We have a new release of the Plugin Check Plugin (PCP), a tool that helps developers create better and more secure plugins by following best practices.
As you’ve seen, PCP now performs automatic checks as plugins are uploaded through the submission form. The best way to use PCP is during development to identify issues before submitting for review. This will simplify the review process, as the Review Team will still manually inspect your code and interface, but now automatic checks will also ensure there are no false positives.
We always recommend fixing any warnings, as they will be treated as errors during the review.
We have a new image for the plugin that clearly highlights its objectives. This Image has been designed as contribution from Closemarketing.
This plugin is an effort of three teams Performance, Plugins Review and Meta Team working together for making safer and better ecosystem in WordPress.
This version aimed to have all the necessary to be a robust tool to make automatic updates in wordpress.org.
This plugin is a collaborative effort of three teams—Performance, Plugins Review, and Meta Team—working together to create a safer and better ecosystem in WordPress.
This version is designed to be a robust tool, with all the necessary features to facilitate automatic updates on wordpress.org.
The main enhancements include increased severity for violations of PHP coding standards, such as disallowed operators and restricted functions. New security checks have been introduced, along with validation for contributors listed in the readme file and warnings for mismatched plugin names between the header and the readme. Additionally, runtime settings are now permitted in code sniffer checks, and forbidden headers, such as repository URIs, are detected. The plugin also checks for discouraged PHP functions and development functions that are not permitted in final versions.
Further improvements include a new CLI feature with a slug argument, updated images and icons for the plugin, and validation of key plugin header fields such as “Requires PHP” and “Tested up to” values. On the fix side, table results are now responsive, success messages appear when no errors are found, and runtime checks in CLI contexts are better managed. Other important fixes involve handling the “Stable Tag” value and resolving a licensing warning for GPL version 3. These updates strengthen the tool’s ability to ensure plugin quality and security on WordPress.org.
Full changelog:
- The Plugin Check is now part of the automatic checks for plugin submissions on WordPress.org.
- Enhancement – Increased severity for
BacktickOperator
,DisallowShortOpenTag
,DisallowAlternativePHPTags
,RestrictedClasses
, andRestrictedFunctions
. - Enhancement – Added security checks to the Plugin repository category.
- Enhancement – Allowed
runtime-set
in code sniffer checks. - Enhancement – Changed warnings to errors in plugin header checks.
- Enhancement – Detect forbidden plugin headers such as repository URIs in the Directory.
- Enhancement – Added a new check for development functions that are not allowed in final plugins.
- Enhancement – Created new images and icons for the plugin.
- Enhancement – Introduced a slug argument in the CLI.
- Enhancement – Added a check for discouraged PHP functions.
- Enhancement – Added validation for Contributors in the readme file.
- Enhancement – Added warning for mismatched plugin names in the plugin header and readme file.
- Enhancement – Checked for validation of Plugin Header fields: Name, Plugin URI, Description, Author URI, Requires at least, Requires PHP, and Requires Plugins.
- Enhancement – Added a warning if the “Tested up to” value in the readme file exceeds the released version of WordPress.
- Fix – Display a success message if no errors or warnings are found.
- Fix – Made table results responsive.
- Fix – Prevent proceeding to the next check if the Stable Tag value is set to
trunk
. - Fix – Allow runtime initialization even when only add-on checks are requested.
- Fix – Fixed an SPDX warning for the
GPL version 3
license. - Fix – Prevent runtime checks in the CLI context when they cannot be used.
Leave a Reply