Submitting an extension to the Joomla! Extension Directory™ (JED) remains one of the most effective ways for developers to reach the wider Joomla community. As of 2026, the directory continues to grow, hosting thousands of extensions across every category imaginable. The submission process has matured alongside Joomla itself — with Joomla 5 now the current stable release and Joomla 4 still widely deployed — meaning the bar for quality, security, and compatibility is higher than ever. This guide walks you through the full process, from registration to post-submission promotion, drawing on direct experience submitting the Automatic Meta Description plugin.
TL:DR – Submitting to the JED means registering on the platform, running JED Checker (now at v2.4.2 and fully Joomla 4/5/6 compatible) against your package, completing the submission form carefully, and waiting for the review team to approve your listing. You can find the plugin in the JED by searching for Automatic Meta Description (Joomla Extensions Directory), and the source code is on GitHub at Autometa (GitHub).
Contents
What's changed in 2026
If you last looked at the JED submission process a couple of years ago, a few things are worth noting before you dive in.
- JED Checker is now at v2.4.2, maintained directly by Joomla / Open Source Matters rather than the original third-party developer. It is the de facto standard pre-submission tool. Download it from the JED itself before you do anything else.
- Update servers are now mandatory. The JED Checker rule US1 will flag any extension that lacks a properly configured update server in its XML manifest. This is no longer advisory — it is a hard requirement. If you haven't set up an update server yet, do that before starting your submission.
- Joomla 6 compatibility is increasingly expected. Reviewers and users alike will notice if your manifest doesn't declare Joomla 6 support. Test on both Joomla 5 and Joomla 6 where possible.
- Local scanning is now supported in JED Checker via a
tmp/jed_checker/local.txtfile, making it easier to scan extensions before packaging them.
Building and publishing the extension first
Before you think about the JED, you need a production-ready extension. The starting point for submitting the Automatic Meta Description plugin was building it to solve a real problem — automating meta description generation on a live Joomla site. If you're at an earlier stage, it's worth reviewing the process of creating a Joomla plugin and component with a little help from AI and then automating publication of a Joomla plugin using an update server — both are prerequisites for a credible JED submission.
The JED is not a place for beta software. Test your extension on multiple Joomla installations across different configurations before you consider submitting. Even a small, focused plugin can cause unexpected behaviour on sites with unusual setups. Only submit when you're confident it does exactly what it claims to do.
The registration process
To submit an extension, you first need an account on the JED. Navigate to the JED website and register if you haven't already. The process is straightforward: provide your name, email address, and organisation details, then verify your email. Once verified, you can log in and access the submission tools.
Keep your profile details accurate and professional. The JED team and users will see your publisher information alongside your listing, so it's worth treating it as a public-facing developer profile rather than a throwaway form.
Preparing for submission: run JED Checker first
Before touching the submission form, install and run JED Checker v2.4.2 against your extension package. This is the single most important preparation step. JED Checker replicates the automated checks the JED team will run during review, so catching issues now saves you from a rejection and a resubmission cycle.
The checks cover a comprehensive range of requirements:
- PH1 — PHP headers missing GPL licence notice
- PH2 — PHP files missing JEXEC security statement
- PH3 — Licence tag missing or incorrect in XML manifest
- US1 — Update server missing or incorrectly configured in XML
- Base64 or other obfuscation encoding in files
- Use of
error_reporting(0) - Deprecated or unsafe Joomla Framework calls
- JAMSS — Joomla Anti-Malware Scan Script
- XML manifest validation and file reference checks
- Language file validation
Work through every flag until the checker is satisfied. Pay particular attention to US1 — if your update server URL is missing or returns an error, fix that infrastructure before proceeding. One important practical note: if JED Checker identifies that your extension's install name needs to change, you'll have to raise a separate support ticket after completing the submission form. Getting the name right before you start is much less painful.
JED Checker Results Example
The install name of your extension must match your listing name on JED. We scan the xml files and find the value of the name tag. Useful information for the "filename and install as" fields in the JED submission form.
The name tag in this file is: Content - Automatic Meta Description
Version tag has the value: 1.1.28
The creationDate tag has the value: 14 March 2025
An install file should include the licence information in a licence tag. The licence must be GPL or GPL-compatible.
Validation of extension's XML manifest file.
Check for incorrect files and folder references in the XML manifest.
The use of Update Servers is now required by JED — this is a mandatory check, not advisory.
The Update Server link in this XML file is: https://www.multizone.co.uk/updates/autometa.xml
A notice is required on each PHP file stating that the file is licensed GPL (or another compatible accepted licence). For more information, please see the JED checklist.
GPL license was found
@license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
PHP Files missing JEXEC security
All PHP files in your extension must include a defined('_JEXEC') or die(); statement at the top of each file. This prevents files from being accessed directly outside of a Joomla installation.
Joomla Framework deprecated and unsafe
Warns about superglobals, commonly used but deprecated functions, and highly unsafe functions. Find more info on Joomla! 4 backward compatibility.
Use of error_reporting(0) is discouraged. Joomla provides its own error reporting controls in Global Configuration.
Base64 and similar functions have legitimate uses, but if they're used to obfuscate code or mask backlinks, your submission will be rejected. A reviewer will examine any flagged usage. The rule of thumb: don't obfuscate your code.
JAMSS checks for potentially dangerous methods and known attack signatures. Output is verbose and detailed — hover over flagged lines for full context. Find out more on the JAMSS project homepage.
