Wp Plugin Directory Guidelines
Audit a WordPress plugin against all 18 WordPress.org Plugin Directory rules before you submit or after a rejection.
Overview
wp-plugin-directory-guidelines is an agent skill most often used in Ship (also Build integrations, Launch distribution) that reviews WordPress plugins against the 18 WordPress.org Plugin Directory guidelines.
Install
npx skills add https://github.com/wordpress/agent-skills --skill wp-plugin-directory-guidelinesWhat is this skill?
- Authoritative walkthrough of all 18 WordPress.org Plugin Directory guidelines
- GPL license compatibility checks for the plugin and bundled libraries
- Valid license header patterns and readme/header metadata checks
- Freemium, upsell, teaser UI, and trialware violation detection
- Plugin naming, trademark, and slug validation before submission
Adoption & trust: 615 installs on skills.sh; 1.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are ready to submit a WordPress plugin but are unsure whether GPL headers, bundled libraries, naming, or upsell UI will trigger a WordPress.org rejection.
Who is it for?
Indie developers preparing a first or updated WordPress.org plugin release who want directory-specific GPL and policy checks without guessing reviewer intent.
Skip if: Teams building private or commercial-only plugins with no WordPress.org intent, or anyone who only needs runtime security scanning without directory policy.
When should I use this skill?
Reviewing WordPress plugins for GPL compliance, license headers, naming/trademark/slug rules, upsell or trialware patterns, or explaining WordPress.org rejections—even if the user does not say 'guidelines'.
What do I get? / Deliverables
You get a guideline-aligned compliance review across licensing, naming, and restricted patterns so you can fix violations before submission or respond to a rejection with targeted changes.
- Guideline violation inventory
- GPL and header compliance notes
- Action list aligned to directory submission requirements
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Submission and directory policy sit in Ship—this is the compliance gate before a plugin is accepted for distribution on WordPress.org. Launch prep for the org marketplace maps to launch subphase: naming, GPL headers, upsell/trialware patterns, and slug rules are what reviewers enforce at publish time.
Where it fits
Verify bundled Composer libraries are GPL-compatible before you wire premium upsell flows into the main plugin.
Cross-check license headers and restricted external license checks against directory security expectations ahead of review.
Run a full 18-guideline pass immediately before uploading a new version to the WordPress.org SVN.
Interpret a rejection email and map each cited issue to the matching guideline section for a fast resubmit.
How it compares
Use for WordPress.org policy compliance—not as a substitute for general PHP security audits or automated dependency CVE scanners.
Common Questions / FAQ
Who is wp-plugin-directory-guidelines for?
Solo and small-team WordPress plugin authors who distribute or plan to distribute on WordPress.org and need authoritative answers on what the 18 guidelines allow.
When should I use wp-plugin-directory-guidelines?
During Build while shaping integrations and bundled libraries, in Ship before your org submission, and at Launch when fixing a rejection or validating freemium/teaser UI—any time GPL, naming, or trialware questions come up.
Is wp-plugin-directory-guidelines safe to install?
It guides review of code you already have locally; check the Security Audits panel on this Prism page for install risk signals before adding the skill to your agent.
SKILL.md
READMESKILL.md - Wp Plugin Directory Guidelines
## Overview Authoritative reference for the 18 WordPress.org Plugin Directory guidelines. Covers GPL licensing, plugin naming/trademark rules, trialware restrictions, and all other submission requirements. ## When to use Use this skill when you need to: - Review a WordPress plugin for compliance with the WordPress.org Plugin Directory guidelines - Check GPL license compatibility for a plugin or its bundled libraries - Verify license headers in plugin files - Identify common guideline violations before submission - Answer questions about what is or is not allowed on WordPress.org - Evaluate premium/upsell flows, license checks, or freemium positioning - Review "teaser" or "preview" UI for trialware violations ## Inputs required - Plugin source code (or specific files to review) - Optional: plugin readme and plugin header metadata for naming and license checks ## Procedure 1. Check the plugin's license header against the **Valid License Headers** section below. 2. Walk through the **18 Guidelines** checklist, paying special attention to Guidelines 1, 4, 5, 7, 8, and 17. 3. Confirm trialware/freemium compliance using the checklist in [guideline-review-checklist.md](references/guideline-review-checklist.md) (Guideline 5 section). 4. For bundled third-party code, verify license compatibility against **GPL-Compatible Licenses (Quick)** below. 5. Flag matches from **Common GPL Violations (Quick)** below. 6. For edge cases, consult the detailed references and the [GNU GPL FAQ](https://www.gnu.org/licenses/gpl-faq.html). ## 18-Guideline Review Checklist Use the detailed, per-guideline checklist in [guideline-review-checklist.md](references/guideline-review-checklist.md). Load this reference file only when a full guideline audit is requested. ## GPL Compliance (Guideline 1 in Detail) Use [gpl-compliance.md](references/gpl-compliance.md) for full license tables, compatibility nuances, and examples. Keep this inline section as a quick decision aid. ### Verification (Licensing) - Every licensing-related issue must cite **Guideline 1** and include the file path and exact license string. - Confirm compatibility claims against **GPL-Compatible Licenses (Quick)** and escalate ambiguous licenses. ### Failure modes (Licensing) - If a license is not clearly GPL-compatible, do not guess. Check the [GNU license list](https://www.gnu.org/licenses/license-list.html). - For dual-license packages, verify both licenses and redistribution terms. ### Quick Reference: WordPress GPL Requirements - WordPress is **GPLv2 or later**. - Plugins distributed on WordPress.org must be 100% GPL-compatible (code and assets). - Include a valid `License:` header and `License URI:` in the main plugin file. - Do not add restrictions that conflict with GPL freedoms. ### Valid License Headers ## GPL Versions Summary | Version | Year | Key Addition | |---------|------|--------------| | GPLv1 | 1989 | Base copyleft: share-alike for modifications | | GPLv2 | 1991 | "Liberty or death" clause (Section 7), clearer distribution terms | | GPLv3 | 2007 | Anti-tivoization, explicit patent grants, compatibility provisions | WordPress uses **GPLv2 or later**, meaning plugins can use GPLv2, GPLv3, or "GPLv2 or later". For full license texts, see: - [GNU General Public License v1](https://www.gnu.org/licenses/gpl-1.0.html) - [GNU General Public License v2](https://www.gnu.org/licenses/gpl-2.0.html) - [GNU General Public License v3](https://www.