41 Comments

  1. Joseph McMurry
    · Reply

    Good job Themes Team!

    Automatically updating a database option for the Monster Insights plugin to add an affiliate ID seems over the line IMHO.

    Report

  2. Benjamin Intal
    · Reply

    Instead, the theme injected the company’s referral ID into affiliate links for third-party plugins when they were active on a user’s site.

    I would also think that this hijacking is in violation of the affiliate programs of the affected plugins.

    Report

    • Justin Tadlock
      · Reply

      While I haven’t read the TOS of each plugin’s affiliate program, I would assume this is OK given that those plugins are providing the filter hooks to do so. This seems to be common practice. I also have it on good authority that at least some plugin companies may have reached out to theme authors with a request for recommending their plugin in exchange for using such filters or other methods.

      Whether continued questions or digging will lead to a bigger story, I don’t know. However, I seriously doubt the Astra theme was doing anything against the wishes of the plugin companies. Those companies are free to comment and set the record straight though. I will be asking questions…

      Report

      • Benjamin Intal
        · Reply

        I hope so.

        I don’t know the specifics on how exactly the links were modified prior to it being fixed. It can be that they were simply displaying the affiliate links in their own theme area, in this case it would most likely be okay in terms of affiliate linking. But based on the line I quoted, it can also be modifying any links that aren’t in their own theme area (which would otherwise be non-affiliate links) to become affiliate ones. Something like that would definitely be not okay. It would be great if this can be cleared up.

        Report

  3. Lucy Ng
    · Reply

    It’s good to hear that they are reinstated. Hope that other themes all follow the WordPress rule strictly so that users are not affected.

    Report

  4. Andreas Nurbo
    · Reply

    The behavior was misleading the users of those others plugins. I’m guessing from the code snippets that’s been shown that users were not informed that it was affiliate links and that Astra had manipulated these links.
    It is fascinating that GiveWP, Hubspot, Ninja Forms etc did not consider this deceptive practice but encourage it given that they provide the means for it.
    I find the behavior nefarious and that the plugins companies thinks this is ok is very odd. Just adding your own affiliate ID to already installed plugins is not providing any value at all to the users.

    Report

    • Dumitru Brinzan
      · Reply

      You forgot to consider that the theme was “recommending” these plugins upon installation, even if they had nothing to do with the theme itself :)

      So this was a simple trade: you recommend our plugins and you get a cut of the profits.

      Just business, nothing more.

      Report

  5. Dumitru Brinzan
    · Reply

    Yesterday on Slack I described the situation using the “too big to fail” term.
    So much commotion and backpedalling because of a serious guideline violation.

    At first the Theme Team publicly announces a 5 week suspension.
    The first apology letter of the people behind Astra promises monetary contributions, but doesn’t really take the blame.
    Some Theme Team members start scrambling to “prevent the chaos” of the theme being suspended.
    They decide to just “derank” it, but keep in the repo, on the website, in the search (both the theme search and the site search).
    The Astra team delete their apology post and write a new one, removing any mention of financial and code contributions.

    Things don’t look well when a public apology (meant to sway public and authority opinion) is rewritten a few times in the span of a few hours.

    When I brought up the fact that this deranking story doesn’t resemble a suspension at all, a team representative claimed that no one ever said anything about a suspension.

    The official stance before was that the Theme Team shouldn’t care about a developer’s story, motive, circumstances, etc. But what do we see? Core tickets and changes evaluated and implemented in a matter of hours, just to fit the interests of a single developer.

    A serious guideline violation with the purpose of financial gains has been going on for 18 months! The punishment? A slap on the wrist and a hypothetical penalty of deranking.

    Time and time again we see how the big themes & plugins get preferential treatment, while the smaller people often get a lot less consideration.

    Disappointing is what this all is.
    Disappointing because a 10K theme would have just been banned from the repo without even a flinch.

    Report

  6. Charlie
    · Reply

    Everyday you drive down a road with 1000’s of other cars at 35 mph, even though everyone knows the limit is 30. Then one day the police stop and arrest one driver for speeding, he is driving a Bentley.

    Report

    • Dave Warfel
      · Reply

      If I understand your analogy correctly, you’re saying that 1000s of other themes are doing what Astra did, and not facing any consequences for it.

      Please provide proof of this.
      This assumes either gross negligence or severe incompetence on the part of the Theme Review Team, which is a huge accusation to make. See #1.

      Report

      • Sayontan Sinha
        · Reply

        There is one listed on the linked Trac thread itself (https://themes.trac.wordpress.org/ticket/87407#comment:15).

        Report

        • Dave Warfel
          · Reply

          @Sayontan — That’s a great find, and it does exactly what Astra got penalized for. I hope they face the same consequences.

          But it’s still 1 theme. Charlie said 1000s. I still have my doubts that even 50 themes are doing this, let alone thousands. I could be totally wrong, but to suggest it blindly is harmful to the discussion.

          If Charlie has used anywhere near that many themes, and has observed this behavior, then it’s a valid comment.

          Report

          • Sayontan Sinha
            · Reply

            @Dave,
            Yes, 1000s would be an exaggeration, but I think Charlie’s point, phrased differently was merely, “Many people violate rules. It is just that the one that got caught is very high profile”.

            I cannot provide you with information about how many other themes do it, because while I have on occasion downloaded a theme from .org, the only theme that I have used which wasn’t coded by me was TwentySixteen.

            There was a time when I used to go through every piece of news related to themes, and I always kept an eye on the TRT guidelines, but that was before I myself stopped having a theme on .org. The fact is, with a large pool of volunteers of varying skill, and with some theme contributors being more enterprising than others about seeking exceptions, you will always find themes that have slipped through the cracks for some guideline. This used to be the case when the TRT used a mailing list for communication (other theme authors used to complain about such misses) before switching to Slack, and I don’t see why things would change.

            This is not to say that the TRT is grossly negligent or severely incompetent – it is just that something that slips through the cracks once may get grandfathered and stay in the system for a long time. The TRT doesn’t necessarily go back to retroactively check if a theme they approved previously is still adhering to guidelines.

            You might as well find 50 themes doing this, considering that some themes might have done this 3 years ago and gotten approved somehow, after which they were on an “auto-approval” (assuming that the TRT still has tickets that are automatically approved). Alternatively they might not have had any updates for a long time, and the last live update had something that didn’t meet the rules. There is also a possibility that some developers don’t keep monitoring the guidelines for changes.

            I have lived through this scenario when all developers were forced to use the customizer, and I missed the 6 month deadline for compliance (not just because it would be back-breaking for me to change to it, but also because at that point I had stopped staying abreast of guidelines, and the rest of the theme was really fine). One fine day I was notified that the theme was suspended – it had apparently lived in the repository for several months while violating a guideline.

            Report

      • Charlie
        · Reply

        Funny you should ask this. I just watched a video about it by a well known WP YouTuber, just before reading your reply. https://www.youtube.com/watch?v=h6FIIr4Vy3k

        Report

  7. Nimit
    · Reply

    Mostly my websites are running on Astra theme only. I was kind of in shock when I heard about this news. But, its nice to know that they are reinstated. Staying under the norms is very important in any business!

    Report

  8. Jack Lasey
    · Reply

    Where saddens me is themes are not allowed to have affiliate links and plugins are fine.

    Why different rules about affiliate links for a theme and plugins?

    OceanWP, ThemeIsle, Envato and many others have affiliate links. Why punish only one theme?

    This YouTube video sums up this pretty nicely:

    Report

    • richard Ginn
      · Reply

      I agree here..

      Report

    • Justin Tadlock
      · Reply

      To be clear, it is not just one theme that has been punished. Suspensions and so on happen all of the time behind the scenes for various reasons. Astra is simply a high-profile theme. The community interest made it newsworthy. If other themes are violating guidelines and reported, I am certain the team will address those specific themes.

      Personally, I agree that affiliate links should be allowed if the theme supports or integrates with the plugin in some way. If the theme author is going to be recommending the plugin anyway, they should be able to make a few dollars through referrals.

      I did ask the team reps whether they would consider reevaluating the affiliate links guideline. I used one quote from Carolina in the post but did not dive into what the other reps said. Because all of this did not get published in the post and I’m not likely to use it elsewhere, I will provide that part of the discussion here in the comments. Perhaps it will provide a bit more context.

      Rep #1:

      I wouldn’t reevaluate the requirement, as mentioned at point 1, those two plugins did not have anything to do with the theme (design or function).

      Rep #2:

      Personal opinion: Regarding the evaluation of guidelines, Ideally we’d go through all of them one by one and rewrite them. Most of them exist because 1 or 2 bad actors took advantage of a system, and as a result of that everyone has a set of rules that apply to all.

      It’s not an ideal system, it’s one that deters abuse of the .org repositories but doesn’t necessarily help authors shine.

      Rep #3:

      The guideline forbids adding affiliate links or tracking of users without explicit consent of the user. There was no consent requested here nor were the affiliations noted/disclosed anywhere. That is a privacy concern in addition to stretching what the guidelines state.

      We could reconsider the stance on affiliate links if certain privacy concerns were addressed but we have not discussed this.

      Report

      • kevinhaig
        · Reply

        I need to comment about this Justin :)

        “If the theme author is going to be recommending the plugin anyway, they should be able to make a few dollars through referrals.”

        I really do not think affiliate links should be allowed at all for a couple of reasons:

        It never holds consistently that the author truly believes the plugin is the best one to use. They are making the recommendations for these plugins because they get paid for the recommendation. Disclosure is important.

        I have seen themes recommend more then one contact form plugin and more then one page builder plugin.

        Themes hosted in the .org repo are supposed to be able to work with any plugin. When users see these recommendations, they likely take them as pretty important because the theme author is sitting in a position of perceived knowledge. So a user fully familiar with “Contact Form 7” may switch to “WP Forms”, because you know “the author recommends them, and maybe something has been coded in the theme related to this recommendation”. Bottom line is that the basis of affiliate recommendations by authors are not always in the best interest of the user.

        Affiliate recommendations usually involve tracking, and opt in becomes very important. What the Astra theme did was not appropriate at all because of the tracking that is ultimately involved. Maybe the plugin facilitates opt in, I don’t know and don’t care. The code originated in the theme and reviewers do not know what the plugin will ultimately do about tracking or opt in.

        Report

        • Justin Tadlock
          · Reply

          I think we’re mostly on agreement on all the problems. I still contend that I’d like a way for themers to make a little money on referrals, assuming they have a good reason to actually refer a particular plugin (and that they properly disclose this, of course). I do regret not really diving into disclosure in this post, but I am making notes for a potential story later.

          I’ll definitely side with the Themes Team on any decisions on affiliates because they’re the ones who have to actually check and police this. I’ve also seen enough problems and sneaky stuff to work around the guidelines that it makes it tough to trust everything would be above board.

          But, you know me, some of my thoughts are what would happen in an ideal world. :)

          Report

        • Dave Warfel
          · Reply

          @kevinhaig — I might be nit-picking words here, but I think it’s important to address your use of the word “never” in your comment.

          In a majority of cases, affiliates recommend products & services with the highest paying commissions, or just the ones that have affiliate programs to begin with. This sucks. It’s selfish & it hurts innocent users. I wish it didn’t happen.

          But I think to say that…

          “It never holds consistently that the author truly believes the plugin is the best one to use.”

          and

          “They are making the recommendations for these plugins because they get paid for the recommendation.”

          is going too far, and does a disservice to those of us in the community who only recommend products we use ourselves, and truly believe are the best, even when the affiliate programs pay out far less.

          I do this frequently, and I know I’m not the only one.

          That being said, it’d be impossible for the TRT to decipher an author’s intent or beliefs, so any policy derived from this idea would not be fairly enforced.

          I agree 100% with your point about disclosure. In some countries, it’s actually illegal to use affiliate links without disclosing that you are making money from them. How one would do this tactfully within the WordPress admin area, that would certainly be a challenge.

          But like Justin said, making some money off referrals isn’t, by itself, a bad practice. I don’t think we should rule it out simply because of an affiliate relationship. If it’s disclosed & truly genuine, there’s nothing wrong with it. But I still have no idea how the TRT (or PRT) would be able to write a fair, enforceable policy around it. I commend them for even trying 👏.

          Report

          • kevinhaig
            · Reply

            Yeah I may have been a bit strong in some of my wording, and sure there are those authors that honestly recommend a plugin they like. But the whole affiliate thing involves money, and that will always put ones motives in question. So they just should not be allowed period.

            Sure I am cynical, but I have been a member of the Themes Team (formerly TRT) for a very long time. I have reviewed a lot of themes, and seen a lot of things. So when I say, if you invite abuse, you get abuse, it comes from experience.

            Report

    • Justin Tadlock
      · Reply

      I finally got a few minutes to watch the video. While Wilson does bring up some good points, he lacks a basic understanding on several aspects of the issue. This lack of understanding hurts his credibility.

      For example, he asks why WordPress (i.e., the Themes Team) did nothing for 18 months. Had he asked the team, he would have known that they were unaware of the issue during that time. It wasn’t until they got the report and looked back into the theme’s Trac history did they know the affiliate issue existed for 18 months.

      He also does not seem to understand the difference between an affiliate link and an upsell link to a pro product or a link to a theme’s Facebook group. That’s fair enough from an outside observer, but again, he could’ve asked the Themes Team for clarification on what was meant by the guideline’s reference to links.

      There is also no mention that the theme and plugin review teams are completely different and separate, each with their own set of rules. Again, from an outside perspective, this may not make sense. And, there are some good points that could be brought to discussion about why they are separate. However, some of the comments were misleading to people watching who are also unfamiliar with the different teams. This makes for poor journalism.

      While I agree with many of his comments regarding allowing affiliate links, some of the other statements were clearly inaccurate and could have been cleared up had he simply talked to someone on the Themes Team.

      This is one of the big dangers of these types of knee-jerk reactions that you get on social media. They do not dive deeply enough into the subject to present an accurate story for those who are listening. And, we are all the poorer for it.

      Report

    • Bianca
      · Reply

      OceanWP, ThemeIsle, Envato and many others have affiliate links. Why punish only one theme?

      OceanWP, ThemeIsle, Envato are not WordPress.org. On their own platforms their own rules apply. On wp.org the rules of wp.org apply. Other themes that break the rules (and get caught ) are supposed to get the same treatment. The Astra issue just got a lot of traction.

      Report

    • Dave Warfel
      · Reply

      I think Justin nailed it with his response. Darrel makes some glaring misstatements in his video, and it does a disservice to the community. He raises some good questions, but the way in which he explains them is a display of poor journalism and shows a lack of understanding about several aspects of the situation.

      @Bianca — OceanWP, ThemeIsle & Envato are all on WordPress.org.

      Report

  9. Jack
    · Reply

    Just to correct you, OceanWP, ThemeIsle, Envato are not WordPress.org in the form of plugins. Seems like only themes are not allowed to have an affiliate link. Plugins are fine, which is weird.

    Report

    • Justin Tadlock
      · Reply

      The plugin and theme directories are run by two different groups with two different sets of guidelines. What plugins are allowed to do is different from what themes are allowed to do.

      There is certainly an argument that some of the guidelines should be shared across teams. Affiliate links would be one of those things. Because such links are not specific to theme or plugin development and can occur in either, it makes sense that there’d be a unified WordPress.org guideline for addressing them.

      Report

  10. Russell Aaron
    · Reply

    ASK PERMISSION, NOT FORGIVENESS.

    I’m not sure why this is hard. You go to the themes teams and ask them to review the rules. I’m sure there would have been a solution and a greater outcome would have come from it. One we could all use. However, this seems like it was done as a “WORK AROUND”. That’s total BS by all parties.

    “”In at least once instance, the theme —> automatically updated a database option <— for the Monster Insights plugin to add an affiliate ID — automatically updating any database option without user action is generally not allowed.””

    I remain that this is an OPT-IN rights issues. Nothing about this seem right because of the way it’s handled. And offering to clean up your mistake AFTER the fact is a PR move, and frankly, a lazy one at best.

    Report

  11. Dumitru Brinzan
    · Reply

    I think it would be appropriate to update the post with information about the current situation.
    The theme is back and the “delisting” was just a smokescreen. The theme sits at #79 on the Popular tab and will likely rise in the following days.

    I’m sure that their affiliate earnings and business deals from the last 18 months, plus the free press attention and community engagement this week were worth a one day suspension.

    Report

  12. Reinchelle
    · Reply

    Waiting for updates. I am an Astra user and I like it so far.

    Report

  13. Felix Krusch
    · Reply

    Without wanting to promote a radical approach, I know what got us into this dilemma. While contributing and or following the theme world for 16 years and knowing that it would affect the way I do business I would start thinking about changing the playing field by simply disallowing all “Lite” themes, upsells, recommendation Pop Ups and following a zero backlink / upsell policy, no footer credit lines, etc. … Everybody will only have the “Author, Author URI, Theme URI:” in the style.css as their billboard for their commercial activity.

    Using a GIT style approach to the theme directory would be a big improvement and encourage others to enforce these policies and help in the further development of certain themes.

    If theme authors do not want to participate, the themes would be still be in a GIT and others can contribute and make sure that “to big to fail” themes stay updated (the GPL does allow this, correct?).

    Extending the style.css meta to include contributors shouldn’t be a problem.

    With having measures in place to calculate the popularity of a theme wptavern could put the spotlight up and comers, the most popular ones, the most innovative ones, etc. Interview the authors and contributors, give them publicity this way. Top it off with an award ceremony at the WordCamps, like “most popular theme in Asia, Europe, Gobal, etc … , best designed theme, etc …. maybe even a cash price or free travel and accommodation to a WordCamp.

    Just an idea, what do you think?

    Report

    • veppa
      · Reply

      It will definitely clean up WordPress admin interface, which is hosted and owned by users. Idea of having single link on plugin/theme author’s profile page on .org is similar to Instagram structure. Current state of theme and plugins looks like Facebook with lots of external links and banners to pro version and affiliate links.

      Having single link on profile will give authors more chance to provide lite version with best features and make users happy. So big portion of those happy users looking for more will be interested in pro version and know where to find it. They will go to authors website with intent to buy pro version. Not because they fed up with ads, or tricked with lots of promotion. But because of good results that they got with lite version.

      Authors on their own website can sell pro version, promote any plugin or affiliate offer.

      I don’t think that quality of themes because of this will fall.

      Report

  14. Aris Kuckovic
    · Reply

    Don’t know how to feel about this.
    I know they’re not ADDING links to their theme – but they’re “exploiting” a filter – and when you think about the ethics, it’s wrong.

    Personally I think it’s spot on to give them 5 weeks suspension – I don’t like that they “backed out” tho. Also I’m really happy this was brought to attention – now grab some popcorns, and watch the changelogs of the themes being updated.

    Report

    • Justin Tadlock
      · Reply

      I’d be hesitant to say they were exploiting a filter. They were adding filters in the way that they were intended to be used by the plugin authors. I can think of no valid reason that a plugin would make its affiliate URLs filterable outside of allowing other developers to use their own referral ID. I think if we’re going to lay down any criticism about this specific aspect, we need to be pointing some fingers at the plugin authors too.

      As for the automatic updating of a database option from a third-party plugin and the recommendation and subsequent affiliate link filters of plugins the theme didn’t actually support, those things concern me more. They seem to cross the ethical boundary a bit more.

      And, the Themes Team didn’t back out of their decision. They merely decided to go a different route with the punishment. This theme is just as good of a testbed as any other.

      Report

      • Aris Kuckovic
        · Reply

        Thats why i wrapped exploiting in quotes – I’m not sure thats the right word. I know, if I was developing a theme, that became that popular, and I saw an opportunity to earn some more money – by using affiliate-filters, I would feel like I’m doing something “bad” when you look at it from an ethical perspective. Therefore I would feel like I’m “exploiting” a gap in the system – it’s not written in the rules, but it’s not ethically correct imo.

        I know that the Themes Team didn’t back out – but what would have happened if the author didn’t complain about the decision, and just update his theme. Do you think they would lift the ban? I’m not sure…

        Report

  15. Sravani Malla
    · Reply

    Hi recently i have installed the Astra theme before the suspension . Let me know can I continue to use the theme or change to other one?

    Report

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: