1. Andy Fragen

    If you’re not on WP 5.8 and want this feature now, take a look at https://wordpress.org/plugins/skip-updates/


  2. M

    Nice feature.

    I had someone having installed one of my plugins encounter this issue a month ago after a third party released a similar plugin, with the same naming for the main file, to the WordPress directory.


  3. Mike Schinkel

    Thanks for writing about this.

    One thing however: Rule #8. “Plugins may not send executable code via third-party systems.” is — as my dad would say — clear as mud.

    Maybe you could write a follow-up post that explains what this means, in lieu of them actually editing the rules so that Rule #8 would be clear enough to understand? Thanks in advance if you do.


    • Justin Tadlock

      Yeah, I was thinking the same thing reading #8. I figured most readers would be in the same boat, so I quoted the sub-section of that guideline that more clearly explained what was not allowed for this situation.


  4. Bastian

    Where will this new header go in the case of themes? The style.css file or the readme.txt file?


  5. djsteveb

    Will this rescue info from things that were kicked out of the .org ecosystem like wp-spamshield?

    perhaps offer a one click duckduck search for info that may be posted on the web about plugins not updated via .org in X many months or something?

    that might be helpful.

    I have some plugins on some sites that have not been updated in years – yet I have not found the functionality available in newer plugins – plus I have a half dozen here and there from ‘premium’ places around that I have not updated and don’t know if there are updates and no way to gain support – or to know if there are exploits in them or new ones avail..

    Will this method also be able to alert about url changes / ownership changes of plugins eg-> https://wptavern.com/should-wordpress-notify-users-of-plugin-ownership-changes

    Cool possibilities I guess.


    • Justin Tadlock

      This will only work if plugin authors opt into the new Update URI field. If they don’t, it’ll be the same as before. The new piece is that the solution is there and takes one line of text in the primary plugin file.

      So, something like the spam plugin you mentioned could add the header to avoid checks from WordPress.org. You could do the same for non-.ORG plugins.

      As for URL and ownership changes, no. Those are separate things. This new feature basically tells WordPress the hostname to check for updates.


  6. Sebastian

    That’s why i use the function i found in the core-funcionality plugin by bill erickson: https://github.com/billerickson/Core-Functionality/blob/b91786b241d17ecaca23fc0c6a550f5a93600fee/inc/general.php#L22
    A little function to make sure that the plugin doesn’t get updated.
    Love it


Comments are closed.

%d bloggers like this: