Welcome to WebmasterWorld Guest from 52.91.39.106

Forum Moderators: rogerd & travelin cat

Wordpress Plugin Spam, litigation follows

     
3:48 am on Apr 3, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9727
votes: 929


A British web-dev outfit has denied allegations it deliberately hid code inside its WordPress plugins that, among other things, spammed a rival's website with junk traffic.
[theregister.co.uk...]

A reminder to always vet whatever plugins are put in use!
8:50 am on Apr 3, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:26118
votes: 949


It's always possible it was a horrible error.
1:25 pm on Apr 17, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38246
votes: 108


> always vet

And how do you do that? Seriously - I get nervous every time I install a new plugin or test one.

I tested a popular ecom plugin awhile back and after I removed it - it had left over 120 db fields that I had to manually remove (and one of them contained code...oh joy). How can a general WP user know what is clean and what is not?
3:26 pm on Apr 17, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4297
votes: 288


There's a good discussion about WP security/plugin vetting here: [webmasterworld.com...]

The last post there links to the place to check plugin vulnerabilities.
5:21 pm on Apr 17, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2552
votes: 725


How can a general WP user know what is clean and what is not?

This is what differentiates professionals from amateurs. WP markets a product that automates the work of a professional webdev. This automation comes with hidden costs and risks. Don't get me wrong the product may be great for some small business, individuals and hobbyists, but to believe that you can run a business without any web-development knowledge using WP is naive and ignorant. I'm not saying, that pros shouldn't use WP, on the contrary it may be a good tool for your business case, but one still needs to have the knowledge to understand how all the parts work.
6:40 pm on Apr 17, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38246
votes: 108


Well, that's the most arrogant and condescending reply I've read in awhile around here Nick.

> This is what differentiates professionals from amateurs

Yo, the plugin I was referring too was a popular ecomm platform by freaking Automatic (Google it if you don't know). Seems like alot of professionals around here are running it. Or are you calling them amateurs too?

>WP markets a product that automates the work of a professional webdev.

Got nothing to do with WebDev. Automatic produces a content management system for those that don't want to baby sit a content management system and pretty much anyone can use it. (I taught an 79yr old grandmother who had never touched a computer, on how to post to a blog from her phone)

> but to believe that you can run a business without any
> web-development knowledge using WP is naive and ignorant

There is absolutely no web-dev knowledge needed for most small businesses. I know of dozens upon dozens of SMB's that don't have a clue one about web dev issues. They've all self taught. Pressed the "install wp" button on their host - then bought a template - and had their site up in a couple hours.

> I'm not saying, that pros shouldn't use WP

lol. Considering just about every pro-seo agency I know of - runs on Wordpress, you might want to rethink that absurd statement.

>but one still needs to have the knowledge to understand how all the parts work.

Knowing how the parts work and knowing PHP/MySQL are a pretty damn far apart.
8:58 pm on Apr 17, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9727
votes: 929


If professionals can be scammed (for lack of vetting), then the rest of the crowd is totally sol? :)

Third party anything is something to be wary of. If you can't see the source code, that's one thing, but if you don't bother to look at the source code, that's on "you".

Plug and play has ruled the day for quite some time, so not surprised that things like this can happen. That said, always vet third party stuff!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members