Code Quality And Free Plugins

Update Apr 29, 2015: My friend Emil from ThemeReview.co announced their Plugin Review service which I highly recommend for all plugin authors, business owners and clients – high quality means higher security, better performance and compatibility for your project.


We have these regular discussions on Open Source, the future of WordPress and such. I’ve been discussing the global community aspect and the challenges with the self-made development titles, so let’s take a closer look at the community.

Growing WordPress

As I’ve said before, I’m all in when it comes to having an Open Source platform for everyone to use and play it. It’s great when it’s accessible for everyone and people can set up a website for free, even with tools like Softaculous which takes like 3 clicks.

And if we want to outgrow the blogging application of WordPress, we need to get serious about the real business projects out there. Drupal is widely popular among the governmental network, and Java, C# and Ruby are common choices for serious projects since business owners want a reliable and stable platform. We need a reliable ecosystem in place before we can offer WordPress for solid platforms of any kind.

Plugin and Theme Pricing

One of the challenges of building a viable ecosystem is having dedicated experts working on products. This means consultants and teams spending their time on a given plugin without having to worry about their rent or daily expenses.

This doesn’t rule out WordPress as being Open Source, nor the plugins being freely distributed. Pippin is a great example with his overview on EDD for 2014 for having a successful business model that brings revenue. Red Hat is a billion-dollar Open Source company as well (annually), so there are examples out there.

But having an example or two in the WordPress world is not enough. Having just a few companies over 10 people or so doing full-time WordPress development is concerning.

Case In Point

Most of the business owners, customers and newbies tend to attack WordPress on the pricing aspect, always pointing out the cheapest solutions available. This is degrading, and that is the reason why websites are being offered for $200 or so without taking any quality measures.

So let’s see an example of a free and beautiful plugin with about 14,000 downloads that people prefer and use. It’s shiny and it converts good, don’t get me wrong – we use it on DevriX too. But the difference is that we build a lot of things from scratch, or review the rest accordingly.

Helios Solutions Social Media Buttons is a free plugin that adds a floating bar with your social icons. It looks nice and it converts to followers on various social networks. And it’s mostly used for social media marketing, from people who are zealous about their SEO and often want to get on first page of Google with zero investment, using free tools and not spending money on content marketing or SEO services by professionals.

After installing the plugin and adding a link to any of your networks, you can view the source of your home page (or whatever page).

hs-social-media-header

Turns out that style snippets are directly injected into the head tag, but that’s okay. The interesting part is the HTML for your social widget – which is also in your head snippet.

If you took even a basic class on HTML, you will know that your content stays between your <body> and </body> tags. Scripts, styles and meta are in your <head>, the rest is in your body. That’s how browsers work and that’s been so for the past 20 or more years.

I’m not going to mention the broken inline style “top:px” which is invalid (having no number) or the indentation of the code, but getting back to SEO. One of the things big G cares about is valid HTML and CSS. Passing this page through the validator comes with a price:

  1. Error Line 118, Column 38: Element style not allowed as child of element body in this context. (Suppressing further errors from this subtree.)
    <style type="text/css" media="screen">
  2. Error Line 126, Column 7: Stray end tag head.
    </head>
  3. Error Line 128, Column 91: Start tag body seen but an element of the same type was already open.
  4. Error Line 128, Column 91: Cannot recover after last error. Any further errors will be ignored.
    …"home blog logged-in admin-bar no-customize-support fuelux masonry group-blog">

So, while taking care of your SEO and installing your shiny plugin, you reach to a fatal error where the validator pretty much gives up and says “please stop”.

It’s completely invalid markup and anything in your body remains non-validated. Google considers that a malformed page of some sort, can’t crawl it properly and isn’t keen on indexing it way too high either.

This is a simple example of a freely distributed plugin with close to 14K downloads to date. While it’s not transparent, it’s something that happens all the time. Security issues aside, but making sure that the code is in tact, performance is taken into account and the overall page structure isn’t malformed are standard things to check while building a solution.

Yet, lots of free products don’t do that. And they’re free – use them at your own risk.

Even worse, too many premium plugins are not optimized either. The competitive costs of themes worth as much as a decent dinner (or even less) affect the time for QA or bringing high-end engineers who have to spend enough time building the right framework and test it properly.

Keeping the prices so low and not rewarding the time of our consultants is not going to increase the quality. Supporting Open Source projects is part of the culture of free and open source software, and clients ignoring that rule later complain about all sorts of issues on their sites.

So, which one should it be – free with no commitment or giving back, or a quality product that helps your business?

25 thoughts on “Code Quality And Free Plugins

    1. That’s actually a problem that includes several different issues in itself. Educating developers is one part of the story.

      Building free WordPress websites (or almost free) sets the standard for cheap solutions and lack of understanding of the field. That doesn’t leave any room for reviewing existing solutions and patching them back which would improve them in the long run, or building extensible plugins that could be released for free (and maintained with a maintenance plan) later on.

      The lack of education is a result of the client understanding of building a website, too. So educating clients is another essential part.

      Not giving back to authors releasing resources for free also means that everyone is a user, but no one is a contributor.

      So it’s a long story, but if we keep ignoring all the problems, that’s going to get worse with time.

  1. Should clients really understand how to build a site though? I mean I could fix my car at one point but I can’t anymore outside of basic things.

    I just take it to a ‘professional’ and have to trust them.

    I wouldn’t expect a client to know anything about the error above. But yes a developer should and we’ve talked before about how professional/not developers are in WordPress.

    Talking to a bunch of my Rails friends though, they see crappy code from crappy developers and even the big name Rails agencies. I have one friend that makes all his money by cleaning up after a well known Rails company.

    This isn’t a problem just in WordPress it’s all over in the software industry because most people have no basis to even judge the quality of a developer.

    1. I don’t believe that clients should understand how to build a site, but not knowing what is included in the broad process and what could happen otherwise is the reason why they try to do it themselves.

      For instance, you wouldn’t fix your car (other than the minor things) since you know what could happen while driving with 100mph if you messed up something. We see the results on the news and there’s the traffic crew on the road as well.

      Building a site seems much easier on the outside and plenty of clients don’t see the possible problems with DIY approach, especially for small sites/businesses that don’t get a lot of traffic, are not indexed well since they don’t spend money on anything else, and are not being targeted by hackers/bots either. And that creates the false impression that the development work is overrated and not really needed.

      That’s worth reading too – http://www.engagewp.com/perception-and-value-of-wordpress-service-providers-why-cheap-dominates/

    1. That’s been discussed a few times, but there are several different problems with it. Unlike with themes, plugins don’t follow the same structure/framework and there is no room for specific guidelines and direction. Imagine reviewing an eCommerce plugin, then a custom slider, then a caching one, then something else – they’re all different.

      Also, there are a few people reviewing the initial commits but they don’t have the infrastructure to add more people right now and it’s impossible to track every single plugin update for 30k plugins.

        1. Ah, if it’s for Emil’s and Justin’s business, than it’s a bit different. I believe that a lot of us offer code reviews (we tend to do it all the time at DevriX) so it’s not really a business focused on 100% on reviewing plugins. But then again, it’s the same story – the guys have fixed fees for reviewing a theme and a list of guidelines to follow. Putting a price point on a 20 lines of code plugin registering a shortcode vs. 50K lines of code event manager or ecommerce plugin makes it tough. And you can’t even charge by lines of code since reviewing translation strings or CSS is one thing, and high-end PHP/JavaScript logic is another.

          That’s my two cents at least. Selling the service is doable, but Theme Review Co is bundled as a “product” with a fixed cost and I don’t think that would work for plugins.

          1. Yep I was talking about Emil’s and Justin’s business – I think there’s room for a equivalent focusing on plugins.

            Sure, there would be challenges there, but I think there would be solutions for them. It would have to be less productised than the Theme Review Co, but I think the demand would be there now. The idea has come up several times over the years, but never really taken hold. if that could be solved..

        1. @Stephen – who would be the target group for this business – plugin authors or business owners?

          Also, what happens if you get a plugin reviewed, and there are issues few updates later? (Yoast for instance updates the SEO plugin like few times a week).

          1. @Mario – I was thinking plugin authors – although I do think that’s a tougher audience to crack.

            I’m subscribed to the http://www.wpsecuritybloggers.com feed and there is a steady stream of plugins that have security issues in them. No plugin author wants their plugin to show up there. Some will be will to pay to get their plugin checked – though I can think of some obstacles:

            – Plugin authors are more likely to think they can solve their own security / code issues
            – Owners of free plugins are less likely to want to pay to get it checked
            – There are probably less commercial plugins than themes (although it’s changing)
            – Some commercial plugins are priced lower than commercial themes, so perhaps less likley to spend?
            – The other points you raised (frequent updates being a big one)

            So perhaps it’s only wishful thinking. To be honest I hadn’t thought through. Still, as the ecosystem grows, it may be something that becomes viable.

          2. If I were launching a businesss like that, I’d just bundle plugin reviews inside a larger review system for complete sites. The big money will come from commercial companies wanting total site reviews, not for some chump developers wanting their little plugin reviewed.

          3. Agreed with Ryan – I don’t think that this is a major business opportunity for experts (other than freelance/part-time thing that is not too committed) and I can hardly imagine someone publishing something for free – open source – and even paying for reviews. That’s almost like paying your gig to visit your concert 🙂

            I certainly get the point and know how much helpful could it be, but I don’t see it as a viable business model for plugin authors. A central review repository or a rating system for reliable/secure plugins is a separate option that could bundle this into their services, and a high-end retainer/maintenance/hosting service is also something that could do that for clients – just as the WPCOM VIP system works with every bit of code reviewed before getting in.

          4. Okay, I won’t quit my day job yet…. 🙂

            Seriously though – although I’ll agree that a) there’s more money and a larger audience in site reviews and b) plugin reviews are more complicated; if Theme Review Co is successful, then I think a plugin equivalent will follow.

          5. I think that themes are mostly released for fun or for marketing benefits (promo, SEO from backlink or whatever). And if you want to even get in the repo, you need to cover all the standards. There is no way around it, and the cost is affordable since a review takes 1-3 hours usually.

            Most plugins (other than the top large ones) are not that visible, and you can easily submit it and get an approval in a matter of hours (or 1-2 days). The cost would probably be significantly higher, and most plugin authors believe that they understand their craft. I have 20ish plugins on WordPress.org (small though) and none of them has ever brought any revenue back to me over the years after it’s been released. We’ve had some customization requests for our themes or upsell for other services, plus a lot of footer backlinks that help our SEO, and they are more visible from a client’s perspective – a shiny screenshot of something is worth more than a random plugin name for any non-tech person.

            I don’t see a problem for launching a plugin equivalent anyway, it’s setting up a quick site with some numbers and see if it sticks. The hard part is selling them 🙂 Like I said we also do plugin and platform code reviews regularly, but our customers are business owners who: 1) are worried about the quality of something, or 2) own a plugin developed by someone else and want to improve its compatibility and such based on their support requests. We don’t necessarily do the development later, sometimes they are looking for a list of tasks that will be fixed on their end.

            And @Stephen we’ve also received two inquiries for reviewing ThemeForest submissions this week after being rejected for code quality issues 🙂

          6. And @Stephen we’ve also received two inquiries for reviewing ThemeForest submissions this week after being rejected for code quality issues 🙂

            Excellent! I know they’ll get fantastic advice from you guys and come back with a stronger product, which will benefit everyone!

            One thing I was thinking before (but didn’t say directly), was that if the price of plugins on CodeCanyon was higher, there’d be more of a chance that a Plugin Review Co could work. Alas, they are too low to drive the same amount of demand that I think ThemeForest may with theme reviews…

          7. For what it’s worth, I did actually pay for a plugin review back in my early development days. I got majorly ripped up off and the idiot reviewing it missed a major (and really obvious) security flaw and a ton of coding mistakes. They sounded like they knew what they were doing (they knew more than I did), but it ended up being more like the blind leading the blind and was a total waste of money for me.

  2. Mario,

    As a developer of quite a few free plugins, I must say that writing good code is extremely important. I’ve had a few security issues being pulled up on a few plugins and ensured that they were fixed asap. Also, over the years I’ve rewritten tonnes of code on the more popular plugins to ensure they are better to read and at least follow WordPress coding standards. But, time doesn’t permit some of the lesser used plugins.

    However, as you might imagine it is a painful and sometimes thankless job especially since it doesn’t have a revenue scheme associated to it. As a result, I might be reluctant to pay someone to review my “free” plugin. However, that being said, I’d pay someone to review a premium plugin, provided if I know and trust them.

    However, I think a lot of works still needs to go into educating plugin and theme developers on getting code better written. e.g. something as basic as WP_DEBUG needs to be taught to them. I’ve come across some good paid themes throwing up tonnes of PHP warnings just because the developer didn’t bother to check if it works fine.

    I think with 11+ years of WordPress, we’re still far away from getting any good standards in place. Hopefully, then next few years changes this.

    1. Well said Ajay. When you have tens of thousands (or more) of downloads and no donations or custom work whatsoever, it’s not really motivating you to spend too much time on your pet project, let alone paying for that.

Your thoughts?