If there is one thing worth highlighting this year, it is how AI has impacted the WordPress plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party ecosystem. This impact is evident both in the number of submissions sent for review to be published in the directory, and in how the team is implementing AI-based analysis processes to help deliver improved workflows with a certain level of automation.
The WordPress “Plugin Review Team” proposed a name change to the “Plugins Team” to better reflect the broader scope of its responsibilities, which went beyond reviewing new plugin submissions. At that time, the team was also working on improving tools such as the Internal Scanner and the Plugin Check Plugin, incorporating automated and AI-assisted checks, and collaborating closely with the Meta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team to resolve open tickets and enhance features of the plugin directory. The change aimed to align the team’s name with its expanded role in improving the overall quality, reliability, and security of plugins in the ecosystem.
Increase in the number of directory submissions
The number of submissions sent for review has doubled compared to last year. While last year we had an average of 150 weekly submissions, in the final weeks of this year the 300 mark has been surpassed, with volumes stabilising at around 330 submissions per week.
This situation continues to challenge the team to keep the queue for a first review under one week, even with this doubled volume of submissions.
To meet this goal, we have focused on improving the team’s two main tools: Internal Scanner and the Plugin Check Plugin.
Summary of WordPress Plugin Reviews in 2025
In 2025, the WordPress Plugins Team reviewed 12,713 plugins, representing a 40.6% increase compared to 2024. This confirms a continued and substantial growth of the plugin ecosystem, with significantly more submissions entering the review process.
During the year author responsiveness improved slightly compared to 2024, sadly 38.7% of the plugins we reviewed received no reply from their authors, which remains a relatively high proportion. Although this percentage decreased by over 10% in respect to 2024, it continues to be a major factor that prevents volunteers from making better use of their time.
Despite this, plugin approvals increased in absolute and relative terms. Out of the 7,882 plugins that followed the review process, a total of 5,415 plugins were approved, up 66.2% from the previous year with 3,259 approvals. Overall, 69.5% of reviewed plugins were approved (63.4% in 2024), showing a clear improvement in approval rates. Highlighting once again that active developer engagement strongly correlates with successful approval.
The review process in 2025 was also more intensive and thorough. The total number of reviews carried out grew by 52.2%, exceeding 58,000, as each plugin normally requires more than one review before it’s ready for approval.
The number of issues identified during reviews increased by 15.1%, reaching 59,137 issues. This rise reflects deeper scrutiny rather than a decline in quality. In fact, the average number of issues per plugin decreased, indicating that submissions were generally better prepared. This improvement is even clearer for approved plugins, which required significantly fewer issues to be resolved on average than in previous years.
In summary, 2025 was a year of scale, stronger review practices, and gradual quality improvement, but also one of growing operational demands:
- Plugin reviews increased by 40.6%
- Plugin approvals rose by 66.2%
- Detected issues increased by 15.1%
- Average issues per plugin declined, especially for approved plugins
- Nearly 4 in 10 plugins reviewed by the team received no reply from their author.
Overall, we have a more mature and quality-focused review process, supported by automation and better-prepared submissions, while also highlighting the need to further address responsiveness and review capacity as the ecosystem continues to expand.
Internal Scanner incorporates AI
The internal scanner is the in-house tool that the team uses to review plugins. It searches for hundreds of possible issues that the reviewers either confirm or dismiss when creating a report. As part of the improvements to this central tool for our day-to-day plugin reviews, we have worked on reducing review time, particularly for highly repetitive and time-consuming processes such as:
- Verifying that the plugin name does not conflict with existing published plugins.
- Ensuring branding is used correctly and complies with guidelines.
- Verifying plugin ownership.
During this year, we added more than 80 new features and checks to our internal tools, as well as incorporating over 100 improvements and behavioral changes. Our focus was on expanding automated checks, enhancing AI-assisted reviews, minimizing false positives, and significantly improving performance and scalability (e.g. bulk scans, caching, and parallel execution). We also created new tools to help streamline communication with authors who contact us via the support inbox.
Plugin Check Plugin strengthens its role as an author-focused tool
Since the launch of this plugin, we have continuously improved it by adding new checks and refining existing ones.
In 2025, the main advancements include:
- 5 major versions released in 2025
- New security checks: 5+ (nonce verification, direct DB queries, forbidden functions, minified files, wp_safe_redirect)
- New code quality checks: 10+ (prefixing, textdomain improvements, localhost detection, etc.)
- Expanded license support: added ISC, MPL-2.0, and The Unlicense
- CLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress. improvements: strict output format, ignore codes, slug argument
- PHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. compatibility: enhanced support for PHP 8.1+
The plugin has evolved from a basic validator into a security-focused tool with improved code quality checks, better CLI support, and stronger validation against WordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ plugin directory requirements.
PCP now performs security reports on plugin updates
Since October, and in collaboration with the Meta team, we have implemented PCP to run automatic scans on every new plugin version update.
This new strategy aligns with the team’s objective of establishing proactive measures to improve the overall security of the WordPress plugin ecosystem.
At present, an internal report is generated, but our next goal is for authors to receive a report outlining the main detected issues, enabling them to actively improve the security of their plugins. We expect to see this enhancement rolled out in the coming weeks.We continue to recommend that authors follow best practices such as the WordPress Coding Standards and set up automated workflows—such as GitHub Actions—to have their plugins reviewed by Plugin Check as part of their development process.
Conclusion
In conclusion, it has been a year in which we have experienced significant growth in the number of plugins submitted, while the team has remained the same size. The queue has stayed stable thanks to improvements in the tools, which have allowed us to be far more productive.
In addition, authors now have an essential tool to validate their developments before they are submitted to the directory. PCP will help us improve the plugin ecosystem by checking updates in the WordPress plugin directory.
It has also been a year of AI supporting the development of WordPress plugins. Many community members have become involved in plugin development for the first time. This increases the diversity of the plugin directory and shows that AI has lowered the barriers to entry without compromising plugin quality (since the “barrier” for plugin approval has not been lowered).
One of the key challenges for 2026 will be identifying how AI can support the community in improving plugins and strengthening their security, while ensuring this progress delivers genuine, positive impact. At the same time, the team is seeing an unprecedented increase in plugin submissions for review, with record numbers arriving each week. Our challenge will be to scale our team and processes to handle this growth effectively, while maintaining the standards and practices that have always guided our contribution.
This post was written by @davidperez and reviewed by @frantorres
Leave a Reply