The WordPress.com repository is officially closed for professional 3rd party plugins

5 replies
You won't find any professional plugin or theme there anymore.

By professional themes and plugins I mean those that made from professional webmasters who want to somehow insert HTML, CSS, JavaScript and PHP code into their WordPress posts, sites (e.g. sidebar, footer, header) etc.

This is officially forbidden now and I've got an official confirmation on that.

You may say: "that couldn't be true, because there is a ton op plugins like "PHP anywhere" and others are freely hosted at wordpress.org".

Yes, they are. But not forever, so make sure to download them while they are not removed or not castrated on their functionality.

Here is a quote from the official email, that explains the new WordPress.org policy on 3rd-party themes and plugins:

We're saying IF your plugin allows people to insert arbitrary HTML/JS/etc, then it is not currently permitted for new plugins.

We are actively working with the older plugins to retire them or improve them and make them safer.

Since that's an ongoing process, and has been for a couple years, we've only closed a couple. We're trying not to break existing users, while still protecting them from what has become one of the biggest vectors for kiddie hackers


--
WordPress Plugin Review Team
#3rd #closed #officially #party #plugins #professional #repository #wordpresscom
Avatar of Unregistered
  • Profile picture of the author EPlanetSoftSEO1
    [DELETED]
    {{ DiscussionBoard.errors[11766786].message }}
    • Profile picture of the author CyberSEO
      My post was about wordpress.org as a plugin repository. The information has nothing to do with the wordpress.com blogging platform.

      And yes, the information above is 100% accurate. They still accept plugins and themes, but not the professional ones that allow users to insert their own code (JS, CSS and PHP) into posts and pages. The email quoted above clearly states this.
      Signature
      CyberSEO Pro - the ultimate AI autoblogging and RSS, XML, HTML, JSON and CSV import plugin for WordPress with support for OpenAI o1, Claude, Gemini, Llama 3, Midjourney, DALL-E, Stable Diffusion and more.
      {{ DiscussionBoard.errors[11766825].message }}
  • Profile picture of the author agmccall
    Does this mean they will not work or that we will not be able to get them from wordpress. Meaning can I still get these plugins, if needed, from a third party and will they work

    al
    Signature

    "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison

    {{ DiscussionBoard.errors[11767785].message }}
  • Profile picture of the author CyberSEO
    Of course, they won't stop working, and you can still download them elsewhere. As the email above says, they have simply stopped accepting any plugins that allow you, as the user, to modify the content displayed by inserting your CSS styles, JavaScript and especially parts of PHP code.

    They will also try to get rid of those plugins like "PHP Everywhere" that were added to the WordPress repository before they started enforcing the "don't trust your user" rule.

    They say that most WordPress users are not that smart and they can just copy/paste some wrong code into their pages and it will break the page layout or they can even copy some malicious JavaScript or PHP code...As a result, plugins for professionals (experienced webmasters and programmers) are not allowed there.

    I have quoted the official explanation by WordPress Plugin Review Team "AS IS".
    Signature
    CyberSEO Pro - the ultimate AI autoblogging and RSS, XML, HTML, JSON and CSV import plugin for WordPress with support for OpenAI o1, Claude, Gemini, Llama 3, Midjourney, DALL-E, Stable Diffusion and more.
    {{ DiscussionBoard.errors[11767790].message }}
  • Profile picture of the author shekhar
    It is a step to plug the loophole being used by hackers to enter into Wordpress ecosystem and harm the websites. A welcome move.
    {{ DiscussionBoard.errors[11767913].message }}
  • Profile picture of the author CyberSEO
    It doesn't protect your site from hackers. It protects it from you and only you. As for hackers, the best way to avoid them is to never activate "nulled" plugins and themes, because most of them contain malicious code. You should remember that anyone who gives you a plugin or theme can get direct access to your server because it's a PHP script, so bad guys can do just about anything they want.

    Also, if you think that by downloading plugins from the official repository you are somehow protected, you are wrong. Plugins are manually inspected (not very deeply, actually) the first time they are submitted. After that, the author simply commits new versions via SVN at will, without any code inspection on the other side. So if some author accidentally adds code that wipes out your entire database or file directories, you lose everything. This is another thing everyone needs to keep in mind. I'm not saying the WordPress team is doing it wrong. They're doing the best they can, but it's just impossible to check every change in every plugin or theme in a huge repository.
    Signature
    CyberSEO Pro - the ultimate AI autoblogging and RSS, XML, HTML, JSON and CSV import plugin for WordPress with support for OpenAI o1, Claude, Gemini, Llama 3, Midjourney, DALL-E, Stable Diffusion and more.
    {{ DiscussionBoard.errors[11767916].message }}
Avatar of Unregistered

Trending Topics