Static WordPress Community

Removal of WP2Static from wordpress.org

Just to avoid alarm - this was actioned by me. Something I’d hoped to do a lot earlier and in a much smoother manner, but I see this has thrown some alerts to users via some WordPress security plugins because it was delisted from wp.org.

Backstory:

There are some great benefits to being listed on wp.org plugin repository:

  • discoverability
  • ease of installation / updates
  • looking legit
  • some page authority in search engines

And, a few downsides:

  • no built-in way to contact users to alert about important updates
  • another support channel unable to disable (wp.org support)
  • users using Reviews section to file issues
  • SVN / cumbersome release process (ie, must lint PHP 7.3 plugin for 7.2 compatibility or won’t commit)

Another aspect is that it was almost too easy for people to install WP2Static/Static HTML Output when in the wp.org repository. This lead to quite a few people installing it on their live production servers and expecting some magic performance improvement, which is not the way it’s intended to be used.

There’s also a minor aspect of my idealism regarding WordPress. Though I love the community around it and have enjoyed attending and speaking at a few WordCamps, I’m less enthused by the industry and commercial side of WordPress. In promoting a plugin which “solves some of WordPress’ major problems”, I’d rather not be stepping on eggshells about what I can say about some of the larger sponsors of WordPress. I would like to quickly shout out to Mika and Otto from the WP plugins team, who have always been quick to respond for so many years and along with the other members of the wp.org team do an excellent job.

Well, I’m not a big fan of GitHub/Microsoft either, but in terms of keeping open source collaboration as inclusive as possible, it makes sense to keep it there for now. I did try to self-host my own git and move away from it earlier in the year, but it was not done well enough to justify.

Security-wise, there’s little security benefit to being hosted on wp.org - after initial plugin submission, nobody is manually reviewing the code quality on any subsequent releases I push. Add to that no two-factor authentication on wp.org for plugin developer accounts (as far as I can tell), means it’s a risk to have that account compromised and malicious code pushed out to the 10k+ active users. I feel a bit safer with more eyes on the code in GitHub (about 700 stars on WP2Static and growing number of Static HTML Output).

Please let me know any concerns you may have with the delisting else, don’t worry about it and you can still download from the GitHub links or by visiting https://wp2static.com/download/

Cheers,

Leon

2 Likes

Possible option

https://plugins.trac.wordpress.org/browser/cookie-law-info/trunk/cookie-law-info.php#L80

image

1 Like

You did a fantastic job with your project. I’d really like to see you continue, with as little loss of exposure as possible. On the flip side, I have to say: You don’t seem to belong in the Etsy/E-Bay/Shopify melange that WP.org plugins has become.

I understand–as much as I can without being you–the frustrations of being a round peg in the square, commoditized WordPress ecosystem. I feel the same “ungrateful cad” cringe at saying anything but high praise about WordPress. I guess I am a cad: When I search WP’s catalog for a plugin by its unique name, I couldn’t stand the “curated” results that buried the one I sought. I took to wpackagist.org. No pictures, and all your plugins and PHP components in one file.

I shared your distaste/distrust for Microsoft glomming onto Github for instant open source legitimacy. I prepared for Github to disappear inside the Windows/Azure/Visual Studio vortex. Microsoft did pump gallons of Github mojo into Azure DevOps Repos. Then MS removed its fangs, restored old policies and let Github be Github. At least enough so to keep me from jumping ship.

Bottom line: I wish you every success, whatever that means for you. Enjoy the upcoming holidays. And if you can hear this not as a cliche’, robust heath to you and yours.

1 Like

Thanks for the tip, @gulshan! I hope to look at updates once I’ve got quality/stability where I’m happy. No doubt, you’ll have advanced your new plugins a bunch by then and I can copy from you :wink:

@tyager sorry, I didn’t see this until now! Many thanks for the empathetic shoulder/ear! I’m developing more self-confidence/justification to publicize the projects more this year (planned first Lokl tutorial video will help show the SSG benefits, too. Accepting the current healthy tension of wanting next release of it to be quality vs wanting to ship it ASAP.

Re wpackagist - have you by chance tried using WP2Static via regular Packagist? I added that in December and it should keep parity with master branch of repo or stable release tags.

I think WPackagist auto-removed WP2Static once I’d started using Composer within the repo, but now, with it published on Packagist, it’ll hopefully make that workflow easier.

I feel somewhat more swept along in GitHub today, using GH Actions and even this forum maybe moving into their Discussions to save me a few precious pennies (~US$300/year). Also, for Lokl, moving away from Docker Hub to GitHub’s Packages… eww! My extra butt-hurt gripe being, pre-Microsoft days, I’d spent about 7 hrs video interviewing for a technical support position with GitHub while I was living in NZ and led to believe I was about to be flown to US for final interview/induction. My suspicion is that they were waiting for a more PC-friendly identity applicant :man_shrugging: Anyway, keeping things there for ease of contributions and little discoverability for now, but eager to vote with my feet when it makes sense.

Health is on the improvement in last few weeks, thanks!

I wish all the best to you, too!