WordPress Plugin directory - Gone!

Thursday, 16 June 2022

As with many of my projects, my Wordpress XML Sitemap Plugin started as something for one of my own websites as there were some serious limitations with using other plugins for effective SEO. Even today XML Sitemap offerings for Wordpress are limited.

Since then my plugin went from strength to strength gathering more users. In early 2021 I re-wrote a large part of the plugin to improve maintainability and extensibility as it had become a bit "organic". When I was last tracking usage we had over 100,000 websites using our plugin, which is great for something I put together for only 1 or 2!

The Plugin Directory "process" problem

In recent times the Wordpress "plugin team" have taken a more active interest in plugins, rightly so, as one of the top ways Wordpress websites get hacked is via plugin vulnerabilities. I'm well aware of this as I run several websites.

However, the way Wordpress have started "policing" their plugin directory is not conductive to the maintenance of a free open source plugin community. Frankly it is tiresome at best, belligerent at worst and not something I have the time to deal with.

Their "nit pick" approach, without categorization or gradation is unhelpful. It's a terrible "process" and I use the word loosely having been involved in numerous security audits before.

To be clear, I have always responded to critical bugs and security concerns as quickly as possible and continue to do so. At this time I am not aware of any, but, the back and forth with their team and constant threats to delete the plugin unless I act on their every email is frankly ridiculous.

Many of their emails are are around trivialities and without proper consideration for context. For example there is an issue with this function, can you see what it is? 

$allowString isn't escaped. 
Technically a valid point, but not a serious or exploitable issue in this context, but respond to their email or else.
If they did the job properly and carried out an audit that would actually be helpful, but they don't, you fix one "issue", make a release, and then a week later they say, "oh you missed something" and so it goes on.
I've had months of this crap on a handful of trivial issues and I've had enough of it.
As I say, critical and high severity issues get fixed as immediately as possible. Everything else goes on the backlog and gets released in the next version. I don't have a development and testing team running sprints every week. It's literally just me and a few helpful contributors who weigh in from time to time. Sometimes it can be months between releases.

Don't worry, the plugin is still here!

As a result of this time drain, and pitiful "process",  I have taken the decision to remove my plugin from the Wordpress Plugin Directory and make it available for direct download from my website instead. 

I will still maintain and support it, just not on the plugin directory.

I know this is a bit of a ball-ache for people who maintain websites, and I will try to make this as painless as possible, but if you have a complaint, please take it up with Wordpress and tell them to sort their processes out.

I also hope to publish the source code on GitHub at some point so that people can get involved and communicate this way, but in the mean time, you can contact me via the XML Sitemap Generator website or join the telegram group.

I don't always respond immediately and can't promise to respond to everyone, in particular for feature requests, but I do keep a note for future releases.

Security audits don't come cheap so if people don't donate enough (and they don't) then it wont happen. It is good practice to review 3rd party code yourself before including in a website anyway, unless there is a 3rd party audit you can depend on.

If someone did want to donate to pay for an audit, or better still carry out the audit so I can respond to any issues and publish the results, I would be open to this.

The future of Wordpress plugins?

It's interesting to think about what this means for the future of Wordpress Plugins in general. 

Wordpress do not allow you to commercially sell your plugin from their directory, let alone provide any support for it as app stores do. They require that plugins are free and open source, while at the same time requiring development and support regime to deal with their every whim.

These two things just aren't compatible.

While some developers have found ways to work around Wordpress rules to commercialize their plugin, I can see plugins disappearing and other great ideas never being realized which is a sad thing for the open source community, but then there are other platforms and mechanisms out there.

Please support my work

Thank you to everyone who has and continues to support my work. A security audit would cost money and if that's what people want it's going to take donations, or a small number of very generous people.

You can support me via PayPal or Buy Me A Coffee. Some suggestions are below :

£5 GBP
~ $6.30 USD

Sole traders
£10 GBP
~ $12.60 USD

Small businesses
£20 GBP
~ $25.20 USD

Larger businesses
£50 GBP
~ $61.67 USD

You can also stay in touch via social media, including our new Telegram channel:

Facebook: @XmlSitemapGenerator
Twitter: @createsitemaps
LinkedIn: xmlsitemapgenerator-org
Telegram: t.me/GoogleXmlSitemaps

New Wordpress Sitemap Plugin v2.0.5

Saturday, 30 April 2022

After a period of quiet I have released a new version of our plugin. Initially this was version 2.0.4 but following a critical bug 2.0.5 was released to hot fix this issue. In hindsight, this should have been 2.1.0 due to the number of code changes.

Sorry to those who were impacted by this issue. It slipped the net during testing and is part of the reason for this blog.

In this new version much of the work was focused on updating coding standards and conventions required by Wordpress as recently their enforcement has become more aggressive with threats to close the plugin.

The short back story is that I started this plugin for a website I was running  and decided in the spirit of open source to make it available. Over time it has grown in popularity and we now have over 100,000 websites using it.

Version 2.x of the plugin saw a major overhaul of the code to improve how it worked from its rather hacky 1.x days and in this more recent version we have been improving code quality.

What's changed in 2.0.5? 

While there were not really any new features, a lot of underlying code was updated which is what lead to the code breaking.

  • New : Set an empty sitemap file to disable a given map
  • Fix : Index file showing news feed twice
  • Fix : Archive provider rendered sitemap regardless of setting
  • Fix : Erroneous variables producing debug warnings in archive provider.
  • Fix : Adopted Wordpress sanitize and escape filtering functions
  • Fix : Moved to using enqueue scripts instead of inline scripts
  • Fix:  Addressed a problem with the stable tag label.
  • Fix : Removed google analytics
  • Fix : Remove the latest archive from XML index.

Are we going to be deleted 😔?

The plugin is at risk of being deleted by Wordpress. Despite being open source they are expecting plugins to operate more like businesses, requiring plugin publishers to adopt more of their standards in terms of coding, updating, releases, etc. and that requires resources.

As a side project that I released to the community, maintaining and supporting the plugin as its user base has grown has become increasingly challenging and at times I do not have the time, or skills to undertake what Wordpress are asking for.

Please help and contribute

I want to keep the project going, for it to be freely available, open source and supported by the community, so I am really relying on good will and generosity of the community to keep it alive. Please consider contributing to the project.

Contribution suggestions
Individuals with a small website
£5 (about $6.30 USD)
Contribute now
Small business and professional websites.
£10 (about $12.60 USD)
Contribute now
Commercial websites and services
£20 (about $25.20)
Larger websites, multiple websites, or use our plugin for professional services / consultancy.
Contribute now
Larger businesses and absolute legends
£50 and over.
If you are feeling particularly generous and legendary, or are one of the very large commercial websites that use our plugin.
Contribute now

Thank you in advance for your support


Priorities for resources ....

The only way the plugin can continue is if the community gets behind it.
  • First and foremost it needs some funding to allow me to bring in the skills / resources to bring it up to speed and maintain it moving forward. In particular I would like to get a recognized 3rd party to review the code for new releases to help keep Wordpress happy. This will also hopefully give you confidence that the plugin is up to standard too.

  • Secondly, I will need to put more rigor around testing and releasing, so in the not too distant future I will be setting up an "early access"(or similar) programme with incentives and rewards for helping out, although obviously this will be subject to funding being successful.

  • Thirdly, improving the support resources and community around the plugin. I have tried to do this with reddit and telegram, but struggled and really it needs some time investing to get it right.

  • Forth, (and it probably should be first) I can buy my partner some flowers and make up for all the time I invest in "that X X sitemap thing" I'm always working on. 😂