34+ WordPress Plugins May Be Able To Add Spam Content To Your Blog - And Hide It From Your View!

haha. I love this

Come on guys We can do better than this.
What was excellent about his Post? That he gave a heads up to protect WP owners from malicious behavior ? Or possibly telling you that ALL of us should have Wordfence installed on our WP blogs ?

Maybe take a look at this : https://www.warriorforum.com/off-top...rrggghhhh.html

And this information​ pertains to this thread how?

Actually, a better question is what in the world does it even mean?

I really think it's time for WF to make ALL signature links a paid feature. This would weed out all of these "one line warriors" who obviously come here and leave lousy 4 or 5 word posts for the sole reason of getting sig link exposure.

It's really taking away from the value of the forum and not only that, it's discouraging to all of the loyal members whose threads and posts are actually helping people and adding value.

My guess is that charging for the PRIVILEGE of having a signature link would weed out all of the people who are here for the WRONG reason.

It doesn't have to be a lot. Even $2 a month would weed out the sig spammers.

That's because they don't have enough posts yet. I think you need to have a certain number of posts before you can post a sig link. Also, the mods have removed a few of the posts (and rightly so).

I'm sorry but I really feel that the WF needs to do something to discourage people from joining the forum and posting simply to get exposure for a sig link. The bottom line is that it's detrimental and lowers the quality of the forum posts.

I'm not saying that charging a fee to have a sig link is the only solution. Maybe raising the number of posts to 100 before you can have a sig would be better, or only allowing people that have been here for less than a certain amount of time to link to a post inside the WF, such as a classified ad or WSO that they posted. This would require them to purchase a classified ad or a WSO post in order to have a sig if they have been here for less than, say 90 days.

All I'm saying is something needs to be done because I'm getting sick of threads getting hijacked with posts like "Nice post," or " I didn't know that," or "That's interesting."

Unless somebody can explain to me how posts like that help anybody or add any value to a thread, I see no reason for people to make them other than to get exposure for their sig links.

Glad to help.

The more I've been learning about the way the WordPress plugin repository works, the more I see how easy it can be manipulated.

I did discover that WordPress frowns upon people selling the plugins they developed that are in the repository, and it's for the exact reason that this is how things like this happen.

The way I understand it, when you submit a plugin there, it then becomes open source and anyone can take any plugin that's in there and work on it and even sell it if they like. They could even change the plugin considerably and submit it to the repository themselves as an entirely different plugin. This is all legal, because any plugin submitted to the repository becomes open source and anyone can work on it. That's the whole point of open source is for people to improve upon the software.

However, if you were to do that and submit the plugin, it would start with zero installs and very little popularity.

So, the reason why WordPress does not want a person who has a really popular plugin with thousands of installs to sell their account to someone else is because of what happens here.

For example, let's say I contact a person who has a plugin in the repository that has a million installs. I then ask them if I can buy the plugin from them. Since it's open source, there's no reason to buy the plugin at all, but what the person is REALLY after is the access to the plugin with all of the installs. In other words, if they buy a plugin in the repository that has a million installs, they can then update it and add any code they want to it, and as soon as a person who has the plugin installed on their site updates it, then the NEW code is now on the plugin.

It's somewhat hard to explain but the bottom line is that anybody who is offering to buy plugins from the original developer with access to the account may be looking to do so for the sole reason of injecting malicious code into it.

It's perfectly legal to take any plugin in the WordPress repository and add to it and turn it into a whole new plugin. You can do the same thing with any theme in the repository.

I wasn't aware of this until I did a bunch of research and learned that once you submit your plugin to the WordPress repository, there is no copyright on it. Anyone can take the plugin and add to it and then rename it and even sell it. As long as you have made changes to the code, I believe you can even upload it to the repository under your own account and give it a different name.

I've heard that this is actually how a lot of people get ideas for new plugins that get sold. They take the framework from a plugin in the repository, give it to a developer, and pay them to add their ideas to it, then turn around and sell it as their own plugin.

Maybe I'm wrong but from what I've been reading it seems like a lot of people do this and it's perfectly legal.

Yeah they should make it an annual fee of $5 ( or $10) . One time fee won't cut it as far as weeding out the crap, imo