Everything submitted at https://ww.wp.xz.cn/plugins/ goes through a very thorough vetting process: https://ww.wp.xz.cn/plugins/about/
We have an entire team devoted to this https://make.ww.wp.xz.cn/plugins/ a system for reporting guideline and security violations: https://make.ww.wp.xz.cn/plugins/2015/05/04/reporting-plugin-issues/
I can’t speak for commercial plugin stores like CodeCanyon, but I’d say that our vetting process is very thorough. The amount of plugins blocked from entry is no trivial number. 🙂
For finding a plugin, there are few things I personally do:
1. Start off by searching at https://ww.wp.xz.cn/plugins/ If you can find it for free, and it works great for you, there’s no reason to go for a paid plugin.
2. Compatibility! Using https://ww.wp.xz.cn/plugins/limit-login-attempts/ as an example, you’ll see it says “Compatible up to: [WordPress] 3.3.2”, *but* scroll down to the bottom of that sidebar where you’ll see the lovely “Compatibility” poll, where 3 people have voted that it still works in WordPress 4.4.1 vs. 0 who have voted it’s broken. This Compatibility poll is a life-saver. Just because a plugin has been abandoned doesn’t mean it won’t work.
3. Reviews! Most people go straight for the 5-star reviews, those are a waste of time. Go directly to the 1 and 2 star reviews. You’ll want to look for 3 things here. First, “Are other people reporting this problem?” Second, “Does this sound like a reasonable problem that I can live with?” Finally, how the developer responds to negative reviews is far more important than any 5-star review. Are they helpful, do they use the feedback to consider improvements, or do they immediately start by attacking the reviewer? Using Jetpack as an example, this is what I mean by helpful: https://ww.wp.xz.cn/support/topic/useless-129 and https://ww.wp.xz.cn/support/topic/slowed-website (and many more under the 1-star reviews for that plugin).
4. Support! In the plugin’s listing, you’ll also find a Support tab. How well is the plugin supported? If there are threads with no reply going back for month, and there’s no yellow-highlighted thread at the top directing users elsewhere for support, you know that you’ll have no help if you run into a problem. I’ll go back to Jetpack again for an example: https://ww.wp.xz.cn/support/plugin/jetpack They have *both* a thread directing users to their preferred support system *and* an active developer supporting the people who still post there.
5. Stats! I don’t usually rely on this on, but it’s still helpful. In the top of the sidebar in the plugin’s listings, you’ll see “Active Installs,” this is very different from the Downloads stat in the Stats tab, this is how many people actually *use* the plugin, and it’s a good indicator of how well-received the plugin actually is. Using https://ww.wp.xz.cn/plugins/jetpack/ as an example again, it has 639 total 5/4/3 star reviews, yet over 1 million active installations, so they must be doing something right. 😉
I hesitate to make high active installs a requirement though in my choices, because you could find an *amazing* plugin released last week with only 5 active installations.
Hope this helps!
