Support » Everything else WordPress » wp-app-store spammed my site

  • Is anyone else seeing this garbage from wp-app-store ( WordPress app store ) showing up in their admin panel?

    I am absolutely 100% certain that I have never heard of this company before and yet when I go into my dashboard I now have this icon from them asking me to install and purchase their plugin and themes.

    I don’t know how they got in, but this is just plain wrong. Either they are breaking into my site, which would seriously piss me off, they are piggybacking onto other plugins, or what I don’t know, but wp app store, is now spamming all of my sites.

    Am I the only one getting hit by this wp app store spam?

    Who are they and why is this happening?

Viewing 14 replies - 1 through 14 (of 14 total)
  • esmi


    Forum Moderator

    Have you tried:

    – deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).

    – switching to the Twenty Eleven theme to rule out any theme-specific problems.

    resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.

    Hi esmi
    I found the culprit it was a commercial theme that I purchased from what I ‘thought’ was a reputable company.



    Forum Moderator

    Ewww! Care to share which theme company this was?

    @anointed I’m the founder of WP App Store am happy to address the concerns you have. I’m sorry to hear that the WP App Store installer is annoying you. It was meant to introduce you to WP App Store and minimize annoyance by allowing you to easily hide it forever by clicking the “Hide Forever” button. As you’ve discovered, the installer is integrated into our partner’s themes and plugins. Let me know if you have any more questions.

    Hi Brad

    I think what annoyed me to no end was the fact that I purchased a commercial theme from a HUGE theme company and find out that a new advertising menu link is being added to my site. I would understand that if I was downloading a free spam theme, but this was not. This was a theme from one of the largest, probably largest theme company out there.

    It just seems wrong to me. I don’t blame you. You have a product to push. I blame your vendors who are inserting this into their ‘commercial’ software.

    We all bitch and moan when we buy a new computer, how it comes full of crap software that we have to uninstall. I see this no differently.

    *I haven’t named the company because I don’t feel like fighting the battle with them. It wouldn’t matter anyhow as there is no way they care what I or other users think about this.

    Anointed – We actually care because if they’re a site we promote on the commercial site listing, then WE need to go fight ’em about this. 🙂 Though I get not wanting to publicize.

    Wonder if it’s this same group?

    I’ve been seeing a bit of chatter about this change around the ole’ RSS reader

    If so… they are promoted in the themes/commercial section (if not, we can erase that link)

    @rev Voodoo
    Yup, you said it, I didn’t….

    My concern about just coming out writing a post about company ‘X’ is now doing this to us, would have easily been seen as vengeful which was not my intent. But now that I have had the #1 moderator in these forums Ipstenu ask, and you nailed it, then there is no point in hiding it anymore.

    Yes, I am a LONG time member of woothemes and do use their themes on most all of my client work as their code really is very nice to work with.

    I run multisite networks where the users can choose their own theme, and most all the choices are woothemes. The way they built their code, even if I have said no, do not show the add ever again, if a new user comes in and signs up for a new blog, then they see the add the minute they activate the theme.

    Their code only asks 2 questions.
    1. can the user install/update plugins if yes ->
    2. has this user said do not show the app store again ->
    … if no, then show the app nag.

    Well the new blog user can update plugins, they are an admin, and yes, this is a brand new admin, so they see the add.

    This is VERY frustrating because I only have a couple of choices.
    1. I don’t use woothemes ever again
    2. I have to hack the code out of woothemes, and remember to do that on every single upgrade on every single theme/plugin I ever get from them.

    Neither are good solutions.

    So bottom line, wp-app-store is spamming my site and I’m not happy about it.

    As I said, if these were free themes, then sure, support the theme via add links, all is fair in love n war on that front. But these are themes I purchased and continue to pay for. My payment should be more than enough revenue for them to not have to be supported by spammy adds.

    *The sad part, is the group behind wp-app-store are some of the best of the best programmers out there who I really respect. I even like the business model. I just HATE having this forced on me like this.

    @anointed – My 2 cents on a possible simpler solution for you to block the offending “Ad Spam” from a centralized external location – your .htaccess file. I come across plugins here and there that do not contain their js scripts to their own admin settings pages and I add their js script to this FilesMatch code below and then notify the plugin author. This is more of a temporary fix thing, but my point is that however the “Ad Spam” is loading/being called, whether it is a script or some other method there is going to be something you can use as an identifier such as a Query String, Referrer, etc and then you would use relevant .htaccess Conditions to block it.

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php|example-offending-plugin-js-script\.js)">
    Order allow,deny
    Deny from all
    #Allow from

    In case anyone is wondering.. the ‘offending’ theme maker the author was referring to is WooThemes.

    This is found in ALL of their newly updated/released themes in the functions/admin.init.php:

    if ( is_admin() ) {
    require_once ( $classes_path . ‘class-wp-app-store-installer.php’ ); // WP App Store Installer // 2012-08-21.

    Im yanking these lines out as we speak!

    Earlier this month, WooThemes acknowledged your concerns and removed the integration code from the WooFramework. Just upgrade to the latest version of the WooFramework and you should be good to go. From their blog post:

    “WP App Store is a concept we greatly believe in, but from your feedback we heard that having this available via the WooFramework impedes your workflow. We’ve thus decided to remove this from the WooFramework completely.”

    what should i do with:

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php|example-offending-plugin-js-script\.js)">
    Order allow,deny
    Deny from all
    #Allow from

    @ehsan0_l – that was just an example of a possible method that could be used to block a script that you do not want to load on your website. Looks like Brad already stated above that they decided to remove the integration code from the WooFramework. Thanks.

    thank you

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘wp-app-store spammed my site’ is closed to new replies.