Posts filed under WordPress

MaxBlogPress and the WordPress Plugin Repository

Filed in Web DevelopmentTags: Geekery, GPL, Plugins, WordPress

Related Plugins

Automatically activate all MaxBlogPress plugins:

Forks of existing MaxBlogPress plugins, with registration/subscription activation removed:

The So-Called WordPress "Ban Hammer"

The latest WordPress-related minor controversy involves the removal of MaxBlogPress plugins from the WordPress plugin repository. The action appears to be in response to numerous complaints and calls for their removal, due to the behavior of the plugins.

The news of the removal of MBP plugins from the WordPress repository first appeared on the Warrior forum (h/t WPKid), and then on WPTavern, the WPTavern forum, and BloggingPro.

The removal took place presumably for violation of the guidelines for hosting a plugin on the WordPress repository:

  1. Your plugin must be GPL Compatible.
  2. The plugin most not do anything illegal, or be morally offensive (that’s subjective, we know).
  3. You have to actually use the subversion repository we give you in order for your plugin to show up on this site. The WordPress Plugins Directory is a hosting site, not a listing site.
  4. The plugin must not embed external links on the public site (like a "powered by" link) without explicitly asking the user's permission.

The MBP plugins, which offer a range of functionality from basic blog management (Ping Optimizer, Different Posts Per Page, Multi Author Comment Notification, Duplicate Post Checker) to internet-marketing tools (Stripe Ad, Unblockable Popup, Optin Form Adder, SEO Post Link, etc.), exhibit some abnormal behavior for WordPress repository-hosted plugins.

MaxBlogPress Plugin Behavior

All MBP plugins behave as follows:

  • Upon installation of the plugin, a notification message is displayed on the Plugin Management page, indicating that the plugin needs to be registered.
  • The options page, instead of displaying plugin options, first displays a two-part registration form. The first form requires a name and email address.
  • Upon submission of this form, the user receives an email list subscription confirmation email. The user is required to click the link in the email to confirm their subscription. Until the user does so, the plugin options page displays only a message that the email must be responded to.
  • Once the user clicks the link in the email, confirming the double-opt-in of the email list subscription, returning to the options page will, before displaying the plugin options, perform an update check - not through the WordPress SVN that hosts the plugin, but from the MaxBlogPress web site. If an update is available, the plugin updates itself.
  • Only then does the options page (finally) display the plugin options, and enable use of the plugin.

The plugins are problematic in further ways:

  • Not all MBP plugins hosted at the WordPress repository were released under the GPL (or a compatibile license).
  • Some MBP plugins embed external (i.e. public-facing) "powered by MaxBlogPress" links on users' blogs.
  • Many users complained that the email list to which they were forced to subscribe behaved in a "spammy" manner, sending far too many emails (daily or near-daily) with content that only marginally (if at all) had anything to do with the plugin they installed.
  • If you unsubscribe from the email list, existing MBP plugins will continue to work, but if you install any new MBP plugins, you will have to re-register, including re-subscribing to the email list from which you already unsubscribed.

Problems With MBP Plugin Behavior

There are several problems with this behavior for a WordPress repository-hosted plugin:

  • This behavior violates the GPL under which the plugins were released.
  • This behavior uses WordPress repository SVN merely for listing, rather than for hosting.
  • Some have speculated that this behavior may be illegal in some jurisdictions. (Note: this speculation is outside the scope of this blog post.)
  • This behavior violates the guideline against embedding external "powered by" links.
Violates GPL

The GPL defines itself as a free-software license, and defines the term "free software". From the preamble of the GNU GPL v2 [emphasis added]:

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

To make this point even more explicit, from the GNU.org website GPL FAQ:

See the definition of free software. The GPL is a free software license...

And from that linked definition of free software [emphasis added]:

The freedom to run the program means the freedom for any kind of person or organization to use it on any kind of computer system, for any kind of overall job and purpose, without being required to communicate about it with the developer or any other specific entity. In this freedom, it is the user's purpose that matters, not the developer's purpose; you as a user are free to run the program for your purposes, and if you distribute it to someone else, she is then free to run it for her purposes, but you are not entitled to impose your purposes on her.

Comparing the behavior of MBP plugins to this definition of "free software":

  • Requiring "registration" or "activation" in order to use an MBP plugin is clearly a violation of this principle.
  • Requiring email-list subscription (forced opt-in) in order to use an MBP plugin is clearly a violation of this principle.

So, compelling the user to register/"activate" software is a violation of the GPL - much less, requiring the user to opt-in to an email list. Such functionality clearly violates the user's freedom of use of the software without being required to communicate about it with the developer or any other specific entity. Thus, as written and distributed by MBP, the plugins in question do not conform to the GPL, which by its own definition is a free software license.

Released Under GPL-Incompatible License

Further, some of the MBP plugins hosted by the WordPress repository were released under licenses that are not compatible with the GPL.

For example, MaxBlogPress Stripe Ad is released under the following license:

MaxBlogPress Stripe Ad Library
End User License Agreement
Copyright (c) 2008, Pawan Agrawal
All rights reserved.

By using the software, you agree to be bound by the terms of this license.

1. You may install and use the software on as many computers and websites/blogs as you wish. You may make back-up copies of the software for archival purposes.

2. You can distribute this software in its original form with any other products or stand alone.

3. You are not allowed to use this script library for creating any other software or plugin without expressed permission from us.

4. The software is protected by the copyright laws of the U.S. and other countries, and we retain all intellectual property rights in the software. You may not separately publish, sell, market, distribute, lend, lease, rent, modify, reverse engineer or sublicense the software code.

5. You must not make any modification to the software without express permission from us. If there is a feature you want included or a bug you want fixed, let us know.

Such a license is clearly incompatible with the GPL, and any plugin released under such a license should never be allowed in the WordPress repository.

Using WordPress SVN to List Rather Than to Host

The MBP plugins circumvent the built-in plugin-update functionality of WordPress, and instead query the MBP web site for updates. Consider the following update function from the Multi Author Comment Notification plugin:

function mcnExtractUpdateData() {
$arr = array();
$version_chk_file = "http://www.maxblogpress.com/plugin-updates/multi-author-comment-notification.php?v=".MCN_VERSION;

The plugin then uses this version check to determine if an update is available, downloads the update, and installs it - entirely circumventing the WordPress repository.

All MBP plugins have this same functionality. Thus, essentially, the plugins are using the WordPress repository merely as a listing site - a means to allow users to search for their plugins (or tags/keywords for their plugins) in order to get more exposure and more users installing their plugins.

Such exposure is intended to be a benefit of hosting a plugin on the WordPress repository, not the sole purpose - which is why the guidelines explicitly state that the repository is for hosting, not merely for listing.

Embedding External "Powered By" Links

But to go even further, some MBP plugins - including Stripe Ad - place a publicly visible "powered by MaxBlogPress" text/link, which explicitly violates WordPress repository guideline #4. And to make matters worse, the author actively seeks to enforce his non-GPL license to prevent users from removing such text from the front end of their blogs:

No it’s NOT licensed under GNU GPL. We are using that format of readme.txt as most people are familiar with that.

It’s illegal to remove the powered by link without notifying me about that.

My Response

While the response from WordPress was the removal of the MBP plugins from the WordPress repository, I decided to respond on my own.

When the news broke, several people suggested that the plugins should be forked, to remove the offending code. I thought that this suggestion would make for a good challenge, so I undertook it.

As it turns out, removing the offending code from the plugins proved to be incredibly easy. Thus, forks of Favicon, Ping Optimizer, Multi Author Comment Notification, and Different Posts Per Page are now available from the WordPress repository.

Further, as pointed out by Blogging Pro (linked above), making the MBP plugins think that they are activated is as easy as updating a single database option for each plugin. It seemed like it would be fairly easy to loop through each plugin's option, and set it to the appropriate value, and I thought that some enterprising plugin author should whip up a plugin to do so.

As it turns out, I ended up being that plugin author (with a great deal of help from my friends at the WPTavern forum). As a result, I have also released cbnet MBP Auto-Activate, which, when installed, will determine which MBP plugins are installed, and automatically activate them, without needing to register or subscribe to the email list. The plugin will auto-activate any MBP plugins subsequently installed, also.

If you use MBP plugins, please let me know if you find any of these plugins to be useful. And if I can improve them, please let me know that, as well.

WordPress 2.7

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

The latest version of WordPress, 2.7, was released earlier this week. The release, code/nick-named "Coltrane", brings several major back-end improvements:

Lorelle lists several reasons to upgrade immediately. Ryan Boren discusses the release, including what features were moved to the 2.8 (or later) blueprint. He also notes that WordPress 2.7 was downloaded 100,000 times in the first 20 hours after release (the counter reads 195,849 downloads at the time of this post), and that some bug fixes are already making it into the planned 2.7.1 release.

I upgraded late last night, and the upgrade went apparently smoothly. As always, let me know if you notice anything amiss. I will be working on some of the new features, such as nested/paged comments, in the near future.

WordPress 2.6

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

The WordPress Development blog announced today's release of WordPress 2.6. Lots of (mostly incremental) changes; see the following video:

Download WordPress 2.6 today.

Also, be sure to let me know if anything seems broken here after the upgrade.

WordPress 2.5.1 Security/Bugfix Update Released

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

WordPress 2.5.1 has been released. This version is a security and bug-fix release.

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

Some of the listed improvements include:

  • Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
  • Better performance for those who have many categories
  • Media Uploader fixes
  • An upgrade to TinyMCE 3.0.7
  • Widget Administration fixes
  • Various usability improvements
  • Layout fixes for IE

Upgrade, if you haven't already.

WordPress 2.5

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

WordPress 2.5 has been released. I have installed it, and everything seems to be working fine - especially on the front end (though I'm still exploring the new admin interface).

Let me know if you notice any issues, and if you use WordPress, go install Version 2.5 now!

Upgrade to WordPress 2.3.3

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

WordPress Version 2.3.3 has been released, and is an important security update.

WordPress 2.3.2

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

The latest version of WordPress - version 2.3.2 - has been released. It is mostly a security update. Get it while it's hot!

Edit: Make that Version 2.3.2, not 2.3.1 - it's late; I'm tired!

WordPress 2.2.1 Upgrade

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

Pardon any dust you may encounter. WordPress 2.2.1 was released, and I am in the midst of upgrading.

UPDATE: The upgrade is complete. Let me know if you notice anything amiss.

Upgrading to 2.1.3

Filed in Web DevelopmentTags: Web Site, WordPress

I'm upgrading to WordPress 2.1.3 this evening. If anything looks strange, bear with me.

WordPress 2.1 Upgrade

Filed in Web DevelopmentTags: Geekery, Web Site, WordPress

I apologize if you've noticed any site down-time or other oddities. WordPress 2.1 has been released, and the upgrade has been less smooth than normal.

First off, after happily downloading the new version, I started reading the WordPress support forums to see if any common installation problems were cropping up. Good thing I did, too, because the minimum PHP/SQL requirements were increased for this release (and this critical information was - shall we say - not exactly made obvious in the version announcement and upgrade information).

I checked my server, only to discover that I was running older versions of both PHP and MySQL. Fortunately, I have an awesome, responsive host, because all it took was a request to upgrade PHP/MySQL, and they took care of it in less than 24 hours.

Unfortunately, upon upgrading, some of you may have noticed that the blog disappeared completely. As it turns out, my WordPress install with all of the plugins I'm using had gotten a bit bloated with PHP memory use. I had to disable several plugins temporarily to get back under the max PHP memory allocation. (Again, a support request to the host to increase the max memory allocation was responded to promptly, and the request should be taken care of sometime today.)

Having taken care of those issues, I went ahead with the upgrade last night. I probably should have done a bit more research, as the upgrade involved quite a few fundamental changes to the back end, including template tags and other gotchas. So, I've spent most of last night and this morning making several underlying changes to my blog template (the details of with which I will not bore you). Things should be working properly now, but if you notice anything broken or amiss, let me know.

Update: I'm glad to see that someone found some usefulness in this post!