Version 1.0 of the WPGraphQL plugin is now available in the official plugins directory on WordPress.org. This is the first stable version recommended for use in production, landing nearly four years from when the project started in November 2016.
In an effort to keep WPGraphQL in line with WordPress’ commitment to preserving backwards compatibility, Jason Bahl, the creator and maintainer, held it off from a 1.0 release until he could minimize the potential for breaking changes.
“WPGraphQL turning 1.0 isn’t a statement that there will never be breaking changes, instead it’s a statement of stability and long term support,” Bahl said.
WPGraphQL has already had quite a bit of real world usage ahead of its first stable release. The plugin is in use on high profile sites like QZ.com, DenverPost.com, and ApolloGraphQL.com. Installs of WPGraphQL grew from 50,000 in June 2020, to 71,573 installs in November 2020, according to Packagist.org. Having the plugin available on WordPress.org will make it easier for users to install it and keep it updated.
“One of the big reasons I didn’t want WPGraphQL on the .org repo was that the nature of it being an API could expose sites to potential security vulnerabilities,” Bahl said. “As we worked on stabilizing the plugin I wanted it to be a pretty conscious decision to add a GraphQL API to your WordPress site. Leaving the plugin on Github meant that the audience finding it and installing it was a more technical audience and could do at least some of the technical vetting to make sure it made sense for their project.”
In September, Gatsby, the company that sponsors Bahl’s time on WPGraphQL’s development and maintenance, hired Pen Test Partners to perform an audit of the plugin and has resolved all the issues they discovered. The full report