WordPress.org plugin submission is a two-stage game (and nobody tells you this)

I just submitted my first WordPress plugin to WordPress.org. The whole process is... weird. Here's what I wish someone told me upfront.

Stage 1: Upload (instant feedback)

You upload your ZIP file and get instant automated checks:

• Plugin name can't contain "WordPress"
• Text Domain must match your slug exactly
• No more than 5 tags
• Basic file structure checks

If anything fails, you fix it and re-upload. This part is fine.

Stage 2: The hidden checks (log in required)

Here's the catch: the real Plugin Check scan doesn't run until you log in.

After uploading, there's a button: "Check with Plugin Check".

You click it, log into your WordPress.org account, and suddenly you see 20 more errors:

• SQL injection warnings (even with $wpdb->prepare())
• Missing sanitization callbacks
• Direct database queries without caching
• Deprecated functions
• Security issues

These checks don't appear during upload. You only see them after logging in.

Why this matters

Your position in the review queue depends on how fast you fix these.

The WordPress Plugin Review Team confirmed: when you upload an updated version during review, you DON'T go back to the end of the queue. You stay with your assigned reviewer and get prioritized.

So the faster you:

1. Log in
2. Run Plugin Check
3. Fix all errors
4. Re-upload

...the faster your review completes.

My timeline

• Upload v1.0.0: Looked clean at first
• Logged in to Plugin Check: 15 new errors appeared
• Fixed & uploaded v1.0.2: 8 errors left
• Fixed & uploaded v1.0.3: 3 errors left
• Fixed & uploaded v1.0.4: Clean scan ✅

Total time: 1 day of iterations. Now waiting for human review (~2-3 weeks).

If I'd waited for a reviewer to tell me about these errors? Would've added weeks to the process.

The lesson

Don't just upload and wait.

1. Upload your plugin
2. Immediately log in and click "Check with Plugin Check"
3. Fix everything it finds
4. Re-upload

The automated scanner is brutal, but it's also your friend. It catches issues before a human reviewer has to.

Tools that help

• Plugin Check plugin (official): Install locally and test before uploading - https://wordpress.org/plugins/plugin-check/
• PHPCS with WordPress Coding Standards: Catches most issues in your IDE

Bottom line

WordPress.org plugin submission has two stages. Most people only know about stage 1 (upload). Stage 2 (log in to see full check) is where the real work happens.

Run it early. Fix it fast. Get approved faster.

That's it. Good luck! 🚀