By Note: A WordPress team member replied to the Reddit thread embedded below and stated that this isn’t a ban, but something the review team is now checking for. They also stated that there are numerous undocumented things that will keep a plugin from being approved and that these change frequently. This prompted us to try and keep track of some of them here to help plugin developers and webmasters.
WordPress appears to have rolled out another silent ban on things a plugin developer can add to their WordPress plugins. In the summer we found out that WordPress banned using “WP” at the start of a plugin name, now a developer has discovered that WordPress’ plugin review team has closed the gate on plugins that allow users to add their own custom Javascript, PHP, and CSS.
The issue was uncoverd by Reddit user /u/StrategicPlugins in a post made on December 14th.
In the post the user explains that they tried to find this in the Plugin Developer Handbook and that it was not included in there. This appears to be a growing trend with WordPress plugins being rejected for things developers were previously unaware of and that the WordPress team is not documenting or actively determining to not document.
/u/StrategicPlugins writes:
A little frustrated because I learned today that the WordPress plugin directory is no longer accepting new plugins that allow users to execute their own Javascript code. This also applies to PHP code as well. Posting this here because as far as I can tell this isn’t called out in their plugin directory documentation anywhere, and there are plenty of plugins already in the directory that allow this type of functionality.
I had as a part of my plugin the ability to allow a user to insert some Javascript if certain conditions were met, which I will now have to remove since they won’t accept the plugin now due to these new rules. Posting this here so hopefully someone doesn’t make the same mistake I did by trying to submit a plugin that lets users put in their own Javascript.
and
They recommend that if you are letting a user add something like a tracking script, rather than pasting the tracking script directly, the user should paste their tracking id and then the plugin embeds the hard coded script with the ID replaced.
Re-reading the email they sent me, looks like they also will not allow any plugins that let users insert custom CSS, as the WordPress customizer can already handle this. It seems if stock WordPress can handle it, they’re not letting it in anymore with a plugin.
It looks like this only affects new submissions and not items already approved in their directory.
If you were making a free plugin for the repo and wanted to give users the ability to add any custom Javascript, CSS, or PHP you now won’t be able to. Instead you can either make it a private / premium plugin or only allow users to add input to build a custom code such as adding a tracking id to generate the full tracking javascript code.
If your website depends on a free plugin that allows such customizations you might want to consider integrating the code into your theme itself or having a private version of the plugin built.