At the State of the Word 2025 we had the opportunity to learn about the news in the WordPress project, not only in terms of software but also a large community of which I am proud to be a part.
I am currently part of the Plugins team, and since recently, I am also Team Rep. Our work is based on reviewing the NEW plugins that are sent to the directory, as well as working on the tools that facilitate the review not only of security but also of compliance with good practices.
Since the last WordCamp Europe, we set our project to try to review not only new plugins, but also current ones, to improve the security of the entire ecosystem. Well, since September 17, all plugins that receive an update automatically are being analyzed. Not only will it stop there, but the authors will be notified of the errors so that they can solve them and improve their own plugins autonomously. This is so, since we currently have about 60,000 plugins in our directory.
This latest advance was reported in the last State of the Word, at the initiative of Matt Mullenveg. It was a great moment personally, how contributing to the WordPress project can benefit many people.
The idea not only stops here, but there is also the possibility of including AI in the most accurate analyses, in addition to the possibility of making a Scan of the entire Directory and creating a Security and Compliance value for the plugins.
We will proactively create initiatives that improve plugins, one of the most vulnerable parts in terms of security.
In the coming months, we hope to be able to improve more in our public Scanner tool for WordPress developers: Plugin Check Plugin.
