The WiscWeb WordPress plugin review process will provide a means to validate and maintain a collection of plugins for WiscWeb WordPress sites, to ensure the quality of the WiscWeb WordPress service and maintain efficiency in service management.
The objective of the plugin review process is to help ensure the quality of the WiscWeb WordPress service in the following areas:
- Integrity: By preventing outages or compromises due to vulnerabilities introduced by
- Availability: By selecting efficient plugins that render functionality quickly, handle unexpected conditions gracefully, and degrade upon failure of external dependences gracefully without impacting service
- Maintainability: By allowing efficient and timely upgrades to WordPress minor and major version upgrades by minimizing plugins that do not maintain compatibility with new versions of WordPress (WordPress.org releases a new version of WordPress every 3 to 4 months).
- Usability: For content editors and web developers (both technical and nontechnical) by maintaining a streamlined and understandable WordPress user interface and minimizing unnecessary duplication of
- Learnability: By emphasizing ease of use and quality of documentation in selected plugins, and by ensuring training and support stay current with available plugins as required to ensure service levels (especially for nontechnical content editors).
- Adaptability: By providing a mechanism for WiscWeb WordPress content editors, administrators and core team members to continually enhance WiscWeb in response to evolving requirements and trends, and by providing a mechanism to retire plugins which have become obsolete or have been superseded by better plugins or enhancements to WordPress core
Plugin Review Criteria
|1||The plugin is compatible with the UW WordPress Theme.||It does not conflict with the functionality built into the UW WordPress Theme.|
|2||The plugin provides valuable functionality in a new or unique way and has broad use cases.||It does not duplicate functionality of an existing installed plugin available through the UW Theme or other plugins offered by the WiscWeb Service. It will benefit a substantial number of WiscWeb sites over a long period of time.|
|3||The plugin is compatible with the current version of WordPress and is actively maintained.||It is compatible with the latest WordPress version, and has a history of maintaining version compatibility with new versions of WordPress prior to or shortly after release of new WordPress version release.|
|4||The plugin is compatible with WordPress Multisite.||It supports use in WordPress Multisite (a single code base and database of WordPress, segmented into individual and independent sites) by allowing distributed content editors to use the plugin in their individual websites without data, control (the ability to make changes) configuration settings or errors bleeding through the segmentation provided by the sites.|
|5||The plugin is compatible with web accessibility practices.||It is capable of producing web content and interactivity that is accessible by individuals of all abilities and disabilities.|
|6||The plugin has a substantial active user base and plugin usability and documentation are adequate for the target audience.||It has substantial number of reviews, references and how to articles on third party websites, lots of downloads, consistently over time.If the plugin is meant to be used by nontechnical content editors, the functionality is intuitive and easy to learn and/or documentation and training materials are adequate.|
|7||The plugin does not introduce security risks, does not introduce significant performance overhead and does not introduce external dependencies which could negatively affect performance and availability.||It does not contain functionality or code vulnerabilities that could allow an attacker to steal data, delete data, change data, introduce “backdoors” or use wisc.edu as an attack vector to effect UW IT services or other organizations’ IT services.It does not make inefficient SQL queries or vast numbers of SQL queries per page request and does not overwhelm WiscWeb or other servers with HTTP requests.If it requires external dependencies (such as data retrieved via HTTP requests) it fails gracefully and does not slow down or completely take down WiscWeb WordPress services.|
|8||The plugin can be removed, replaced or retired if required.||If it becomes unsupported or must be disabled on short notice due to a security vulnerability or severe performance degradation, the university can accept the effort required to remove, replace and/or retire the plugin.|
Request and Publication Process
To request a plugin, please complete the Plugin Request Form.
Once a request is received, the plugin will be added to the evaluation list and will be put in queue for the review/evaluation process. A catalog of all requested plugins that are being reviewed can be found at https://docs.google.com/a/wisc.edu/spreadsheets/d/1HTAGnwU8KH69IQDgj_inpJDCJ30HuaoWv_w4zqfp5TU/edit?usp=sharing
Plugins are required to be reviewed against the criteria outlined within this document and are required to go through WiscWeb’s Version Control process.
A summary of the complete Request and Publication Process is below:
- Conduct review against plugin review criteria
- Gather feedback from WiscWeb Team
- Install and verify on WordPress Development environment
- Install and verify on WordPress Staging environment
- Gather feedback from WiscWeb Team and selected users, using the plugin on WiscWeb Staging environment
- Make decision on feasibility and value of adding plugin to WiscWeb’s supported
- Create any required training and KB documents
- Conduct support awareness & preparations activities for WiscWeb support team
- Schedule move to production
- Announce to WiscWeb User pending availability on WiscWeb Production environment
- Install and verify on WiscWeb Production environment
Once a plugin is added to WiscWeb, it will be added to the WiscWeb Plugins page.