Support » Plugin: 6Scan Security » 6scan stole my private info without me even registering

  • Resolved help


    I installed and activated the 6scan plugin from the WordPress Repository. When I went to the setting page for 6scan I saw it wanted me to “Confirm my email to continue” and stated “By clicking Agree, I agree to 6Scan’s Terms of use.” (I did NOT click “Agree”.
    I deactivated the plugin and a few days later I got an unsolicited email from with the subject “6Scan cannot contact your plugin at“. I was shocked and upset that they had forcibly taken my email address from my WP Database without my permission.

    This Clearly violates the WordPress Plugin Repository Plugin Guidelines:

    No unauthorized collection of user data. For example, sending the admin’s email address back to your own servers without permission of the user is not allowed; but asking the user for an email address and collecting if they choose to submit it is fine. All actions taken in this respect MUST be of the user’s doing, not automatically done by the plugin.

    This I am writing this to warn all prospective users about this immoral (if not illegal) abuse of private information and also in the hopes that I get the attention of the developers of this plugin so that they may change their tactics.

    I would also hope that a WP Plugin Moderator would see this as a breach of the Plugin Guidelines and suspend distribution of this plugin until they stop stealing user’s private data.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author 6Scan



    It is very strange that this happened to you. Are you 100% sure you did not click Agree by accident? Had you clicked Agree the system would have behaved exactly as you mention, which is why I ask.

    We are definitely not interested in collecting your data without your explicit consent, and do not want to violate the WP plugin guidelines – that’s why that dialog is there in the first place. I ask your help to figure out how this happened and make sure it does not happen to anyone else in the future.

    If you could kindly send us the URL of the site you installed the plugin on (either by reply here or privately to, we would like to review the logs on our end and see what they show. Please also tell us your operating system (Windows/Linux/Mac) and the browser you are using, in case this is a browser quirk we might have missed during our testing.

    Thanks for your help, and I apologize for the system’s misbehavior. With your help we’ll get to the root of the issue and fix it.

    I am 100% sure I did not click “Agree”. In fact, when I went back to the 6scan page in my admin (before deactivated it) and it was still on that screen wanting me to accept the terms and click “Agree” and all the scan info behind that box was grayed out.

    Plugin Author 6Scan


    I understand. Could you then send us your site’s URL, as well as the operating system and browser you were using when this happened? You are welcome to reply here or privately to We’d very much like to take a closer look.

    the domain is <edited out for privacy> and the I use FireFox on Ubuntu.

    Plugin Author 6Scan


    Thanks. We’ll check this and get back to you.

    so what happened?

    Plugin Author 6Scan


    Hey tzeldin88,

    To address this issue, we made a change to the plugin to ensure it complies with the applicable policy in all circumstances, not sending any user information to any external server without the user’s explicit consent. The change was made in version 2.3.0 (see our Changelog for details).

    Let us know if you have any further questions.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘6scan stole my private info without me even registering’ is closed to new replies.