WordPress.org

Ideas

Should be a way to report plugins

  1. Touda
    Inactive

    I think there should be an easy way to report bad-ethics plugins like this:

    https://wordpress.org/plugins/multi-plugin-installer/

    You can see the info pages are all full of links to a site which just jumps to another one and triggers a lot of popups.

    Please help us improve wordpress.org reporting this kind of bad developers. Thanks.

    Posted: 1 year ago #
  2. Ipstenu (Mika Epstein)
    Lead Plugin Wrangler

    There is - it's called "email plugins@wordpress.org please" and we don't have a button because people just spam it. By making people email, we ensure they're real people.

    Posted: 1 year ago #
  3. Touda
    Inactive

    Thanks, I'll write there. But your justification surprises me: is a buttom more spammable than an email address?!? :-m

    And, besides, how can anyone knows of that email address? I don't see it at plugins pages...

    It should be more clearly findable.

    Posted: 1 year ago #
  4. Ipstenu (Mika Epstein)
    Lead Plugin Wrangler

    https://developer.wordpress.org/plugins/wordpress-org/reporting-security-issues/

    Making it more findable is on the docket, but we have to do a major rewrite of backend code. I'm hoping that will be done by summer.

    Posted: 1 year ago #
  5. Touda
    Inactive

    Thanks, Mika. I'll bookmark that page in case I need it in the future.

    This case of "Multi Plugin Installer" is not a security-related issue. It could be just an abuse from the ethical point of view (or infringement of the TOS for plugin publishers), but I'm not sure.

    Posted: 1 year ago #
  6. Ipstenu (Mika Epstein)
    Lead Plugin Wrangler

    You see, that's what you need to put in a good report.

    1. Link to the plugin
    2. Review https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/ And see if it's violating a known guideline
    3. Explain why you think it's doing bad things

    A link back to this thread just makes extra work for a team who gets 100s of reports a day already and spends a lot of time trying to sort out if they're valid or just people being upset.

    Sadly, most are people being upset without any grounding in actual issues.

    Posted: 1 year ago #
  7. gartenkids
    Member

    Is there a list somewhere to see what is allowed ? I see in the Guideline: "This includes spam, for whatever definition of spam we want to use."

    What is the definition of Spam in this case ? Some Plugins Push me messages every day into my backend... is that spam ?

    Posted: 1 year ago #
  8. Ipstenu (Mika Epstein)
    Lead Plugin Wrangler

    It might be.

    Write it up clearly and email it to the email I mentioned. Someone (probably me) will review it, test it, and see if it qualifies. REMEMBER to link to the plugin page :) If I had a dime for every time someone said "This twitter app spams me!" I'd be rich. 44k+ plugins. The URLs save our lives.

    If there are information alerts (like 'you just upgraded and we added X.') we tend to permit them. If they are non-dismissable, we check the developers history and try to see if it was a coding accident or an intent, and go from there.

    Posted: 1 year ago #
  9. gartenkids
    Member

    Thanks Mika, i will watch out for it, and make a documentation that i can send via mail.

    Posted: 1 year ago #
  10. What about to review a plugin before publishing? I do my own research before installing a plugig. I try do use as less as possible plugins (security, bugs, updates,..)

    Posted: 10 months ago #

RSS feed for this topic

Reply »

You must log in to post.

  • Rating

    12345
    3 Votes
  • Status

    This idea is under consideration