homepage Welcome to WebmasterWorld Guest from 54.227.41.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Content Management
Forum Library, Charter, Moderators: ergophobe

Content Management Forum

    
BEWARE - Wordpress Plugins may Default to Skimming Revenue
jk3210




msg:4135096
 4:03 am on May 19, 2010 (gmt 0)

A certain Adsense plugin for Wordpress substitutes the plugin developer's PUB-ID for 8.3% of your page views unless you specifically tell it not to. Just leaving the selection blank won't stop it.

[edited by: ergophobe at 5:35 pm (utc) on May 19, 2010]
[edit reason] removed specifics [/edit]

 

caribguy




msg:4135102
 4:31 am on May 19, 2010 (gmt 0)

Why bring up something this old? Anyway, I hope the author made kazillions by doing this. His rationale is spot on

if people can't be bothered to read/modify the source code to suit your own needs, then you should probably be paying for my time to write and test these codes for you.


maybe I'm just too 'old school' - everything goes through an audit before being deployed...

jk3210




msg:4135107
 4:52 am on May 19, 2010 (gmt 0)

His rationale is NOT "spot on." Wordpress users should not be expected to read the source code of a plugin to see if they are being ripped-off. If he wanted to sell his plugin, he should have done so, not take money from people in an underhanded way.

You also might notice that other plugins that do this got people's account suspended by Google for Adsense TOS violations.

That's about as far from "spot on" as you can get.

caribguy




msg:4135110
 5:11 am on May 19, 2010 (gmt 0)

users should not be expected to read the source code of a plugin


I beg to differ: when you operate a business (i.e. there is money involved), you have the responsibility as a business owner to know the ins-and-outs of your business. When you plan on using a tool to you should first acquaint yourself with the way in which it works. Source code == instructions.

Let's agree to disagree.

danielro




msg:4135277
 1:07 pm on May 19, 2010 (gmt 0)

I would expect us giving high importance to the details of a plugin that we use for displaying adsense code on most pages.

ergophobe




msg:4135482
 6:06 pm on May 19, 2010 (gmt 0)

I think it's quite common for an Adsense plugin to skim some impressions and there are whole networks like Golden Can that work on that principle.

That said, for me personally to be comfortable with such a plugin, I would expect all of the following to be true:

- the plugin settings page or installation instructions make it clear that a percentage was being skimmed by default.

- the WP plugin repository page makes it clear as well

- the plugin author home page makes it clear as well

I've seen plugins that meet all three of those criteria (that's most commmon), ones that meet only two, and one that meets only the third criteria (the one that started this thread). I have yet to see one that doesn't meet any of those.

Failing any one might be okay, but failing two makes me wonder what else the author might be trying to do on the sly.

As caribguy says, though, let's leave the discussion about how the world "should" operate for another day - it doesn't get us anywhere. The fact is that all sorts of people are out there writing plugins and we need to act accordingly.

The big lesson here is that you need to read plugin instructions, read the author page as well as the repository page, and also audit at least your final HTML when you use a plugin.

This isn't just an issue with a percentage of Adsense revenue that gets skimmed. Consider that applying a plugin without checking it out thoroughly could result in hijacking affiliate links, allowing the plugin author to hack your site and worse.

Still, hiding behind the idea that users should be expected to read the source code is, to my mind, unrealistic. If I'm using a compiled app like MS Office, I can't audit the source code even if I'm a gifted programmer. For that matter, even if I had access to Office and Windows source code, no one individual could ever audit that much code - even MS seems incapable of auditing that much code for security and stability.

At some point it's a trust issue and the thing that always makes me nervous about plugins from third parties is that they usually haven't earned my trust. That makes me leery of lesser-known plugins and avoid them unless, in fact, I am willing to audit the source code.

bouncybunny




msg:4137528
 7:40 am on May 24, 2010 (gmt 0)

I would guess that most Wordpress users don't even know what the term 'source code' even means. Much like most car drivers don't know how to strip down their car engine. On both accounts I wouldn't expect to lose money or suffer penalties when I was not given the overt impression that this might happen.

Read the source code? If I could read the source code and understand it, I would write my own plugins. In fact, I would write my own blogging software.

pageoneresults




msg:4137583
 10:06 am on May 24, 2010 (gmt 0)

I would guess that most WordPress users don't even know what the term 'source code' even means.


I think that applies to most folks these days. The entire WordPress movement has made the art of reviewing markup a dying specialty. Earlier today on Twitter I was saying that all it takes to be an SEO these days is a copy of WordPress and an all-in-one SEO plugin. If it isn't a button that can be pushed, then it must not be of importance.

Any plugin skimming revenue in this matter should be retired or, put on the carpet and FIRED.

caribguy




msg:4137602
 10:58 am on May 24, 2010 (gmt 0)

In fact, I would write my own blogging software.

Funny you say that, I just did. An abandoned open source project happened to fit my needs 90% of the way, I added the other 10% and am planning to re-release it to the community.

Ergo, I benefited from other people's work and I am quite happy to give something back. If that makes me a minority, old fashioned, or both: so be it.

Car drivers pay the manufacturers or rental agencies for the privilege to drive. Who gets paid by Wordpress users?

ergophobe




msg:4137746
 3:07 pm on May 24, 2010 (gmt 0)

Who gets paid by Wordpress users?


A little OT, but
- plugin authors via donation-ware
- premium theme authors
- Matt Mullenweg and company, but more on a model similar to Google - the flagship products are free for the masses, but enterprise-level usage has fees (Akismet, for example).

Notably missing, of course, are the people who write the actual code AFAIK.

londrum




msg:4137774
 3:40 pm on May 24, 2010 (gmt 0)

i don't think the guy's done anything wrong. okay, so he should have been more up front about it, if only to head off all the bad press his plugin is getting, but it's hardly theft is it. he is, after all, giving something for free.

with open source code the onus is on the user to check it out. it is supplied as is, and if you don't like it then don't use it.

i've written some plugins myself and put them in the directory, and at the end of them i've included a link back to my site. i include a little footer on the plugin page to tell them. but the fact is this: if the plugin writer doent get something tangible out of it himself, then he's likely never going to write a plugin again. what's the point? we haven't all got the time to write complicated code just for the benefit of other people we don't know. and then wordpress users end up the loser.

caribguy




msg:4137777
 3:43 pm on May 24, 2010 (gmt 0)

This thread has the potential to develop into an interesting general topic, maybe outside the CM forum :)

My take on the person who wrote the original plugin (I followed the links while they were still active), was that he seemed to be quite responsive to questions about the percentage share and that he had documented this 'feature' in the plugin's readme and source.

P1R actually phrased it very well:
If it isn't a button that can be pushed, then it must not be of importance.

I guess I just don't have a lot of patience with people who can't be bothered to RTFM and then complain about 'being scammed.'

Aside: @ergo - sorry, wasn't paying attention to your handle :) I meant "Ergo," - as in [en.wikipedia.org...]

ergophobe




msg:4138086
 12:19 am on May 25, 2010 (gmt 0)

well... I gotta answer that aside...

ergo - from "ergon" Greek for work
phobe - one who fears
ergophobe - one who fear work.

okay, so he should have been more up front about it


To me it's like going to a rental car agency and being offered gas at a super cheap rate, but they don't tell you that no matter how much is in the tank, they will charge you for as many gallons as the tank holds. It's deceptive, immoral, underhanded, and done every single day at thousands of rental counters across the US.

bouncybunny




msg:4138280
 9:25 am on May 25, 2010 (gmt 0)



If the only websites in the world were those run by people who can read source code, there would be very few websites.

enigma1




msg:4169987
 2:09 pm on Jul 14, 2010 (gmt 0)

if people can't be bothered to read/modify the source code to suit your own needs, then you should probably be paying for my time to write and test these codes for you.

You know you typically make contributions to a community to help society and indirectly improve your business perhaps.

But this sounds like a spam-trap. If something doesn't work as expected or the user requires customizations he can contact the author. And in turn the author is compensated for his time.

But this is the same like saying "I'll create your site for free" and at the end you leave some security holes on purpose for "later use". It's the same thing.

SEOPeace




msg:4171366
 10:34 am on Jul 16, 2010 (gmt 0)

Even if you setup 0% of share. One load out of 20 will be with his code. Confirmed on a stock of 1000 sites.

caribguy




msg:4171404
 11:09 am on Jul 16, 2010 (gmt 0)

Maybe it's time to go through this code with a fine comb. OTOH, any responsibility would IMH(umble)O still lie with whomever implements the plugin. "We're not in Kansas anymore!"

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Content Management
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved