Is There a Proliferation of Subversive Plugins on WordPress.org?
As some of you may know, I spend a lot of time looking at plugins.
In fact, I cast my eye over every single new plugin release on WordPress.org, and test any that I feel may of worth. So I end up testing a lot of plugins.
The ones that I like get featured here at WPMU. You never read about the countless plugins I test that don’t make the grade. Unless of course I need to vent about something (which I do today), in which case, plugins that I don’t recommend get free publicity.
What is a Subversive Plugin?
In my opinion, the idea of the WordPress.org Plugins Directory is for people to share useful plugins with standalone capabilities, that do not intend to profit (financially or otherwise) in any direct fashion.
By that, I mean that a plugin should not be designed to generate an income (or exposure) in a subtle or underhand manner, nor should it be released with the intention of misleading the user, or offer greatly limited functionality in an attempt to profit from the user.
Don’t get me wrong – I want plugin developers to be rewarded for what they do. I have no problem with plugins released on a “freemium” model, to give users a taste of what they can expect if they upgrade (whilst offering up basic functionality of some benefit). But in my opinion, some plugins clearly cross the line, and when they do, I lose all faith in the developer and doubt the quality of their product – even if it has been well crafted.
This whole article has been prompted by my experience with one particular plugin that was recently released on WordPress.org. It is certainly not the only subversive plugin that I have come across in recent times, but it does offer a clear example of what I am talking about.
I am talking about 6Scan Backup. Reading the description, it all seems rather interesting:
6Scan Backup automatically backs your site up on a predefined schedule. Both a file backup and database backup are created, and then securely uploaded to our cloud datacenter. The backups are encrypted in transit to prevent eavesdropping and data theft. If you every need to restore your site, just go to your 6Scan Backup dashboard and click the backup you wish to download – multiple recent backups are stored to give you even more control. Even if your server goes completely offline, our full backup will allow you to restore your site to full functionality on a new server within minutes!
But that’s not all – there are extra features!
6Scan Backup also includes numerous security features from our 6Scan Security WordPress plugin to help you protect your site against hackers, such as a free site security scan, login security, threat analytics, and more.
So in theory, I’m sold – I want to take a closer look at this plugin.
So I install it, and I’m immediately asked for my email address. Hm. The next screen I see is this:
The plugin is scanning my site? I thought it was a backups plugin. I know there were some extra features mentioned at the bottom, but I hardly expected those features to be placed front and center.
So I ignore the message, and get on with backing up my site. It seems like a smooth process – I’m impressed. Well, I was at least, until the main backup failed. But let’s give the developer the benefit of the doubt and assume that it was a server-related issue.
There’s only two free backups and a minimum backup frequency of seven days, but I’ve got no problem with that – presumably a premium version would offer more settings.
What I do have a problem with is this:
Guess what – I need to purchase a plan to deal with these vulnerabilities. Oh, and if you gave them your email address, you’ll be handily reminded of this.
What we have here is what appears to be a decent backup plugin (presuming that it actually works) that also operates as an unnecessarily pushy advertisement for 6Scan’s premium tools. If you go back and take a look at the plugin description, there is no indication that this is what you are going to be hit with. Furthermore, there are a surprising lack of screenshots available. Why? Because all of the screens are filled with self-promotional and pushy sales graphics.
I think there is a reason why this plugin already has over 3,500 downloads, but only two ratings (one of which is mine). Few WordPress users appreciate being manipulated in this fashion.
Asking for donations is fine. Unobtrusive advertising is fine. Advertising something as a free version of a premium plugin is fine. But the kind of underhand tactics you see above, in my opinion, are absolutely not fine.
I am betting that some people will not take my side on this matter, and to an extent, I can understand that. After all, most developers don’t earn a worthy income from their plugins as it is – so why do I want to make their job any harder?
My response is simple – open source is all we have.
One of the main reasons for WordPress’ success to date was the wide proliferation of highly functional (and completely free) plugins. If WordPress loses its open source spirit, it loses its beating heart. My concern is that plugins such as 6Scan Backup are completely against the spirit of open source. And the number of such plugins being released seems to be on the rise.
In my opinion, the only question a plugin developer needs to ask themselves is this: “Do I feel comfortable with what I am doing?” I assume that the developers at 6Scan knew exactly what they were doing when they were creating this plugin, and didn’t feel particularly comfortable about it, but were overruled by sight of the opportunity to make a quick buck.
And that, my friends, is not an example of the open source spirit in action.