Reporting Bad Plugins (7 posts)

  1. Jacob Dunn
    Posted 4 years ago #

    I've done a couple searches and come up blank - is there a method in place for reporting plugins in the repository that have malware or violate the terms and conditions for being hosted on wordpress.org?

    I've run across a few, especially of the "This site uses XXX" link in the footer variety, and I'd love to be able to report them for removal - just don't know where is most appropriate. A link to report the plugin right on the plugin download page would be epic.


  2. Email plugins@wordpress.org with a link to the plugin, and if possible, the lines/files with the evil code.

    There's no 'link to report' because people (well, bots) are click happy.

  3. Jacob Dunn
    Posted 4 years ago #

    Thanks Ipstenu, I'll be sure to send them there. Makes sense on the 'link to report' front too. Although I'd still think it would be awesome to have - would just have to add a CAPTCHA, or require login. Not a huge issue, though, for sure.

    Thanks again!

  4. Since no system is perfect, we like the one that makes you think ;)

  5. Sisir
    Posted 4 years ago #

    When you see an attribution link on the footer like "This site uses XXX plugin". You might check the plugin settings if there is an option to remove the attribution settings.

    I never come across any plugin that don't have the option for removing it though. But i think there might be a lot which does't allow/want you to remove the attribution link. WordPress plugin directory is a big one :)

  6. Jacob Dunn
    Posted 4 years ago #

    There's almost always a way to disable it, true - but the question is, is that per the repositories' privacy policy? It says, "The plugin must not embed external links on the public site (like a "powered by" link) without explicitly asking the user's permission."

    I interpret that as meaning they need to obtain permission first, as opposed to assuming that permission was granted when you chose to install the plugin, and allowing a method to later revoke it. I'd like to know if I'm incorrect on that, of course - before I end up wasting developer and moderator time. Let me know.

    You're right though - it's a vast repository. I'm sure one could spend pretty much all of their time tracking down infractions and still never come close to keeping up. But there have been a couple of particularly egregious examples of link insertion that really have upset me lately. Meh.

    Can't complain too much though - it is all open source, after all, and you always get much more than you pay for.

  7. Jacob is correct. For plugins, you MUST ask first, and assume the answer is no. I wouldn't have told you to report 'em otherwise ;)

    And some of us do spend the time running greps on the repo to see who's _doin_it_wrong() - I call it Sunday over coffee.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.