Documentation:WordPress Plugin Evaluation Criteria

From UBC Wiki
Welcome to the support documentation for the
UBC CMS Service.

UBC Content Management System

UBC Collab Theme

UBC Collab Theme Overview
Theme Options Index
CLF Options
Layout Options
Display Options
Global Theme Options

Dashboard Overview
Pages and Posts
Adding Users

RSS Feeds
Going Live

Complete Topic Index
PDF Wiki Book Version

The UBC CMS Support team reviews all plugins that are included as part of the WordPress installation. We do this to ensure that this platform remains a stable, secure and supportable product for the UBC community. The following are the initial criteria we use to evaluate a plugin.

Code Review

  • Are there any pending security bugs in the bug tracker? What are they and how long have they been there?
  • Is it performing sql queries directly? If so, does the module escape user input?
  • How does it handle user input? Is it being escaped? Is user input cleaned before printing it out in a page?
  • Are permissions check in place? Are the checks manual or does the code rely on other core methods?
  • Is the code well documented? Does it follow WordPress coding standards?
  • Is the javascript code and css well structured? Does it follow follow a standard?
  • Does it have readme, install and upgrade files?
  • Does the plugin create or modify existing database tables?
  • Is the license of the plugin GPL?


  • Does this plugin write any file to the disk? if so where are the file stored and how does it handle file deletion in temporary or cache?
  • Does the plugin prevent malware from inserting code inside the WordPress core?
  • Does the plugin create any sort of remote connection to the developer's web server?
  • Does the plugin use forms? Does it use nonces properly?


  • How long has this plugin or 3rd party program been around?
  • How many developers are working on it?
  • Is there a roadmap? What does it look like? What is the release life cycle?
  • What is the average turn around time for critical bugs?
  • How active are the forums or mailing list discussions?
  • Do other programs use or depend on this library?


  • Is there user documentation? Is there documentation for developers?
  • Is a documentation generation system like phpDocumentor used?
  • How quickly do the developers respond to requests?
  • Are newer and older versions of Wordpress supported?
  • What is the learning curve like?
  • Is the module usable through the Wordpress interface or does it require users to work with HTML, CSS, theme changes or other advanced techniques?


  • Does the it conflict with other existing plugins or modules or other updates?


  • Will the module work with Wordpress MU as is, or would some re-write be needed?
  • How complex are patches to apply? (# of classes, files, and db tables affected)
  • What % of our users would benefit from this new module or plugin?
  • Is there a fee to purchase or use the plugin?


  • Does the current setup already provide this service?
  • Is this capability already planned for an upcoming WordPress release or update of a currently supported plugin?

Source / Reference