Is There a Proliferation of Subversive Plugins on

Is There a Proliferation of Subversive Plugins on some of you may know, I spend a lot of time looking at plugins.

In fact, I cast my eye over every single new plugin release on, and test any that I feel may of worth. So I end up testing a lot of plugins.

The ones that I like get featured here at WPMU. You never read about the countless plugins I test that don’t make the grade. Unless of course I need to vent about something (which I do today), in which case, plugins that I don’t recommend get free publicity.

What is a Subversive Plugin?

In my opinion, the idea of the Plugins Directory is for people to share useful plugins with standalone capabilities, that do not intend to profit (financially or otherwise) in any direct fashion.

By that, I mean that a plugin should not be designed to generate an income (or exposure) in a subtle or underhand manner, nor should it be released with the intention of misleading the user, or offer greatly limited functionality in an attempt to profit from the user.

Don’t get me wrong – I want plugin developers to be rewarded for what they do. I have no problem with plugins released on a “freemium” model, to give users a taste of what they can expect if they upgrade (whilst offering up basic functionality of some benefit). But in my opinion, some plugins clearly cross the line, and when they do, I lose all faith in the developer and doubt the quality of their product – even if it has been well crafted.

An Example

This whole article has been prompted by my experience with one particular plugin that was recently released on It is certainly not the only subversive plugin that I have come across in recent times, but it does offer a clear example of what I am talking about.

I am talking about 6Scan Backup. Reading the description, it all seems rather interesting:

6Scan Backup automatically backs your site up on a predefined schedule. Both a file backup and database backup are created, and then securely uploaded to our cloud datacenter. The backups are encrypted in transit to prevent eavesdropping and data theft. If you every need to restore your site, just go to your 6Scan Backup dashboard and click the backup you wish to download – multiple recent backups are stored to give you even more control. Even if your server goes completely offline, our full backup will allow you to restore your site to full functionality on a new server within minutes!

But that’s not all – there are extra features!

6Scan Backup also includes numerous security features from our 6Scan Security WordPress plugin to help you protect your site against hackers, such as a free site security scan, login security, threat analytics, and more.

So in theory, I’m sold – I want to take a closer look at this plugin.

So I install it, and I’m immediately asked for my email address. Hm. The next screen I see is this:

6Scan Backup

The plugin is scanning my site? I thought it was a backups plugin. I know there were some extra features mentioned at the bottom, but I hardly expected those features to be placed front and center.

So I ignore the message, and get on with backing up my site. It seems like a smooth process – I’m impressed. Well, I was at least, until the main backup failed. But let’s give the developer the benefit of the doubt and assume that it was a server-related issue.

There’s only two free backups and a minimum backup frequency of seven days, but I’ve got no problem with that – presumably a premium version would offer more settings.

What I do have a problem with is this:

6Scan Backup

Guess what – I need to purchase a plan to deal with these vulnerabilities. Oh, and if you gave them your email address, you’ll be handily reminded of this.

What we have here is what appears to be a decent backup plugin (presuming that it actually works) that also operates as an unnecessarily pushy advertisement for 6Scan’s premium tools. If you go back and take a look at the plugin description, there is no indication that this is what you are going to be hit with. Furthermore, there are a surprising lack of screenshots available. Why? Because all of the screens are filled with self-promotional and pushy sales graphics.

I think there is a reason why this plugin already has over 3,500 downloads, but only two ratings (one of which is mine). Few WordPress users appreciate being manipulated in this fashion.

Asking for donations is fine. Unobtrusive advertising is fine. Advertising something as a free version of a premium plugin is fine. But the kind of underhand tactics you see above, in my opinion, are absolutely not fine.


I am betting that some people will not take my side on this matter, and to an extent, I can understand that. After all, most developers don’t earn a worthy income from their plugins as it is – so why do I want to make their job any harder?

My response is simple – open source is all we have.

One of the main reasons for WordPress’ success to date was the wide proliferation of highly functional (and completely free) plugins. If WordPress loses its open source spirit, it loses its beating heart. My concern is that plugins such as 6Scan Backup are completely against the spirit of open source. And the number of such plugins being released seems to be on the rise.

In my opinion, the only question a plugin developer needs to ask themselves is this: “Do I feel comfortable with what I am doing?” I assume that the developers at 6Scan knew exactly what they were doing when they were creating this plugin, and didn’t feel particularly comfortable about it, but were overruled by sight of the opportunity to make a quick buck.

And that, my friends, is not an example of the open source spirit in action.

11 Responses

  • Hello, As (french) Web Security Consultant and WordPress Expert, i do the same as you : i keep an eye everyday on new plugins and i also tested 6scan.
    I hate the fact the plugin is not included in MY install.
    And the paiment system is … freaky bad and not honest!
    Thank you for your time

  • Yeah it’s an interesting one. If I recall correctly there is nothing untoward with pushing people onto paid services using the WordPress Plugin Repository (again, don’t quote me on this but functionality on Scribe plugin is non-existant until register for the API). But then it’s just a quick uninstall, no (real) harm done besides time. The example you highlighted above is downright deceiving.

  • I monitor all new plugins, too, but had to create my own scalper to populate a feed (based on the “/plugins/browse/new/” page) since there isn’t a natural feed anywhere I can see. Is there a feed somewhere that I’ve missed?

  • To address the topic – I agree that some of the plugins are clearly abusive if not merely subversive, but I could care less. It’s more important to me that the spirit and freedom of the repository remain intact. Open source, the freedom to use – and modify – anything I find here to suit my specific needs is why I switched to WordPress from the many other platforms I’ve used in the past. Sure, there’s a few that tarnish the “brand” of OS with what they do, but it’s a small price to pay for the rest of it, and it’s a very small part of the whole.

  • Hey Tom, thanks for the very informative article. I’m from 6Scan, developers of the 6Scan Backup plugin.

    I agree and accept many of your points; our backup plugin was just recently released as an offshoot of the security plugin, and does have its messaging issues. We’re still working on separating the two features entirely so that backup users get a more backup-oriented dashboard while security users get the vulnerability scan they asked for. I apologize that our work in progress seemed to you to be subversive, and hope we can improve that over the coming weeks.

    Because user feedback is the greatest catalyzer of change for us, I’m glad you took the time to explain what you felt was wrong, and I’d look forward to continuing the conversation privately to hear more. I’ll try and reach you by email – I hope I can find your address.

  • I note the passage of time hasn’t changed 6Scan’s approach. I downloaded their wordpress security app and had a similar experience. I was bemused and remain confused over just what it does for me in its free version as all the issues it seems to have identified can only be fixed automatically if I sign up to a payment package! I totally agree it goes against the grain of what I understand plugins offer. Having said that nor am I a lover of having to share twitter, facebook or gmail information simply to post a comment here. “Click on a tab to select how you’d like to leave your comment” hardly warns you sufficiently of the data sharing attempts which will follow What happened to simple comments?

  • Great article!

    I happen to be a plugin author and the “Do I feel comfortable with what I am doing?” issue was been a huge deal/dilemma for me ever since I made the decision to create a Pro/Premium version of my free plugin. I did not start out with the intention to create a Pro/Premium/Paid version of my free plugin, but the natural course of plugin growth development and wanting to keep improving and perfecting the plugin kept me moving constantly forward.

    So why didn’t I just keep adding these new features to the free version of the plugin? It had nothing to do with the fact that very few people make donations or most of the people you hear from are complaining (totally normal of course – when everything is working great you tend not to hear positive feedback from those folks) or lack of being appreciated or acknowledged for my contribution to the community. It came down to only this factor.

    I believe that if you create something that you should fully support it 100% and not leave folks hanging with questions/issues/problems. I completely understand why plugin authors who have 500,000+ downloads of their free plugin do not attempt to try and keep up with providing 100% support – it is a full-time job trying to do this. So I debated with myself for months on this question – How do I add all the new features that I want in the plugin for myself and also offer it to the public/community?

    I kept coming back to the same problem. The more features that I added to the plugin would equal more time that I would be spending supporting these new features/the plugin. In the end I decided to do a test group model to see what the numbers would be in a real world scenario. After doing this the answer was clear that either I could just create a personal Pro version for myself or I would have to charge something for a Pro version if I wanted to continue to offer 100% support.

    If I had won the lottery or was independently wealthy or if I could be comfortable with an “as is” unsupported plugin approach then I never would have created a Pro/Premium/Paid version of the plugin.

    So in the end I created an extremely fair price for the Pro version that would cover my support costs and I can offer 100% support 24/7. I am happy to report that this model is working out well for everyone. In my personal opinion this still follows the basic core philosophy of WordPress – it is all about giving to folks and not taking from folks.

    Best Regards,

Comments are closed.