13 Comments


  1. why are they moving to github?

    I have woodojo from woothemes.

    Sometimes it is hard to find the original source for plugins.

    I don’t care what plugin (and theme) authors say but you can’t really steal their plugins. I can buy a plugin and make it available free. Isn’t that how the WP license works? If you create something, I can fork it and have it available for free.

    Reply

    1. > why are they moving to github?

      Because for several years now the infrastructure, tools and collaborative environment on github have been orders of magnitude superior than anything wordpress.org has to offer.

      Reply

      1. Exactly. Plus you don’t have to wait for days or sometimes weeks to get added to the official repo… It’s still a good place to mirror your plugins though, but I always release on GH first and then go through the torture of syncing it with wp.org’s SVN… ;)

        Reply

  2. I saw the Sucuri post over on Facebook and it is pretty frightening.

    I’ve always stayed away from free themes and the more I learn about WordPress the more I only use premium themes and bought plugins or ones from the WordPress plugin repository.

    And as Miroslav asks “why are they moving to github?” I’m confused on that one.

    Reply

    1. WordPress.org is the safest place to get themes IMO. The scariest themes I’ve seen have been commercial ones. Most commercial themes are horridly coded and a large proportion of them contain insane security flaws in them.

      Reply

  3. I question the validity of only using free plugins from the wordpress repository. A few years ago I was looking for a privacy policy plugin on the repository and the only 2 I could find had not been updated since 2009, this is unacceptable as internet laws are changing constantly.

    My wife is an internet lawyer and wrote an up to date privacy policy and terms of use but I got sick and tired of copy and pasting so I wrote my own plugin and submitted it to the wordpress repository however they rejected it with a link to their rules for accepting a plugin. I believe I had followed all of the rules and asked them why they rejected it and the only response from them was they coudn’t use it. this is an up to date plugin as opposed to outdated plugins that in an ever changing world, were no longer relevant. Anybody using those plugins is leaving themselves open to prosecution from governing bodies. But the people at wordpress didn’t feel they need a current one that to this day is still being maintained.

    Funny thing though is that I have found many plugins and themes in the repository that do not follow their rules. So who is it that is making the decisions as to what should and should not be put in the repository?

    We use the plugin now as a list building tool on one of our websites http://lawforwebsites.info, however if the good people at wordpress become enlightened and decide that protecting their users businesses is important then we will reconsider listing it in the repository.

    Reply

    1. Hi Tony,

      1) I don’t think privacy plugins should be allowed. Different countries have different rules. I am in Toronto Canada as I type this
      2) Your wife and you, are either of you lawyers? (.info site)
      3) The whois search for that .info site is Australia. I am in Canada, our laws are slightly different.
      4) Europe has this thing about telling viewers about cookies. That doesn’t apply to everyone.
      5) Fill in form type privacy sites SUCK HORRIBLE.
      6) You don’t need a plugin for privacy policy.

      If you have advertisements, go to google adsense/linkshare/cj/etc… privacy policy pages and read them.
      Then you go back to your own website, create: yoursite.com/privacy.
      Explain in your own ways what GA/LS/CJ/etc…said.
      Do you use Google Analytics/Woopra/etc…? go back to your /privacy page and mention that. Mention that GA/WOOPRA will tell you their country/web broser/operating system/etc…

      Mention what happens to the information people leave when they leave a comment on your site. If you use disqus/other 3rd-party…………

      Do you get the point I am trying to say? Do the effort yourself. Don’t need a plugin.

      Reply

  4. >why are they moving to github?
    Some developers prefer one source control system over another, github is nice because it can support both svn and git clients. It’s also got an issue tracker which you can use to track bugs and issues that are specific to your plugin.
    > I can buy a plugin and make it available free
    I suspect that depends on the terms of your license with the supplier. Some plugins you pay for the support, others you pay for the usage.

    Reply

    1. Any WordPress based product inherits the license of WordPress.

      I said that I can technically speaking do it. If it’s morally acceptable/ethically acceptable…that’s something different. Theme/plugin license discussions happened last year. Many people got pissed.

      Reply

  5. So please tell me a way I can check my themes integrity to make sure there is no dodgy code in there? Even purchasing a theme doesnt mean there will be no malicious or dodgy code in there…

    Any ideas or websites that can run checks on a theme? (or plugins?)

    Reply

  6. There is no way to do that (reliably) in an automated fashion. To do it properly, you need to read through the code line by line and look for problems. There is the Theme Check plugin which can pick out some simple (potential) problems though.

    Reply

  7. Well this video is certainly a blast from the past!

    As commercial plugins have gained popularity over the years, it’s not surprising at all that sketchy people have started redistributing popular ones with malicious code for free.

    The same adage applies, only trust plugins (and themes) from reputable sources. WordPress.org is usually a pretty safe bet.

    Reply

Leave a Reply