SPECIAL EPISODE: The Plugin Directory. Faces of Mika Epstein, Matt Cromwell, Zack Katz.
WP Product Talk
SPECIAL EPISODE – The Plugin Directory
Loading
/

We invited Mika Epstein to join us on WP Product Talk with co-host Zack Katz to talk about the trials and tribulations of the WordPress.org Plugin Directory. As fate would have it, this episode was scheduled on the heels of a lot of furor in the WP Product space around how WordPress.com has added the product pages from WordPress.org to its site and now shows up often first in search results. We decided to take this opportunity to deviate from our normal format and talk a little more in depth about this issue and its implications for WP Product owners who depend on the Plugin Directory for their livlihood.

0:37
[Music]
0:46
thank you
0:56
hello and welcome to WP product talk the place where every week we interview an
1:02
experienced WordPress product owner on strategies tips experiences failures and successes of running successful and
1:09
thriving WordPress product businesses I'm Zach Katz founder of gravity kit and trusted login
1:14
and I'm Matt Cromwell co-founder of give WP and senior director of customer experience at Stellar WP
1:22
and today's topic is the trials and tribulations of Hosting your plugin on wordpress.org this is a special episode
1:30
uh for timely and significant reasons we don't typically cover the latest WordPress news and things like that
1:37
especially we don't really do a lot of WP drama types of things um but recently there's been some fur uh
1:44
specifically around the plugin directory and so and we actually just happened to
1:51
accidentally have already invited a really special guest named Mika Epstein to be on exactly this week and
1:59
um we just thought all the stars are aligning so we should just do this in a different format in
2:04
different way so um to kick us off I want to give just a little bit of context first for anybody who might not
2:10
be totally uh in the know um but essentially over the last week or
2:16
so um we uh we we experienced a couple different things one is that it was
2:21
highlighted that the plugins uh and I believe also the themes
2:27
um no adjust the plugins um are have been ported over uh or copied over to wordpress.com
2:34
um and um in terms of like the content of the plug-in Pages uh this was
2:39
highlighted by uh John blackborn who's uh author of the user switching plugin
2:45
which I love that plug-in to death I use it on every single site and he's actually written quite a few plugins but
2:51
that's just one of them of many um he highlighted it because it has some SEO implications he went to search for
2:56
his plugin and he found that wordpress.com was showing up at the top of the list um and some of that is is kind of a
3:03
weird experience when you go to that.com listing um you get when you when you want to if
3:09
you're interested in that plug-in it there's a button that says get started when you click get started it takes you to a sign up form for wordpress.com
3:17
um that's a very radically different experience than what we're trying to educate our users on when we want them
3:23
to use our plugin um and there's concerns around SEO duplicate content things like that it
3:29
was a good concern um it was a good highlight and honestly I don't know of any previous discussion
3:35
that was saying oh heads up everybody we're going to have all the free plugins also on.com
3:41
um so uh I think it was a worthy and valid call out uh Zach is am I tracking
3:47
does that sound or about right yeah I think one of the things that wordpress.com did that got people
3:54
frustrated was that it says free on the business plan that a free plugin that's
4:00
on dot org for free on.com it says free on the business plan for wordpress.com
4:05
suggesting that the plugin itself uh is only available if you were to sign up
4:11
for a paid plan on wordpress.com yeah yeah for sure of course wordpress.com is
4:16
one of the few hosts I'm not sure if there's really any hosts really that does provide a free tier
4:23
um and that is interesting and a unique offering that WordPress has done for forever but you can install plugins on
4:30
the free tier at all you have to have a paid tier in order to install plugins um but I mean you have to have paid
4:36
hosting to install plugins anywhere um so it's kind of like one of those 50 50 kind of situations uh the whole thing
4:43
got actually even more heightened when uh Matt mullenwood got uh involved and
4:49
started talking about like what would we do about these things I can't control Google things like that a lot of his
4:57
responses seem to be a little bit defensive and folks kind of double down
5:02
on their criticisms and also got a bit pointed in the way that they talked about these things and then some
5:08
additional tweets happened which where uh what's the what's the best most
5:13
kosher way to say it um he got very pointed and personal in some of his attacks on on plug-in
5:20
authors specifically so demeaning is one way to characterize them yeah demeaning
5:26
undermining them in terms of whether or not they were successful as product owners at all
5:31
um uh specifically Dan Cameron Jason Coleman um things like that
5:37
um some of these tweets have been deleted I will say um but um it was it was
5:44
rough and hard to watch happen like a train wreck uh happening live on the
5:49
Twitter's sphere um but to catch up on all of this um in really constructive ways um Zach
5:57
has some links for us we're going to put them in the comments and we're gonna post it on our website when we post this
6:03
episode later uh but the tavern actually covered this twice in two different ways one they first uh Sarah Sarah Gooding
6:10
has always did a really great job showing how developers raise the concerns about the.com content
6:17
um specifically and then she did a follow-up um talking about how developers really
6:23
didn't um felt damaged uh felt uh uh they lost a
6:30
lot of trust in the WordPress leadership because of the way in which Matt behaved on uh on Twitter in particular
6:37
um another really good one a very short read a very short listen is from the WV minute Matt Medeiros did a great uh
6:43
session um of the wp minute where he highlights uh things that josepha has said about
6:49
how WordPress can change your life and how WordPress uh is has so much impact and he said that that can also go in a
6:56
negative Direction too when uh when leadership is is kind of undermining our success as well so I think all of those
7:03
things are really great reads for context for all of this last one I want to do before we bring Mika on who's
7:09
sitting there waiting patiently um is um Zach I also did a really
7:14
excellent write-up um and that I really hope everyone could read um in which he talks about how we have a
7:22
code of conduct in WordPress in general and in some ways it really appears as if
7:28
Matt mullenwig himself might have violated that code of conduct and the way you worded the stack I think is just
7:35
exceptional the way you walk through it in a very constructive Manner and really
7:41
specifically highlighting um that wordpress's people which I love that uh that background of course
7:48
um uh but I'd love to hear just a little bit and I'm sure everybody else would just what were your motivations for the
7:53
Post what made you really think like this needs to be said this needs to be done I find myself really disturbed by Matt's
8:02
public behavior and discouraged because we all love WordPress and invest in it
8:09
in our time and our energy and even if somebody doesn't contribute code to core
8:14
if you're working on a plug-in that enhances WordPress and so like the fruit map to sit in Judgment of people's
8:21
contributions and compare them to his own it felt really nasty to me in a way that
8:28
really upset me and I found myself for the whole week um unproductive in a large way uh when it
8:36
came from uh my work because I I just there was something in the background that I I was like what could we do what
8:42
can we do about this what is there to be done I was like well we have a code of conduct that lays out exactly what the
8:49
process is and exactly what's expected of people in the community uh whether you're leading the community
8:55
or if you're a contributor or if you attend a word camp uh and the opening
9:00
mind in my article is a quote from the code of conduct that says we pledge to act and interact in ways that
9:07
contribute to an open welcoming diverse and inclusive community and I felt like Matt did not live up to
9:13
that pledge and so I wrote this article and uh yeah I yeah that's what led to it awesome thank
9:21
you so much for that contact Zach again I I said this in slow status slack it's a pleasure to know you man like that was
9:28
really well said and so constructive I really want to make sure that um in all these types of conversations
9:34
that we always try to give people the benefit of the doubt but
9:39
also have radical Candor and be able to say what's on our heart truthfully and always be constructive
9:45
um uh under these circumstances so that's the summary nutshell
9:51
um the links are in the chat there if you are here and you are listening in and you want to say something please use
9:57
the chat we will highlight you and we'll discuss it as well and uh all of that is
10:02
context for us to talk about the plugin directory with our very special guests who is finally here
10:09
hi I'm actually standing I have a standing desk literally standing by
10:17
thank you so much for being here Mika I really appreciate it um I reached out to you in like I don't know June or so and
10:24
I was like be on our show you're like yes but later um and that was right when I yeah that
10:31
was right when I had started uh the whole like public process of stepping down from the plug-in directory which
10:38
had been in process for about a year and a half before then almost two years it that was a that was not a that was a
10:45
very planned process going down the line yeah absolutely
10:50
um so give some uh you know we know you a lot of folks who are watching know you but give us a little bit of context who
10:57
are you what have you done what do you do what will you do uh because you're on
11:02
a journey I know I am on it well we're all on a journey um for oh gosh uh let's see so right now I
11:10
work for xwp I am a WordPress engineer there I work with our clients I help
11:16
build amazing websites for people and make their dreams come true which I love
11:21
very much I started here about a year ago before that I worked for a web host dreamhost I loved working there I
11:28
learned so much and the people there are just absolutely wonderful and before that I worked at a bank and
11:34
while I was working at a bank I was habitually bored because we had to compile code at the end of every
11:40
afternoon and so I would have like three hours where all I would do would watch my computer compile code and couldn't
11:46
really develop anything else because you know these were Windows NT boxes folks
11:52
Windows XP I I was part of the project to upgrade everybody to XP that was fun uh so I started poking around and I was
12:00
trying to figure something to run a website I designed and hand built with PHP and shtml a long time ago
12:07
and I had used B2 Evolution the predecessor to Wordpress back in the day
12:12
so I installed WordPress got it up and running realized it didn't do everything I wanted then I thought I could code it
12:19
uh and you know it just sort of snowballed down the hill I started looking for plugins
12:26
that did what I wanted and when I couldn't find them or I found that they had issues I used to email Auto and
12:32
finally one day Otto was like look you're gonna have to join the plug-in team because I'm tired of handling your emails you need to handle these yourself
12:37
and that was actually how I got added to the plug-in team um yeah and my job was basically to look
12:44
through a plug-in and then figure out what was wrong and email the the
12:49
developer or actually I didn't even have email at the beginning it was just to let the team know this is what I found this week and they would do that and
12:56
eventually I got added to the uh the email system and then I was doing reviews and over time I ended up uh the
13:04
at the first word campus was when I became the representative for the plug-in review team and that went on
13:12
until this year uh where I decided you know after my dad died in 2019 I started
13:17
making a lot of Big Life Changes like I knew I needed to make a lot of
13:22
personal changes and one of them was absolutely reducing uh the amount of stress I was under because it was having
13:28
a negative impact on my physical and mental health and the easiest thing to
13:33
cut out you know besides a couple of other volunteer things I had been doing was in fact plugins and I didn't want to
13:40
because I love doing it but I was tired and I realized I'm not
13:46
able to do everything I need more help I need
13:51
you know a group and thankfully we were able to set up a group I wish I'd been able to do more to like
13:59
figure out onboarding but that was never my strong suit and I was like I don't even know how to write all this so it
14:05
was kind of winging it and uh I learned a lot from that experience uh and I'm
14:11
still technically like I hang out with the team and like when they have weird questions they're like hey what is this
14:16
and I'm happy to answer but like I haven't actually reviewed a plug-in or even looked at the queue in about a
14:22
month yeah yeah I don't blame you I mean you've written about this a bit we don't
14:28
have to rehash but there's also a lot of drama involved in like yeah you are the gatekeeper people are gonna come after
14:34
you and you have a long a long long long story that you've written about I'll Point people at your website yeah you
14:40
just go to halfhealth.org and it's on the it's on the top menu um yeah and you know that's really
14:46
relevant to what's been going on in WordPress this last week because
14:52
I was the face up until we finally managed to switch things to be mostly Anonymous I was the person people got
14:59
emails from and therefore I was the person to be targeted when
15:04
something wasn't liked yeah absolutely and you know thankfully before all that
15:09
I had had experiences being a face of a project and I knew
15:15
from the get-go that there are certain things I cannot get into an argument with people in social media because not
15:22
only is there a no-win situation for me but it has a really strong possibility of hurting the project itself not just
15:29
me but like hurting the whole thing so you know keeping your mouth shut is hard
15:36
I'm not very good at it but like you know people are like wait you kept your mouth shut you're incredibly outspoken
15:41
you always speak your mind I said yeah but I didn't all I don't always speak my mind you're seeing the curated version
15:47
of what's going on someone out there is terrified now well
15:53
I mean I think there's so much to unpack in there and which you have done in a lot of different interviews and and on
15:59
your article as well but the the the Strand there that you're highlighting is
16:04
how like being a volunteer for this large huge project has a cost
16:11
um oh yeah and for some folks like you it can end up being a mental health cost and it can be really risky
16:18
um and that's why I think like the idea or the concept the that Zach highlighted
16:24
from the code of contact that we have to have uh environment of of safety and
16:30
Trust uh is like so vital into what we do um because it's open source and because
16:36
we can end up you know we are out there um I've been out there for so long I
16:41
have like a lot of privilege and being a white male who just melds in um and uh I'll uh also having a
16:48
Christian background that lots of people find to be just like in the majority or whatnot I don't experience all these
16:54
things um the way the others do and so I have always felt personally like I have to
17:00
help to Foster as much of a good environment as I possibly can
17:07
um and that's and that's really important because a lot of people don't recognize that and you know
17:15
I have a lot of privilege I'm white passing uh I have a I have a non-in
17:21
significant amount of non-white uh genetics going on in here that most people just never notice and I'm fine
17:27
with that because I it allows me to use that privilege to help others but I'm also openly queer I'm Jewish and I'm a
17:35
woman and all of those things have worked against me in Corporate America I
17:40
was told to my face that unless I started wearing a dress and makeup I would never be promoted
17:47
jokes on them they got fired yeah and that's I mean that's the kind of
17:52
thing where it's like in this environment we we have to be looking out for each other at all costs um and I
18:00
hope that's part of me and I think that's part of the problem with how Matt was talking to developers
18:06
and contributors is that it put people in the position of having to defend
18:13
themselves and they're in a lower status position than that so whenever you are in a position of
18:19
power anybody in a lower status position you need to protect them and you need to
18:24
make sure to be very careful in how you interact with them in order to support their Journey so that they can become
18:31
promoted uh and and not be inadvertently or not uh subject to discrimination or
18:39
harassment or you know the the way that Matt was behaving resulted in I'm sure
18:47
lots of stress for the people involved and Matt is in a position of power in that relationship and so he I believe is
18:54
has the his the onus is on him to behave better yeah absolutely like I I even
18:59
like in the WordPress space um among plug-in authors and things like that I like I do also feel really
19:06
fortunate that give has been successful um and I have lots of things that I can
19:11
talk about in terms of like why we were successful um when I talk with other plug-in owners
19:16
who are just on the beginning of their Journey or have really struggled or have even like sold their business and folded
19:23
it down and things like that uh like I always really try to be really constructive and positive about their
19:29
contributions um and never like never like well I'm obviously more successful or whatever
19:35
but like and then amplifying that to the automatic level at which like I mean truthfully
19:41
um how much has WordPress the project uh the code base case benefited from all of
19:48
these plug-in owners all together I'm certain that mullenweg knows that and he
19:55
has said it at several different state of the words but um in this particular instance it felt
20:01
like he undermined that trust and undermined that value to an extent that I feel like is really hard I I I did
20:08
reach out to Sarah in that for that article that the second one that she wrote on WP Tavern and one thing I said
20:15
is I don't know if he can put the genie back in the bottle with this one because I really feel like he went Far Over The
20:20
Line uh with the plug-in authors this time um which I think was kind of rough
20:26
um but like one thing we said before this show started um Mika is like you've
20:31
also seen it on both sides like oh yeah you are a plug-in owner you've written
20:36
lots of plugins um not I don't think for a business though oh yeah no I wrote I've written
20:43
plugins uh technically for dreamhost and um a weird situation I still own one
20:48
okay um I need to work with them again and make sure like are you guys okay that that I still own this one um but no
20:55
I I've I have not written a plug-in for it for like a plug-in company yet uh I'm
21:01
sure one day xwp will be like hang on a minute you're gonna go write this um and I'm cool with that but I have
21:07
written plugins for the purpose of a company and but it's and then you've
21:13
seen very different perspective oh yeah and then most of mine are just Indie stuff that I needed and I thought I'll share with the world yeah and then
21:20
you've experienced the Wrath of the plug-in authors yeah as well like you've
21:25
seen how impatient or inflexible uh some of us can be when the plugin directory
21:32
pisses us off or like if we nobody likes hearing no or especially nobody likes
21:38
hearing you've done this wrong and and that's that's ultimately like the the
21:44
problem with getting a plug-in review is that from my end it was always intended
21:50
as this can be improved this can be made better and safer but as someone who's received those
21:57
reviews as well I recognize that what it feels like is your plugin sucks and you
22:02
suck and you should feel bad and it's very Zoidberg um and it's really hard to approach uh
22:10
josepha was instrumental in helping me rewrite a lot of the predefined replies
22:15
for plug-in things so that they came off firm but gentle right and you have yeah
22:22
you have to be firm because like some things there is no there's no brokering
22:27
uh you're including your own copy of jQuery that's just a flat no you're making a curl call because the
22:34
service that you're calling actually won't work if you use the WordPress uh uh API to make the call okay that can be
22:43
allowed and it's just a matter of going through things with people and having them explain but it's really hard
22:49
sometimes to get people to stop being frustrated that they just got told no and get them to reread the whole thing
22:55
that says hey if there's a valid reason let us know we could be wrong and um
23:02
you know instead it sort of felt for a lot of people I guess like the word of God and I'm like no no no no no no this
23:08
is I am not Moses I'm not Aaron I am just Mika saying hey these things look shaky
23:14
um I'm not really keen on whales that much
23:21
so for plug-in for plug-in authors and product owners who have have interacted
23:27
with DOT org and now they have a.com listing oh yeah I'm curious to I'm
23:34
curious to know what you uh like what recommendations you have for them for how to handle this situation where your
23:40
listening gets scraped and you're now on two websites and you don't know
23:49
that's the thing everybody's going oh this is.com this is the first time it's not uh there was
23:56
and I'm blanking on who it was some other company actually made a full copy
24:01
of the repo and you could go and see people's plugins and download them and the only reason that I knew this was
24:08
that someone had closed a plugin on dot org and then they emailed us complaining that we didn't take it down from this
24:13
other site and I'm like that that's that's not us you kind of got to talk to them directly I'm sorry and they were really upset they're like
24:19
well I've talked to them and they're not removing the plug I'm like well there's literally nothing I can do that is someone else's
24:26
website send them a dmca uh which I hate saying but the reason
24:33
that this one I think blew up more than anything else is because as Matt pointed out if you're logged in
24:40
to wordpress.com you get redirected to wordpress.com that comes up as the
24:45
number one hit and that makes sense except if you work for an agency the odds are
24:52
you're logged into.com all the time because you possibly have at least one VIP client so you're logged into.com and
25:00
that means for me I was always getting redirected.com now the benefit to that is that I am an
25:06
intelligent person who recognizes Oh Google's silly and I just changed the com.org and my address bar once that
25:14
started happening to people who weren't kind of Savage aware of these intricacies that's
25:21
when it got really noticed like that's when John noticed and not to say that John is not absolutely astute about
25:27
these things he's brilliant and I love him but once more people started noticing it
25:33
then it became a thing then it became hang on a second and um
25:38
you know it is a problem because yes absolutely anyone is free to scrape
25:45
the dot org directory and do with it what they will it's it all the code is GPL off you go to the races technically
25:52
speaking yeah absolutely you can do it but much like how I have very strong opinions about don't copy premium code
25:59
even if it's GPL and give it away for free it's not because it's illegal it's because it's just kind of a well
26:06
it's a not good luck yeah I have a more vulgar way of saying initially I'm not
26:12
going to do that here yeah it's just it's not a good look legal not particularly moral
26:18
um yeah well I I try to avoid a moral argument because like my moral we talked about this before the show my morals are
26:25
heavily influenced by my Jewish upbringing and I reckon I've recognized from an early age that it does not mesh
26:32
with uh my peers a lot of the time um but in this case my first thought was
26:38
this is really cool for people who are using.com because it helps them upsell which is important because wordpress.com
26:45
gives away blogs for free and in order to recoup that cost and
26:50
believe me that is a massive cost I've worked for a web host I know how much this stuff costs in order to recoup they
26:56
need to upsell people and move them to business plans sure this makes sense and if by telling them hey you can get these cool plugins if you move to our business
27:03
plan that's intelligent from a business standpoint but from a community standpoint that's when it starts getting
27:09
real shaky like how do you balance the two and you know my first thought was
27:16
I think patch deck has done this already it's like they've put a thing in their dot in their readme that says you can get this for free on.org yeah um which
27:23
is cool yeah um I think that was pretty smart and that was pretty Savvy I like that I mean like I was mentioning
27:29
earlier with with the nuances of How It's on dot yeah there is a little bag that says you you can do this on your
27:36
self-hosted site just download it here yeah letting you download the zip yeah I
27:42
would have had it linked to the dot org page yeah you know learn more about this plugin on wordpress.org exactly and like
27:49
two buttons if you wanted to download Honestly though it's like the old download button that we had on
27:54
wordpress.org ages and ages ago if you click the download button it downloaded WordPress and you didn't know what to do
28:00
exactly and so then they changed it to go to a download page that explained and then you download and that helped a lot
28:06
of people and I kind of feel like they need to do that again like just have a you know self-hosting WordPress go here
28:12
and just help redirect them it would it would let them keep the benefit but at
28:18
the same time boost the community and by boosting the community you encourage more people to develop plugins more people develop
28:24
plugins there's more people using Wordpress more people using Wordpress we all win yeah absolutely let's talk a
28:30
little bit about the nuts and bolts with the plug-in review team uh amber Heinz a co-host is here and she has a really
28:37
good questions uh oh yeah uh Mika and I had a conversation on Mastodon about
28:42
possibly having ongoing automated reviews and public badges for plugins
28:47
for things like security accessibility Etc would love for us to discuss that
28:54
um yeah they're actually working on that I'm so proud of them um there
28:59
so fairly recently it was made public that there is a tool that they're like an actual plug-in check
29:06
um yeah yep that that's going to be able to tell you when you've missed certain things and one of the things it is
29:13
actually telling you is like uh translate now it's pointing out hey you didn't put a translation explanation in
29:18
there I was never able to sit down and have the like the time to sit and do it while still
29:26
handling reviews and the security situations and all the other nuts and bolts of the plug and that was really
29:31
the problem is that like I was a one-woman show for a little while and it's really hard to do everything yeah
29:38
and where I absolutely dropped the ball was in two places it was in clearly documenting what I was doing day to day
29:45
I fell into the same trap that uh WordPress core had in the early days which was how do you do a release
29:50
because there was one person Andrew Nason was basically doing it and so it's
29:55
really hard to stop and like what am I actually doing because it starts becoming muscle memory
30:01
um so with a bunch of new people coming in they were able to look at it and go well
30:07
you know this is great but it takes time if we spend time in the beginning to set up an actual tool that does plug-in
30:13
checks that will do things like security and we'll tell you before you submit the plug-in hey these are things that are going to hold you up are you sure you
30:19
want to go yeah which is we've had a few background things uh that we're always running in the uh like that prevented
30:26
and upload and people mostly saw those as hey you started your plug-in name with woocommerce you can't do that it's
30:31
trademarked yeah yeah trademarks I reached out to um to uh Gustavo uh
30:40
bordoni who's uh on the on the plug-in review team now um I I asked him the question I was like hey you know
30:46
everyone's looking at the plug-in queue and it's like 1200 plus plugins in the queue and 90 days out so we're gonna get
30:54
reviews we're used to the Mika days when it was like three to five days um so yeah you know what's the story
31:00
it's not really a fair comparison not it's not let me tell you real quick um what his response though he he was oh
31:07
yeah tell me I was like so what's the deal there he's like we are onboarding more members uh but training takes time
31:13
so hopefully as people get more experience we will be able to address the existing cue faster but ultimately
31:20
the goal is to Leverage The plug-in check plug-in to address the massive amounts of plugins that are getting
31:26
submitted eventually the plug and check plug-in will be part of the submit form in some way and that will help us to
31:31
avoid most of the problems so we have to tell people to fix yeah um our plan is to release a version of the
31:37
plug-and-check plugin soon uh and we're hoping for he says we're hoping for this week or
31:42
next week which is a big deal so yeah plug-in forever uh I've been jealous of
31:50
Team developers in that way only for a long time yeah well the biggest
31:56
hold up with that has always been the complexity of what plugins are and I
32:02
I say this without ever wanting to bash the hard work that goes into theme development I do it myself for work
32:10
steam development is more or less straightforward you're making a theme it
32:16
has to interact with WordPress in a very specific way and yes you can make really cool features and things but at the end
32:22
of the day you have made a theme and it must be a theme yeah now go look at
32:28
plugins what are they anything whatever you want they can even have theme
32:34
templates in them like yeah they can be as complex as woocommerce and Buddy
32:39
press they can be as small as Hello Dolly yeah all of those are plugins um
32:45
and you know it the irony though there a little bit though Mika is that the the theme review
32:51
team it's gone through a lot of things too but they are super rigorous and sometimes like a theme will go through
32:58
like five different iterations they'll be like nope you need to do XYZ and then come back nope you gotta do it again
33:05
um like it's I don't know they've gone through a lot of iterations too um and I don't know if they're like you
33:11
should have a pretty big backlog too yes at one point yeah absolutely
33:16
um but that's the trade-off either you're super rigorous and you're gonna have a backlog because of that or your
33:23
is it more or is it mostly safe enough to keep using like are there no big oh
33:29
man this is totally wrong issues uh does it do what it says yeah and does it actually work and
33:35
believe it or not those two things should have been the same but they're not yeah uh and and for the most part that's what I was
33:42
always checking for is it safe is it doing what it says
33:47
is it actually functional and if it passes all those through even if it's not accessible I know even if they
33:53
didn't do the translations properly I might warn them hey you're using variables for a translation you don't
33:58
want to do that it's going to break the system and you won't get your translations um
34:03
yeah you know but the reason that I was doing that was
34:09
a it was a lot of things to cover and B not all plug-in developers come from the
34:16
same place yeah everybody thinks oh all of these plug-in developers are professionals now folks
34:24
professionals are the minority the majority is you know uh Jane off the
34:30
street who says hey I figured out how to write this cool thing I want to host it and I wanted to encourage those people
34:38
and make them part of the community because once they got a plug-in approved I would hear from people at
34:44
word camps oh I'm so happy you approved my plug-in I feel like I can do anything you gave me the confidence to go I'm
34:50
like that's good yeah that's good for the community and trying to balance those two things it it it's rough and
34:58
right now we're at a point where WordPress plugins have to start looking harder at the security issues because
35:04
we've got some bad actors in the community who are going to zero day you and yeah I hate those guys we have to be
35:11
more conscientious of translations of accessibility and due to that this is
35:19
the perfect time for the plug-in review team to start yeah enforcing those things and it really sucks that it made
35:25
such a backlog yeah totally but like I think part of the issue there too we've had this Common Thread here of the issue
35:32
of trust I think like the thing with Malinois was difficult in the trust environment for sure the thing about
35:38
plugins is also there's a lot of trust going on because from uh when you submit
35:44
your plugin there's a review process but once it's been submitted and approved there's not a whole lot I know that you
35:50
scan ever you scanned uh regularly um and you can't catch everything in
35:55
those giant scans either but like there was talk about using WP tied for a long time and but like I think there's this
36:03
what I mean about the trust part is that the trust that users have in WordPress
36:09
is most often eroded be because of plugins or conflicts or because
36:15
plugins are the things that are vulnerable that let their site get hacked um and I think there's a there's a a lot
36:22
of room for us to grow as an ecosystem in terms of ensuring that every release we push out there is a lot safer
36:30
essentially and I don't know what your take is on in terms of what response or
36:36
what options do we have from the plug-in review side uh like how gatekeepy do do
36:41
we want you all to be not you all them all no I don't y'all
36:48
I was always really torn on this on the one hand if you're having the plug-in review team review every single version
36:54
of a plug-in you're never going to get through the day it's just that I mean
37:00
it's just it's impossible on the other hand if we're not doing that
37:06
how can we bring back the trust for users to have with plugins without
37:12
needing to do a significant amount of Education as to how to discern if a plug-in and its developers can or cannot
37:19
be trusted uh for example I am a huge proponent of yoast SEO I love it it does
37:25
exactly what I need uh it's hookable it's filterable I've had wonderful Success With It
37:31
they make mistakes they've made a couple of mistakes that crashed my site they fixed them very
37:36
quickly and in my book you know it even WordPress core pushes out
37:41
uh bad updates we've had a case where we've done a minor update and then the next day or even the same day
37:48
immediately started on another update to fix it because humans are humans and it is impossible for a computer even today
37:55
to check everything in every possible permutation of how a thing is working
38:01
um where I was at some word camp or another chatting with uh Otto and Barry and I said you know
38:08
what if we checked every plugin against all the other plugins in the directory to see what's incompatible and we did
38:14
the math and we came out that it would be about a week and a half per plug-in
38:19
to check the update for compatibility unbelievable and it's because there are
38:25
somewhere near 60 000 active plugins and over a hundred fifteen thousand total
38:30
the 115 includes rejected it also includes uh ones that are closed or reopened and in some state of
38:37
of non-public um it's a lot and that will never even
38:43
touch on the plugins that don't exist in the directory which again is a totally reasonable thing for people to do sell a
38:49
plug-in I'm for it I fully support people's ability to take what is a free
38:55
plugin on.org and then have add-ons and features that you can buy to make it
39:00
even better and to make the living off of that because development is hard work yeah and you know it's got to be
39:07
respected um but having an automated tool
39:12
if it was possible to have a perfect automated tool that could say this plug-in has passed all of our security
39:17
checks and have an automated little badge to have an automated little badge to say this plug-in passes all of our
39:23
required accessibility checks this plugin has a badge to say this plug-in has passed our test to be fully
39:28
translatable that would rock I don't know how to do it and I don't know if any of us have figured that out yet but
39:36
a lot of it still has to be done manually yeah a human has to go through and look at the results and go oh the
39:44
robot's wrong here like if you've ever used phpcs and wpcs
39:49
which are code sniffers that I absolutely support they're fantastic to help you with consistency of your code
39:55
style of your formatting and of your security and functionability for your code
40:01
those are fantastic tools but sometimes they're wrong like it yells at you and says hey you're not doing a nonce check
40:06
here I'm like I did it up there why are you being like this and you have to put in a thing to say phps shush I I did
40:13
that already but those have to be you have to use your brain to figure out maybe I did the
40:19
check wrong oh no I didn't it's okay great I can move on and robots can't do that AI is not there
40:25
yet uh I am well known for not actually believing in artificial intelligence it's just a bunch of if then statements
40:31
all nested down the the line um and you have to tell it what to look for
40:38
so it's always going to miss stuff I don't know uh if there's ever going to be a way
40:44
to say any product even WordPress itself is 100 secure and safe yeah yeah
40:50
realistically and because I've got that realistic long-term View
40:55
I kind of start at the well if we can't make it sure that it's going
41:01
to be okay should we be telling people it's probably okay because then when it's not we're in a worse situation than
41:09
now where we're just saying look we reviewed the initial plug-in whether or not they actually uploaded the plugin I
41:14
approved actually I don't know a lot of times I'll approve a version of a plug-in and
41:20
they would have uploaded the one three versions ago that has all the problems I told them to fix and then I had to close
41:26
the plugin and say look man you gotta upload the right one that one drives me up a wall just drove me up a wall now I
41:32
just look at it and go so when you're uh
41:38
in the when you're taking the rules that you've developed uh for the plug-in
41:43
directory yeah and how those have changed over time to address more and
41:49
more ways to get around the rules um how do you find the code of conduct for
41:55
the community do you find it sufficient currently do you feel it needs uh
42:01
modification uh is there is it is it enough I think it's a very good start
42:08
um I don't think any code of conduct is fully complete for two main reasons one is that
42:15
humanity is an ever-changing uh stew you know what what uh when we all use
42:21
started using the internet and it was dial up and we dialed into bulletin boards the internet was a very different
42:26
place than today with like seven different social media platforms where you can go and talk about things and
42:32
behavior in those smaller communities did that scale well to these larger ones
42:38
and similarly a code of conduct that is written for a specific situation a specific environment will have to change
42:43
and adapt as we change and adapt um that's why the Auto likes to say that
42:49
the original intent of the plug-in guidelines was uh don't be a jerk
42:54
don't do bad things kind of like Google don't be evil you'll notice they don't say that anymore though and
43:01
we call them guidelines for a reason if you call them rules then people start playing rules lawyer and going well does
43:08
it specifically say I can't do that so we've got that 18th guideline that says we've reserve the right to enforce these
43:15
guidelines to the best of our ability to uh to give people chances
43:21
and to not give people chances depending on the situation which is sort of the catch-all of look if we look at you and
43:29
we know what you're doing is intentionally harmful to the community it doesn't matter whether or not you
43:34
violated other other guidelines it doesn't matter if you can argue well technically I didn't what matters is
43:40
that your intent is no longer uh positive for the community yeah and
43:46
that's just not cool yeah absolutely we want people to be constructive with each other
43:51
but there's always been a big difference with the WordPress the plug-in guidelines and the theme guidelines and
43:56
it's this a theme guidelines say that all of your themes have to be GPL
44:02
all even if they're not hosted on wordpress.org the plugin guidelines have never said that and I was admined that I
44:08
would never add it because what you do outside of wordpress.org outside of
44:14
slack outside of our official Community is not beholden to our code of conduct
44:21
because it is unfair to say that if you know Zach and I get into a screaming
44:26
argument down the street and start you know shoving each other and posturing and then we walk away should both of us
44:32
be kicked out of a word Camp if we happen to be in the same town as a word camp and we're both attending were we
44:37
doing get an official WordPress function if not I don't think it applies I mean I would say that our friends should go
44:43
Mika Zach calm down let's talk it's tough to work out I'm intimidated at the
44:50
moment I don't want to fight anybody I've been
44:56
in one fight in my life and that was enough um but you know what you do
45:02
outside of the community is absolutely going to impact how the community views you yeah it's not a violation of the
45:08
community code of conduct so they're going to be exceptions right there the community yeah that's
45:15
the problem there you go and I mean I'll truthfully like that was highlighted I mean Twitter is like the public forum
45:22
you know I mean it's all for everyone there it's like as if this happened on the on the street corner or somewhere
45:28
and was recorded or whatnot but at the same time like for one reason or another which I'm not totally sure about Twitter
45:36
tends to be where we like to have this kind of business I don't understand that part but that's like the place to hash
45:44
out all of our issues in public uh I think part of it is where people choose
45:50
to reply like for example replies in Twitter and
45:55
sometimes he replies in post status slack and I don't participate in dot org slack but maybe he replies there as well
46:01
but it's it's hard to get a hold of him right yeah so when he replies that's
46:07
where the that's where the conversation happens which I think is weird because like the conversations that we have on
46:16
wordpress.org make posts for example I feel like that could be a lot more constructive uh since it's also just
46:23
threaded conversation um for the most part like why aren't we having well we do I I have seen very
46:30
constructive uh comments on a lot of the make posts um like there's a a post
46:35
right now about uh support Forum guidelines um that's relevant to this conversation
46:41
yeah those need an update yeah right and they're I let them in touch on yours they're they're simplifying them in some
46:48
ways and um and I I think it's really helpful there's good conversations happening there why aren't we having more
46:54
conversation there it's there's almost like another show honestly I've been really curious about like as this
47:01
formerly known as Twitter Place continues to be highly not trustworthy like where are we going to have these
47:07
conversations um because we have several good spots I think make WordPress lack is a really good
47:14
spot for these kind of conversations I wish more people would have them there I think the make a blog is a really great
47:20
place to have them I would like to see more constructive conversations there WP Tavern just kicked off forums which is
47:27
interesting um it's almost like a callback but it's like yeah new again but it's still BB
47:33
press so um I mean we'll see how that goes too but um so you talk about you know Twitter
47:40
being an untrustworthy place to have that conversation why is that is it because
47:46
people behave differently there they behave differently there like Matt did have conversations about this thing in
47:54
post status slack and I felt like he was more constructive in post status slack for some reason which is weird because
47:59
poster slack is more privatized uh it's not out in the public as much
48:05
um why do we behave more wildly when we're out in public I don't know I'm I'm
48:11
an old internet Denizen um like dial up like I had dialed the
48:19
phone put it on the modem uh Novatel stuff um
48:24
when you're in a small curated place and I recognize how large WordPress is so
48:30
calling WordPress slack a small curated space is kind of ironic um
48:35
yeah right but versus when you're on uh what is effectively the world's
48:43
largest open forum and that would be whatever Twitter's called whatever's
48:48
Twitter's called today um I dipped out of Twitter uh a year ago because I do not support uh the rollback
48:56
to their code of conduct as it actually happens they removed protections against
49:02
people saying horrible things about people of my sexuality and my gender and
49:08
my religion and I don't feel safe there so I will not participate and I hold that true by the way to any social media
49:15
that I'm using if I cannot be allowed to be I don't want to be there
49:20
and it even extended to like I will know I I love word Camp Miami we're talking
49:25
about it before this I can't go to another word camp in Florida until some of those laws change because it is
49:30
physically no longer safe for me yeah not about word Camp about the state about the state yeah the word Camp's
49:36
fine I just can't go to the state um but the reason that being around the
49:43
internet for so long the reason that social media tends to
49:48
bring out the worst in US is this curated algorithm that is especially true in recent days that you can't turn
49:55
off it used to be you could just have your timeline be linear newest post on the top I'll just post on the bottom
50:01
scroll up and down you really wouldn't lose a post now if I re I have still have a Twitter account for a thing that
50:06
a project that I work on and I check it out occasionally and when I do and I hit refresh I get a completely different set of posts sometimes I get the same post
50:13
over and over again for four days that algorithm is being
50:19
kind of buzzfeeded forward so the more interaction a post gets the more popular
50:26
gets and the higher up in your feet it gets so more people see it the more people see it the more you get that
50:32
dopamine response of I've been seen I must be doing this right so we get in
50:37
this vicious cycle of I'm gonna say a Hot Topic in a way that draws people's
50:43
eyes gets attention I'm gonna get that dopamine hit I'm gonna feel so good yeah and you do but the problem is that what
50:49
we have found gets elevated faster is uh harsher comments the louder yeah more
50:54
hyper folks uh Courtney Robinson's here in the wings too and um she says with
51:00
the correct place for uh for this type of thing be the make projects and a unique Channel and make slack for
51:07
diplomacy discussions
51:17
but I know from other experiences that we can make a channel like actually it
51:23
was funny war camp Europe last year uh mullenweg from the from this from the uh
51:29
his uh what do they call it now not a state of the word um from his town hall uh oh yeah said
51:37
yes we're going to make a um uh an environmental responsibility Channel happen and like it happened like the the
51:43
next minute um but what happens in that channel uh we haven't talked a lot about it since
51:49
then um so these channels are only as good as we refer people to them and they're only
51:55
as good as we actually say this is where we do these things um uh so it's more than just like
52:02
whether or not we have a channel it's about how we promote it which Courtney's actually really good about that kind of stuff coming in from the top uh if if
52:10
Matt doesn't want to participate then it how meaningful is it Joseph josepha like yeah she can speak
52:18
to the project but can she speak for Matt no I don't believe she can so yeah yeah
52:28
it's a bigger question because like all things even with features on in court it needs someone to Champion and be the
52:34
person to carry it until enough people get buy-in and that you know speaking of
52:39
volunteerism and burnout that's really really hard and I laud anybody who has
52:46
the fortitude to do it yeah in a in a productive way
52:51
well we're gonna wrap up here um and the way we like to wrap up uh is
52:57
always having practical advice for uh plug-in authors we like to think of like somebody who's just go for it I just
53:04
said ooh yeah somebody who's just uh getting uh started uh with plugins or
53:10
has been doing it for a year or so and they want to grow their business in one way or another they're on wordpress.org
53:17
um what do we say to them to um to to for best advice nutshell elevator pitch
53:23
who wants to go first Zach uh sure my first advice uh in context of
53:31
this week and this past you know past couple weeks is uh behave yourself
53:37
be professional in everything you do if you need to have a venting Channel
53:42
create a personal venting Channel and don't have that be connected to your profiles in any way how to be an
53:49
anonymous whatever the people say for anonymous Twitter like have a hidden account have that be where you say
53:55
things that are controversial you are a business person behave like one be kind
54:01
be generous model yourself after people who are I am the way I am in part
54:06
because of Pippin and the race the grace that he showed me is why I have my One
54:12
Core contribution to Wordpress core is because he sat down and showed me how to
54:17
do it and was so patient with me and answered my questions so I have an internal uh gratitude toward Pippin for
54:24
doing that because he modeled what it means to be a business owner so absolutely be the be the WordPress you wish to see
54:32
love it that's good love it Mika how about you uh I have a it's kind of a multi-part
54:40
but uh don't idolize don't Elevate the people you look up to as paragons and perfect
54:48
because they are like you humans who will and do make mistakes treat them as humans
54:55
be the WordPress you want to see in the world be the person you want to see and give people a little
55:00
bit of that Grace at the same time my best advice for a plug-in author you
55:06
want to be successful write a really good read me explain
55:12
exactly what your plugin does why it does it and how to do it that read me
55:18
is don't fill it with buzzwords don't fill it with SEO copy drama sit down and
55:25
write it clearly more than anything those plugins with the simple and direct you know you look at gives read me you
55:33
know exactly what it does I don't have to have questions of will this meet my brief I'll know this is what it does if
55:39
you want to do more click here there are some add-ons you can buy here other add-ons that are free you know what
55:44
you're getting into if people see that they're more inclined to try it out and
55:51
if they're more inclined to try it out and give you a chance then you've got eyes on things and you will start to build but if you can't get eyes on with
55:58
honesty you're not doing it right I love that eyes on with honestly that's that's really good advice work on your
56:05
readings I'll work on mine more too it's it's the simplest thing and so many
56:11
people like how do I make my plugin more popular I'm like make that read me sing make it be so that a stranger who's
56:17
never heard of your product reads it and goes that's exactly what I want answer the questions in the forums
56:24
accept the bad reviews they're going to happen everybody's going to hate your plugin you made a plug-in that doesn't have a unicorn you don't know why
56:31
somebody's mad about that but you got to just take it man sometimes when we hire people you can hire people to edit and
56:38
like write your readme for you you don't have to write your own readme are you a developer that doesn't get a copy editor
56:44
sentences that make sense fire hire somebody on Fiverr it doesn't matter just get it well written and that's
56:51
great advice I I have a passion about to read me as well I don't know you and I
56:56
have never talked about that but the give read me is intended to be educational as much as possible we do
57:02
try to have our cakey needed to because it definitely is designed towards SEO as well
57:07
um but that comes next educational and helpful first um that's how you're ranking on.com as
57:14
well so good job I I have always been of the belief that if you write well SEO will come
57:22
naturally yeah true because after you start looking at okay how can
57:27
I improve it you say oh okay SEO things would be like make your sentences shorter get to the point it's like
57:33
taking a writing class take a writing class seriously take a news writing class because they'll teach you how to
57:38
distill a paragraph into four words and that is amazing yeah absolutely
57:46
yeah what's your best advice for product owners my best advice in the context of
57:51
all of this that we're talking about today is participate participate participate I really want product owners
57:59
to be in WordPress slack um talking with folks in all the channels learning about all the nooks
58:05
and crannies of the project that they've never heard of there's a bajillion channels in there there's really
58:10
interesting conversations there's a ton of weekly meetings that you can go get on whenever you want to
58:17
um and uh and all those conversations are both just educational for you to
58:22
understand the board WordPress project better they're also really great market
58:28
research for your product um so I think that that's really important as well and it's also the best
58:35
way to understand uh what's going on that's bigger than your plug-in uh what's going on outside of of your
58:42
plugin and outside of your sphere and to really get to know other product owners to get to know other wordpressors
58:49
um to to get to know other people around the planet so I really like in this
58:54
context it's the best place for you to to broaden your mind to recognize how
58:59
diverse and huge and Powerful the whole entire WordPress community and WordPress project is so participate
59:06
and me reach out and say hi to somebody anybody that's I love that like we are
59:13
all on I'm I'm on slack all the time people are on slack all the time say hi
59:18
say introduce yourself to somebody anybody you like what they do is just say hey I like what you do I'm me but
59:24
don't be creepy don't be creepy yeah it can be hard but try not to be yeah yeah absolutely I say that for
59:33
every single woman out there who's gotten the very oh no no you are beautiful I love your code and you're
59:38
like no no that's not what I'm talking about yeah no but that it needs a
59:43
reminder these days I'm afraid don't be creepy yeah absolutely yeah all right folks next week we are going
59:49
to be discussing effective live product demos with uh special guest vikas from ncwp so
1:00:00
I'm really excited to have him on um been looking for an opportunity to have him here um and uh next week's
1:00:06
gonna be great um our hosts next week are oh me again and Katie so that's next
1:00:12
week and special thanks to post status for being our green room where we stage all
1:00:17
these conversations and we we uh good to prep uh if you enjoyed the show uh please do us a favor hit like subscribe
1:00:24
share it with your friends tweet about it or uh toot about it uh add us in your
1:00:30
newsletters and uh and thank you for watching and we hope to see you next week uh thank you thanks for having me
1:00:36
on thanks

Related Episodes