Update number of letter for prefix to 4

[davidperezgar]

Best practices show that 3 letters are the minimum to make prefixes for functions and variables, but in the Plugin Review Team, We're using a minimum of 4.

We ask developers to use these minimum letters and this is our argument:

Don't try to use two (2) or three (3) letter prefixes anymore. We host nearly 100-thousand plugins on WordPress.org alone. There are tens of thousands more outside our servers. Believe us, you’re going to run into conflicts.

So, let's update our documentation.

[jrfnl]

Best practices show that 3 letters are the minimum to make prefixes for functions and variables, but in the Plugin Review Team, We're using a minimum of 4.

We ask developers to use these minimum letters and this is our argument:

Don't try to use two (2) or three (3) letter prefixes anymore. We host nearly 100-thousand plugins on WordPress.org alone. There are tens of thousands more outside our servers. Believe us, you’re going to run into conflicts.

I'm not sure I understand the reasoning for this change, or rather, it feels like the reasoning is using false logic.

While I agree that having a longer prefix is a good thing™ as a recommendation, I don't understand why a four character prefix should be required.

Yes, the plugin directory has 100.000+ plugins, but no single WordPress install will have all those plugins installed (and if they do, they have a whole different world of problems).

On average a single WordPress install will have anywhere between a dozen to a few dozen plugins installed and the chances of running into a conflict between say 50 plugins, which all use a three character prefix, are slim as that already offers > 35.000 [^1] different combinations in ascii alone.

[^1]: 27 [a-z] x 37 [a-z0-9] x 37 [a-z0-9] = 36.963 possible combinations and that's doesn't even take into account that PHP allows an even wider range of characters, including emojis and unicode characters - `^[a-zA-Z\x80-\xff][a-zA-Z0-9_\x80-\xff]*$`.

[frantorres]

Even if there are so many plugins and indeed websites do not have so many plugins installed, during reviews we see cases where there are terms (related with WordPress or natural language) that tend to cluster.

For example

• WP+(one letter) (which is why we no longer allow starting a prefix with wp either, which will be a good change as well).
• Natural language: Like seo_ or sso_

Note: Those links can have false positives as some functions can be inside of classes or other structures. But just as a reference.

We also have in mind options names, that can modify the statistics, since being persistent, it is not necessary for a plugin to be installed and active to cause an issue, only that it has ever been in that installation.

So this is a bit tricky cause although there are many combinations available and a wide range of configurations, that clustering effect in practice make that a person testing various plugins of the same kind could end with a fatal error or weird effects because of lack of prefixing variety in that code.

We are also taking into account overly common prefixes, and compiling a list to prevent developers from using them (like `set,get,add`, etc), but that's a whole different topic._

[jrfnl]

Even if there are so many plugins and indeed websites do not have so many plugins installed, during reviews we see cases where there are terms (related with WordPress or natural language) that tend to cluster.

Longer prefixes won't solve that, with four character ones you'll get the same. Think: html, jpeg etc.

Only a "prefix registry" requiring unique prefixes of some kind could solve that, but that's an impossibility as there is no central repository for all plugins, including the proprietary ones and there never will be.

So this is a bit tricky cause although there are many combinations available and a wide range of configurations, that clustering effect in practice make that a person testing various plugins of the same kind could end with a fatal error or weird effects because of lack of prefixing variety in that code.

IMO the rules should be based on regular use, not on edge case dev use.

We also have in mind options names, that can modify the statistics, since being persistent, it is not necessary for a plugin to be installed and active to cause an issue, only that it has ever been in that installation.

In WPCS there's already an issue open to check for more constructs which should use prefixes. See: https://github.com/WordPress/WordPress-Coding-Standards/issues/929

So, I very much agree with recommending longer prefixes, but have not seen any argument yet which justifies requiring longer prefixes.

[frantorres]

Longer prefixes won't solve that, with four character ones you'll get the same. Think: html, jpeg etc.

That's right, longer prefixes won't solve this at all, they'll just postpone it.

This is just what they did when they asked for 3 letters, it wasn't a permanent solution then, and after all this time with developers clustering prefixes with at least 3 letters, at some point we have to consider increasing the number of letters. It won't be a permanent solution, but it will probably be a solution for a few years until someone reopens this issue to ask for another letter.

There are no definitive solutions that I can think of (well maybe a md5, but we want to make things easy), we are just patching it up an already imperfect but practical system as long as we don't have a definitive system.

[chriscct7]

I think it should be clarified, this isn't a proposed change to the guidelines, as the Plugins team is already using 4 characters as the requirement, it's simply updating one of the pages on .org where this wasn't updated properly.

In addition to the 4 letter prefix, there is a restriction on the prefix that they are not permitted to use common english words as the prefix.

In terms of proposed changes to the rule, which is not what this issue is for, there has been further discussion about potentially moving this to 5 in length and disallowing wp as the beginning or ending 2 characters of the prefix, in addition to the disallow rule.

[davidperezgar]

We have discussed in the Plugin Review Team Meeting, and we all agreed to make 4 prefix letters. So I think we should do it. And we should have the same criteria all over.