Getting a plugin listed on Wordpress.org

Log in to reply
NickGrogan

NickGrogan

Free Member
    • Nov 15, 2012
    4,728
    1,359
    Edinburgh
    www.energybrokers.co.uk
  • #1
    I decided to make a plugin, a fairly simple one. I will link to it once its up.

    I used ChatGPT 4 to make it. I gave it an API, told it I wanted a plugin, and it gave me some files in response.

    To my surprise, it worked perfectly.

    I submitted it to Wordpress.org and waited.

    I just got the code review.

    The list of issues is longer than the code for the plugin.

    I'll feed these into ChatGPT and see what it says.

    Has anyone else successfully made a Wordpress plugin? With or without ChatGPT...
    How long did it take to get listed?
     
    fisicx

    fisicx

    Moderator
    Sep 12, 2006
    46,766
    8
    15,418
    Aldershot
    www.aerin.co.uk
  • #2
    I've got a number of plugins hosted with wordpress.

    Start with this:

    wordpress.org

    Plugin Check (PCP)

    Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.
    wordpress.org wordpress.org

    You also need to fully comply with all the security requirements which can be boiled down to:
    • Never trust user input.
    • Escape as late as possible.
    • Escape everything from untrusted sources etc (this means your API).
    • Never assume anything.
    • Sanitation is okay, but validation/rejection is better.
    developer.wordpress.org

    Security – Common APIs Handbook | Developer.WordPress.org

    Congratulations, your code works! But is it safe? The WordPress development team takes security seriously. With so much of the web relying…
    developer.wordpress.org developer.wordpress.org

    I'm pretty good at meeting all the checks but it still takes me two or three goes to get accepted.

    ChatGPT won't be able to fix everything because it doesn't know the rules. You have to get your hands dirty and do the coding yourself.
     
    • Like
    Reactions: NickGrogan
    Upvote 0
    fisicx

    fisicx

    Moderator
    Sep 12, 2006
    46,766
    8
    15,418
    Aldershot
    www.aerin.co.uk
  • #4
    Then it's all about security.

    When the data is pulled from the API you need to escape and sanitise before doing anything.

    If there are any outputs you need to escape everything.

    If there is any user input you need to sanitise everything before any processing.

    The email they sent you usually has some examples of where it failed. Most common will be if you echo anything.

    You will probably need to use this function:

    developer.wordpress.org

    wp_kses() – Function | Developer.WordPress.org

    Filters text content and strips out disallowed HTML.
    developer.wordpress.org developer.wordpress.org

    Bad people will try to hack your plugin. Even areas you consider safe (like the dashboard) can be compromised using techniques like XSS.
     
    • Like
    Reactions: NickGrogan
    Upvote 0
    fisicx

    fisicx

    Moderator
    Sep 12, 2006
    46,766
    8
    15,418
    Aldershot
    www.aerin.co.uk
  • #5
    On the other hand....

    You can always add a download to your own website, do all the promotion yourself and take WP out the loop. I do this for a number of very niche plugins and it works well. A lot simpler than trying to meet all the conditions for the WP repository.
     
    • Like
    Reactions: NickGrogan
    Upvote 0
    antropy

    antropy

    Business Member
    • Business Listing
    Aug 2, 2010
    5,317
    1,102
    West Sussex, UK
    www.antropy.co.uk
  • #6
    NickGrogan said:
    I used ChatGPT 4 to make it. I gave it an API, told it I wanted a plugin, and it gave me some files in response.
    Click to expand...
    I've got the paid ChatGPT but at this point it's really not great at coding much, it's likely your plugin will be full of bugs.

    Paul.
     
    Upvote 0
    NickGrogan

    NickGrogan

    Free Member
    • Nov 15, 2012
    4,728
    1,359
    Edinburgh
    www.energybrokers.co.uk
  • #8
    fisicx said:
    On the other hand....

    You can always add a download to your own website, do all the promotion yourself and take WP out the loop. I do this for a number of very niche plugins and it works well. A lot simpler than trying to meet all the conditions for the WP repository.
    Click to expand...
    Its a test to see how easy it is to make a plugin and get listed as anything else.

    Otherwise I'd just hire someone who passed the tests before to write the full plugin for me
     
    Upvote 0
    fisicx

    fisicx

    Moderator
    Sep 12, 2006
    46,766
    8
    15,418
    Aldershot
    www.aerin.co.uk
  • #9
    NickGrogan said:
    That could also be true. To be fair its a simple plugin that doesn't really do very much, so it might not be that bad.
    Click to expand...
    Probably isn't too bad. You just need to fix the security. Which can be very tedious.
     
    Upvote 0
    fisicx

    fisicx

    Moderator
    Sep 12, 2006
    46,766
    8
    15,418
    Aldershot
    www.aerin.co.uk
  • #10
    NickGrogan said:
    Its a test to see how easy it is to make a plugin and get listed as anything else.
    Click to expand...
    Making a plugin is easy. Getting it listed less so (as you have discovered).
     
    • Like
    Reactions: NickGrogan
    Upvote 0
    Log in to reply

    Latest Articles

    Join UK Business Forums for free business advice
    Top Bottom
    Community
    Articles
    Menu