23 Comments

  1. Eric Karkovack
    · Reply

    I would love to see this happen. There have been cases where a change in ownership has been decidedly for the worse. I can even recall some plugins changing hands and distributing malware.

    But at its most basic, it’s just good for users to have that knowledge. That may lead them to better understand why a change was made or that they have a new place to contact for support.

    Report

  2. Tony Zeoli
    · Reply

    As I think you’re aware, I’m a new plugin maintainer (June 2019 – Radio Station by Netmix at https://wordpress.org/plugins/radio-station). I took over the plugin from the prior developer and when we released our first update, we didn’t announce the ownership change as an admin notification. We could have but frankly, I didn’t think of it. Although we did improve the Read.me, which spelled out that we took it over from Nikki Slight, so that information would appear on the WordPress.org plugin page. I also quickly turned Netmix into the home page and mentioned Nikki as the original author. Now, we have an admin email newsletter registration, so anyone who joined in after the fact are now updated, but probably don’t know the story.

    I’ve been friends with Michael Torbert and Steve Mortiboy for ten years. Awesome Motive recently acquired AIOSEO and they recently released an incredible full rework of the entire plugin admin system, with new features and wholesale changes. But when the plugin was acquired, I didn’t know until I saw the news in social media. Seeing some kind of update that an acquisition took place and a link to a roadmap or some information about whether things would change might have been helpful to me in my client’s sites, so I could make everyone aware, since I held a developer license. Also, another recent issue is that Awesome Motive decided to sunset anyone with a lifetime developer license under the old crew and forced you to pay to upgrade. That wasn’t explained at all. Maybe there was an email, I don’t know. But it should have been displayed in the admin when upgrading that if you were a prior user with a deal with AIOSEO, that you no longer be honored.

    Seeing all the new changes to AIOSEO, I’m happy to pay for it now as my relationship with AIOSEO has changed. But I think these types of notifications are surely important in some way, shape, or form.

    Who knows if Radio Station is ever acquired. If so, I will face these same issues when the time comes in how to notify our users an acquisition took place. In one sense, you don’t want to let people know until the deal is closed, but you also want to prepare your users for the eventuality a change of hands will be coming. Then, update them along the way.

    Report

  3. Brin Wilson
    · Reply

    Omg yes, yes it should!!! Please!

    Report

  4. John Dee
    · Reply

    Users don’t care about who owns a plugin. This is just something to click that will alarm users for no reason.

    Report

    • Bianca
      · Reply

      I disagree. Some users indeed don’t care, but some do. I always do a due diligence check to make sure the plugin author is reputable. If not (yet), I will likely dismiss the plugin. I’ve seen cases of plugins turning malicious after an ownership change. I think that’s relevant enough to protect my clients against.

      Report

      • John Dee
        · Reply

        Well that’s two manifest failures for the CMS in one reply! So if you’re checking plugin authors – to see if they are reputable – that’s a failure on the plugin review team’s part. You shouldn’t be checking to see if the plugin author is reputable, they should ALL be reputable [from the user’s POV]! The fact you’re saying that you have to check, means there is a failure somewhere higher up the pyramid. The second thing you’re saying is that this notice, will prompt you to check this data point “is the author reputable?” when prompted. In other words, this notice, will be used by you as a user, to “reputation check” the CMS ecosystem. That will not have a positive effect. This is because you have been trained – as a user – to think that the plugins suck, or that they authors aren’t reputable [why are you checking if you don’t think that?]! Here lies a smell, and this is not the solution. This makes the smell worse. In fact, the notice will be used for exactly what you’ve said: to check if the author is somehow “bad” [which they too often are!]. In other words, this is a system to remind users how bad the plugin authors are. That’s the effect anyway. The devs here are self interested, and most of them are competitive and consider themselves “good plugin authors” [probably are]. But the users don’t care about the debate between good authors and bad. That’s an internal family matter for developers. Users will only see the bad. Finally, the event of an author change is rarely associated with something positive. Usually the dev has died, or abandoned the code [fun!]. In other words as a user “Why am I being given this notice?” “Oh, because many WordPress plugin devs suck somehow, and this is a chance for me to check on that.” Anyway I’ll leave you guys alone again, good luck with this [my bet is it goes in!].

        Report

        • Bianca
          · Reply

          Sorry, I forgot to subscribe so I did not see your reply earlier.

          This is because you have been trained – as a user – to think that the plugins suck, or that they authors aren’t reputable [why are you checking if you don’t think that?]!

          No I haven’t been trained to think that. The WordPress eco system is incredibly diverse, with all kinds of people in it not just users and developers. There are end users, power users, hobby devs, freelancers, enterprise level devs etc along with dito characters. The way I audit plugins probably isn’t the same on how the plugin team does these checks. Everyone can have a plugin in the .org rep and I agree with that. It’s an open source project, not a company. The repository serves other purposes than just serving me plugins for my project.

          This makes the smell worse. In fact, the notice will be used for exactly what you’ve said: to check if the author is somehow “bad” [which they too often are!].

          . No, I just check who I am dealing with. Can it be bad? Yeah. Have you heard of the Mason Soiza scandal, Pipdig? Oh and apps /plugins turning rogue after an ownership change isn’t exclusive to WordPress. Happens in the playstore and even the App store as well.

          But it also works the other way around. When a plugin gets adopted by a bigger company (like f.e. Automattic, Ithemes WPEngine) it can mean it will align better with other plugins in the future. In that case in time another plugin (or custom code) has to make place. Regular checks like these are in my opinion just good housekeeping.

          Report

  5. Sandra Pikulski
    · Reply

    Yes please. I’d appreciate that info.

    Report

  6. David
    · Reply

    I would like to see some kind of notification of when this takes place.

    In fact, I would like to see it go one step further. On the update plugin page, don’t allow plugins to update unless you acknowledged that your aware of the ownership change.

    Report

    • Aris Kuckovic
      · Reply

      I’ve helped a lot of WordPress sites in my country with all sorts of issues – and 75% of them was due to lacking updates. Making this mandatory will cause even more lacking updates, and potentially evolve to a security-issue as well.

      The ideas is good – if only everyone would keep their sites updated.
      But a notification, that doesn’t go away by itself, would be the way to start off at least.

      // Aris

      Report

  7. John Doe
    · Reply

    Yes, there should be a standard method of notifying users. However, I respectfully disagree with the idea that “half is better than none.” That could create a false sense of security, as a user could believe that no notification means no change of hands. It would also be generally confusing. It should be for all plugins, all changes of ownership.

    Report

  8. Leland G. Hoover
    · Reply

    Changing ownership is critical information to a marketing agency that depends on continued high quality support and regular updates for security issues, bug fixes, and evolving web standards. Transparency is paramount.

    Report

  9. Nikolay
    · Reply

    I do want to know if the owner has changed, since sometimes they just buy a plugin and release a malware update.

    Report

    • Otto
      · Reply

      Did that every actually happen to you, and did you tell the plugins team?

      For the extremely few times I know of, we rolled back the plugin code, eliminated the malicious author entirely, and ended the plugin. Not very often, and I’ve been doing this full time for 10 years now. I feel that your memory is long here, because that is a rare event.

      Report

  10. Damian
    · Reply

    Definitely a good idea. I have the Members plugin installed on one of my sites. The changeover was smooth, and afaik no functionaility has been removed, but as my process for installing plugins is to first review the plugin’s support history, reviews and get a general feel for the author through their responses and plugin library, this could all change dramatically in the event of a plugin changing hands. A notification would be ideal so I could review the history of the new author/owner before updating.

    Report

  11. Bastian
    · Reply

    A couple years ago, as a developer, I wouldn’t have cared about this information, but now I do, after seeing how a plugin such as GADWP, which I used in many sites, got ruined by the current owner.

    Report

  12. Jeremy Cook
    · Reply

    I would prefer to see a notice of ownership change for plugins. My clients may not care about it, but for me to offer the best experience for them, more info is always better.

    Most of my clients are rural small business owners with limited budgets, so for some things I find them the best free options.

    As an example, recently there was a popular analytics plugin that changed ownership. The new ownership decided to switch many of the popular free features to premium. It took me a bit to realize this. I have now switched them to the new Google Site Kit.

    I have experienced other ownership changes over the years as well. So I think having a notification pushed out just helps site owners and admins to be as informed as possible, so we can adapt quickly to any changes or privacy notification requirements.

    Report

  13. Li-An
    · Reply

    It will be a good idea. I had bad experience of plugin becoming crap after an owner change. Remember NextGEN gallery !

    Report

  14. djsteveb
    · Reply

    “impacts on what data is shared and how it is shared.” – major issue.

    I had been using one of those plugins that allow you to add social share / find us on fb, twit, etc plugins on several sights..

    It took a long time and lots of searching to find one that loaded it’s images from local files and did not automatically pull scripts from third party servers..

    well after a couple of years it was bought out by one of this ‘add/this / addToAny’ type places – that offered an update very quickly and was now using the install and surfing data (of all the previous installs and their web site’s visitors) for data collection.

    I’d also like a notice when wp pulls plugins – like wp-spamshield(?) which is one some of my sites and never gets an update notice.. but maybe there should be some notices about that.

    Report

  15. John Tolstoy
    · Reply

    Yes, I think this should be done right away. Users can opt for whatever suits them then.

    Report

  16. Dave Warfel
    · Reply

    I like the idea. I think all new plugin owners should alert users of the new ownership. Some users won’t care, but many will. The ones who don’t care can simply ignore the message, much like they probably ignore all other messages in the admin area.

    Mika’s points are valid. I don’t think the Plugin Review Team will be able to identify all ownership changes. But if WordPress core provided an easy, standardized way to communicate ownership change, that would encourage owners to use it.

    I also think plugin developers should take responsibility here, and not place it on the Plugin Review Team. As plugin developers, if we transfer a plugin to another owner, it should be in the contract that the new owner must communicate the ownership change.

    Taking it a step further, personally I would require the new owner to make a public announcement about the change, including a statement from me, as the previous owner. And if they have plans to make big changes, I would make sure those are communicated publicly as well. Especially data sharing or privacy-related changes.

    I would also require them to announce the change as the first bullet point in the changelog.

    Report

  17. Lyse
    · Reply

    I also think that this would be a great idea. As a website developer I take extra care selecting the best fit for my clients’ needs. If there is a change over it’s crucial that this be know so research and review can be initiated and make a decision to accept the change or find another solution.

    Report

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: