Recently I was trying to install a well-used plugin on a new site I’ve come to manage and noticed it wasn’t showing up in the repository anymore. As I began looking into where the heck WP-SpamShield went, I stumbled across an article written by the plugin authors that seemed worth sharing and expanding upon.
For those looking for the gist without diving into the lengthy story, the tl;dr is this.
The authors say that WordPress admins randomly removed the plugin claiming it violated a security term, even when plugin devs said it actually had a workaround to protect users from a WordPress vulnerability and promptly removed the workaround when asked after WordPress had resolved the vulnerability itself. Yet the WordPress plugin repository terms of service apparently has a clause written so arbitrarily that basically allows the admins to remove any plugin for any reason (see #18 here).
WordPress admins apparently continued to deny re-entry to the repository with no reason given, ignoring attempts to communicate by plugin devs. If you believe the story, WP admins even went as far as to badmouth WP-SpamShield on Reddit, banning the plugin author’s account temporarily to prevent him from defending himself.
Look, there’s no other way to say it. This is… disconcerting.
As a web writer, WordPress website developer, and SEO pro who has primarily used WordPress for years, the idea of arbitrary censorship and removal of plugins people rely upon brings up some uncomfortable questions.
It’s hard to assess the reality of this whole story from the outside. On one hand, I’d be inclined to believe a plugin dev that has created a great, free product for years and faithfully maintained it. But when you read a blog post accusing the web platform admins as “tyrannical” and other heated adjectives, you do have to wonder how much of the story’s slant is earned or born of misunderstanding and anger.
For what it’s worth, Otto4242 (who apparently speaks for WordPress) did respond to the situation on a Reddit thread. He seems pretty rational and admits fault in part of it, but was there more behind the scenes we don’t know?
At the very least a plugin I and many others considered a go-to as the best alternative to Akismet for blocking comment spam, since Akismet is no longer free for biz sites, has an unclear future. And in the worst case? A platform I’ve championed for a long time is more dubious than I’d imagined.
Check it out for yourselves, and if anyone has some info to share they’ve come across, I invite them to share.