When WordPress plugins become abandoned

When a once-popular WordPress plugin becomes abandoned or is removed from the official repository, it spells bad news for everyone involved.

The exact reasons for this occurrence aren’t always clear, but one of the most common causes is when the developer simply moves on from the WordPress ecosystem. This results in a developer who has shifted their focus and no longer has the time or motivation to maintain their plugins. While this is entirely understandable, it remains a disappointing reality within the WordPress plugin ecosystem.

Another significant reason for plugins being left behind is in the context of free plugins. I, for one, have a few plugins in the WordPress repository, but ultimately I don’t receive anything in return for supporting and maintaining them (unless you count community kudos). Instead, because my time is finite and spread thin, it makes better business sense for me to channel my energy into the development and maintenance of my premium products, and providing support to the users who have invested in them.

Fortunately, these plugins require minimal maintenance, and I’m more than willing to continue taking care of them. However, should they ever demand a significant portion of my time I’d have to reassess the situation.

So, when a plugin becomes abandoned or unsupported, what are the available options? Website owners are left with a couple of unenviable choices: they can either continue using the plugin and hope it remains compatible and secure in the long term, or they can seek out an alternative which may or may not be casually integrated into their website. There is a third option, which I’ll explore further in this post, but it may not be accessible to everyone.

Through coincidence, bad luck or both, I have found myself in this situation more times than I would like. One particular plugin (which I won’t name) is vital for the operation of Rocket Apps. Over the years, I, along with others have submitted numerous support requests that have gone largely unanswered. To be clear, this is not a complaint, but rather an observation. I understand too well that when a developer offers a plugin for free, there is no obligation for them to continue maintaining it. In the case of a paid plugin, the expectation is of course quite the opposite.

I now face the same choices as those mentioned earlier. However, as I make a living coding for WordPress, I have taken it upon myself to fork the plugin in question, address the issues, and modify it to better suit my specific business requirements. Of course the downside of this approach is that I am now personally responsible for the ongoing development and maintenance of this version of the plugin. Whether that’s a good or bad thing depends on your perspective, but given the lack of assistance for the original plugin, my hand was somewhat forced.

The most recent incident occurred last week and pertained to ‘Delete Me,’ a plugin that enables users to delete their own accounts. It all began with an email from my host, WP Engine, explaining that the plugin had a security vulnerability and that “there does not appear to be a fix for this update at the moment, and we recommend updating when one becomes available”.

I visited the WordPress plugin page to check for updates and was met with a message stating, “This plugin has been closed as of October 23, 2023, and is not available for download. This closure is temporary, pending a full review”. Speculation within the support threads suggests that the plugin may have been abandoned, which is a fair assessment given that the plugin author has not responded to any inquiries in nearly a year and a half.

With no indication of when the plugin might be patched and re-released, I felt it was too risky to continue using it and decided to take matters into my own hands.

Instead of fixing and reworking the ‘Delete Me’ plugin, I chose to build a new plugin (Delete My Account Pro) from the ground up with the same primary function while also adding some ‘quality-of-life’ features that I felt were missing.

I realise this is an option available primarily to plugin developers, but if you find yourself in a desperate situation you could consider outsourcing the task especially if security is of concern (and it should be).