Support » Requests and Feedback » Where is the best place to discuss WordPress/plugins development issues?

  • I recently posted this thread:

    Seems its a bit controversial to discuss issues with WordPress, the posts get deleted or closed (cant reply on that last topic hence posting a new post).

    As we are not allowed to discuss development practices about WordPress and its plugins on the WordPress forums, where is the best place to do it? I assume there must be some place where developers discuss best practices for WordPress, discuss new ideas, continuous improvement and all that?

    Because my question is very valid, and a very serious issue to discuss, I think it terrible that such discussion is nor permitted.

    In summary it seems WP is rife with bad development practices, and I think it bout time someone does something about it.

    Is anyone responsible for such a thing? Where should we go?


    • This topic was modified 9 months, 2 weeks ago by  amityweb.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Plugin Review Team Rep

    Looking at your closed post (and the deleted one) the problem is that your questions (thus far at least) are opinion pieces. And there is absolutely nothing wrong with that, but the support forums are meant or people looking for help using WordPress, it’s themes and it’s plugins.

    As you may have noticed from the poster in your thread who went right off the rails, that’s pretty much why we don’t allow those posts. Philosophical posts are really complicated and tend to stir up trolls and adversarial posters like nothing else. It’s absolutely nothing wrong about the question and more that the ‘place’ lends itself to abuse (of you, of the moderators, and of anyone else who finds that thread).

    So to answer “Why did Jetpack push code that broke my site?” the answer is “They screwed up. They know it. They’re REALLY sorry and are fixing it.” And the other other is “Because they’re humans, and humans mess up.”

    Why did Windows release Windows ME? I have no idea, but I still remember trying to make products work on it.

    In summary it seems WP is rife with bad development practices, and I think it bout time someone does something about it.

    Is anyone responsible for such a thing? Where should we go?

    For WordPress core the place to go would be and help out.

    WordPress PLUGINS – which seems to be what your actual beef is about … There is no one responsible for such a thing. And I say this as the current rep of the Plugin Review Team. We don’t enforce standards beyond “Is the plugin safe and secure? Does it do what it claims? Off you go!” And that’s because we have a wide variety of people who write code, from the brand-new first timer with a Hello Dolly clone to professional quality products like Jetpack. There can’t be ‘standards’ that are different for every level. It defeats the purpose.

    Yes, WordPress plugins (and themes) are rife with bad practices.

    I’m the closest person to ‘responsible for’ you’ll fine, next to Otto, and he and I work closely together to make sure plugin developers, including Jetpack, meet the guidelines for being hosted here. Together, Otto and I have something like 30 years of high profile, large corporate experience in addition to decades of open source development, training, and education.

    None of that would undo the fact that Jetpack screwed up. They made a perfectly human mistake that missed testing (they have automated testing because they’re at that scale anyway). It missed human testing. It missed development testing.

    Because mistakes happen.

    And no amount of ‘best coding standards’ is capable of preventing all mistakes from happening.

    Where should we go?

    Your local meetups, StackEchange (where people look for coding help), your local area or plugin specific Slack/Discord groups, IRC, Medium, your own blog. Write up something and share it with the world. Come to the Core slack meetings and learn how the process works.

    I will leave this open until someone derails it, since helping you find places to discuss issues is important. If there are other places people can think that I missed, chime in 🙂 But please, be CONSTRUCTIVE.

    HI. Thanks for the reply. I will be constructive, see a suggestion I have below which could be taken further at WP to ensure better code is released… I just think someone should be working on something to improve it. It will never be 100% perfect, but not doing anything and ignoring it is bad. I have seen a real increase in problems recently from WP updates. I spend most of our time supporting WP issues whereas all my other CMSs hardly anything. I only switched to WP 1 or 2 years ago but have websites hosted from the past 12 years using other CMSs, and WP is causing a real support headache mainly due to plugin updates. We have to update them though, otherwise we see sites being hacked.

    You say no one is responsible… but WP release them all through the plugin section, so WP should be responsible, its the WP plugin hosting and update system allowing it. You cant say you are not responsible for helping the release of bad plugins into the community.

    I disagree its an opinion piece. I am pointing out an issue that needs addressing, not an opinion. At the moment I see a real bad practice of releasing bad code and plugins and I think it needs to be addressed not avoided. I do know human mistakes can be made, so I am not saying all human mistakes can be spotted, it wont be 100% perfect, no software company is, but the issues I see are just plain stupid development practices and not unintentional errors. We need to prevent developers releasing such bad intentional issues. By that I mean releasing a plugin update that no longer works on PHP 5 with no warning or anything (so the only way to know is do it and see) is terrible, and should be a new plugin for major changes. Or removing important core functionality in plugins so they can start selling them separately is also terrible, as it breaks the site, so that should also be a new plugin. I could not update plugins, but then the site will be hacked for sure. Many sites do not have the plans in place to do staging releases every day (which is how often plugin updates come out!), so rely on automated updates. We trust WP and plugin developers. So its real bad when an intentional change that will break sites is released as an update. If Microsoft updated Windows 7 to 10 automatically for everyone in the world everyone would be in uproar when the air traffic control or hospital software stops working (extreme example but hopefully you get the point!). So security and bug fix updates are OK to to auto-release, but major plugin changes should not be updates, but new plugins, and we can update when we are ready, like after sites have been moved to PHP7. The old plugin can have a message saying why its not updated anymore, what needs to happen so we can at least know its a PHP7 requirement and do some tests.

    Constructive Suggestion
    Here is one simple suggestion for example. When a plugin update is released, a simple questionnaire is asked for things that could potentially break it. A question along the lines of “has your plugin switched to PHP 7 exclusive”, with an answer YES, would deny the update, and show a message to say release it as a new plugin. If they answer No but thats the wrong answer, and they result in breaking sites, then penalise the developer, take the plugin offline, revert back to the old one. Other questions “have you removed functionality (like hooks for example) that could be used externally?”. Answer Yes, deny the release as an update. “Is it a bug fix” “Is it a security fix” etc etc. Some simple questions could ensure plugins are released correctly, or force new plugins to be released for major changes. The developer who stripped out most of the included functionality so he can sell them as add-ons made an appealing decision as we used said functionality in other code.

    So this is a quick suggestion and can be worked on, and there are probably other things that can be done to help improve plugin release and updates, the problem is I cant see anywhere where WordPress is trying to be proactive and make sure bad plugins are not released.

    So if this is not the place here, then there should be somewhere to have such discussions which (a) highlight the issues, and (b) make suggestions, and not just ignore them.

    Considering its the most popular CMS, and big important sites use it, its terrible that such bad code and updates are introduced.

    So I think someone at WP should be doing something proactive to help improve it is all.

    The number of sites that have gone done and I have had to fix recently because someone decided to change 1 line from array() to [] is ridiculous.

    Thanks a lot for your answer anyway, and not deleting it! I just want to get such an important message across!


    Another Suggestion
    If a developer does indicate in an update release questionnaire that major changes of the plugin occur (moved to PHP 7, removing hooks and functionality) then this is flagged in WP so WP itself can show a warning message in the plugins list, and exclude itself from the auto-updates. We could even override it with a “go ahead” anyway or just leave it not update anymore, the warning serves as a reminder we need to do whatever we need to do to get it to work (update our code, move site to PHP7 server), at which point we could kick in the update again and carry on.

    So that way no new release is needed, but is a preventative update measure to block what could be a major issue that breaks the site.

    We still rely on developers answering the questions correct, so some could get through, but it should catch a lot. Especially if plugins can be penalised (removed from the store, issue flagged up?) if the questions are answered wrong, just to focus their attention a bit more.

    Probably loads more suggestions if the best WP developers joined a task force to brainstorm it! 🙂


    Another Suggestion
    (this is a bit far out there, but thats what brainstorming is all about!)

    A built in staging environment, so updates first happen aside from the live site, some preview/staging mode we dont see, which is called by the update process and check for any errors. It would catch all the 500 errors we get before they are updated to the live site.

    Be a big development I know, just brainstorming here! 🙂

    • This reply was modified 9 months, 2 weeks ago by  amityweb.
    Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Plugin Review Team Rep

    Sorry I was on vacation for a week and change.

    So you’ll notice we DO NOT auto-update plugins. We don’t. Probably won’t for a long time, though some hosts do and I’m really of divided mind about the practice.

    Is Microsoft responsible for, say, Cyberduck pushing a bad update? Nope. Neither are we. That’s 100% on Cyberduck (who hasn’t pushed a bad update in well over a year, and I love that ducky!).

    The hosting directory walks a fine line, we know, but we do our best. We don’t have the infrastructure to do all those great ideas about testing before allowing updates. Wish we did, but people burn out really fast when the find out what reality of what all this volunteer work means.

    Sorry I was now on holiday 🙂

    Jetpack can auto-update plugins, and Jetpack is an automatic plugin isn’t it? This is not about auto-updates anyway. Its about bad plugins, regardless of how they update.

    The problem is if plugins are not updated the site will eventually get hacked. I have made a decision that its better to break a site from an auto-updated plugin than to break it from a hack. For companies that host loads of WP sites, its not practical to keep manually updating plugins all the time, as they are released daily. Your entire job would be updating plugins every day, especially if you do it the right way on staging sites etc. To do it this way, you would be charging like hundreds of bucks per customer to host their site which excludes millions of small businesses, or personal sites, the exact person WP is popular with. So I think MOST WP sites would not have manual updated plugins or plugins updated on staging sites. Only those paying more money, or developers responsible for only a few WP sites.

    So due to the hacking issues with WP and its plugins, auto-updating is just the best way to avoid it.

    But as stated its not about how you update, its about the terrible plugin you are updating to, regardless of how its updated. Why is that bad plugin allowed to be there is my question. How can we prevent that bad plugin being there?

    So my comments are all about how to update in a safer way, to reduce issues that occur with updates. As for auto-updates, I guarantee a lot more sites would not be updated and then be hacked without auto-updates, which is then another issue to address 🙂

    • This reply was modified 8 months, 1 week ago by  amityweb.
    • This reply was modified 8 months, 1 week ago by  amityweb.
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Where is the best place to discuss WordPress/plugins development issues?’ is closed to new replies.