On the podcast today we have Matt Cromwell. Matt is Senior Director of Operations and Marketing at StellarWP, and also one of the founders of GiveWP, a donations plugin which uses the freemium model. He’s on the podcast today to talk about whether the WordPress.org plugin repository is still an effective place to host your…
The folks over at Sucuri have reminded us once again why it’s important to only download plugins from trusted sources. In a disturbing post published on the Sucuri blog, Denis Sinegubko highlights the dangers of using plugins from untrusted sources. In this post, we’ll talk about “patched” malicious premium plugins. We’ll talk about what they…
Early this morning, the WordPress.org plugin repository set a mile stone by hosting the 30,000th plugin. I didn’t think it would happen until a few weeks from now but it shows you how many plugins are approved and added to the repository every day. Jan Reimers on Twitter celebrated with a whoop! I second that…
It’s a fear many WordPress users had in 2009 and it’s one that continues to be near the top in terms of reasons why people won’t upgrade their sites. It’s the fear that their plugins won’t be compatible with the new version of WordPress. Back in October of 2009, the WordPress core team tried to…
Checkmarx, a company founded in 2006 that specializes in automated security code reviews has published a security vulnerability report on the top 50 plugins on the WordPress plugin repository. In the report published on June 18th, 2013 Checkmarx concluded that more than 20% of the 50 most popular WordPress plugins were vulnerable to common web…
A few days ago, Sucuri mentioned that the Absolute Privacy plugin for WordPress contained a security vulnerability that would allow the ability to bypass the authentication mechanism and gain admin access to the application, that being WordPress. The plugin was subsequently pulled from the repository as there had not been any updates to fix the…
It’s been awhile since we’ve had a discussion revolving around those three magic letters GPL. It looks like we’ll be talking about it again considering that somewhere around 500 plugins run the risk of being purged due to their incompatibility with GPLv2. There has been an ongoing discussion within the past 11 months regarding various…
For recently joining the 700 club. That number represents the amount of themes he has reviewed since joining the WordPress theme review team! Thanks goes out to Emil for volunteering his time to make the theme repository a better place. Out of curiosity, after reviewing 700 themes, I wonder what sort of patterns or similarities…
@WraithKenny – #WordPress plugin repo should have a favorites button. – via Twitter Now THAT’S a good idea! Stretch it further by giving us the option decision to make our favorite lists private or public on WordPress.org. There are all sorts of things you can do from there on in.
SmashingMagazine has a great article that covers some tips on how WordPress plugin authors can create better readme.txt files. While the code within the plugin is important, the readme.txt file is what users are going to encounter first. It’s the means by which we discover plugins within the repository so it’s important that relevant information…
Siobhan McKeown has published a disturbing yet not out of the ordinary article that explains how a couple of plugins were recently added to the plugin repository that were using a version of J-Query from J-Query.org which after investigation proved to be a fake website. The purported J-Query file was actually propagating sites with CPA…
The following is a presentation by Chip Bennett at WordCamp Kansas City 2011. In this video, Chip Bennett explains the entire process of what it takes to get a theme hosted on the WordPress.org Theme Repository. Pretty awesome to see Chip go from being a vocal member on WPTavern within the past year or so…
WPBeginner has laid out an interesting question. Do we need a better 404 page for WordPress plugins repository? They think so and I do to. I’ve experienced the issue of clicking a plugin link only to be redirected magically to the plugin repository page without any explanation as to why. From here, I perform a…
Ryan Imel of WPCandy.com has published an editorial that has sparked yet another good discussion. This time, the focus is on the misnomer that it’s better to keep your active plugin count as low as possible to avoid problems. I’ve been down this road before. In at least a couple of the WordCamps I’ve attended…
Earlier this week, Jason Pelker wrote an excellent post for WPCandy.com entitled, How did ThemeForest become the red headed stepchild of the WordPress community? Jason takes a look at the various reasons for how this could have happened. However, the conversation turns pretty interesting in the comments when the discussion of quality control at ThemeForest…