The goal of the WordPress Plugin Directory is to provide a safe place for all WordPress users - from the non-technical to the developer - to download plugins that are consistent with the goals of the WordPress project.
To that end, we want to ensure a simple and transparent process for developers to submit plugins for the directory. As part of our ongoing efforts to make the plugin directory inclusion process more transparent, we have created a list of developer guidelines. We strive to create a level playing field for all developers.
If you have suggestions to improve the documentation, or questions about it, please email us at [email protected] and let us know.
In order to submit a plugin, there are three steps:
- Register on WordPress.org with a valid, regularly checked email address. If you are submitting a plugin on behalf of a company, use an official company email for verification.
- Whitelist [email protected] in your email client to ensure you receive email communications.
- Submit your plugin with a brief overview of what it does and a link to a complete, ready to go zip of the plugin.
Once a plugin is queued for review, we will review the plugin for any issues. Most of the issues can be avoided by following the guidelines below. If we do find issues, we will contact the developer(s), and try to work towards resolution.
Developers, all users with commit access, and all users who officially support a plugin are expected to abide by the Directory Guidelines. Violations may result in plugins or plugin data (for previously approved plugins) being removed from the directory until the issues are resolved. Plugin data, such as user reviews, may not be restored, depending on the nature of the violation and the results of a peer-review of the situation. Repeat violations may result in all the author’s plugins being removed and the developer being banned from hosting plugins on WordPress.org. It is the responsibility of the plugin developer to ensure their contact information on WordPress.org is up to date and accurate, in order that they receive all notifications from the plugins team.
All code in the directory should be made as secure as possible. Security is the ultimate responsibility of the plugin developer, however the Plugin Directory enforces this to the best of our ability. Should a plugin be found to have security issues, it will be closed until the situation is resolved. In extreme cases, the plugin may be updated by the WordPress Security team and propagated for the safety of the general public.
While we attempt to account for as many relevant interpretations of the guidelines as possible, it is unreasonable to expect that every circumstance will be explicitly covered. If you are uncertain whether a plugin might violate the guidelines, please contact us at [email protected] and ask.