A few suggestions and ideas for the plugin directory

Recently adding a plugin I had a few thoughts on the experience I’d like to share here for eventual discussion and (maybe) implementation regarding plugin directory and its related UI.

  1. ClassicPress for Plugin Developers | ClassicPress, should probably link to https://directory.classicpress.net/submission/plugin, or at least to Plugins - ClassicPress Directory (Most information that should be on this page is here https://www.classicpress.net/blog/classicpress-directory-update/)
  2. There should be some sorting here Plugins - ClassicPress Directory, because right now it seems alphabetically ordered, which is OK, but “by newest”, or perhaps “by developer”, should help find plugins in a more targeted way
  3. The search on that page seems to query only titles, but I think it should query description as well, at least, because the title of the plugin does not always describe it’s features to the fullest.
  4. On single plugin pages, there is a Minimum CP Version information we are not able to fill in on plugin submit (not crucial yet, but later will)
  5. This Plugin repo should be linked directly from the CP Homepage, in a menu “Plugins” (no one will first read a blog post, then navigate to a supposed “developer” profile page, just to ssearch for plugins). This point was one of the major painpoints for all users I tried to move to CP: they could not find any theme or plugin working with CP, unless I linked them to, or explained how the tagging on WP would work)
  6. Finally unless this is already outlined somewhere I’d suggest disclosing transparently the process for plugin „admission“. I’ve seen Plugin directory design but it’s not clear who does that classification, and also, it doesn’t seem to be done currently (for example my plugin was published very quickly, I don’t think such Short time allows for such deep analysis as explained on that blog post. I’m of course happy it was published so fast and do my best to keep Code safe, and yet, I’d think a full screening takes a lot of time and a lot of eyes?). Also updates can be pushed to GitHub anytime - so there should be some sort of follow up screening i assume? A malicious developer might otherwise upload a clean code and then update it to a „dirty“ version later. I think this is a very important point in regards of safety. Perhaps some sort of peer review or so could be implemented, where updates need to be „verified“ by at least another CP member just like it’s practiced for actual CP core updates? Yes, this is a lot of work and required an active community, but I think it also may strengthen the community and perception of CP.

Thoughts?

3 Likes

Good points, it hits a lot of the things I have in my mind but haven’t articulated anywhere so thank you!

Agreed, although we should point them to a tutorial on “creating a developer and uploading your first plugin” or similar. Because as mentioned we will be removing the submit plugin page.

Both of these are in progress, we are adding Algolia which will allow for a more robust search than we currently have.

I think this is a bug, we should see if we can get that out in the next release.

Agreed, cc @BlueSkyPhoenix

We should work on a more robust approach, following up on the discussion from Reporting Vulnerable Plugin. I think we need to draft a policy outlining the approval process. If someone in the community wants to take this on that would be amazing :slight_smile:

1 Like

The discussion on policies for the plugin directory in general probably need to be revisited now as well. The last discussions on this were quite a while ago, but could form the basis for the policy

I’m happy to help out with this by pulling the prior discussion together and add reporting/handling of vulnerabilities.

3 Likes

That would amazing, thanks :+1: