[wp-hackers] WordPress plugin inspections

Jamie Currie jamie at wunderdojo.com
Wed Feb 19 20:27:44 UTC 2014

I had the exact opposite reaction to Chris Williams. Literally a week 
ago I was talking to someone about the need for more rigorous evaluation 
of plugins. I find that I now use only a small handful of plugins that I 
have extensive experience with because of the lack of any quality 

If that sounds a bit harsh, I'd suggest enabling DEBUG and mysql slow 
query (at something like 1 second) and then test out various plugins. 
And that's just the blatantly obvious stuff. I won't point fingers, but 
I recently had issues with one pretty popular plugin and when I went 
into the code to poke around I found that it is fundamentally flawed in 
the design -- so much so that I rewrote it and will be sending the 
author the new code and explanation.

I understand that a cursory review is subjective and prone to 
misstatements, but it's at least a step in the right direction. Perhaps 
the next step would be for Harry to formalize some kind of process for 
responding to / contesting reviews and to encourage community 
involvement (maybe via this list) to "review the reviews" if you will. 
I'd be happy to get involved in a process like that if the end result 
were a base of plugins that had been scrutinized by some of the WP 
brains on this list.

And if, at the end of the day, he harnesses that power to help build a 
business, I don't see anything wrong with that either. I think 99% of us 
are using WP to make money and it seems to me like he's identified a 
clear need and at least attempted to address it -- which is pretty much 
the story of every successful business.

Jamie Currie
Founder / CEO
tel: 949-734-0758
1840 Park Newport, #409
Newport Beach, CA 92660
Master web & app developers

------ Original Message ------
From: "Chris Williams" <chris at clwill.com>
To: "wp-hackers at lists.automattic.com" <wp-hackers at lists.automattic.com>
Sent: 2/19/2014 12:17:17 PM
Subject: Re: [wp-hackers] WordPress plugin inspections
>I certainly can't speak for others, but I would venture to say that 
>business model is evil at best. You do fly-by character assassination
>(oops, I mean "light-touch inspections"), based on personal bias ("this
>plugin is large"), and then broadly publish the results as if they are
>somehow authoritative. Worse yet, you then hold plugin developers at
>ransom for changing the review: "If you would like to commission us to
>inspect or review the latest version, please contact us."
>How this is of value to anyone, and how you sleep at night with this
>specious business model, is completely beyond me.
>On 2/19/14 10:43 AM, "Harry Metcalfe" <harry at dxw.com> wrote:
>>Hello list,
>>We write and publish light-touch inspections of WordPress plugins that
>>we do for our clients. They are just a guide - we conduct some basic
>>checks, not a thorough review.
>>Would plugins which fail this inspection be of general interest to the
>>list and therefore worth posting? Is the list also interested in
>>vulnerability advisories, or do people tend to get those elsewhere?
>>Here's an example report:
>>Grateful for a steer...
>>Harry Metcalfe
>>07790 559 876
>>wp-hackers mailing list
>>wp-hackers at lists.automattic.com
>wp-hackers mailing list
>wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list