[wp-hackers] Advertising on plugin pages

Heiko Rabe heiko.rabe at code-styling.de
Sun Mar 1 23:33:30 GMT 2009

The main difference is, that normal plugins won't load code, images or 
something else from 3rd party servers.
And yes, i review each plugin and theme i plan to use.

Sure, every plugin can do "bad" things, but if i have a plugin in test, 
that prominent shows me loaded 3rd party things, i will first of all 
deactivate it and inspect it more carefully as i would do with others.
Also i have a service plugin running which scanns each other plugins php 
pages for unknown fopen, fetch_rss and many more remote call funtions 
reported at dashboard, if unknown.

Normally no plugin needs 3rd party server calls (except those intended 
to work so like akismet, content importer or known defined things).
I don't expect remote calls in plugins like smiley replacer but you want 
introduce 3rd party calls for this too.

And if the 3rd party server has been hacked, all plugin using domains 
will be virulent infected too. Also a DNS spoofing attack can route the 
advertising calls to an evil server and serves now real "bullshit".
This is not longer under control of blog admins and what you think will 
happen, if your plugin is the source of lost revenues of high traffic 
installations by attacks ? What you think, their lawyer will do ?


Heiko Rabe

> "Heiko Rabe" <heiko.rabe at code-styling.de> wrote:
>> You will run into the fact that developers will disassemble 
>> the entire plugin code to be sure, nothing unwanted will be 
>> transmitted. Such time wasting effort would force me to drop 
>> such a plugin and search for an ad free solution or to rewrite 
>> it without ads.
> ANY plugin could do something unsavory. All the things you mention could be done by a plugin that is not advertising-related, and also a plugin that is advertising-related could avoid all those things so as to be a good citizen. Do you code review every plugin you use (which is probably a good idea, but tangential to the discussion?)  How does this make plugins that serve advertising different?
> -Mike Schinkel
> http://mikeschinkel.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list