Why is this plugin still in the repository?

  • The author of this plugin knowingly allowed insertion of cloaked links on websites putting them at risk of impacting their search engine ranking. Even though, this was covered in the author’s TOS (which, by the way, proves he was aware of what was being done), if this is condoned by the www.remarpro.com plugin repository how can we trust any plugin within the repository?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    You can’t trust any plugin in the repository.

    See, the reality is this. We do not review every single change to every plugin. So when someone screws up like this, we rely on people telling us.

    As soon as the Plugin team was made aware of the situation, we addressed it and ensured it was fixed. Should you see issues like this in the future, please email us at [email protected] and we will do our best to ensure the safety of everyone.

    DO NOT post security issues, or attacks in reviews. That’s just not being good community member. The plugin is fixed now, the developer has been talked to, and we feel confident he will not make this error again.

    Thread Starter dmax48

    (@dmax48)

    Fair enough. However, how is it an “attack” to state the facts? I didn’t do any name-calling, etc. And this was NOT a security vulnerability issue. IMO, bringing this issue to the attention of the community is being the best kind of community member.

    If you look at the comments on the WordFence founder’s blog post about this subject today, I think you’ll see how overwhelmingly this position is supported. I’d say your opinion is definitely swimming upstream on this but, of course, you’re entitled to it.

    I understand the guidelines in place for plugins. However, if an egregious violation like this one doesn’t fall under item 18 of the guidelines, I don’t know what would.

    Item 18 of the guidelines for everyone’s reference:

    “We reserve the right to arbitrarily disable or remove any plugin for any reason whatsoever. Basically, this is our repository, and we will attempt to maintain a standard of conduct and code quality. We may not always succeed, but that is our goal, and we will do whatever we feel is necessary in furtherance of that goal.”

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    If the reviews were by users of the plugin, they would remain.

    If the reviews were from people coming who only heard of this issue via wordfence, were insulting, or consisted of a link to the post, they were removed for being useless.

    These forums are not your blog, they are not a place for you to insult human beings who make mistakes.

    You will note that SOME reviews remain. These reviews are harsh and perhaps unkind, but they are demonstrably those of the user base of this plugin. And that is as fair as we can be to everyone.

    I’m sorry none of you seem to feel someone deserves a second chance. We do. We have given them to many developers who have made equally galling mistakes because we feel that those who can show remorse and learn from their mistakes deserve that common decency.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Why is this plugin still in the repository?’ is closed to new replies.