The Good and Bad of Unexplained Change to WordPress Plugin Directory That Exposes Owners of Plugins
Yesterday, the team running the WordPress Plugin Directory announced they had recently made a significant change to the directory. No explanation was given for why it was done. Nor why it was done without warning or discussed beforehand. The change has some positive benefits, but also some apparent downsides. The change is what is shown as the author of a plugin. Here is an example of the change. The 400,000+ install plugin NextGEN Gallery used to be listed as being by Imagely:
Now it is listed as being by Syed Balkhi:
Alongside changing who is listed as the author, there is no longer a link to a URL specified in the plugin’s header, but instead links to the plugin owner’s WordPress account.
One positive benefit of this is that it exposes who the owner of plugins are, when they are not being upfront about that.
In December, we wrote about how one plugin developer, Awesome Motive was obfuscating their connection with the plugins they own. NextGen Gallery is one of their plugins. Prior to the change, the author link linked to a website that claimed Imagely was “a growing digital media company” and made no mention of Awesome Motive. Syed Balkhi is the head of Awesome Motive and his account has ownership of the plugins and many others that have had undisclosed ownership by Awesome Motive. Exposing secret owners like that is one good change here.
Another problem that has existed until now is that there wasn’t a way to confirm that plugins were truly coming from WordPress. As there wasn’t a verification that a plugin with the author listed as WordPress was truly from WordPress. That is now sort of addressed. The problem now is that plugin’s coming from WordPress where the owner isn’t set to WordPress will show as something else. So, the Two Factor plugin now is listed as being by George Stephanis:
Whereas before it was listed as WordPress.org Contributors:
Looking at the comments on the post, there are problems with the change and complaints about the sudden change. We should note that the change just wasn’t made. It looks like it went in to effect at some point on February 5.
Why The Change?
As we noted above, there are good reasons for such a change. The still unexplained reason for the change and the apparent lack of public discussion of it raises questions. Could this have been done because of some specific abuse? Could it be something dictated by Matt Mullenweg, as other recent changes have been done by? Beyond exposing the owner of the plugin, it takes away a prominent link away from the WordPress website, which could explain why he might have wanted it done. The team’s Team Rep that wrote the post seemed to be saying he hadn’t implemented the change, but provided no explanation who had.