Pluginlib.org Developer Guidelines

Welcome to Pluginlib.org. This platform is a non-profit, hobbyist project dedicated to the free distribution and hosting of open-source plugins. Our goal is to provide a safe, accessible, and community-driven repository for developers and users alike.

Site Policy and Disclaimer

As a hobbist, non-revenue-generating site, Pluginlib.org operates under the following conditions:

• Discretionary Management: The Pluginlib team reserves the absolute right to accept, reject, rank, feature, edit, or remove any plugin submission at our sole discretion.
• Developer Responsibility: Authors are exclusively responsible for the content, security, and actions of their plugins. By submitting, you acknowledge that you hold the legal rights to the code provided.
• No Claim to Publication: Submission does not guarantee approval or specific placement (such as "featured" status). We do not provide appeals for rejected plugins, nor do we entertain requests regarding search ranking or promotional placement.

Core Guidelines (A to Z)

1. Licensing and GPL Compatibility

All plugins must be compatible with the GNU General Public License v2 (or later). We strongly recommend using the same license as WordPress ("GPLv2 or later"). This applies to all code, images, and third-party libraries included in your package.

2. Human-Readable Code

Obfuscation is strictly prohibited. Your code must be human-readable. Techniques such as packing, minifying (without providing the source), or unclear variable naming designed to hide logic are not permitted. If you use build tools, you must provide a link to the source code in your readme.

3. Trialware and Commercial Restrictions

Trialware is not permitted. Plugins may not contain locked functionality that requires payment to activate. All features included within the plugin must be fully functional. While you may offer "Pro" versions or add-ons on external sites, the version hosted here must provide a complete and useful experience without upselling nags.

4. User Privacy and Consent

Plugins may not track users or contact external servers without explicit, authorized "opt-in" consent. This includes sharing data with third-party APIs. You must document all data collection in your readme file, preferably with a link to a privacy policy.

5. Security Standards (The "Big Five")

To ensure the safety of the ecosystem, all plugins must adhere to the following security protocols:

• Direct Access Protection: Prevent direct execution of PHP files by using if (! defined( 'ABSPATH' ) ) exit; at the top of all files.
• Data Validation: Verify that input matches the expected format before processing.
• Sanitization: Clean all user input using functions like sanitize_text_field() or absint().
• Output Escaping: "Escape late" by cleaning data at the point of echo using esc_html(), esc_attr(), or wp_kses_post().
• Nonces: Protect all forms, AJAX requests, and admin actions with WordPress Nonces to prevent CSRF attacks.

6. Naming Conventions and Trademarks

Plugins must respect international trademark laws. Your plugin "slug" or title cannot begin with trademarked terms like "WordPress" or "WooCommerce." Use a "Product for Platform" structure (e.g., "SEO Booster for WordPress" instead of "WordPress SEO Booster").

7. Conflict Prevention (Prefixing)

To avoid naming collisions in the global namespace, you must use a unique prefix (at least 4-5 characters) for all functions, classes, and global variables. Do not use reserved prefixes like wp_ or _.

8. Asset Management and Libraries

Always use the default libraries bundled with WordPress (e.g., jQuery, PHPMailer). Do not bundle your own versions of these libraries, as it creates security risks and performance bottlenecks. Use wp_enqueue_script() and wp_enqueue_style() to load your assets.

9. AI Integration (2026 Standards)

If your plugin utilizes AI features (WordPress 7.0+), you must use the Connectors API. Do not request API keys on custom settings pages; instead, utilize the core "Settings > Connectors" screen to manage credentials securely through the php-ai-client infrastructure.

10. Readme and SVN Structure

Your plugin must include a valid readme.txt file containing mandatory headers: Plugin Name, Contributors, Tags, Tested up to, and Stable tag. Organize your SVN repository as follows:

• /trunk: The latest development version.
• /tags: Specific release versions (e.g., /tags/1.0.2).
• /assets: Banners (772x250 or 1544x500), icons (128x128, 256x256, or SVG), and screenshots.

Required Testing Tools

Before submitting your plugin, we require you to run it through the following tools to ensure compliance:

• Plugin Check (PCP): Use this tool to identify security flaws, trademark issues, and deprecated functions.
• Official Readme Validator: Ensure your metadata is parsed correctly by the directory.

By following these guidelines, you help maintain the integrity of the Pluginlib.org repository. We look forward to seeing your contributions!