Version 1.0 of the WPGraphQL plugin is now available in the official plugins directory on WordPress.org. This is the first stable version recommended for use in production, landing nearly four years from when the project started in November 2016.
In an effort to keep WPGraphQL in line with WordPress’ commitment to preserving backwards compatibility, Jason Bahl, the creator and maintainer, held it off from a 1.0 release until he could minimize the potential for breaking changes.
“WPGraphQL turning 1.0 isn’t a statement that there will never be breaking changes, instead it’s a statement of stability and long term support,” Bahl said.
WPGraphQL has already had quite a bit of real world usage ahead of its first stable release. The plugin is in use on high profile sites like QZ.com, DenverPost.com, and ApolloGraphQL.com. Installs of WPGraphQL grew from 50,000 in June 2020, to 71,573 installs in November 2020, according to Packagist.org. Having the plugin available on WordPress.org will make it easier for users to install it and keep it updated.
“One of the big reasons I didn’t want WPGraphQL on the .org repo was that the nature of it being an API could expose sites to potential security vulnerabilities,” Bahl said. “As we worked on stabilizing the plugin I wanted it to be a pretty conscious decision to add a GraphQL API to your WordPress site. Leaving the plugin on Github meant that the audience finding it and installing it was a more technical audience and could do at least some of the technical vetting to make sure it made sense for their project.”
In September, Gatsby, the company that sponsors Bahl’s time on WPGraphQL’s development and maintenance, hired Pen Test Partners to perform an audit of the plugin and has resolved all the issues they discovered. The full report and resolutions will be published to the project’s website soon.
“Now that the plugin is stable and secure, we’re happy to have it on the WordPress.org repo where users will be able to find it by searching for plugins in the repo and take advantage of some new features of WordPress such as auto-updates,” Bahl said.
The 1.0 release does not contain any technical changes – it simply bumps the version number. The project has been publishing pre-1.0 releases leading up to this, logging 33 releases in the past 12 months. Bahl said the biggest difference between 1.0 and pre-1.0 is the new WPGraphQL.com website. Previously, the project’s documentation was hosted on a subdomain but it is now been rolled into the main site.
“Previously, WPGraphQL.com was a traditional WordPress site with the front-end using the classic WordPress theme layer,” Bahl said. “The new site is built with WordPress as the CMS, Gutenberg as the content editor, Gatsby as the front-end, and WPGraphQL as the layer that allows Gatsby and WordPress to communicate with each other. We’re dogfooding our own technology.”
The project has also added close to 300 pages of new documentation. It includes
This article was written by Sarah Gooding and originally published on WordPress Tavern.