6 September 2022

The WordPress performance team proposes the development of a new tool for controlling plug-ins

The WordPress Performance team is launching a proposal to develop a WordPress plugin verification tool.

WordPress Plugin Performance Checker

The WordPress Performance team is rolling out a proposal for developing a plug-in verification tool similar to the  theme verification plugin , which ensures that the themes meet the latest standards and best practices.

In 2021, the WordPress Meta team has created a code scanner which detects potential security risks, such as unescaped SQL queries in the plug-in code, with the aim of reducing the load on the plug-in team through automation. This particular tool was not developed to encourage best practices, but rather to ensure that plug-ins that enter the directory meet the minimum standards required for security.

The Performance team proposes the creation of a different type of plug-in that reports any violations of the plug-in development requirements and suggests best practices with errors or warnings.

"It should cover various aspects of plug-in development, from basic requirements such as the correct use of internationalization features to best practices of accessibility, performance and security“Said Felix Arntz, a Google sponsored contributor. He identified three main goals for the plugin:

  • Provide plug-in developers with feedback on requirements and best practices during development.
  • Provide the wordpress.org plugin review team with an additional automated tool to identify certain problems or weaknesses in a plugin prior to a manual review.
  • Provide technical site owners with a tool to evaluate plug-ins based on those requirements and best practices.

The performance team recommends that the plug-in also work from the command line (using WP-CLI) and that it goes beyond parsing the static code to include the runtime controls that execute the code.

The proposal has received mixed feedback so far. Several participants in the discussion welcome the development of such a tool and would be eager to use it with their own plugins. Others are concerned that the controls become too heavy and negatively impact the plugin ecosystem.

"Having a plug-in to automate these checks is greatsaid WordPress developer Michael Nelson. "I worry though that eventually this will mean that the developers of the WP plugin authors will also have to adopt the code style of WP, which would be quite annoying."

WordPress developer Josh Pollock said to share these concerns and is concerned about how these standards can be applied to plug-ins that weren't built to support PHP5, use composer for dependency management and automation, and share PHP code with other frameworks.

"If this HELPS plugin developers then that's fine, but if it's used as a weapon to insist on standards then I suspect it will be a nail in WP's coffin.he said plugin developer Robin W.

"But one that simply says 'you're not escaping your code properly' and then causes the plugin developer to try to find what and where is wrong will only drive less innovation.".

The Performance team requests feedback from the community, especially plug-in developers, plug-in reviewers, and the meta team. If they can reach a consensus, Arntz said the next step is to design the infrastructure for controlling plugins in a GitHub repository.

“The performance team would be thrilled to take the lead on this project, but it's critical that additional contributors from other teams help with its development, especially when it comes to defining and implementing the different controls,” said Arntz.

“This is certainly an ambitious project and it is not the first time that a plugin checker has been introduced. It should also be clarified that it will probably take at least a few months to arrive at a first version. However, we are optimistic that, with a solid foundation and collaboration from the start, we can create a tool that meets the requirements for reliable automatic plug-in checks. ”

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.


Would you like to see how your WooCommerce runs on our systems without having to migrate anything? 

Enter the address of your WooCommerce site and you will get a navigable demonstration, without having to do absolutely anything and completely free.

No thanks, my customers prefer the slow site.
Back to top