Just to avoid alarm - this was actioned by me. Something I’d hoped to do a lot earlier and in a much smoother manner, but I see this has thrown some alerts to users via some WordPress security plugins because it was delisted from wp.org.
Backstory:
There are some great benefits to being listed on wp.org plugin repository:
- discoverability
- ease of installation / updates
- looking legit
- some page authority in search engines
And, a few downsides:
- no built-in way to contact users to alert about important updates
- another support channel unable to disable (wp.org support)
- users using Reviews section to file issues
- SVN / cumbersome release process (ie, must lint PHP 7.3 plugin for 7.2 compatibility or won’t commit)
Another aspect is that it was almost too easy for people to install WP2Static/Static HTML Output when in the wp.org repository. This lead to quite a few people installing it on their live production servers and expecting some magic performance improvement, which is not the way it’s intended to be used.
There’s also a minor aspect of my idealism regarding WordPress. Though I love the community around it and have enjoyed attending and speaking at a few WordCamps, I’m less enthused by the industry and commercial side of WordPress. In promoting a plugin which “solves some of WordPress’ major problems”, I’d rather not be stepping on eggshells about what I can say about some of the larger sponsors of WordPress. I would like to quickly shout out to Mika and Otto from the WP plugins team, who have always been quick to respond for so many years and along with the other members of the wp.org team do an excellent job.
Well, I’m not a big fan of GitHub/Microsoft either, but in terms of keeping open source collaboration as inclusive as possible, it makes sense to keep it there for now. I did try to self-host my own git and move away from it earlier in the year, but it was not done well enough to justify.
Security-wise, there’s little security benefit to being hosted on wp.org - after initial plugin submission, nobody is manually reviewing the code quality on any subsequent releases I push. Add to that no two-factor authentication on wp.org for plugin developer accounts (as far as I can tell), means it’s a risk to have that account compromised and malicious code pushed out to the 10k+ active users. I feel a bit safer with more eyes on the code in GitHub (about 700 stars on WP2Static and growing number of Static HTML Output).
Please let me know any concerns you may have with the delisting else, don’t worry about it and you can still download from the GitHub links or by visiting https://wp2static.com/download/
Cheers,
Leon