Support » Plugin: Enhanced Text Widget » Invasive Cross Plugin Spamming

  • You are using this plugin, now that you have very recently purchased it, to SPAM the very new plugin Copy Delete Posts onto sites by placing a banner for it at the top of pages in the backend of sites that has this plugin installed…

    When the banner first appeared for an unfamiliar plugin I figured you must be doing this through another plugin I am using, and because it just started I figured it must be one I updated recently…

    I batch updated a bunch of plugins on a bunch of sites via ManageWP in the last couple days, and so had to go into the plugins folder for the site I was exploring this with, via cPanel, to try to figure out via last modified dates where it was coming from… I was lucky, my first guess worked, a plugin that was updated just today, and that is installed on a bunch of my sites…

    When I deactivated this Enhanced Text Widget plugin the banner went away, when I reactivated it the banner returned…

    In my view this is not a very good thing to be doing (to say it very mildly), and it may also be against WordPress policies… I hope so… If it is not it sure should be, because beyond the intrusive and invasive nature of such behavior if it were wide spread amongst plugin developers it would result in a rather cluttered spammy mess just constantly appearing at the top of backend pages… Not good for developers, and way worse for their clients…

    I was curious and followed the banner’s link, which directly installed and activated the Copy Delete Posts plugin and redirected to its settings page on the site I was exploring all this with…

    I found that on top of all the rest, the Copy Delete Posts plugin freezes the scrolling of the admin menu when on its settings page…

    And to pile bad on bad, whatever had been done to this plugin to bring about the banner, it had also made it so that though this plugin can be deactivated, it can NOT be deleted… Deleting hangs, and a huge long error message appears at the top of the plugins page saying so and why… So it became necessary to go in through the cPanel again, of many sites, to delete this plugin once it was deactivated…

    I still have some sites to do this on, after I replace more complex things I am doing with this plugin on those sites, in some cases for some years now…

    And so beside causing me a lot of time you have also ruined this what was a very useful plugin in the process, ruined it at least for me, because there is no way I could trust it again, under its new “Clever Widgets” ownership, people who apparently believe it is “clever” to spam sites in this manner…

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author cl272

    (@cl272)

    Thank you for your feedback, let us check and get back to you asap.

    Plugin Author cl272

    (@cl272)

    Question @crzyhrse – after you clicked on “Dismiss”, was the banner gone forever, or did it come back?

    Lets be clear, That is not the point, the point is the spamming of one uninstalled plugin via another plugin that is installed, using banners at the top of ALL backend pages, not just the installed plugin’s settings page…

    Plugin Author cl272

    (@cl272)

    We’ll address this point very soon, but please help us first to debug: did the banner go after you clicked on “Dismiss”?

    I’ll refer you back to my previous reply… I’m not interested in getting sidetracked, weaving around whatever your reasoning might become, or helping you debug a non-issue, i.e., something this review is not about…

    There actually are a couple issues I also reported in the midst of the main thing that is being addressed in this review, a different one with each of the related plugins… And I will let you deal with those on your own…

    If what you are doing is OK then it is OK for everyone, and pretty soon when more plugin developers catch on the backend of many many WP sites will soon fill up with spamming banners at the top of all backend pages, placed there by installed plugins pushing plugins not installed… And who knows what else after that… A rather slippery slope indeed…

    I have posted links to both reviews in Slack > Making WordPress > @forums… I’ll let them see if they want to step in and explain what is and is not permitted…

    If I am out of line in any of this I will stand corrected…

    EDIT: It seems you just a few moments ago rolled back the Enhanced Text Widget plugin… I believe it is a good step to take…

    Plugin Author cl272

    (@cl272)

    Thank you for your response. Yes, we rolled back the version now.

    As you don’t respond to the question whether the banner was gone after click on “Dismiss”, then our strong assumption is that in your case it wasn’t. This was a bug in an earlier plugin version, which is very annoying, we agree. We heavily apologized it. Please understand that mistakes can happen. We corrected it quickly.

    This point is not sidetracking, because the question is really: “How annoying is it for users?”. Non-dismissable banners are super-annoying, and should not be allowed, for sure. We believe it’s very likely that’s this what started the whole thing. If it had been dismissible with one click, then we believe it’s rather unlikely that you would have taken the time to write this all up and spend the time on it.

    Now to your core point, whether it should be allowed or not (dismissible banners): As you mention above, you’ve been using the Enhanced Text Widget on many sites, for years. It added a lot of value to you – 100% for free. What you are basically saying is “I profited a lot from this plugin, for free, but when the plugin owners show a banner to point to another plugin they created (which can be dismissed with one click), which happens once every other year or so, then no, that’s too much, I have to give a 1-star rating.”

    We believe it’s important to show a bit of appreciation for the value the free plugins added to you, and also to show understanding for the fact that getting traction for a new plugin (no matter how great it is – we believe our new plugin is pretty cool 🙂 is very, very hard. A banner which can be dismissed with one click – that just has to be allowed. If not, then the question is whether there are still any incentives to provide great plugins for free.

    Our conclusion is: Yes, those banners should be allowed, they just come at the risk of negative reviews (which hurt A LOT). As mentioned above though, we believe the main issue here was that it wasn’t possible to dismiss the banner.

    Also, you mention that it wasn’t clear which plugin placed the banner – that’s a very valid point, we just forgot to mention it (when you’re deep in your own plugins you sometimes get the impression that the world revolves around your plugins and it’s obvious that it’s coming from your plugins 😉 but for normal users it’s not). So we’ll correct that, thank you for pointing to it.

    Regarding your other points about the issues in the Copy Delete Posts plugin, we’re very interested in fixing those (it’s a new plugin, so bugs may happen). Let’s clarify those on the pages for the Copy Delete Posts plugin page though, as they belong there. We’ll post there soon.

    • This reply was modified 6 months, 3 weeks ago by cl272.
    • This reply was modified 6 months, 3 weeks ago by cl272.

    Hallo there 🙂

    Link to the Detailed Plugin Guidelines here:
    https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/

    A note on interpretation:

    – A plugin may not advertise itself (or another plugin) on your front end without permission. That does not seem to have happened here.

    – Advertising for a plugin on the back end needs to be permanently dismissable – so that issue is relevant. It appears that the banner was permanently dismissable, but that there were some bugs, which the plugin author seems to indicate that they have addressed in an update.

    – Advertising on all plugin pages and not just the plugin settings page is not prohibited, nor is there a general prohibition on advertising in plugins (mostly because some plugins are set-and-forget and don’t have their own dedicated settings page). That having been said, the Detailed Plugin Guidelines acknowledge that the way in which advertising is handled is valid grounds for a review (if there isn’t something else in the review that is grounds to have it edited or removed, of course).

    All that having been said, @crzyhrse, please limit your reviews to your experience with the plugin. Both reviews contain some (limited) personal comments.

    @cl272 Please do not use reviews as a support thread. While it is fine to indicate ONCE that you have updated the plugin (and even to ask the user to ask considering changing their review based on a resolution), a user is under no obligation to test the update or to change their review.

    Thank you @carike… I stand corrected, in regards to what I thought (or at least hoped) was and was not permissible… I will also be more diligent in regards to “personal comments,” and where I may be falling along the wobbly continuum that ‘experience’ and ‘personal’ seem to me to comprise…

    @cl272, Your response above is reasonable… I appreciate the effort…

    And in the midst of all this I discover another intrusion, connected to this plugin even after the rollback, this one a lightbox popup call to action & button that is all over the backend, that does not identify where it is coming from, and does not stay away when dismissed…

    When I go in through the cPanel and disable the Enhanced Text Widget by renaming its folder the popup goes away… When I return this plugin’s folder to its real name the popup reappears…

    Why would you do this, and I am not talking about whatever “bug” it may be that keeps it coming back, which is bad enough, but why would you use an obscure unidentifiable yet nicely designed “official” looking logo and this text — “Stay on the safe side / Receive our plugin’s alerts in case of critical security & feature updates and allow non-sensitive diagnostic tracking.” — without identifying yourself…?? You ask people you don’t know to do something like that without identifying who is asking or where the asking is coming from…???

    So right now I am not all that anxious to adjust the rating I am presently giving this plugin…

    I will offer though that the rollback does seem to restore the ability to not just deactivate but also to delete this plugin from the site’s plugins page… I hope it stays such, and you deal with the popup, as I would like to not have to replace what I am doing with it on some sites, in the hopes you will keep up with it, and not be so intrusive in the future…

    I will also offer that the Copy & Delete Posts plugin’s settings page is now letting the admin menu scroll…

    Because you bring it up, as far as I know all the thousands of plugins in the WP plugin depository are free, as is WordPress itself, as well as many, many themes… My sense is that all together WordPress is a large world wide community with many many thousands if not millions of members and many hundreds if not thousands of active volunteers keeping this community alive, circular and vibrant, and in the process creating an environment within which folks can also gain some income doing things they like to do… This is what I love most about WordPress…

    I would very much like to see you gain some income and be successful in a similar way… My sense is you are good in the design and technical realms…

    Finally, across a whole bunch of sites, ManageWP is presently telling me I am using 186 different plugins… In the midst of that I can only recall one or two other plugins whose business approach was similar to this recent experience with your plugin… I pointed it out, they didn’t adjust what they were doing, and so I am no longer using those plugins…

    Kind regards…

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    This has gone beyond being a review. Closing it.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Invasive Cross Plugin Spamming’ is closed to new replies.