CP plugins directory (part 2)

I did not want to add this on to the end of the other discussion, even though it is somewhat related. I am sure we have all bumped into posts about how (WordPress) could/should incorporate some sort of 3rd party add-ons visibility.

Certainly it would not be the top priority today, but perhaps a ‘multi-level’ situation where ‘ClassicPress Plugins’ are offered, and in a clearly separate area with proper notifications, Plugins that would normally fall outside the standards for inclusion are listed (this could potentially be a niche, right now my feeling is that the entities providing this sort of directory are sometimes ‘shady’ in one way or another, or at least driven more by getting their cut of the sale where premium Plugins are concerned).

normally fall outside the standards for inclusion are listed

If I understand correctly, a directory of non-standard plugins (which do not fully comply with the guidelines, except those on security), or simply commercial plugins tout court?

Potentially both, but I was thinking more about Plugins that are valid and secure, but do not fully comply with the standards for inclusion.

Normally the required standards mostly concern safety. It’s true that on WordPress, I’m speaking at least for themes, you can’t do some things (e.g. replace the site identity panel in “Customize” with a customized one, unless it concerns features not present in the standard panel), but I wonder: if such a place existed, why would one then subject their plugin to compatibility tests with the guidelines, if they can skip them altogether by deviating into the non-standard directory?

It would make more sense if it were about completely commercial plugins and themes instead. But then why not create a real marketplace? Different standard compliance, more flexible in customizations. You can do many more things, but the requirement is that your plugin or theme must be commercial, i.e. sales-oriented. Kind of like Evanto for ClassicPress.

I guess my thoughts are based around the many plugins out there that are not listed on CP/WP (for a variety of reasons I am sure), but are not commercial. I get what you are saying that everyone could just circumvent the checks, but I can also say I avoid such marketplaces because every time I used one I regretted it later.

Was more an idea for discussion, for me personally, I do not list my stuff on WP, and it is unlikely I will modify more than a few of them to be ‘CP ready’. The Plugins were mainly made for my use and as ‘invisible’ as it is, I have working distribution if others want to check the ones I listed out, which is fine with me.

1 Like

You know, I have four plugins and two themes on WordPress. But if I were to list all the ones I have created for personal use and on commission, there are at least forty.

On the marketplaces I can agree with you. Many years ago, when I was a beginner, I downloaded a particularly nice and unique voting plugin from a marketplace. For a fee. I ended up with malicious code on my installation. Taking a look at the plugin, it had obfuscated parts. Eliminated. Since then I haven’t downloaded anything, also because I no longer needed them: if I can, I’ll create the plugins myself.

However, I understand that you would like a refuge for lonely and perhaps misunderstood plugins… :joy: :joy: :joy: Just kidding! This could be a really good idea. But if you think about a space on ClassicPress, I don’t know if the management team would consider it that way.

I imagine it becomes a guilty by association situation when something nefarious leads back to you, even if you yourself did nothing but provide information.

On your same note, it is not like my Plugins are a million miles away from being CP ready; some are close or maybe OK now, others were not designed to conform and would not be accepted, but are not dangerous or insecure.

@EliteStarServices I was thinking and now I have a more clear idea of what you want to achieve and a couple of pennies to throw in myself. I am reading and pondering this at the end of a very calm day and some questions arose in me.

First: The directory is CP owned, so the community at large is responsible in a way that there are some security measures and standards to be followed, that legally protects CP entity from liabilities if people get a damage from something they download (because things hosted there are in a way "endorsed by the community as verified to be abiding the standards so people can trust that there is no malicious code in the softwares).

Second, the directory allows for the listing of a premium version of the software you are submitting. that means that it gives the chance to list the paid counterparts also.

My idea is that standards are there for a reason, and this means that if a dev wants to be listed they have to recognize at least that they need to apply safe coding standards to be listed.

Your idea however (finding a way to offer visibility to people that for various reasons are not listed in the CP directory) is a very good idea and intention.

WP ecosystem solved this already. All people involved in WP (even non developers) at one point or another have written reviews about plugins and themes or shared with people what plugins and themes were good on social media, some sites made money doing this even.

Since we already have CP Web, that lists the professionals working with CP… could we integrate a system where we can make a press release about plugins and themes? Devs could drop us a line and we could try the plugins/themes out and write about them on the platform - this could both serve the community at large and bring traffic to it so that it could bring even more visibility to the devs.

Is something like that feasible? It would avoid submitting non standard software to the directory itself but would however give visibility. All the dev would have to do is filling a form asking us to write about their software. Obviously we would be impartial reviewers and that would help in gaining users trust on CP Web platform because they would see us a reliable source of facts and info.

I’m missing something here. What kind of plugin needs less restrictive rules?

  • If cpcs complains about the use of something unsanitized, but I sanitized that earlier, with my own function or don’t feel the need to sanitize, I can just put a phpcs:ignore directive and hopefully a comment explaining why.
  • If I find that a sniff is unuseful I can ask to remove it (cpcs is not perfect and can complain about code styling).

I’m not against any unofficial directory, just wondering why.

1 Like

@Simone I have not really tried to submit anything to WP, but since you guys got me set up with the ability to run CPCS on my repos, I have been able to improve my code and get it to pass without much fuss. So as a very generic statement, I noticed (based on past experience with WP Plugins and their repository) that at least some number of devs (myself included I guess) do not even try to list (maybe simply because they cannot offer reliable support, I don’t know). That is the situation I am referencing more than less restrictive (secure?) per say.

I’ve helped (and suggested to do) some people to setup a GitHub workflow.
I’ve done this as a personal initiative as I feel that it’s very helpful for writing more robust code without the need to install cpcs locally and without getting a lot of request for changes by the review team.

2 Likes

You have definitely helped me out there.
But that is still somewhat separate from the idea of an ‘open listing’.

1 Like

That’s sure!
Happy I’ve helped!

On your same note, it is not like my Plugins are a million miles away from being CP ready; some are close or maybe OK now, others were not designed to conform and would not be accepted, but are not dangerous or insecure.

Oh, I always think that my plugins or themes never live up to expectations. I know, perhaps I may seem insecure, even though those who have tried my plugins and themes have been satisfied, but it’s bug anxiety. The idea that what you create with so much passion ultimately doesn’t work as it should, leading to disappointment.

And in any case, I too have often given up on uploading good plugins to WordPress: as much as I thought they were ready, I feared the evaluation, the boredom of the correction, of the note, of the request to give up certain “non-standard” options.

So your reflections are mine too.

  • If cpcs complains about the use of something unsanitized, but I sanitized that earlier, with my own function or don’t feel the need to sanitize, I can just put a phpcs:ignore directive and hopefully a comment explaining why.
  • If I find that a sniff is unuseful I can ask to remove it (cpcs is not perfect and can complain about code styling).

Yes CPCS is extremely rigid, but perhaps an automated test needs to be. The important thing is that the evaluation is then up to a thinking mind, that is, a person, who can actually evaluate the case, and make a decision that is not based only on the response of a bot.

My idea is that standards are there for a reason, and this means that if a dev wants to be listed they have to recognize at least that they need to apply safe coding standards to be listed.

This is a fundamental point. Rules are established, and like it or not, these rules must be respected. If we could insert anything and everything into the directory without controls or with excessively flexible if not formal controls, we would seriously endanger websites and their security, and CP would soon gain a bad reputation. Rigidity is better, which in these cases equates to seriousness. We developers have to make the effort in trying to make better, better performing and safer code.

2 Likes

@EliteStarServices the fear of releasing software is a very real one. it’s called imposter syndrome. I am affected too, ultimately the help of the community made me grow stronger and I was able to release a theme (but I was on the verge of chickening out, I have to admit). I am with CP since 2018 when it started and it took me years to go from zero to consider myself a “real” developer…

About finding a place for devs who aren’t listed, instead of encouraging them to bypass the rules that are in place for a reason… we can find a way to help them publish on the directory if the strict rules are really what is keeping them at bay.

CP Web can be a great place to host an article about steps to take to abide by the rules, I was not alone when I released my theme and with this article we could assist people like we were assisted. And if a plugin does not pass tests since it’s on GitHub… other devs can chime in with PRs to help make it compliant. @Simone did this for me and I think it’s the a very good way to go about the problem.

That said I do not think the only factor keeping devs at bay are the strict coding standards.

CP as of now it’s a promising market, that has to reach the “break even” and gain momentum before devs can consider it a risk worth taking. Some devs might have developed for CP for their customers or themselves, but aren’t listing their software because maintaining it is not yet worth the effort.

By having a trustworthy platform like CP Web we made a step in reaching that elusive break even point, now we surely take a step further and use it not only to list CP professionals but to help CP software devs to enter the ecosystem - enabling them to actively participate is better than giving them yet another place, that is non official, to list their software. From an user perspective a move like that (helping devs to onboard the directory) speaks volumes about the fact that CP is really a trustworthy, inclusive and united community.

1 Like

My desire to discuss listing 3rd party add-ons on a somewhat generic level based on my perception of people in general is being at least partially misunderstood, and seems to be wandering further away from my intention with each post, though it is a very good and informative discussion overall.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.