A New Chapter in WordPress Plugin Distribution: The Not WP Repository

A WordPress developer worked on creating an open WordPress repository during a marathon coding session.

The WordPress ecosystem is evolving, and this week brings exciting news from Vancouver-based developer Duane Storey. Remember Duane? He's the mind behind one of WordPress's #1 plugins (later acquired by a Canadian investment firm) and has now launched an alternative WordPress repository at notwp.org.

Why This Matters

The WordPress.org repository has been the de facto standard for plugin distribution for years. But what if developers want options? What if they need more control over their distribution channels? This is where Storey's new project comes in.

Inside the Not WP Repository

The repository consists of three main components:

Juniper/Author: A management plugin that automatically detects and submits Github-hosted plugins to the repository. It's particularly noteworthy for its security features - including cryptographic signing of releases to prevent supply-chain attacks (something that could have prevented issues like the recent Advanced Custom Fields incident).

Juniper/Server: The backbone of the repository, generating static HTML files every ten minutes. It includes SHA256 hash verification for plugin downloads - a practical security measure that lets users verify their downloads haven't been tampered with.

For more technical details please read the in-detail post Duane Storey wrote in his blog.

Decentralization by Design

Perhaps the most intriguing aspect is the built-in mirroring support. Using a simple configuration file, anyone can set up a mirror of the repository. This means hosts like WP Engine could potentially run their own mirrors, and organizations could even set up private internal repositories.

As Storey puts it: "I'm not trying to consolidate power - I'm trying to distribute it." If notwp.org were to disappear tomorrow, any mirror could take over with minimal disruption.

Looking Ahead

The project's roadmap includes:

- Automating Github information updates

- Completing the code signing implementation

- Expanding Github data integration

- Building out author pages

- Creating a site-wide "Sponsor" page to highlight plugins seeking financial backing

Supporting Plugin Developers

A key focus of this initiative is creating more funding opportunities for plugin developers. The repository integrates with Github Sponsors, making it easier for users and corporations to support the developers whose work they rely on.

This aligns well with recent community movements, including the launch of the WP Community Collective, a non-profit focused on transparent budgeting in the WordPress ecosystem.

Editor's Note

This development comes at an interesting time for WordPress. With discussions about future infrastructure planned for early 2025 (potentially hosted by Joost), Storey's proof-of-concept demonstrates what's possible when we think beyond traditional boundaries.

Whether you're a plugin developer looking for alternative distribution channels or a WordPress enthusiast interested in the ecosystem's evolution, the Not WP Repository is worth watching. You can explore it at notwp.org, and if you're interested in supporting its development, look for the sponsor button on the main Juniper/Author page.

Sponsor Juniper/Author

---

WPMore Team

WPMore is your weekly dive into the WordPress ecosystem. Have thoughts about the Not WP Repository? Drop us a line - we'd love to hear from you.

Comments

[Manolo]

I think that someone in EU check about the WP situation, there is a good change they make a law to end the WPOrg monopoly in the backend making mandatory the choice of plugin depository. They were able to force Apple with its store, they could do it with Wordpress.