I had a client reach out last week, totally fuming. They’d spent months developing a custom internal tool they wanted to share on the official repo, but it kept getting kicked back. “Ahmad,” they said, “is the review team just ignoring us? It feels like we’re fighting a brick wall.” I had to explain that the game has changed. The WordPress plugin review process isn’t what it was three years ago, and if you aren’t prepared for the new reality, you’re going to stay stuck in that queue forever.
The truth is, the volume is staggering. According to the latest plugin directory stats shared after WordCamp US, we now have over 60,187 plugins in the directory. But here is the real kicker: we’ve seen 7,670 new submissions just this year. That is an 87.3% increase compared to the same period last year. We’re talking an average of 235 new plugins every single week. Total nightmare for a manual review team, right?
The Rise of the Machines in Plugin Reviews
How is the team keeping the queue under a week with that kind of volume? Automation. Specifically, AI. About 85.3% of first reviews this year were initiated by automated systems using algorithms to scan your code before a human even looks at it. This builds on some really interesting data I saw over at the official Make WordPress blog, which highlights how AI is being used to handle the heavy lifting.
I’ve been there myself. Early in my career, I thought I could get away with a “clever” way of fetching remote data that bypassed standard protocols. I thought it was efficient; the bot thought it was a security risk. I spent three review cycles arguing with an automated system before I realized I was the one in the wrong. You can’t outsmart the scanner; you have to code for it. Trust me on this: the bot is looking for specific patterns, and if you don’t follow the WordPress Way, you’re flagged.
The review team is actually seeing a 17.1% higher engagement rate from authors who actually follow through with the fixes. It means the process is getting clearer, but the barrier for entry is higher. You need to ensure your data handling is ironclad. If you aren’t using the right hooks or if you’re prefixing poorly, you’re just wasting everyone’s time.
/**
* Proper way to handle setting updates to pass the automated review.
* Always sanitize on input and escape on output.
*/
function bbioon_save_plugin_settings() {
if ( ! isset( $_POST['bbioon_nonce'] ) || ! wp_verify_nonce( $_POST['bbioon_nonce'], 'bbioon_settings_action' ) ) {
return;
}
if ( ! current_user_can( 'manage_options' ) ) {
return;
}
if ( isset( $_POST['bbioon_api_key'] ) ) {
$api_key = sanitize_text_field( wp_unslash( $_POST['bbioon_api_key'] ) );
update_option( 'bbioon_api_setting', $api_key );
}
}
add_action( 'admin_init', 'bbioon_save_plugin_settings' );Why This Matters for Your Business
If you’re a business owner, this matters because “slow” means “expensive.” A plugin that sits in the review queue for six cycles—the current average is about 6.19—is a plugin that isn’t generating leads or solving problems for your users. The fact that the team is introducing proactive scanning of the current directory means even your existing plugins aren’t “safe” if they have legacy code smells.
Look, this stuff gets complicated fast. If you’re tired of debugging someone else’s mess and just want your site or plugin to work within the ecosystem standards, drop my team a line. We’ve probably seen it before.
The directory is growing faster than ever, and while AI is helping speed things up, it also means there’s less room for “cowboy coding.” Are you ready to audit your current plugins before the automated scanners do it for you?
Leave a Reply