An Introduction - WP Plugin Guidelines

I recently submitted a plugin for review by WordPress for inclusion in their repository. I figured that the plugin I had built was okay and that it would provide a good way for people to share content on the web. After plugin submission the first few emails back from WordPress were about editing the code to make sure that it was setup in a way that allowed for complete and trouble free integration into the WordPress framework.


The first issues that were brought to my attention were things like the prevention of direct access to plugin files and the removal of the error reporting that I turned on to debug the plugin as I created it. Other important issues were the sanitisation, escape and validation of post calls. There are guidelines on how to do this on the WordPress website. Other minor issues were path definition and the use of unique function names.


The plugin was edited and resubmitted for inclusion in their directory. The sticking point then became apparent. WordPress currently have in their plugin guidelines a clause that means that end users have the right to opt In to including a link to an external site. This could be a ‘powered by link' or hyperlinked attribution. The plugin I built uses data from the Marvel API. Their terms of service indicate that you need to attribute Marvel as the source of the data. This has to be in text format with or without a hyperlink. The software I built to process an API response included as required an attribution back to the source of the data. Initially this was hyperlinked as a precaution thinking everything was going to be okay.

Opt In (Changes to Guidelines)

WordPress told me that they could not host the plugin because of this link. I then proposed that a solution would be that users could ‘opt in' to including attribution and that doing so would enable data to be displayed on their site. If they did not ‘opt in' then data would not be displayed. Fair enough I thought a solution? I was told that this was not really acceptable as it stopped the plugin from working? Anyway after a bit more thought and a read of their plugin guidelines I decided that I could include the credits and users could ‘opt in' to adding a hyperlink. This would satisfy both Marvel's and WordPress's terms of use. Thinking I had found a solution to what was becoming a debacle I emailed WordPress again. Who would believe it! What bad luck! An unpublished change to their detailed plugin guidelines that now stops credits from being included without the users choosing to ‘opt in' to displaying them.

Point 10

The proposed change is that credits as well as links now have to be an ‘opt in' only. This means that if an author or service provider that distributes content wants their attribution displayed on WordPress without an ability for a user to opt out they have to include credits from their end. An example cited was Youtube who brand all videos distributed via their network with their logo. In fairness WordPress did look to defend my indemnity by pointing out that unscrupulous users or even hackers could modify the source code to remove attribution.

Current Point 10

The current point 10 details how links to external sites in the form of an attribution should only be displayed if a plugin users decides that they want to display them.

Proposed Changes to Point 10

The proposed changes to point 10 mean that credits fall into this attribution category and that even text without a hyperlink they will be deemed to be something that can only be displayed if the user opts in to displaying it.

What Next?

The proposed changes to point 10 of the detailed plugin guidelines are what were used by WordPress to prevent me from having my plugin included on their repository. I do not mid the whys and wherefores I just struggle to see why the ballpark was changed midway through conversation. The solution for me is to continue developing this software and probably publish an app with Phone Gap where I am the sole API client and end users can use the app data to preview how I like to develop with jQuery. I am not too sure if WordPress's clarification on this is on the current or proposed changes, but they cited.

A user can (and usually does) run 20+ plugins on a site. If every plugin forced powered-by credits and links, it would both make the site look like a billboard, but also hurts their SEO and those of the developers (a lot of theme devs found their SEO dropped due to backlinks). In order to protect millions of users, we determined it would be safer all around to enforce an opt-in requirement. As for a plugin that requires displaying of credit/links before running, we just feel that's against the heart of the repository. A plugin should just work out of the box, no limits, save in the service.