Support » Plugin: WP-SpamShield » Plugin removed from repository?

Viewing 15 replies - 31 through 45 (of 58 total)
  • Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Plugin Review Team Rep

    I never asked you to close WP-SpamShield.

    My apologies, I meant you asked us to keep it closed. Or at least that was my understanding when you asked us to close all your plugins.

    Also the comment of editing code had nothing to do with you, it was a general comment of the 65 thousand plugins on .org, we’ve only removed code from two. Maybe five if I count rolling back other plugins sold to nefarious people.

    @ginmi – the wp-rollback plugin no longer seems to working for WP-Spamshield, probably because of its status as a removed plugin. (There is no rollback link on the plugin page).

    But I think I’ve got it figured now what is needed for the rollback.

    I’ve simply rolled back and deleted the MU plugin file manually via FTP. Seems to be functioning fine.

    @redsand – Mika’s comment about removing code was in response to my inquiry about another plugin called “Display Widgets” , also with a very large user base that was inconvenienced due to changes with a plugin upgrade, although in that case there was a serious malware issue. In that case the plugin was removed, but the WP team also posted a clean version in the repositoryf for download.

    @ipstenu — I just want to thank you for your dedication and professionalism. I can see now what happened and what the issue is. Your recommendation posted at makes sense, and it is the approach I would prefer as a user (for plugins to display warnings about incompatibility rather than attempt to interfere or disable conflicting plugins).

    @redsand — I also want to thank you for all the work you have put in on developing your plugin. It is and was an excellent plugin and I am sorry to see you depart as it will be difficult to replace functionality.

    That being said, I don’t want a plugin that intentionally disables or interferes with the functionality of others. I’d prefer to see warnings in the WP dashboard area. So in terms of this particular issue, the code that you don’t want to remove is also code that I don’t want to have. (Or at least code that I would want to be something that could be enabled/disabled within options settings.)

    I don’t use the particular plugin that you have targeted, so not a problem there. But I do use a lot of plugins on a lot of sites and don’t want to have to worry about similar issues with a different plugin. If there is a warning that two plugins are incompatible, I can work with that. But when plugins conflict, whether intentionally or deliberately, it can take me hours to debug and figure out what the problem is.

    So if there isn’t already a WP repository rule that says that WP plugins cannot have code specifically interfering with the operation of other plugins, I think there ought to be.

    That being said, you are free to make your own choices and if you want to retain code that the WP Repository won’t permit, that is your option.



    I have been compressing the copy from a theme I have already loaded with WPSS. then I install it via zipped file using upload. If RedSands has a link, that would be good for now. Meanwhile, I just keep a zip handy in my dev folder. P.S. new site for unusual and mitigating circumstances in relation to reviews and what-not for It is called wpquirks dot com. Hoping to wake the sleeping dog.

    If that’s your site, it has a configuration error (invalid security certificate) -so you would need to fix it.

    If that is not your site, then I’d advise staying away from it. The browser warnings are there for a reason.

    Any news on this plugin?

    They have a link on their website but keeps throwing this error (tried 4 diff browsers also as they suggested)

    Security: Access Limited by Firewall
    Error 406: Not Acceptable
    Something unusual about your web browser or network activity is causing your access to be limited by the firewall. This can happen for a number of reasons.  
     Sat Nov 18 2017 6:46:37 am PST


    Well, I’ve decided to remove the plugin of all my clients sites and replace it by Antispam Bee.

    Thanks @josklever. Will give it a try.

    I have one suggestion to Red Sand Media Group.

    – When detecting Plugin Organizer on same installation where WP-SpamShield is, deactivate WP-SpamShield. If you insist so much they cannot coexist.

    Joke at side (or not, it would allow plugin back to repository), story goes like this. Very short, very easy to understand.

    – Plugin Organizer can turn whole website blue, even blue font color on blue background.
    – It is not discutable and is irelevant. Website is property of an User, and she/he wants it that way.
    – When WP-SpamShield disable other plugin is it not what User wants and allows.

    – Second, permanent and infinite Admin notice is also very rude.
    I cannot remember I have seen any other plugin doing this.

    Sigh…. same her at the downloadlink:

    They have a link on their website but keeps throwing this error (tried 4 diff browsers also as they suggested)

    Security: Access Limited by Firewall
    Error 406: Not Acceptable
    Something unusual about your web browser or network activity is causing your access to be limited by the firewall. This can happen for a number of reasons.
    Sat Nov 18 2017 6:46:37 am PST

    The author has been posting updates to his blog at

    Basically it is a continuous rant against the other plugin, but bottom line the plugin author has no intention of complying with the requiremen that he remove the code targeting the other plugin. Basically, if you are running Spamshield and also install Plugin Organizer, you will get a warnng that the two plugins are incompatible, and Plugin Organizer will not function as expected because of the code in Spamshield.

    There has been some discussion of this issue at another web blog – here:

    I have rolled back to an earlier version that does not create the MU directory or functionality, and I plan to switch all sites to different spam-protection plugins after testing. Right now Antispam Bee seems to be the best bet. (Runs without need for special configuration; has been effectively stopping spam)

    The Spamshield author claims that he is looking for a new solution to offer the plugin– so I assume you might see it hosted on another platform. Without the oversight that you get from plugins hosted here.

    Yes I am aware of the dispute back and forth.
    If I am correctly informed, if Spamfield did not take this action toworth Plugin Organizer, that one disabled spamfield and caused it to not be able to block spam so…

    Antispam Bee looks good, but has not been updated for 5 months….so that’s an accident waiting to happen right there too?

    Such a shame, love anti spamfield…



    This is the only plugin that had any real world experience of protecting a site from spam and other things which create havoc on a blog. In my humble opinion, WP caused much harm to the community by removing security and protection assets (free of charge assets, I may add) to over 200,000 users.

    There has to be more consideration for how a plugin can get manipulated by a small hand of players. A real deep look at the ad-hoc rules and process should be reviewed by a third party consultant in order to relieve the tension this issue has caused the Open Source Community.

    Good developers are being thrown to the wind by way of non-disclosed mediation. Please, when a plugin is canned from the repo we need to give sound and conformable circumstance, with certainty; even if [only] the developer is notified of such direct communication.

    When you leave people “hanging” in thin air with no proper recourse, there will be less emphatic control over what may or can happen as an outcome of such improper resolve. The simplest solution to this conundrum is to enhance all communication so there is a clear and fair ground for the community to work upon. Garbage in, garbage out, as they taught me in computer electronics college.

    if Spamfield did not take this action toworth Plugin Organizer, that one disabled spamfield and caused it to not be able to block spam so…

    Plugin Organizer is designed to allow site designers and admins to selectively disable plugins on some parts of their site. So it is designed specifically to allow a site owner to be able to turn off Spamshield on some pages, if they want to. There may be good reasons for site owners to want to do that — to test for conflicts, or to enable features on certain parts of web sites, or to cut down server load and speed up pages where it is not needed. One thing that comes to mind to me is the possible need to design an accessible area of the site or form. (Because Spamshield uses javascript it can make create accesibility issues for some users.)

    I don’t use it — but I can see that given that the whole point of the plugin is to allow selective disabling of plugins — then setting up code to defeat that purpose is a problem.

    I have a lot of web sites that don’t allow comments, so the only place on the site where spam protection is needed is on the contact forms. So no need to have a plugin like Spamshield loading on every page.

    There has to be more consideration for how a plugin can get manipulated by a small hand of players


    The manipulation came from the plugin authors themselves. The WPSS author added code to defeat the operation of PO; the PO author retaliated by adding code to disable WPSS; and then the WPSS author retaliated by setting up a MU “Must-use” plugin designed to load ahead of others and disable PO before it even loaded. PO author complained to WordPress plugin team.

    Then WP plugin team told both authors to remove code that targeted the other plugin. The PO author seems to have complied. But WPSS author did not – he removed the MU, but restored the function that he had placed before and which had been the cause for the PO author’s attempt to retaliate.

    It’s pretty simple, and if there wasn’t a written rule before of “thou shalt not write code that is intended to interfere with operation of other other wordpress repository plugns” — there should be. We all realize that there is always a potential for conflicts among plugins, but it shouldn’t be purposeful.

    The appropriate thing would have been for the WPSS plugin to throw off a warning that it is incompatible with PO, or even disable itself – with a prominent notice- on sites where PO is installed. That’s what my caching plugin does – it can’t be activated if other caching programs are enabled because of conflicts, but it certainly doesn’t try to disable the other caching program.



    Abigailm, Your perspective appears to personify ambiguously what a “small hand of players” can be. I was not venting demise onto anyone of the authors, or moderators, so there is no need to extrapolate this course. My observations have absolutely NOTHING to do with the authors’ discourse. (with the obvious exception being: yes the plugins are what brought about my resounding claims of WP team(s) lacking a grounded way to “moderate.”) I am not insulting their intelligence or pointing fingers at “them” – I am saying, many people got hurt by this and there could have been a more viable resolution.

    What the point at hand and reckoning had to do, soley, with WP moderators and reviews… and only their ‘processes’. The ‘small hands’ was not meant to be terse or directional; just kind of light relational humor. I should have continued the metaphor… something about playing rummy or a game of cards that was meant to be played seriously.

    I have heard the “story” of what happen more than enough to realize that the problem is not in what was done by any one or more programmers (who were working to keep their plugins safe, in their efforts, just like a mother would with her child); the reason I wrote in here was to make a concerted effort to share “why” this is such a grand snafu for developers AND for users of WordPress.

Viewing 15 replies - 31 through 45 (of 58 total)
  • The topic ‘Plugin removed from repository?’ is closed to new replies.