13 Feb

This Might Be Why Woocommerce CSV Import Was Removed From the WordPress Plugin Directory

When it comes to improving the security of WordPress one the easiest things to do would be to start alerting when websites are using plugins that have been removed from the Plugin Directory for security issues. We have been trying to get that to happen for over five years, but the WordPress team has continued to fail to do that, while claiming they are “working on it”. Recently the Wordfence Security plugin has started to warn when removed plugins are in use, which has led to more people realizing they are using removed plugins, but leaving them not knowing why the plugin was removed as there are other reasons for removal. That isn’t all the helpful as can be seen by the company behind that plugin touting this feature with a quote from a person that left a plugin with intentionally malicious code in it on their websites after it was removed from the Plugin Directory multiple times. Instead of Wordfence getting behind the effort to get this issue properly resolved, they would rather promote people being reliant on their plugin for incomplete information on removed plugins, while sometimes providing those using their plugin with outright false information about the situation with a removed plugin.

[Read more]

19 Oct

This Might Be Why Note Press Was Removed From the WordPress Plugin Directory

When it comes to improving the security of WordPress one the easiest things to do would be to start alerting when websites are using plugins that have been removed from the Plugin Directory for security issues. We have been trying to get that to happen for over five years, but the WordPress team has continued to refuse to do that, while claiming they are “working on it”. Recently the Wordfence Security plugin has started to warn when removed plugins are in use, which has led to more people realizing they are using removed plugins, but leaving them not knowing why the plugin was removed as there are other reasons for removal. That isn’t all the helpful as can be seen by the company behind that plugin touting this feature with a quote from a person that left a plugin with intentionally malicious code in it on their websites after it was removed from the Plugin Directory multiple times. Instead of Wordfence getting behind the effort to get this issue properly resolved, they would rather promote people being reliant on their plugin for incomplete information on removed plugins, while sometimes providing those using their plugin with outright false information about the situation with a removed plugin.

[Read more]

18 Oct

This Might Be Why Starbox Was Removed From the WordPress Plugin Directory

When it comes to improving the security of WordPress one the easiest things to do would be to start alerting when websites are using plugins that have been removed from the Plugin Directory for security issues. We have been trying to get that to happen for over five years, but the WordPress team has continued to refuse to do that, while claiming they are “working on it”. Recently the Wordfence Security plugin has started to warn when removed plugins are in use, which has led to more people realizing they are using removed plugins, but leaving them not knowing why the plugin was removed as there are other reasons for removal. That isn’t all the helpful as can be seen by the company behind that plugin touting this feature with a quote from a person that left a plugin with intentionally malicious code in it on their websites after it was removed from the Plugin Directory multiple times. Instead of Wordfence getting behind the effort to get this issue properly resolved, they would rather promote people being reliant on their plugin for incomplete information on removed plugins, while sometimes providing those using their plugin with outright false information about the situation with a removed plugin.

[Read more]