[wp-hackers] WordPress plugin inspections

Chris Williams chris at clwill.com
Wed Feb 19 20:39:31 UTC 2014

- Who elected DXW as the keeper of the standards?
- How does DXW establish their standards ("this plugin is large")?
- Can anyone have input into those standards?
- What value is there in a "cursory review"?  If you don't understand the
code, you don't have a leg to stand on.
- What recourse other than paying them is there to a bad review?
- If an author takes their input and fixes their plugin, will DXW redo the
review without payment, and then repair all the negative publicity they
have generated?
- If I use a plugin that DXW has reviewed as safe, and I get hacked, can I
sue DXW?
- How does one insure that DXW doesn't have ulterior motives in their
reviews?  Competitive products, products they don't like/use, authors who
pay for reviews being treated better than authors who don't?

This is just like Yelp -- a half-baked idea made even worse by little or
no validation of the source of the review.

On 2/19/14 12:27 PM, "Jamie Currie" <jamie at wunderdojo.com> wrote:

>I had the exact opposite reaction to Chris Williams. Literally a week
>ago I was talking to someone about the need for more rigorous evaluation
>of plugins. I find that I now use only a small handful of plugins that I
>have extensive experience with because of the lack of any quality
>If that sounds a bit harsh, I'd suggest enabling DEBUG and mysql slow
>query (at something like 1 second) and then test out various plugins.
>And that's just the blatantly obvious stuff. I won't point fingers, but
>I recently had issues with one pretty popular plugin and when I went
>into the code to poke around I found that it is fundamentally flawed in
>the design -- so much so that I rewrote it and will be sending the
>author the new code and explanation.
>I understand that a cursory review is subjective and prone to
>misstatements, but it's at least a step in the right direction. Perhaps
>the next step would be for Harry to formalize some kind of process for
>responding to / contesting reviews and to encourage community
>involvement (maybe via this list) to "review the reviews" if you will.
>I'd be happy to get involved in a process like that if the end result
>were a base of plugins that had been scrutinized by some of the WP
>brains on this list.
>And if, at the end of the day, he harnesses that power to help build a
>business, I don't see anything wrong with that either. I think 99% of us
>are using WP to make money and it seems to me like he's identified a
>clear need and at least attempted to address it -- which is pretty much
>the story of every successful business.
>Jamie Currie
>Founder / CEO
>tel: 949-734-0758
>1840 Park Newport, #409
>Newport Beach, CA 92660
>Master web & app developers
>------ Original Message ------
>From: "Chris Williams" <chris at clwill.com>
>To: "wp-hackers at lists.automattic.com" <wp-hackers at lists.automattic.com>
>Sent: 2/19/2014 12:17:17 PM
>Subject: Re: [wp-hackers] WordPress plugin inspections
>>I certainly can't speak for others, but I would venture to say that
>>business model is evil at best. You do fly-by character assassination
>>(oops, I mean "light-touch inspections"), based on personal bias ("this
>>plugin is large"), and then broadly publish the results as if they are
>>somehow authoritative. Worse yet, you then hold plugin developers at
>>ransom for changing the review: "If you would like to commission us to
>>inspect or review the latest version, please contact us."
>>How this is of value to anyone, and how you sleep at night with this
>>specious business model, is completely beyond me.
>>On 2/19/14 10:43 AM, "Harry Metcalfe" <harry at dxw.com> wrote:
>>>Hello list,
>>>We write and publish light-touch inspections of WordPress plugins that
>>>we do for our clients. They are just a guide - we conduct some basic
>>>checks, not a thorough review.
>>>Would plugins which fail this inspection be of general interest to the
>>>list and therefore worth posting? Is the list also interested in
>>>vulnerability advisories, or do people tend to get those elsewhere?
>>>Here's an example report:
>>>Grateful for a steer...
>>>Harry Metcalfe
>>>07790 559 876
>>>wp-hackers mailing list
>>>wp-hackers at lists.automattic.com
>>wp-hackers mailing list
>>wp-hackers at lists.automattic.com
>wp-hackers mailing list
>wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list