A new interview! And it was truly a pleasure to talk with Francisco Torres, representative and member of the WordPress.org Plugins Team—a critically important area, considering that plugins are what give WordPress its versatility and scalability.
So, who is Francisco Torres? He is a WordPress-focused developer and the founder of Giga 4, an agency dedicated to technical support, security, and maintenance for WordPress sites. He has been involved in the WordPress community for many years and has attended every WordCamp Europe, missing only one.
For more than two years, he has been part of the WordPress.org Plugins Team, sponsored by SiteGround. In this in-depth interview, he shares his experience within the WordPress ecosystem, focusing mainly on five key topics:
–Plugins, of course
What is a plugin?
Pieces of code that extend WordPress functionality (e.g., e-commerce, caching, games, integrations, etc.).
–The day-to-day work of the team
In this section, we discuss the review process, which has two fundamental parts: the technical review of the plugin and communication with the developer. So, what do they do?
- Review between 260 and 280 new plugins every week (twice as many as a year ago).
- About half pass the review; the other half never respond after receiving feedback.
- Check more than 300 security and quality parameters before approval.
- Close plugins with security issues or that are no longer maintained.
- Provide support to authors and users, and develop tools (such as Plugin Check) to help review code.
Challenges for plugin developers
- Avoiding security flaws (most WordPress security issues come from insecure plugins).
- Keeping plugins updated and compatible with new WordPress versions.
- Contributing original ideas, since many categories are already saturated (e.g., “scroll to top”).
Plugin business models
- Free plugins.
- Integrations with external services (e.g., payment gateways for WooCommerce).
- Freemium models.
The directory does not allow core functionality to be locked behind a paywall, although integrations with external services that require an API are permitted.
Most common friction points
- Plugins that violate guidelines (improper trademark use, spammy descriptions, locked features, etc.).
- Some authors attempt to use the directory as if it were an online store, which is not allowed.
Security and community
- Most vulnerabilities are detected quickly thanks to security companies and the community itself.
- In critical cases, the team can force updates to protect users.
- The ecosystem is becoming increasingly secure, and AI is being considered as a future support tool.
-The interviewee’s journey within the community
Personal background:
- He joined the team when Mika, the former lead, stepped down.
- Today, the team consists of about ten people from different countries, with Spain playing a prominent role.
- He improved the internal review tool, doubling the team’s efficiency.
-How to become part of the Plugins Team
If you’re interested in collaborating, you can contact the team at plugins@wordpress.org or through the #pluginreview channel on Slack.
-AI and the future of the team
Looking ahead:
- They expect the number of plugins to grow, accelerated by AI.
- Even so, official directories will remain essential to ensure quality, security, and maintenance.
- To contribute, he recommends starting with documentation and tools like Plugin Check, then gradually getting involved with the team.
The work of the Plugins Team is as fascinating as it is largely unknown. Among the details of their work and the insights he shares, several behind-the-scenes aspects stood out to me.
One of them is the existence of a clearly oversaturated category: Scroll Up plugins. This is a very simple feature to implement, and one of the reasons there are so many similar plugins is that some developers need to publish at least one plugin in the repository. In fact, he shared a specific case in which someone had to publish a plugin in order to qualify for a job position at a company.
Another particularly striking insight is what he calls “the enigma.” Every month, they receive around 260 plugins. During the initial review, the team contacts the developer to request the necessary changes before approval. However, nearly 50% of the supposed applicants never respond, which is difficult to explain.
Finally, he pointed out that using artificial intelligence to detect vulnerabilities is still challenging, as it produces a large number of false positives that complicate rather than simplify the work.
He also explains that the future will bring an increase in plugin creation thanks to AI, but stresses that official directories will continue to be key to ensuring quality and long-term evolution.
To close, he states without hesitation: “Every day, plugins are becoming more secure.”
His testimony highlights the value of an invisible yet essential job: ensuring that WordPress remains a versatile, secure, and constantly evolving platform. I invite you to check out the summary of the team’s work in the posts written by Fran and his colleagues.
