15 Mar

Closures of Very Popular WordPress Plugins, Week of March 15

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

This week one of those plugins was closed and was subsequently reopened.

Accelerated Mobile Pages (AMP for WP)

Accelerated Mobile Pages (AMP for WP), which has 100,000+ installs, was closed yesterday. The developer responded to a question about the closure with this response:

There were some forum guidelines which we were not able to comply with so that’s why they hold the plugin until we get a clarity on guidelines. We had a word with them and we assured them that will comply with it.

The plugin should be live in few hours as per our discussion with the team.

Please don’t worry about the situation. We are taking this as an opportunity to improve ourselves and the plugin.

Considering that just from our limited involvement on the forum we have seen the people moderating the forum repeatedly violating the guidelines of the forum, removing plugins due to claimed violations seems like the wrong course for claimed violations.

The plugin was reopened today.