When it comes to the inappropriate behavior by the moderators of WordPress Support Forum that has led to us doing full disclosures of WordPress plugin vulnerabilities until that gets cleaned up, it is amazing how much of it is just downright bizarre.
Why was this plugin ‘closed’?
Then moderator Jan Dembowski, who has managed to get a public reputation for bullying, responded with this:
A plugin can be closed for many valid reasons. None of which need to be discussed here. I’m closing this topic.
If you have a problem with this plugin then please feel free to open a support topic. But only for support, topics that speculate about why a plugin or theme was closed isn’t for these forums.
That is just stunning.
If there is a valid reason for the plugin being closed that seems like something that should be able to be discussed, seeing as it is valid. It also seems like something that might need to be discussed since people don’t know why it was closed and what they might need to do about that. We also think that something that would be accurately described as problem with the plugin.
There also wouldn’t be a need to speculate if there was just a reason given why it was removed.
Unfortunately no one could try to have a constructive conversation with this moderator to explain why their reply was so problematic because the topic was closed after their reply. That is a common thing done by the moderators (in some cases they go farther and will wholesale delete topics after doing something like that), which doesn’t exactly make it look like their claims are in fact justifiable, nor that they are interested in being part of a community, but instead they are interested in controlling things.
Later a reason was given for the closure, there is supposed to be a security issue in it:
That seems like the sort of thing that people should know about and be able to discuss about on the Support Forum without moderators acting inappropriately.
Right now there are 30,000+ active installation of a plugin according to wordpress.org, which they claim to be insecure and that also seems like something else that should be able to be discussed on the Support Forum.
We thoroughly looked over the plugin (there isn’t much code in it) and the only thing that looks like it could be considered a security issue is something that under normal circumstances would only really be a vulnerability in the context of MultiSite installation. That seems like a good reason for more information on what the supposed security issue is should be released, so that others can understand what the risk is as well as being able to independently confirm that there is an issue or determine that a mistake was made and that can be corrected. You don’t want tens of thousands of websites to stop using a plugin unnecessarily (in the real world moving to another plugin after one is removed can actually make websites less secure). But as was shown with what the moderator did with that support topic, there is far too often an unwillingness for the people on the WordPress side of things to work constructively with others or consider they might be wrong about something, which is harmful to larger community around WordPress.