Posted on April 14, 2013 10:04 pm

Popular Wordpress Plug-in Caught Spamming Is Put On Probation

from the stop-or-i’ll-say-stop-again dept.

Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to WordPress’s official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget (SMW), Samuel Wood, a WordPress administrator, said that WordPress was willing to give SMW and its owner a second chance after he claimed to have been the victim of a contract developer gone rogue. ‘Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,’ Wood wrote on Friday. ‘But there are natural circumstances where an author may not be at fault.’ SMW appears to be such a case. It is one of the 20 most popular WordPress add-ons and allows WordPress web site operators to include links to their other social media accounts. Brendan Sheehan, the owner of SMW, said, ‘We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help. Some of these people deceived us and abused our trust and naivety…We will not make this mistake again.’ Wood said the folks at WordPress decided to accept that story — but that they’re watching SMW closely. ‘Basically, the current maintainer is not a professional programmer, and put his trust in the wrong freelancers to do the coding work for him…We’ll be watching the plugin for changes,’ he said. ‘The plugin is back up for now, and as long as it stays clean, it’s fine.’