If you develop plugins for WordPress, you’ll be aware of the controversy caused by the removal of plugins from the repository for breaches of its guidelines.
Many such incidents are caused by developers stepping over the line with “growth-hacking” or data collection, a prime example being incentivized reviews. Some developers offer free or discount premium upgrades if users agree to review their plugins. Obviously, incentivized reviews are harmful — who can trust a review that’s been paid for.
However, the guidelines have never been sufficiently clear about what constitutes unacceptable behavior and enforcement has been inconsistent. In the absence of clear guidelines, enforcement by the repository team can seem arbitrary.
In an effort to help plugin developers understand what is and is not acceptable, the repository team has revised and expanded the guidelines. The new guidelines have been published on GitHub so developers and other interested parties can review them and submit commentary and pull requests.
The content of the guidelines won’t come as any surprise to experienced developers — plugin code must be GPL compatible, for example — but they make concrete rules that were previously vague or implied.
Some of the guidelines developers should be aware of include:
- Don’t push updates too frequently. The WordPress Subversion repository should be considered a release repo, not a development repo. Excessive updates may be considered an attempt to game the Recently Updated list.
- No user tracking without explicit opt-in. This issue has caused problems for a number of plugins of late. The message here is simple: don’t do anything to to track users without their explicit permission.
- No illegal, dishonest, or morally offensive behavior. This is the broadest guideline, and it includes behavior like incentivized or fake reviews, attempting to exploit loopholes in the guidelines, and SEO trickery.
Explicit and comprehensive guidelines have been a long time coming, but better late than never. The vast majority of WordPress plugin developers understand the limits of reasonable behavior. But an ecosystem as big as WordPress’ is bound to attract bad apples who want to exploit the enormous user base.
The clarified guidelines give moderators and the repository team a useful tool to combat malicious behavior without getting involved in endless logic-chopping arguments about what is acceptable.