive and thorough. The total number of reviews carried out grew by 52.2%, exceeding 58,000, as each plugin normally requires more than one review before it’s ready for approval.

The number of issues identified during reviews increased by 15.1%, reaching 59,137 issues. This rise reflects deeper scrutiny rather than a decline in quality. In fact, the average number of issues per plugin decreased, indicating that submissions were generally better prepared. This improvement is even clearer for approved plugins, which required significantly fewer issues to be resolved on average than in previous years.

In summary, 2025 was a year of scale, stronger review practices, and gradual quality improvement, but also one of growing operational demands:

  • Plugin reviews increased by 40.6%
  • Plugin approvals rose by 66.2%
  • Detected issues increased by 15.1%
  • Average issues per plugin declined, especially for approved plugins
  • Nearly 4 in 10 plugins reviewed by the team received no reply from their author.

Overall, we have a more mature and quality-focused review process, supported by automation and better-prepared submissions, while also highlighting the need to further address responsiveness and review capacity as the ecosystem continues to expand.

Internal Scanner incorporates AI

The internal scanner is the in-house tool that the team uses to review plugins. It searches for hundreds of possible issues that the reviewers either confirm or dismiss when creating a report. As part of the improvements to this central tool for our day-to-day plugin reviews, we have worked on reducing review time, particularly for highly repetitive and time-consuming processes such as:

  • Verifying that the plugin name does not conflict with existing published plugins.
  • Ensuring branding is used correctly and complies with guidelines.
  • Verifying plugin ownership.

During this year, we added more than 80 new features and checks to our internal tools, as well as incorporating over 100 improvements and behavioral changes. Our focus was on expanding automated checks, enhancing AI-assisted reviews, minimizing false positives, and significantly improving performance and scalability (e.g. bulk scans, caching, and parallel execution). We also created new tools to help streamline communication with authors who contact us via the support inbox.

Plugin Check Plugin strengthens its role as an author-focused tool

Since the launch of this plugin, we have continuously improved it by adding new checks and refining existing ones.
In 2025, the main advancements include:

  • 5 major versions released in 2025
  • New security checks: 5+ (nonce verification, direct DB queries, forbidden functions, minified files, wp_safe_redirect)
  • New code quality checks: 10+ (prefixing, textdomain improvements, localhost detection, etc.)
  • Expanded license support: added ISC, MPL-2.0, and The Unlicense
  • CLICLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress. improvements: strict output format, ignore codes, slug argument
  • PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. compatibility: enhanced support for PHP 8.1+

The plugin has evolved from a basic validator into a security-focused tool with improved code quality checks, better CLI support, and stronger validation against WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ plugin directory requirements.

PCP now performs security reports on plugin updates

Since October, and in collaboration with the Meta team, we have implemented PCP to run automatic scans on every new plugin version update.

This new strategy aligns with the team’s objective of establishing proactive measures to improve the overall security of the WordPress plugin ecosystem.

At present, an internal report is generated, but our next goal is for authors to receive a report outlining the main detected issues, enabling them to actively improve the security of their plugins. We expect to see this enhancement rolled out in the coming weeks.We continue to recommend that authors follow best practices such as the WordPress Coding Standards and set up automated workflows—such as GitHub Actions—to have their plugins reviewed by Plugin Check as part of their development process.

Conclusion

In conclusion, it has been a year in which we have experienced significant growth in the number of plugins submitted, while the team has remained the same size. The queue has stayed stable thanks to improvements in the tools, which have allowed us to be far more productive.

In addition, authors now have an essential tool to validate their developments before they are submitted to the directory. PCP will help us improve the plugin ecosystem by checking updates in the WordPress plugin directory.

It has also been a year of AI supporting the development of WordPress plugins. Many community members have become involved in plugin development for the first time. This increases the diversity of the plugin directory and shows that AI has lowered the barriers to entry without compromising plugin quality (since the “barrier” for plugin approval has not been lowered).

One of the key challenges for 2026 will be identifying how AI can support the community in improving plugins and strengthening their security, while ensuring this progress delivers genuine, positive impact. At the same time, the team is seeing an unprecedented increase in plugin submissions for review, with record numbers arriving each week. Our challenge will be to scale our team and processes to handle this growth effectively, while maintaining the standards and practices that have always guided our contribution.

This post was written by @davidperez and reviewed by @frantorres

Image Jonathan Desrosiers 9:43 pm on December 18, 2025
Tags: ,   

X-post: Proposal: 2026 Major Release Schedule

X-comment from +make.wordpress.org/project: Comment on Proposal: 2026 Major Release Schedule

Image David Perez 4:25 pm on October 29, 2025  

The Plugin Check Plugin now creates automatic security reports after each plugin update

As an important part of the internet, the WordPress community, actively thinks about the security of the ecosystem. Community members, developers, specialized companies, and independent researchers all play a role in maintaining the security of the environment.

In the Plugins Team, we’re passionate not only with improving the tools we already work with, but also with making them public so the community can use them when developing and building plugins.

That’s why the Plugins Team, Performance Team, and MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. Team launched the Plugin Check plugin, a tool that runs checks on your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and generates a report so developers can apply proper security measures and improve the plugin overall.

On September 17th of 2024, we introduced automatic detection of issues for new plugins that fail to meet the minimum required checks. This feature provides developers with guidance on how to resolve these issues before the Plugins Team conducts a manual review.

This has helped improve the quality of plugin submissions before they even reach a human reviewer. Thanks to AI support during manual reviews using our Internal Scanner, plus the team’s effort to complete more reviews, the queue hasn’t grown despite receiving more than double the number of plugins compared to last year.

We are now running Plugin Check for ALL plugins updates, new and already approved.

Since Monday, October 27th, thanks to the Meta team, we’ve implemented automatic detection on wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ for issues related to security, compatibility and compliance.

Right now, this information is available internally for the team, who will evaluate it and send reports to authors as needed. During this phase, we will observe how PCPs behave during updates and we will improve as we see fit.

Once we’ve evaluated the performance of PCP with plugin updates, the goal is to deliver via email a security report to authors right after they update their plugin. Our aim is to promote and maintain good development practices across the entire WordPress ecosystem.

To wrap up: this week marks a small but meaningful step forward in improving the security of plugins hosted on wordpress.org. We look forward to the community taking this opportunity to double-check their plugins when sending an update – or even before.

This post was written by David Perez and reviewed by Francisco Torres.

Image David Perez 5:28 pm on August 31, 2025  

Stats of Plugins Team after WordCamp US

After WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. US, we have prepared some insights about our team and we wanted to share it with the community.

These are the insights from the Plugins Team:

  • We now have 60,187 plugins published in the directory.
  • Today, we received as many new plugins and completed as many reviews as we did in the entire last year.
  • We have received 7,670 new submissions this year, which is 87.3% more than in the same period last year.
  • Since the start of the year, we have had an average of 235 new submissions per week. In the same period last year, there were 124 new plugins.
  • The queue is less than one week, even though we have received many more submissions.
  • On average, we spend 6.19 review cycles to approve a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, which is 11.2% fewer reviews per plugin compared to last year.
  • 85.3% of first reviews made this year were initiated by an automated system that uses algorithms and AI to perform the first review of the plugin, requiring only minimal input from human reviewers, saving us time.
  • 64.2% of plugin authors successfully engaged with the review process, which is 17.1% higher than the year before.
  • Out of the plugin authors that followed the review process, 60.27% were approved.

In summary, although the number of submitted plugins is increasing, the team’s effort remains steady, thanks in part to AI automation in certain areas. Our goal is to continue improving by implementing AI in more checks, as well as introducing proactive scanning of the current Plugins Directory.

All this data was prepared on the 31th of August.

Written by @davidperez, reviewed by @frantorres

Image Dion Hulse 3:12 am on August 11, 2025  

Plugin Rollout: Phased Releases

Through #8009-meta we’ve started work on adding Phased / Staged pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party releases to plugins utilising Release Confirmation.

What is phased releases? In short, this allows for your plugin update to be released to a smaller subset of sites prior to full release to all sites.

Why would you want to use it? Sometimes plugin updates can inadvertently break user workflows or run into conflicts with other plugins. Often these issues are not known until after a plugin update is released, and lots of users have already installed the update, this allows for a short timeframe where hopefully engaged users will report issues to you sooner.

How? Initially this has been limited to plugins using Release confirmations. This means a plugin has to explicitly opt-in to using this feature at the time of the plugin’s update release.
To start with, only one strategy is offered, Delay Auto-updates for 24 hours – This disables the WordPress plugin automatic updates for the first 24 hours of a plugin release. Site Administrators can still click on “Update” to install the latest version, as it’s hoped that these users would spot any issues that result from using the updated version.

Release Confirmation showing a rollout strategy selection.
Example of the Rollout Strategy selection included in Release Confirmations.

Technical Limitations

  1. To ease the potential of user confusion, this has been initially launched focusing on disabling automatic updates, rather than disabling the update entirely for a WordPress site.
  2. Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ can only instruct WordPress 6.6+ sites not to automatically update the plugin.
  3. Currently WordPress.org can track the number of plugin updates (Through the Active installs / Active versions statistics), but can’t differentiate between a user-initiated/manual update and an automatic update.
  4. It’s up to 3rd-party update tooling to respect the WordPress 6.6+ flag to disable automatic updates, it’s unknown whether any of these tools respect it. Anything that runs the WordPress Automatic updater should support it.

What will future iterations bring?

What functionality is offered here will heavily depend upon author feedback in using the feature, or what would encourage them to do so. Examples of what this could be include..

  • Strategies that rollout updates to a percentage of sites. For example, 1% per hour, or gradually increasing to 20% over 3 days and the final 80% on day 4.
  • Improvements to find out if there’s been any issues reported in the update. For example:
    • Are plugin reviews overly negative?
    • Have any PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. Warnings/Fatal errors been reported automatically (not implemented)
    • Have WordPress updates been rolling back to their previous version (in the cases of fatal errors)
  • Statistics of how many sites have updated to the new version. Could be a rounded number (like the existing Active Installs) or simply a percentage (like the Active Versions chart). Eg: Plugin: 100k Active installs; Latest version: 80k+ or 80%.

Questions for Plugin Authors

  • Do you plan to use this feature? If not, What would convince you to?
  • What improvements would you like to see?
    For example: What strategies? What additional information? What would tell you your plugin update is a success?
  • Would you like to see manual/user-initiated update availability also disabled?

Thank you to the handful of plugin authors who have already made use of this feature.

Edits: An image of the UIUI UI is an acronym for User Interface - the layout of the page the user interacts with. Think ‘how are they doing that’ and less about what they are doing. added a few hours later.

Image David Perez 4:01 pm on July 28, 2025  

Requiring the README to be written in English

Every day, we review a significant number of plugins, and since last year, we have been receiving many more requests each week. In addition, our team is made up of a diverse group with different languages and alphabets.

For this reason, our team uses English as the official language within the community and for communication with authors during the review process.

As part of the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party review, we also check the readme.txt file, which contains all the important information about the plugin, such as its name, version, description, authors, and other relevant details. This file is essential for the management and documentation of the plugin, both for developers and users. It also serves as the basis for the plugin’s page published in the directory, which is also visible on wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//plugins/.

The plugin directory supports translations using English as the base language. Each plugin can be translated through translate.wordpress.org, offering versions in different languages for both the plugin information and the user interface. For more information, you can refer to the GlotPress documentation.

From now on, we will ask authors to provide the plugin information in readme.txt in English.

The main reasons for this are:

  • It facilitates reviews and effective communication with the team.
  • English serves as the base for translating your plugin into different languages. This ensures your plugin can be translated once it’s published.
  • It unifies the Plugin Directory interface, avoiding the creation of sections in different languages and alphabets.

This decision has been agreed upon by the team with the goal of serving the general interest and making it easier to translate plugins.

Post writen by @davidperez, reviewed by @rabmalin and @frantorres

Image David Perez 7:30 am on July 12, 2025  

Team Name Change to “Plugins Team”

Since the team transition that took place in June 2023, the goals of the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team have continued to grow. This change has been internally agreed upon, and we’re excited about the new name.

Here’s a quick summary of our main focus areas:

Review of New Plugin Submissions to the Directory

This has remained our primary task and takes up most of our time. We’re now receiving over 87% more weekly plugin submissions. Our goal is to keep the queue as short as possible and ensure a balanced workload across the team.

Improvement of Internal Tools

The Scanner tool has undergone major upgrades, now performing over 220 automated checks on plugins. This makes the review process more efficient and reliable. We’ve also introduced AI checks for plugin names, helping ensure clear and trademark-compliant naming from the start.

Creation and Improvement of Community Tools

Since Plugin Check Plugin was introduced to the community, it’s become increasingly integrated into workflows, helping plugin authors self-review their plugins and boosting the overall quality and security of the WordPress ecosystem.

The team is now actively contributing to its development, adding new checks, and we’re proposing to use it during plugin updates and commits as well.

Improvement of the Plugin Directory

We’ll be working closely with the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team to help review open tickets and propose new features we believe will improve plugin reliability and security.

We’ve come to feel that the name “Plugin Review Team” no longer reflects everything we do. That’s why we’re proposing a simplified name: “Plugins Team.” Interestingly, the Themes Team made a similar change some time ago.

So we propose updating the name across various community spaces:

  • Page Title: https://make.wordpress.org/plugins/
  • Mentions across wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ websites
  • Community references: Moving forward, we kindly ask the community to refer to us as the Plugins Team.

We believe this small change is well deserved, given all the efforts the team has made to improve the WordPress plugin ecosystem. We’re looking forward to continuing to grow and evolve.

Post written by @davidperez, reviewed by @frantorres and @rabmalin

Image Jonathan Desrosiers 1:58 am on June 25, 2025
Tags: ,   

X-post: A Little (Late) Spring Cleaning

X-comment from +make.wordpress.org/project: Comment on A Little (Late) Spring Cleaning

Image Isotta Peira 1:06 pm on June 23, 2025
Tags: ,   

X-post: The Incident Response Team is looking for new members

X-comment from +make.wordpress.org/community: Comment on The Incident Response Team is looking for new members

Image Jonathan Desrosiers 11:49 am on June 4, 2025
Tags: ,   

X-post: Criteria for Creating or Migrating Repositories under the WordPress GitHub Organization

X-comment from +make.wordpress.org/project: Comment on Criteria for Creating or Migrating Repositories under the WordPress GitHub Organization