Bad move… (updated)

designdrumm
(@designdrumm)

10 years, 7 months ago

Just a reminder.

Plugin rules number 5.

5. Trialware is not allowed in the repository. It’s perfectly fine to attempt to upsell the user on other products and features, but a) not in an annoying manner and b) not by disabling functionality after some time period. Similarly, you cannot “cripple” functionality in the plugin and then ask for payment or provide a code to unlock the functionality. All code hosted by ww.wp.xz.cn servers must be free and fully-functional. If you want to sell advanced features for a plugin (such as a “pro” version), then you must sell and serve that code from your own site, we will not host it on our servers.

Which means if I am not mistaken, you must leave the original functionality of WPEdit for those who downloaded your plugin for this functionality. Yes?

Sorry not trying to chastise, but seems a little wrong to take those features out and gouge us to buy them now. Bad move IMO.

Would it be too much to ask to make WPEdit secure so we can still use it?
I would re-rate if this was fixed to 5 stars because it is really a great plugin.

Waiting with baited breath…

UPDATE 10-28-15: (I can breath again)
I am satisfied with the explanation this plugin author provided as to why these measures were taken and I originally loved this plugin. I do however disagree with the measures, but the exceptional support given by Josh plus his reasonings are enough for me to re-rate this plugin as it should be, 5 stars.

Viewing 12 replies - 1 through 12 (of 12 total)

Plugin Author Josh
(@josh401)

10 years, 7 months ago

Hi, and thank you for taking the time to leave a rating.

Yes, crippling functionality of a plugin in order to ask for payment to unlock the functionality is definitely not allowed. However, that is not at all what has happened here.

People keep comparing WP Edit with Ultimate Tinymce. Before I get too far into things; I encourage you to read the following article:
https://ww.wp.xz.cn/support/topic/wp-edit-and-wordpress-39-please-read?replies=45

That thread contains all the information explaining why Ultimate Tinymce “died” with WordPress 3.9… and the reasoning behind having to create a new plugin.

I did not change the plugin intentionally… rather, I was forced to change the plugin because of the updated WordPress framework that was released in WordPress 4.0.

Which means if I am not mistaken, you must leave the original functionality of WPEdit for those who downloaded your plugin for this functionality. Yes?

Yes. But again, I’ve never removed anything from WP Edit (with the exception of a php widget that caused a security vulnerability). This is not the Ultimate Tinymce plugin. It’s like comparing apples to oranges. Ultimate Tinymce will never work properly with WordPress again… not by my design, but rather because of changes to core WordPress files.

Would it be too much to ask to make WPEdit secure so we can still use it?

WP Edit is, has been, and (as long as I’m alive) always will be stable. I learned a huge lesson with open-source and having to plan ahead to adapt to changes. I had to trash a plugin which had over a million users… and start over from the beginning (with a fairly abrasive audience at times). That was not fun for me.

Again, please read the link I posted above. It will hopefully provide a little perspective from my side of the discussion.

Regardless, I do understand and respect your frustration. It is probably very close to the frustration I felt having to spend six months frantically having to write a new plugin so people would have at least something to fall back on when Ultimate Tinymce was laid to rest. I could have bailed completely.. but I enjoy the WordPress community too much.

Please let me know your thoughts…

Thread Starter designdrumm
(@designdrumm)

10 years, 7 months ago

I appreciate the response. My frustration lies in the fact you took out the one thing I was using in the newest update. The Widget php ability. I need it for a website and I don’t want a separate plugin to do this. Doesn’t make sense to me. WPEdit already had that functionality and one of the problems with WP sites are load times because of excess plugins.

As far as the WordPress framework was concerned, I don’t see how your plugin widget was any security risk. Maybe you could point me to understanding that? I specifically remember reading that this was a reasoning for removal. I may have misunderstood.

I really enjoy the ability to edit theme and plugin php with your editor. Made things simplified. A real treasure in a see of ambiguity.

Would it be possible to set up a discount on the pro for those prior users of this defunct plugin? Then charge new users the original price? That would seem a more legit transition, but it’s your plugin your circumstances. I understand, it is what it is.

Never hurts to ask though..

Plugin Author Josh
(@josh401)

10 years, 7 months ago

Well… as much as I am sorry it caused you an inconvenience… I really didn’t feel comfortable having something in my plugin that could potentially be used for malicious purposes. I feel it is my responsibility as a plugin author to ensure those types of “attack points” are not available.

Basically, if someone untrusted had access to the PHP widget; they could do something like delete all your server files; install backdoors and trojans; install spyware or malware; the list goes on and on. It is giving a user direct access to running PHP scripts server-side.

It’s really not much code to add PHP widgets. If you are using a child theme; you can throw the functions in there (I will even explain how). But if not, then yes, it would require an additional plugin.

I would love to speak more about this with you. I would suggest getting to know me; so that we can speak more freely.

Talk to you soon.

Thread Starter designdrumm
(@designdrumm)

10 years, 7 months ago

Agreed.. if someone untrusted had access, then pandoras box is potentially opened. However, if someone untrusted has access to your admin area to be able to access these widgets, they could do the same with any plugin that is on your system or even install their own.

I don’t think the burden would lay on your shoulders so much as the website admin. They’re in charge of installing plugins, granting access, etc, etc.

This wordpress stuff is “as is” anyway. GPL. Which means at your own risk.
Pardon me for saying, but I don’t need anyone to hold my hand. 😛
Let me make the decision on wither to utilize your plugin with said hazards. Just state it loud and proud BEFORE I install. But hey if there is liability in it, then Good move…

My name plus DOT com for my contact info.

Best Regards

Plugin Author Josh
(@josh401)

10 years, 7 months ago

Lol… Honestly, I couldn’t agree with you more!! +1

However.. in the world of the free WordPress plugin repository… there are certain restrictions we must follow. One of those restrictions is doing our best to ensure a persons website is not susceptible to attacks.

Since you have shown continued interest…. No, WordPress didn’t contact me and specifically tell me I had to remove the php widgets (as they have done in the past with other “features”). I did, however, have two or three users that did express BIG concern with php widgets.

Now that raises the conundrum… “How do you please everyone”? Well, you can’t. We, as software developers in the (free) WordPress community, have to make a decision to bring “balance”. Do we allow the feature and deal with the “concern”… or do we remove the feature and promote safety? In this particular case, I went with the latter.

If it is any consolation; the php widgets were also removed from the pro version of WP Edit. In a survey I created; more users felt it was unneeded than felt it provided extra functionality.

But to sum up.. yes. I agree with you. I don’t need/want anyone holding my hand either. Perhaps a notice at the top of the plugin installation page saying something like “This plugin uses PHP Widgets; which could be manipulated by malicious users.”. But, isn’t that a little “scary”?? Would you install that plugin???

Okay.. I’ll send you a message.

Plugin Author Josh
(@josh401)

10 years, 7 months ago

Message sent.

JMDP
(@jmvdp)

10 years, 7 months ago

@designdrumm
Hi,
I’m not coding and also not have the context of the whole discussion.

But personnaly, the 1 star rate is so much unfair. There is so much in this plugin for so many people not having your ability to code if I correctly understand your purpose…Guess how many “non coders” are saved with such plugin, and coders also.

=>”Trialware is not allowed in the repository”: it is 100% functional and not trialware. You may acquire “pro” features. Which is not the same.
=>”not in an annoying manner”: truely, where is the annoying “manner”?
=>”not by disabling functionality after some time period.”: I’ve not seen that at all, and on the contrary, morelikely have seen improvements. But i’m not saying you are wrong also, as far as I’m not using the function you are talking about.

I fully agree with you that wordpress spirit as to remain collaborative and keep its non commercial basis, but selling pro version upon request.

Some plugins are more or less like “traps”, giving so little that you have to remove them (same for some themes), but very gently speaking, not WP-Edit for sure.

Best regards.

Plugin Author Josh
(@josh401)

10 years, 7 months ago

Hello JM, and thank you for your very kind support.

I see where @designdrumm had encountered the frustration. He downloaded the plugin for the PHP widget; which I pulled in the following release. It was purely a timing coincidence.

The same feature, incidentally, was also removed from the pro version; which completely validates your statements above.

I am working with @designdrumm via email (already a couple days late; I have to do that tomorrow); and hoping the rating might get adjusted once a resolution is met 🙂

Thanks to both of you.

Thread Starter designdrumm
(@designdrumm)

10 years, 7 months ago

To whom it concerns,

The plugin is great. Don’t get me wrong.

It has many useful features, however my rating wasn’t primarily for the plugin itself, but the move on the part of the plugin creators. Which at the time I thought was a bad move. Since speaking to Josh, I have come to understand his reasonings. While I don’t agree with them, we can agree to disagree and get on with work. 🙂

I would re-rating based on the support Josh has provided, because I think it is more valuable than the plugin itself. However I am not sure how.

Thank you Josh!, btw.

As far as the plugin goes, it is unfortunate that hackers have to ruin such a convenient way to use php in wordpress. Dealing with multiple plugins to do things is a bad idea in my mind. Especially if your worried about load times. So, if I have to utilize a separate plugin, I have no need for WPEdit. I don’t need the editors and such. Was just convenient to have.

Best,
Karl

Plugin Author Josh
(@josh401)

10 years, 7 months ago

Yeah… I’m not sure if you can adjust the rating after a certain amount of time. I’ll ask the mods and see what they say.

As far as the PHP widgets; I sent you an email. Please let me know if you do not receive.

Thanks.

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

10 years, 7 months ago

You can edit the rating in the same place you created it: https://ww.wp.xz.cn/support/view/plugin-reviews/wp-edit#postform

Chaz DeSimone
(@chazdesimone)

10 years, 6 months ago

I just read the entire conversation between Josh and Karl. Based on the sensible and kind responses, I wish I could give Josh 500 stars! Karl has been fair, too.

I understand Karl’s point of view, as it’s exactly opposite of mine. I’m a typographer and the plugin allows me to do what I love doing, styling typesetting.

I have absolutely no use for the PHP thing (because sadly I’m too ignorant to understand that stuff) so if Josh pulled out all the typography and just left the widget php part I’d give it one star too!

But I’d still give Josh his 500 stars for excellent customer service.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Bad move… (updated)’ is closed to new replies.