WordPress Adds AI Plugin Reviews, Slowing Auto-Updates by 24 Hours

In April, remote attackers managed to gain access to more than 20,000 WordPress sites. The breach was traced to malicious code that was hidden inside 31 plugins.

Earlier that month, a premium plugin with more than 800,000 active installs made it six hours into auto-updating before anyone noticed it was compromised. Every site that updated during that window got a malicious toolkit anyway.

Maybe that’s why, on June 5, Matt Mullenweg announced “Protect the Shire,” a security protocol that puts every plugin release on a temporary 24-hour hold before it goes out through auto-updates. More specifically, the system relies on an AI-assisted plugin reviewer called Gandalf.

Since nearly half of high-impact WordPress vulnerabilities get exploited within 24 hours of disclosure, it’s a good idea to have the grand wizard stand watch at the gate.

Gandalf only works within the WordPress.org repository, so this will directly affect managed WordPress hosts like WP Engine, Kinsta, SiteGround, Hostinger, and any self-hosted WordPress sites. The delay doesn’t actually require hosts to do anything on their end…but it does mean they should let customers know that updates won’t reach sites as quickly as they’re used to anymore.

There’s a slight irony to the whole thing: WordPress is turning to AI to review plugins at the same time AI is making it easier than ever to create them.

One in four AI code samples contains a confirmed security vulnerability. And since AI vibe coding made writing plugins cheap (and weaponizing them just as cheaply), weekly submissions to WordPress grew from around 150 per week in 2024 to 500 in 2026.

“Our plugin review team seems superhuman, but still needs to sleep. But bots don’t, and a depth of review that seemed unimaginable before is now a matter of time and tokens,” Mullenweg wrote in the official post.

So, the team turned to Gandalf.

Though temporary, WordPress is keeping the 24-hour waiting period in place indefinitely. Mullenweg said Gandalf could eventually reduce reviewing from a full day to minutes, but also noted the project will “err on the side of caution” as AI technology continues to evolve.

“The security capabilities of AI are going to make the world weird and take a lot of our focus in the next few months, but there’s a light at the end of the tunnel,” Mullenweg wrote.

Does AI Reviewing AI Actually Work?

Sort of. All we can do is look at the research. Code quality review platform DeepSource found the best AI code review tools are hitting around 80-84% detection rates. So Gandalf — or any AI reviewer — is probably catching most vulnerabilities.

And because WordPress hasn’t shared many details about how Gandalf works, we don’t really know what it’s actually trained to detect. Not jumping to conclusions just yet, but it could be problematic since benchmarks show that AI-generated code often contains flaws that traditional code reviews are likely to miss, according to cybersecurity experts at ProjectDiscovery.

AI reviewing AI is certainly better than no review at all. But the ceiling remains well below 100%, and attackers are adapting to the same tools defenders are using.