Mark Jaquith, a core developer for WordPress, published a non-exhaustive list of what “not to do” for plugin development.
We enjoy great plugins as much as the rest of the WP community. This guide by Mark will help ease a lot of pain for a lot of people. Here’s the list.
WP Plugins, The Do's & Dont's
- Give it a license that is incompatible with WordPress’ license.
- Host your plugin elsewhere, and only use the WordPress.org plugin listing as a pointer to that.
- Use base64 encoding to hide your plugin code or obfuscate HTML that you’re injecting into people’s blogs.
- Insert SEO spam links into people’s blogs (like <a href=”http://example.com/”>video poker</a>).
- Insert external links (like a credit link, <a href=”http://example.com/”>My Awesome Plugin by Awesome Sauce</a>) into their blog without explicitly asking their permission, or make the default option be to insert the link.
- Load portions of the code from an external site for no valid reason, or use any other trick to work around #3, #4 and #5.
- Harvest people’s e-mail addresses or require registration to activate the plugin.
- Explicitly state or imply that users of the plugin must pay you money in order to use the plugin.
- Make the plugin a “requirements check” or bootstrapper for some other plugin or service. See #2.
- Make it do something illegal.
- Make it do something sneaky, underhanded, or otherwise dishonest or immoral. Maybe a plugin that disables all plugins by a plugin author you don’t particularly like. Harvest the user’s password. Use your imagination!
This is a great post because I have and still do, often see plugins that are not fitted to being in the plugin repository; which I will report and often get removed.
This goes for everyone, including myself and the plugin authors I work with (hint hint, we’re going to release a plugin next week), to be careful, be honest, and be straight forward with all your plugin development if you want them to be hosted on the WordPress Plugin Repository.
I agree with this list. However, I must laugh at two of them:
“Harvest people’s e-mail addresses or require registration to activate the plugin.
Explicitly state or imply that users of the plugin must pay you money in order to use the plugin.”
Akismet breaks both of those rules, and not only is it made by automattic, but it’s even built into wordpress.
Most definitely Leif, agreed.
Couple things on that:
From my understanding Mark is not an Automattic employee.
Secondly, I am under the impression that Akismet will become a core plugin and will no longer part of the default WordPress installation.
Thanks for your comments, have a great weekend.
~da
Thanks, you to.
Although, based on this video from Matt’s blog: http://ma.tt/2009/11/this-week-in-startups/ I thought that he was the founder of automattic, but I guess I could have been wrong about that.
Hmmm…I don’t know how I feel about akismet becoming a core part of wordpress. It’s fine as an add on, that way people who don’t like having to use locked down plugins can just remove it (I like akismet, but I could see others not liking it), however, putting akismet into the core would mean that it would be much more work to remove it if you felt obligated to do so.
Matt is more the co-founder/founder of WordPress, not Automattic. Matt isn’t even the CEO of “WordPress,” Toni Schneider is. But Matt is still the forward facing person of WordPress, so it could be easy to get that mixed up.
As far as Akismet becoming part of the core, I can definitely understand your concerns with it. I personally love Akismet, so I’m not to have too much pushback from wanting it to be part of the core, but I can understand other people not wanting it to be part of the core simply because they may not want to use it.