Categories
Uncategorized

Should WordPress Notify Users of Plugin Ownership Changes?

That is the question posed by Ian Atkins in a recent ticket for WordPress.
“I’ve experienced a few plugins change ownership, and it’s really not clear as a user, developer, and maintainer of sites when that has happened,” he wrote in the ticket. “Whilst having a plugin continue to be developed is admirable — I do think it would be wise to inform users of that change.”
For full disclosure, the ownership change that prompted Atkins to create the ticket was from the Members plugin. I am the former owner of the plugin and sold it to the MemberPress team in 2019 (I was a full-time plugin and theme developer before joining WP Tavern). Having been both a plugin author and user in this scenario before helps mold my viewpoint.
I agree with the idea. WordPress should have some mechanism for notifying users of changes of ownership. The more transparency that exists in the ecosystem, the healthier it is for all.
As a plugin author who was letting go of a project that I had worked nearly a decade on, it was tough to say goodbye. I had built friendships and trusted users who walked beside me on my journey. I posted on the company blog, Twitter, Facebook, and the WordPress support forums. I replied to emails, PMs, and more. I wanted to be as transparent with my plugin users as possible. When the plugin was out of my hands, there was no way for me to reach out to the 1,000s of users who did not follow me on social media or the blog. The new owner was as transparent. Even today, a year later, some users are just now realizing someone else is running the show.
In hindsight, perhaps there was more we could have done. Maybe there was more WordPress could have also done and can do in the future. There are valid concerns from users.
Atkins lists three primary reasons for his proposal:
He also asked whether the plugin team reviewed ownership changes. Changing owners is a simple task, and these changes are tracked internally.
Mika Epstein, a Plugin Review Team representative, said that the team could make such changes public. The biggest flaw with that system is that it is not always possible to know when a plugin’s owner changes. Sometimes, an entire company is sold, which would include ownership of the WordPress.org account. She also cited situations where serviceware plugins change hands in unobvious ways.
“I want to be clear, I’m not against this!” she said in a follow-up response. “I’m for this! I just want to be clear that we’re going to get MAYBE half of the changes.”
Half would be better than none. An automated system may work to create notices in some situations. However, an addition to the plugin review guidelines may also be part of the solution.
Plugin authors could also take it upon themselves to implement an ownership-change notification. This may be one of those use cases for the much-maligned admin notices that is worth exploring.
At this point, we are just asking the question of whether WordPress should create a system in which users are notified of plugin ownership changes. What would you like to see in terms of solutions?
I want to see continued progress on the transparency front. Atkins’ first list item is the most important. If there are privacy policy changes or a plugin deals with personal data in any way, users need to know when the plugin has a new owner. They should be able to make a decision about their continued use of the plugin with all the facts laid bare.
I would love to see this happen. There have been cases where a change in ownership has been decidedly for the worse. I can even recall some plugins changing hands and distributing malware.
But at its most basic, it’s just good for users to have that knowledge. That may lead them to better understand why a change was made or that they have a new place to contact for support.
Report
As I think you’re aware, I’m a new plugin maintainer (June 2019 – Radio Station by Netmix at https://wordpress.org/plugins/radio-station). I took over the plugin from the prior developer and when we released our first update, we didn’t announce the ownership change as an admin notification. We could have but frankly, I didn’t think of it. Although we did improve the Read.me, which spelled out that we took it over from Nikki Slight, so that information would appear on the WordPress.org plugin page. I also quickly turned Netmix into the home page and mentioned Nikki as the original author. Now, we have an admin email newsletter registration, so anyone who joined in after the fact are now updated, but probably don’t know the story.
I’ve been friends with Michael Torbert and Steve Mortiboy for ten years. Awesome Motive recently acquired AIOSEO and they recently released an incredible full rework of the entire plugin admin system, with new features and wholesale changes. But when the plugin was acquired, I didn’t know until I saw the news in social media. Seeing some kind of update that an acquisition took place and a link to a roadmap or some information about whether things would change might have been helpful to me in my client’s sites, so I could make everyone aware, since I held a developer license. Also, another recent issue is that Awesome Motive decided to sunset anyone with a lifetime developer license under the old crew and forced you to pay to upgrade. That wasn’t explained at all. Maybe there was an email, I don’t know. But it should have been displayed in the admin when upgrading that if you were a prior user with a deal with AIOSEO, that you no longer be honored.
Seeing all the new changes to AIOSEO, I’m happy to pay for it now as my relationship with AIOSEO has changed. But I think these types of notifications are surely important in some way, shape, or form.
Who knows if Radio Station is ever acquired. If so, I will face these same issues when the time comes in how to notify our users an acquisition took place. In one sense, you don’t want to let people know until the deal is closed, but you also want to prepare your users for the eventuality a change of hands will be coming. Then, update them along the way.
Report
Omg yes, yes it should!!! Please!
Report
Users don’t care about who owns a plugin. This is just something to click that will alarm users for no reason.
Report
I disagree. Some users indeed don’t care, but some do. I always do a due diligence check to make sure the plugin author is reputable. If not (yet), I will likely dismiss the plugin. I’ve seen cases of plugins turning malicious after an ownership change. I think that’s relevant enough to protect my clients against.
Report
Yes please. I’d appreciate that info.
Report
I would like to see some kind of notification of when this takes place.
In fact, I would like to see it go one step further. On the update plugin page, don’t allow plugins to update unless you acknowledged that your aware of the ownership change.
Report
Yes, there should be a standard method of notifying users. However, I respectfully disagree with the idea that “half is better than none.” That could create a false sense of security, as a user could believe that no notification means no change of hands. It would also be generally confusing. It should be for all plugins, all changes of ownership.
Report
Changing ownership is critical information to a marketing agency that depends on continued high quality support and regular updates for security issues, bug fixes, and evolving web standards. Transparency is paramount.
Report
Totally agree, this is not all the WordPress users indeed, but an important part.
Report
I do want to know if the owner has changed, since sometimes they just buy a plugin and release a malware update.
Report
Definitely a good idea. I have the Members plugin installed on one of my sites. The changeover was smooth, and afaik no functionaility has been removed, but as my process for installing plugins is to first review the plugin’s support history, reviews and get a general feel for the author through their responses and plugin library, this could all change dramatically in the event of a plugin changing hands. A notification would be ideal so I could review the history of the new author/owner before updating.
Report
A couple years ago, as a developer, I wouldn’t have cared about this information, but now I do, after seeing how a plugin such as GADWP, which I used in many sites, got ruined by the current owner.
Report
I would prefer to see a notice of ownership change for plugins. My clients may not care about it, but for me to offer the best experience for them, more info is always better.
Most of my clients are rural small business owners with limited budgets, so for some things I find them the best free options.
As an example, recently there was a popular analytics plugin that changed ownership. The new ownership decided to switch many of the popular free features to premium. It took me a bit to realize this. I have now switched them to the new Google Site Kit.
I have experienced other ownership changes over the years as well. So I think having a notification pushed out just helps site owners and admins to be as informed as possible, so we can adapt quickly to any changes or privacy notification requirements.
Report
It will be a good idea. I had bad experience of plugin becoming crap after an owner change. Remember NextGEN gallery !
Report
“impacts on what data is shared and how it is shared.” – major issue.
I had been using one of those plugins that allow you to add social share / find us on fb, twit, etc plugins on several sights..
It took a long time and lots of searching to find one that loaded it’s images from local files and did not automatically pull scripts from third party servers..
well after a couple of years it was bought out by one of this ‘add/this / addToAny’ type places – that offered an update very quickly and was now using the install and surfing data (of all the previous installs and their web site’s visitors) for data collection.
I’d also like a notice when wp pulls plugins – like wp-spamshield(?) which is one some of my sites and never gets an update notice.. but maybe there should be some notices about that.
Report
Your email address will not be published. Required fields are marked *









This site uses Akismet to reduce spam. Learn how your comment data is processed.
Enter your email address to subscribe to this blog and receive notifications of new posts by email.


WordPress Tavern is a website about all things WordPress. We cover news and events, write plugin and theme reviews, and talk about key issues within the WordPress ecosystem…read more →
Proudly powered by WordPress.

source

Leave a Reply

Your email address will not be published. Required fields are marked *