WPTavern: Why Plugins Sometimes Disappear From the WordPress Plugin Directory
Nearly 50K publicly available plugins call the WordPress plugin directory home but once in awhile a few of them seem to disappear. There is usually a good reason for why this happens but the only information available to the public is a page that says the plugin cannot be found. If the plugin is popular enough, concerned users will contact us and ask to investigate what happened.
Mika Epstein, Plugin Directory Representative, says there are a number of reasons for why a plugin can end up hidden from view, “The most well-known, but not the most common, is security issues,” Epstein said.
“Plugins are removed and, by default, hidden mostly because we’re on bbPress 1.0 and there is not as granular a control with post statuses when compared to WordPress itself.”
The plugin review team has three options to choose from when altering a plugin’s visibility, active, closed, and disabled. Although rarely used, when a plugin is disabled, it is hidden from view but updates are able to be pushed out.
I asked Epstein why there’s not more detailed information when a plugin is hidden and the answer is complex, “The lack of information is partly technical as bbPress 1.0 is limited and partly because we can’t all agree on the right way to disclose, when to disclose, and when not to disclose,” she said.
“Obviously the last thing we want are people getting hacked, but it presents us with a few options and they all have flaws. We’ve not been able to determine a way to tell people ‘This plugin is gone, don’t use it’ and ‘This plugin is gone, but use it if you want.’ without putting users at risk.”
Epstein uses WooCommerce and Jetpack as examples, “Let’s say I close Jetpack today and tell people ‘WordPress decided not to support it anymore.’ But tomorrow I close WooCommerce and tell people ‘I can’t tell you why.’ That means an intelligent person knows that WooCommerce is probably vulnerable.”
It’s a conundrum without an easy solution. The team typically closes plugins which makes the plugin’s page disappear. This has the added benefit of making it more difficult to determine if the plugin ever existed. Then the team contacts and works with the developer directly.
Most closures are done with the knowledge of the plugin author as they are often the ones who request that their plugins be closed.
The New WordPress Plugin Directory Will Modernize Plugin Administration
WordPress Plugin Directory Redesign
In addition to bringing a fresh new look to plugin pages, the migration away from bbPress to WordPress will help make the plugin review team’s job easier, “Like far too many things in Plugin Land, everything depends on modernizing the backend to something that is functional.” Epstein said.
“Once the new directory is out and I have some more people trained to do reviews properly, then we’ll have the bandwidth to sit down and really figure out a best solution.
“A stopgap might be making the page say ‘This plugin is no longer available.’ But I’m personally not sure if that would make FUD better or worse.”
If you discover that a plugin you rely on has suddenly vanished from the directory, don’t panic. Depending on the issue, plugins usually reappear within a week unless the author has requested that it be closed.
To learn what’s involved and how the plugin review team does its job, listen to episode 231 of WordPress Weekly. I also encourage you to read our detailed interview with Epstein published in 2014, in which most of the information is still accurate.