Tired of the constant “security warnings” spam, in this anti-spam tool

Tired of the constant “security warnings” spam, in this anti-spam tool

This thing keeps providing intrusive, and false, “security warnings” about updating wordpress. There is no way to turn this off. This has nothing to do with the functionality of the plugin. It is simply advertising spam. Really unbelievable for an anti-spam tool, to engage in spamming behavior.

Hi Jeff,

I’m sorry to hear that you had a negative experience with the plugin. It would have been best to submit a support request first if you had an issue that you needed help with.

This thing keeps providing intrusive, and false, “security warnings” about updating wordpress.

The security warnings definitely are not false. In the plugin’s settings, and in the documentation, it says: “WP-SpamShield periodically checks the WPScan Vulnerability Database and alerts you if the version of WordPress installed on your site has any known security vulnerabilities and needs to be updated.”

The security alerts only happen if these three conditions are true:

1. The site is not updated to the current WordPress version.
2. The WPScan Vulnerability Database contains known exploits for that version of WordPress. (These usually don’t require a ton of skill for a hacker to execute.)
3. The site owner has not disabled the feature in the WP-SpamShield settings.

Feel free to investigate any one of those vulnerabilities with the link provided at the time. Each one is a real, legit exploit that could compromise a user’s site. Those are there to remind users that the version of WordPress being used has one or more legitimate security vulnerabilities.

As always, you have the freedom to ignore a warning, but please do not call them “false” as that simply is not true. “False” would mean that we are providing alerts about non-existent exploits, and that is simply not the case.

Regarding the visual format or method of warning, those are standard WordPress admin notices. We use the WordPress admin notice API (like other plugins, and everything else in WordPress) so the graphic format is not up to us.

There is no way to turn this off.

That’s definitely not accurate. There is an option on the WP-SpamShield settings page, “Disable Security Alerts.” There is a full explanation of the feature on the Configuration page, along with instruction for disabling.

This has nothing to do with the functionality of the plugin.

You may not realize it, by anti-spam and security are tightly integrated. Anti-spam is a subcategory of security. Many of the parties behind spam are also engaged in phishing and hacking activities.

It is simply advertising spam. Really unbelievable for an anti-spam tool, to engage in spamming behavior.

“Advertising spam” would imply that we make money off it or receive some kind of benefit from it. We don’t. It is there for one reason, and one reason only: to warn our plugin users of a legit security threat to their site. Just like any good person would warn a friend of impending danger.

The last two years have seen a sharp rise in cybersecurity incidents, and WordPress sites are no stranger to site hacks. People are always asking the question of how to stop this, and how to reduce the number of cyber-attacks. We’re just trying to do our small part to help, and to be part of the solution. I don’t think we deserve the level of frustration and anger expressed in your review. I would ask that you redirect that anger and frustration toward the criminals behind all these cyber-attacks.

All of the issues you raised her could have been resolved quickly either by reading the plugin documentation, or by submitting a support request.

It’s really not a nice thing to do in the open-source community to jump straight to a negative review without at least asking for help first. After all, some of us to spend a ton of our own time on this, simply trying to help people.

I would ask that you take a step back and honestly reconsider this review. (If you do change your mind, you can edit the review here.)

No one is asking for a 5-star review, just a fair one. And this, my friend, is definitely not a fair one.

Take care.

– Steven

– Wrong, there is no “Disable Security Alerts” setting.
– Wrong, what the plugin does is make the mistake confusing “Insecure WordPress version detected” with “WordPress … which has x known security vulnerabilities”. Just because a version has known security vulnerabilities does NOT mean that the version detected is in fact the actual version running (duh), or even that it is insecure in its particular configuration. False means false, not a particular kind of false. Here is the quote:

Insecure WordPress version detected. Your site is running WordPress version %1$s, which has %2$s known security vulnerabilities. You should upgrade WordPress as soon as an update is available. If no update is available yet, then it may be necessary to apply other threat mitigation solutions. More Information

– Wrong, SPAM is unsolicited commercial messages. By intrusively populating messages in the admin console, with your company/product name, and with links to company/product information, that is unsolicited, comercial messages. Advertising doesn’t even need to imply that you make money, but that the intent and the meaning is advertising (the fact I really cannot turn this off is a huge clue here, and the fact that I was not asked to turn this on, and it is not a part of the functionality of the plugin).
– Wrong, just because security is a big umbrella term doesn’t mean that you can provide security alerts about the operating system (true or false). This is unneeded and unwanted behavior, and I cannot disable it!
– Wrong, open source software doesn’t mean you get a pass with ongoing spammy behavior.
– Wrong, I don’t have to submit a support request. Reviews are a valid place to post positive and negative experiences.
– Since every single point you have made is wrong, and you mislead again and again on these points, it seems obvious that you don’t take the users/customers side in this matter.
– I would ask that you take a step back and honestly reconsider this “functionality” that you have spent time defending, when it is in fact indefensible.
– My review is fair, my friend.

Take care.

– Jeff

Hi Jeff,

– Wrong, there is no “Disable Security Alerts” setting.

Have you tried updating the plugin? We added that option almost 2 months ago in version 1.9.12. (The plugin is currently at version 1.9.17 with 1.9.18 coming soon.)

If you don’t have the option to disable them, then it means you’re using version 1.9.11 of the plugin (or earlier).

Please see Troubleshooting Guide Step 3 as it mentions that if you’re having any issues with the plugin, to upgrade to the latest version.

Reviews are a valid place to post positive and negative experiences.

I can’t exactly agree with you there, especially when you’re blaming us for an issue that we already fixed almost two months ago.

By that measure, anyone could go and ream out a software developer for an issue that existed at any point in the past. Every piece of code everywhere deserves bad reviews by that measure. That’s not a real nice way to handle things.

Wrong, I don’t have to submit a support request.

No one said you have to do anything. But there is a right way and a wrong way to treat plugin developers and other free open source software devs. Generally its accepted etiquette to be somewhat courteous and ask for support first.

I’m not going to respond to the rest of what you said, since this entire review is based on using an outdated version of the plugin. The issue could have been alleviated by keeping the plugin up to date.

@ Forum mods,

Hey…just going to make a request that this review be removed, as it’s based on an outdated version of the plugin. Issue was fixed almost two months ago in v 1.9.12, and this post just seems like angst, not a fair-minded review. It doesn’t seem like that’s what the review system is intended for, as any plugin could get reamed out for issues it had in the past. If you decide not to remove it, no worries, but I just thought I’d take a shot.

Take care.

– Steven

*Reads. Removes modlook tag.*

Hey…just going to make a request that this review be removed

Nope.

*Drinks more coffee*

Reviews are not removed for that. This review is feedback and the author replied well.

@ Jan: Well, it was worth a shot. ?? Thanks for taking a look, and for the feedback.

It’s bad to talk in a manner to a developer who you aren’t paying anything nor are you contributing. You should respect the time of others and see plugin FAQs BEFORE complaining. It’s not a premium/Saas product.

Wrong, wrong, wrong. It is good to talk to developers, whether about free or paid apps. Feedback is necessary to make products better. A plugin FAQ doesn’t help if it is for a different version, and if you found an answer for my question in the FAQ, remember that my feedback was two months ago, when it was not present. I do respect the time of others, and provide very useful and effective feedback. Regardless if something is premium or not, SAAS or not, quality is important and expected. I contribute to free products both in terms of code and in terms of issues. You should respect the user.

@fznshaikh

Thanks you for the kind words. We would agree! ??

@jeffmcneill

Jeff, I’m sorry but you are incorrect, both in your facts and in how you handle things with people here on the forums. This isn’t the way to go.

A plugin FAQ doesn’t help if it is for a different version, and if you found an answer for my question in the FAQ, remember that my feedback was two months ago, when it was not present.

Two months before you left this negative review, we had already fixed the issue you were complaining about, and we had added the option on the WP-SpamShield settings page, “Disable Security Alerts”.

As a plugin user it’s your responsibility to read the plugin documentation and keep the plugin up to date. One of the first steps in the Troubleshooting Guide is that if you’re having an issue, update the plugin because it might have already been fixed. This was the case. Unfortunately there is nothing we can do for you if you want to use an outdated version, and then complain that the issue exists in that old version. We don’t have a time machine! ??

Regardless if something is premium or not, SAAS or not, quality is important and expected.

Jeff, we deliver one of the highest quality plugins out there. If you had simply submitted a support request instead of going straight to a negative review, we would have been able to help you and point you to the solution that already existed.

You should respect the user.

We absolutely do respect and love our plugin users. You need to remember that respect and courtesy works both ways.

If you respected your users, then you will delete this last comment which is insulting and wrong. You are misleading. There was nothing in the FAQ.

Obviously the “feature” you had added without any good reason was complained about enough so that you later added an “opt out” option in the control panel. Why not take responsiblity for this “functionality” that was unwanted and unneeded and has nothing to do with the plugin? Because you are not the developer but some talking head who can’t admit the mistakes made to add unwanted spam. The plugin still has this unwanted spam functionality that people must disable.

This is not respecting the user. This is misleading the user. And once again the problem that was created by your developers, adding this unneeded and unwanted feature is somehow the users fault? Yeah, right.

You are completely tone deaf here. Take responsiblity. Apologize. Stop blaming the user. That would be being responsible, that would be respecting the user.

You deliver a mediocre produce which requires disabling a non-essential and unwanted feature. Until that is removed, any claim to delivering “one of the highest quality plugins out there” is a sham and a lie.

Wasting my time responding to the inane rebuttles is the best thing I can do, showing both respect and courtesy that some day you may understand what it is you are doing wrong, so that you can do better. You can do better. Time to grow up.

@jeffmcneill

Jeff, you are being a bully and a troll. The things you’re saying are blatantly false, and you need to stop.

If you respected your users, then you will delete this last comment which is insulting and wrong. You are misleading. There was nothing in the FAQ.

That is blatantly false. I’m not sure how you can say any of that with a straight face, to be honest. If you’re going to make false statements, we have a right to set the record straight and respond to your untrue comments. Everything we have said is true, based in facts.

• It’s right there in the plugin documentation, and has been this whole time.
• It was right there on your settings page since version 1.9.12.

Why not take responsiblity for this “functionality” that was unwanted and unneeded and has nothing to do with the plugin?

You can only speak for yourself…not all our other users. We do take responsibility…for adding a great feature. You don’t like it, and that is fine…but the vast majority of our nearly 200,000 users do like it. We do what’s best for the majority of our users. If you don’t like the plugin or one of its features, you are free not to use it.

You are completely tone deaf here.

If we don’t agree with you, that does not make us tone-deaf. We live in a free society, and people are going to have different opinions. You need to remember that you are free to share opinions, but you don’t get to dictate how our plugins are developed. We base our development decisions on data, experience, and expertise. If you want to develop an anti-spam plugin, then go for it. You can develop it any way you like.

You also don’t get to slander us. We will defend our work, and set the record straight. We stand by everything we have said here, because it is backed up by facts, and can be verified by anyone.

You deliver a mediocre produce which requires disabling a non-essential and unwanted feature. Until that is removed, any claim to delivering “one of the highest quality plugins out there” is a sham and a lie.

Statistics and user feedback disagree with you here. You’re welcome to your opinion, but you don’t speak for everyone.

You clearly have some strong feelings about the feature. That’s fine. I’ve already explained the reasons for it, and that anti-spam and security are integrated. There is no reason to keep running in circles with you.

The vast majority of other plugin users like the feature, and appreciate the focus on security. If security is not a priority to you, or you don’t see the relationship between anti-spam and security, then I would encourage you to use a different plugin.

I’m not going to respond to the rest of what you said, since you just seem to be venting angry words.

Whatever you do, please stop writing these nasty messages. You’ve said your piece. We don’t agree. Just move on. Anything else is just trolling, and does not help anyone.

@jeffmcneill

You said your piece. You don’t like the plugin. Got it. No problem.

You’re just trolling and harassing us now. Way over the line. You need to stop.