1. Andy Christian

    Even their website (bestweblayout.com) looks like it’s trying to copy wordpress.org. I agree with Code Master (in the forums thread) that they’re either being “malicious or incompetent.” Why not just fork the old plugin and re-release it with the updates?


  2. Chip Bennett

    Part of the issue that creates the problem is that there is no good way to do pull requests with SVN – or, at least, with the specific SVN repository for Plugins. There is simply no good way to vet such unsolicited requests for contribution. They could be legit, or they could be scurrilous. It’s easy to say “you can just donate code” – but where and how do you do that? If I find an abandoned Plugin, and want to contribute code to bring that Plugin up-to-date, there is no standardized way to do that.

    And while forking is certainly a viable approach from a developer perspective, it is less-than-ideal from a user perspective (no way to update directly from an obsolete original to an up-to-date fork; proliferation of Plugins for the same functionality makes finding the right/best one more difficult, etc.).

    I think that’s why more and more developers are moving to GitHub for their development environment. With GitHub, anyone can submit a pull request, that can then be easily incorporated by the original developer.

    My advice to bestweblayout: if you’re legit, establish some credibility by finding GitHub-hosted Plugins, and make pull requests to them. And for obsolete Plugins that don’t have a GitHub repository, create a fork of your own, and then email the original developers with links to your forked updates on GitHub.


    • J K Hoffman

      Chip, you make a good point. There really isn’t a *good* way to offer code to a plugin developer who has their plugin in the repository. However, asking for update credentials to the repository is very much a *bad* way to offer help to a plugin developer. Even if it’s a legit offer, it looks very, very suspicious.

      And, I think you make a very convincing argument for using GitHub instead. In fact, just the other day, I stumbled across a plugin meant to help you update plugins hosted via GitHub. Naturally, it was on GitHub! https://github.com/jkudish/WordPress-GitHub-Plugin-Updater
      Any thoughts on that plugin?


    • Jeremy

      It’s easy to say “you can just donate code” – but where and how do you do that?

      The plugins Trac is probably the best place to submit patches if the plugin author did not mention any GitHub repository in the readme. It’s far from perfect, but it’s not more difficult than submitting patches to WordPress Core IMO. And this trac recently got the same redesign treatment than core.trac, so it looks good now! :)

      I would also suggest posting a link to the Trac ticket in a new forum thread to let the plugin author know about your patch, just in case.


  3. Ipstenu (Mika Epstein)

    That reminds me to publish a post on make/plugins ! Thank you!



  4. Ryan Hellyer

    I’ve received that email too. I just ignored it since it was clearly a scam.


  5. Ryan Hellyer

    Here’s an email I received on January 6th …

    Hello Ryan,

    My name is Grigoriy and I am a representative of BestWebLayout. Our team specializes in WordPress development services.

    We saw that your Suckerfish Dropdown Menu and PixoPoint Theme Integrator plugins were updated more than 5 years ago. We would like to offer you our assistance and participation in further development and maintenance of these plugins. In other words, we would like to get your permission and access to plugin repository on wordpress.org. In such way we will become the plugin contributors along with you and will be able to control testing and development of these tools within the WordPress community.

    Our activity will include plugin updates, compatibility testing, support, etc.

    We have already talked to WordPress support team (they said that WordPress is open-source community and such contribution is welcome), who asked us to contact you with such a request. Please let me know if you are ready to accept our offer. Feel free to contact me with any questions.




  6. Leland Fiegel

    This sounds all too familiar.

    It’s not just the mass/indiscriminate emailing, implication of permission from official sources, but also the domain name that adds to the sketchiness.

    What kind of name is “BestWebLayout” for a legit web services company? It’s like Girigory literally just mashed keywords into Google’s Keyword Planner and grabbed the first one available in .com.

    I suspect he may have relatively benign intentions to start, and just wanted to build up his credibility by having a bunch of established plugins listed on his WordPress.org profile page.

    This isn’t the way of going about doing it, and ironically damaged his reputation far more than he would’ve gained by getting access to a few plugins.


  7. knowwwhow

    Hmm. A marketing company sees an opportunity with a popular, but under-maintained plugin to make inroads with the WordPress community (and presumably drum up some business) . . . reminds me of Blink Web Effects and the Social Media Widget plugin malware fiasco early last year.


  8. Could WordPress Plugin Adoption Lower the Rate of Abandonment?

    […] light of recent events wherein WordPress.org plugin authors have been receiving suspicious requests for repository access, Mike Epstein posted a clarification on taking over plugins. The plugin team […]


  9. Robert Trevellyan

    A quick whois check reveals that bestweblayout.com and bestwebsoft.com have the same registrant. BestWebSoft is a well-established plugin author. Not sure what to make of this.


  10. antonhein

    I’m replying to this old post because I suddenly found a “BWL Plugins/ BestWebLayout” menu item in one of my WordPress sites (in the admin).

    I see no way to uninstall or otherwise remove it.

    I just posted a message, with screenshots, about it at WordPress:


Comments are closed.

%d bloggers like this: