WP Plugin Insight

AI-Powered Quality & Compatibility Checker

WP Plugin Insight is an AI-assisted platform that analyzes WordPress plugins at the code level to provide objective insights into quality, compatibility, security, and long-term maintainability. Instead of relying on developer-declared metadata, it scans real plugin code to detect deprecated APIs, risky patterns, PHP and WordPress version requirements, internationalization readiness, external connections, and other hidden behaviors. The result is a clear, human-readable report backed by structured data and exposed through a developer-friendly API.

Beyond analysis, WP Plugin Insight powers an alternative, user-centric plugin discovery experience. Plugins can be searched and filtered by real technical criteria—such as PHP 8.3 compatibility, absence of deprecated APIs, or translation completeness—and ranked by composite quality signals rather than downloads alone. By combining static analysis with AI-enhanced search and recommendations, the project shifts plugin selection from marketing claims to verifiable, code-aware trust.

Target Audience

• Project Lead / Technical Coordinator
  Overall architecture, scope control, prioritization, and cross-team coordination.
• WordPress Core / Plugin Expert (PHP)
  Deep knowledge of WordPress internals, hooks, APIs, coding standards, and plugin ecosystem.
• Static Analysis Engineer
  Design and implement code scanning, pattern detection, deprecated API checks, and compatibility inference.
• AI / LLM Engineer
  AI-assisted insights, natural-language querying, plugin comparison, and recommendation logic.
• Backend API Engineer (PHP / Python / Node.js)
  REST API design, data models, authentication, and integration with analysis results.
• Search & Indexing Engineer (Elasticsearch)
  Plugin indexing, advanced filtering, ranking logic, and AI-enhanced search integration.
• Data Engineer
  Plugin ingestion pipelines, WordPress.org synchronization, storage, and report lifecycle management.
• Frontend Engineer (Vue or React)
  Plugin directory UI, reports visualization, filters, and search experience.
• DevOps / Platform Engineer
  Dockerization, Kubernetes deployment, CI/CD, monitoring, and scalability.
• Security & Quality Reviewer
  Validation of security heuristics, data handling, false-positive control, and trust signals.

Hackathon Goals

1. Deliver a working MVP of the plugin analysis engine that can scan a plugin codebase and detect basic quality, compatibility, and deprecated API usage.
2. Automatically infer minimum required PHP and WordPress versions from real code usage, and flag mismatches with plugin header metadata.
3. Generate a clear, human-readable analysis report (plus JSON output) with actionable recommendations.
4. Expose the analysis results through a minimal REST API that allows submitting a plugin and retrieving its report.
5. Demonstrate at least one AI-assisted capability, such as natural-language questions about plugin compatibility or quality.

Results

A team of seven built WP Plugin Insight in just 51 hours, a tool that analyzes WordPress plugins at the code level, not just their declared metadata.

The problem it tackles is well known in the WordPress ecosystem: plugins are chosen by download counts and star ratings, not by real technical criteria. WP Plugin Insight changes that by performing static code analysis and surfacing what the official directory doesn’t: actual PHP and WordPress version compatibility, deprecated function usage, i18n coverage, and outbound connection behavior. The kind of information that actually matters when you’re deciding whether a plugin belongs on a production site.

The Team

The project was co-led by Marko Heijnen and Javier Casares, who also brought an initial dataset of 62,000 plugin slugs to the table from prior work. Rounding out the team: Cyrille Coquard, Ralf Wiechers, Erik Torsner, Marko Feldmann, and Matthias Pfefferle. Seven people, complementary profiles, and enough trust between most of them from previous collaborations to hit the ground running.

What We Built

The architecture was distributed from day one: analysis engine, backend API, frontend, and AI layer, each lived in separate repositories and were developed in parallel. Every part moved forward independently, which is both the strength and the tension of this kind of build. Connecting the pieces was the real challenge, and one that only fully clicked around the halfway mark on Saturday.

From that point, it shifted from assembly to iteration: fixing edge cases, refining JSON output, and eliminating false positives. The moment the analysis engine started producing readable reports, showing real PHP compatibility data rather than what a plugin self-declares, was the turning point. The platform was real. Then it broke. Then it got fixed. That cycle is exactly what a working project looks like under pressure.

By the final hours, someone had just gotten the AI module producing meaningful output. The laptops that were closed opened again.

The Result

WP Plugin analyzes plugins against real code metrics: deprecated API usage, PHP compatibility across versions, WordPress API alignment, internationalization, and external connections. Not what the plugin says about itself, but what the code actually does.

The initial dataset covers the full WordPress plugin repository. The analysis pipeline runs automatically. The platform is live.

What’s next

This is where it gets interesting for the hosting ecosystem. WP Plugin Insight has clear integration potential: automated vetting pipelines before plugins are allowed on managed hosting environments, compatibility checks tied to PHP version upgrades, and risk scoring for plugin audits at scale. It can become a reference layer that the WordPress ecosystem has been missing: objective, code-based, and independent of the ratings game.

The technical foundation is solid enough to grow. The next step is deciding which direction to take it.

Project Links:

Website: https://www.plugininsight.com/
GitHub: github.com/wp-plugin-insights