[wp-meta] [Making WordPress.org] #5937: Extend the possibility for leaving a plugin or theme review
noreply at wordpress.org
Wed Dec 15 05:46:33 UTC 2021
#5937: Extend the possibility for leaving a plugin or theme review
Reporter: Clorith | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: General | Resolution:
Comment (by dd32):
**This is just me thinking aloud, nothing solid or set in stone here**,
there are a number of things related to this that I've removed as
Regardless of how it's implemented, this is something that I've talked
with various people over the years multiple times, many plugins/themes get
next to no reviews, which negatively affects WordPress.org's ability to
use review data for ranking/search/sorting/highlighting purposes.
We could also benefit from it for things like Blocks, Patterns, and Photos
shown directly within the editor where we'll unfortunately need a way to
allow someone to flag/report items directly from their editor instance,
even if they don't have a WordPress.org account.
There are a number of ways we could offer this including:
- oAuth flow against their site, which potentially means us having an
access token for their site temporarily..
- Private .org API which allows a WordPress site to submit reviews/flags
about an item, with a callback built in so that .org can verify that the
site who is who it said it is.
- Private .org API which is the same as above, but returns a special URL
which can be presented to the user in an iframe, allowing them to review
- (Name + Email or Login button) + Site (hard-coded) + Item (plugin X,
hard-coded) + Review Text
- For "high risk" reviews/browsers/whatever it can then go to pending +
- if it's deemed "low risk" published as-is until flagged by someone
(effectively, public unless anyone logged in says "uhh" at which point it
goes to modlook)
Now that I think about it more, the final option there is probably the
most ideal for a review, while the second is probably the best for a "flag
this item" action.
We have some flags we can use here, not all of which will be super
- Whether the site has submitted reviews before, Whether the Name+Email
provided has submitted them before, etc.
- reCaptcha is in use on WordPress.org login, but misses a bunch of
things. If we had an iFrame that the review was submitted through we'd be
able to validate that.
- On login, we have some heuristics around email addresses, manual
blacklists, and a few other tools which could be leveraged. That would
allow extra heuristics to be applied to what will effectively be a public
"comment" that's not as easily accessed as comment forms..
- Akismet, since as I just realised, it's effectively a comment..
- WordPress.org stats can probably give some kind of "Is Site URL A in
good standing" based on how long the site's hashed ID has existed, there's
bound to be some clashes but few enough to matter.
Ticket URL: <https://meta.trac.wordpress.org/ticket/5937#comment:1>
Making WordPress.org <https://meta.trac.wordpress.org/>
More information about the wp-meta