Essentially malware

Normally I am diligent and update my plugins promptly and this is what I advise all my clients to do as well.

But this update for WP User Avatar made me pause as there was a colossal jump in version numbers, for such a lightweight plugin. So I checked out the revision update and discovered that it was not an update but an upgrade, or switch in offering. Where it now wanted to add pages and interact with the site login process. So the simple purpose of the plugin was basically replaced and turned into another plugin with different upscaled functionality, calling itself ProfilePress.

This makes trusting updates difficult. The message is to update as soon as you can to keep your site safe. So now do I have to review ALL my client’s plugin updates for them manually, in case the updates are actually bogus? I want to trust that the updates are genuine. I used to believe. Not any more.

Funny thing is, I was looking for a membership solution for WordPress, and ProfilePress may have fitted the bill. But software and the developers ethics/conduct have to be taken into account together…. so my search continues.