wp-app-store spam alert, need a plugin to stop this in its tracks

I noticed that on all of my sites today that there was a new link in my admin panel pointing to a page wp-app-store.

Basically this is a company that seems to be getting a lot of other companies to put their stupid link into their plugins thus spamming all of us who unfortunately fall prey to it.

In my case, it turns out I purchased a legitimate theme from one of the largest companies out there for WordPress, and I found they are the ones putting this crap into my system. No need to name names here.

To make matters worse, just because I decide I don't want it doesn't matter, it has a function in there checking to see if the user has permission to install plugins, and ( has not yet said no to this plugin) then it will ask them to install it. Thus ruining my nice clean network...

What I am asking for:
I need a simple plugin that I can drop into my mu-plugins folder that will preempt this plugin from ever loading or doing anything. It looks like the installer is about the same for everyone that uses it, and at the very least it has to call home.

My plans are to release this on wordpress.org if 'whoever helps write it here' doesn't want to do it themselves.

I can think of a number of techniques, but am not sure the best way to do this. My best guess is it is only going to be a few lines of code and will only take the masters here a few mins to build.

Here is the plugin class itself that I found.

Thanks to whomever helps with this.

*We really need to stamp this crap out right away as it sets a horrible precedence. The last thing we all want is to have hundreds of companies jumping onto this bandwagon and polluting every good plugin out there with this crap. I don't want it in my system or database, and I'm guessing most other people won't either.

***You know.. I understand this spam crap on free stuff, but when I pay good money for a theme or plugin and end up with this.. that is taking it to far. First we end up with 'donate' links in paid plugins, now this... what's next?

arghhhhh I'm so tired of this crap if you couldn't tell...

  • Timothy Bowers

    Hey there.

    I was just looking at the PHP in the file you included.

    The add_actions are in the construct and are:

    add_action( 'admin_init', array( $this, 'handle_request' ) );
    add_action( 'admin_menu', array( $this, 'admin_menu' ) );
    // Plugin upgrade hooks
    add_filter( 'plugins_api', array( $this, 'plugins_api' ), 10, 3 );

    Usually it would be a case of using remove_action but this is called from a class.

    Because of how this is made it will use a throwaway object and not a static global object like add_action when outside of a class.

    WordPress keeps all the bound actions in $wp_filter global array. The idea then would be to go through the array and find the proper hook "slot" for the action you wish to remove. Next, the slot would also be an array, populated with "handlers" - callable bits of code, placed there by calls to add_action()/add_filter(). Next step would be going through that array and, once you find the matching callable bit of code (identified with
    e.g. get_class() native PHP function), to unset that entire element from the $wp_filter array.

    Hope this helps.

  • shawng

    Suppose it makes sense that they would build something so complicated that people can't simply block it with a few lines of code. Probably thought ahead that people like myself would not be happy and would want to come up with a plugin to protect against this.

    I'm still learning my way around coding properly but will do my best to figure out what you said and how to use it to block them.


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.