Last Updated: 14th Feb 2017
WPTavern: Why Plugins Sometimes Disappear From the WordPress Plugin Directory
Nearly 50K publicly available plugins call the WordPress plugin directory home but once in awhile a few of them seem to disappear. There is usually a good reason for why this happens but the only information available to the public is a page that says the plugin cannot be found. If the plugin is popular enough, concerned users will contact us and ask to investigate what happened.
Mika Epstein, Plugin Directory Representative, says there are a number of reasons for why a plugin can end up hidden from view, ‚ÄúThe most well-known, but not the most common, is security issues,‚ÄĚ Epstein said.
‚ÄúPlugins are removed and, by default, hidden mostly because we‚Äôre on bbPress 1.0 and there is not as granular a control with post statuses when compared to WordPress itself.‚ÄĚ
The plugin review team has three options to choose from when altering a plugin‚Äôs visibility, active, closed, and disabled. Although rarely used, when a plugin is disabled, it is hidden from view but updates are able to be pushed out.
I asked Epstein why there‚Äôs not more detailed information when a plugin is hidden and the answer is complex, ‚ÄúThe lack of information is partly technical as bbPress 1.0 is limited and partly because we can‚Äôt all agree on the right way to disclose, when to disclose, and when not to disclose,‚ÄĚ she said.
‚ÄúObviously the last thing we want are people getting hacked, but it presents us with a few options and they all have flaws. We‚Äôve not been able to determine a way to tell people ‚ÄėThis plugin is gone, don‚Äôt use it‚Äô and ‚ÄėThis plugin is gone, but use it if you want.‚Äô without putting users at risk.‚ÄĚ
Epstein uses WooCommerce and Jetpack as examples, ‚ÄúLet‚Äôs say I close Jetpack today and tell people ‚ÄėWordPress decided not to support it anymore.‚Äô But tomorrow I close WooCommerce and tell people ‚ÄėI can‚Äôt tell you why.‚Äô That means an intelligent person knows that WooCommerce is probably vulnerable.‚ÄĚ
It‚Äôs a conundrum without an easy solution. The team typically closes plugins which makes the plugin‚Äôs page disappear. This has the added benefit of making it more difficult to determine if the plugin ever existed. Then the team contacts and works with the developer directly.
Most closures are done with the knowledge of the plugin author as they are often the ones who request that their plugins be closed.
The New WordPress Plugin Directory Will Modernize Plugin Administration
WordPress Plugin Directory Redesign
In addition to bringing a fresh new look to plugin pages, the migration away from bbPress to WordPress will help make the plugin review team‚Äôs job easier, ‚ÄúLike far too many things in Plugin Land, everything depends on modernizing the backend to something that is functional.‚ÄĚ Epstein said.
‚ÄúOnce the new directory is out and I have some more people trained to do reviews properly, then we‚Äôll have the bandwidth to sit down and really figure out a best solution.
‚ÄúA stopgap might be making the page say ‚ÄėThis plugin is no longer available.‚Äô But I‚Äôm personally not sure if that would make FUD better or worse.‚ÄĚ
If you discover that a plugin you rely on has suddenly vanished from the directory, don‚Äôt panic. Depending on the issue, plugins usually reappear within a week unless the author has requested that it be closed.
To learn what‚Äôs involved and how the plugin review team does its job, listen to episode 231 of WordPress Weekly. I also encourage you to read our detailed interview with Epstein published in 2014, in which most of the information is still accurate.