
Yoast SEO plugin for WordPress injects Black Friday adverts without permission - jonny383
https://wordpress.org/support/plugin/wordpress-seo/reviews/
======
asadkn
Let's get a few things right since the link is misleading.

\- It was an upsell to the Pro version of free plugin. Not some random ad
spam.

\- The ad was an admin notice - which appear in WordPress on top of every page
in the backend Admin Area in what's generally the notification area.

\- It's free, GPL, and open source - you know, "No Warranties" and all that.

Grayhat, and not something you should ever do. But not as nefarious as
everyone is making it sound like.

WP.org is about freedom, so they're unlikely to restrict it either unless
_malicious_ : [https://github.com/WordPress/wporg-plugin-
guidelines/pull/69...](https://github.com/WordPress/wporg-plugin-
guidelines/pull/69#issuecomment-560011084)

Being very involved in the WordPress industry, what I find funny is the
majority of angry reviews masquerading as victims are from entitled pseudo
devs who sell WordPress sites to clients and now they were made to look bad
because they had automatic updates enabled while charging their customers for
a retainer package with "plugin & themes updates".

How about buying premium version in the first place just as you charged your
client for it.

~~~
jonny383
1\. It goes directly against the WordPress Detailed Plugin Guidelines to both
upsell, and to hijack the admin dashboard [0].

2\. If the ad was an admin notice, it didn't look like one. It's a banner
image with an outbound tracking link [1].

[0] [https://developer.wordpress.org/plugins/wordpress-
org/detail...](https://developer.wordpress.org/plugins/wordpress-org/detailed-
plugin-guidelines/) [1]
[https://imgur.com/a/oN7ZFRU](https://imgur.com/a/oN7ZFRU)

~~~
huxflux
Neither could you click the [X], or it was intentional overlapped for people
to missclick. Crooks.

~~~
jtbayly
It _was_ hard to click, but I managed to click it, and it worked.

------
sleavey
I'm a big fan of vanilla WordPress, especially the new block editor, but the
plugin ecosystem is a total mess. Almost all popular plugins come with a free
version that spams you to upgrade to "pro". They add menu items to the admin
panel with different colours so you find it harder to ignore them. They add
messages to the dashboard. The look and feel of their settings pages don't
match WordPress core. And, even if you pay for an upgrade, that usually means
removing the plugin provided and automatically updated by WordPress.org and
replacing it with a manually uploaded zip. Crazy.

The garbage user experience with most plugins led me to collect together a
bunch of ideas from plugins I used and rewrite almost all of them entirely
into one spam-free plugin. I did it for my own sanity as a user of my own
plugin but I'd like to see more " old fashioned" plugins that are providing
high quality code for everyone's free benefit.

~~~
nsomaru
Have you released this plugin?

~~~
faeyanpiraat
Making a functional plugin for one’s own purposes is one thing, releasing it
to the public requires quite a lot more work.

------
withinrafael
The Yoast CEO Marieke van de Rakt responded on Twitter:

> That BlackFridayBanner was not the best idea. We’re truly sorry for the
> annoyance and difficulties it may have caused. We did not think this through
> properly. If you want, you can update to a new version of our plugin without
> that banner. #blackfriday #neveragain #apologies"[1]

> I OK'd this. I am the CEO. And I made a big mistake. I am sorry. [2]

[1]
[https://twitter.com/MariekeRakt/status/1200077958700044290](https://twitter.com/MariekeRakt/status/1200077958700044290)

[2]
[https://twitter.com/MariekeRakt/status/1200077958700044290](https://twitter.com/MariekeRakt/status/1200077958700044290)

~~~
sleavey
> "Truly sorry"

I'd prefer it if CEOs would rather say "we got too greedy and clearly the
market didn't like it" rather than disingenuous apologies.

~~~
tgsovlerkhgsel
I have a lot more respect for a response that contains the words "sorry" and a
statement that the entity admits that they made a mistake, vs. the usual
corporate statement that contains neither.

~~~
momokoko
The apology is basically the modern version of that corporate statement.

------
skrebbel
For those not deep into the WP community reading this headline: Yoast injected
an ad into the WP admin pages (every admin page), not into public WP sites.
The headline sounds much worse than it is - this is just an annoyance for
editors, not Yoast abusing its reach to target billions of worldwide website
readers.

Naturally that doesn't excuse the spam.

------
folkhack
When people rip on WordPress development this is the sorta crap they're
talking about.

In many ecosystems this would warrant the plugin getting pulled from the
ecosystem but WP just lets it fly.

~~~
sodosopa
I think a lot of the rip is from Wordpress generally being insecure. You can
have it locally and treat it like Jekyll and have your json sent to git and
published to something like Netify.

~~~
folkhack
> I think a lot of the rip is from WordPress generally being insecure.

That too - I put adware on my wp-admin pages in the same boat.

I've seen the JSON publishing route and I'm not 100% impressed with how it
operates. In most WP situations you want to give people who are non-devs the
capability to manage content which local setups like this don't accommodate
well.

------
diminish
this was the worst spam of all my wordpress experience. a yoast banner on
every admin page - yoast must have gone crazy. I took screenshots of this
shameful moment.

wordpress plugin as well as mobile app stores are reminiscent of the ugly pc
shareware and freewares of past 30 decades.

~~~
cally
I don't use wordpress/yoast so am probably wrong. But I don't think
splashscreens on shareware is 'ugly', I think it's fair enough. In some
instances - such as Sublime Text - I am amazed at how discreet it is.

~~~
tgsovlerkhgsel
I suspect Sublime realizes that they have three classes of customers:

1\. Companies

2\. Private individuals who are happy to pay for software

3\. Private individuals who aren't going to pay for software

The discreet notification is enough to get 1+2 to pay. Group 3 isn't going to
pay anyways, and making the notification more annoying will just make it more
likely that they crack it and never see it again. Most importantly, when
people from group 3 start working at a company, they may get the company to
buy a license (which is now a subscription, i.e. makes them a lot more money
than a personal license).

A more annoying notification would likely win them very little, and lose them
a lot (from people who use a different editor instead).

------
JacobSeated
Well, people need to learn not to depend on redundant Wordpress plugins.

The plugin-landscape in Wordpress is plagued by bugs and ads, some spamming
you to update or pay for a premium version. That is not something you would
accept for professional CMS solutions.

If you consider yourself knowledgeable in SEO, then learn to walk the talk and
stop relying on phony third-party plugins!

SEO is such a small part of owning a website, and ideally, any technical SEO
that is needed should be integrated in the core CMS by developers and not
fiddled with at random by clueless bloggers or SEO gurus.

Since Wordpress is such "crapware" out-of-the-box, you can easily create a
Yoast replacement plugin to handle what is really needed. The rest is just
useless bloat and clutter.

I would not touch Yoast in my wildest dream. It is totally redundant for
people who can code themselves.

~~~
dazc
'Since Wordpress is such "crapware" out-of-the-box, you can easily create a
Yoast replacement plugin ...'

The cynic in me wonders why such basics are not already included by now?

~~~
LordAtlas
Because of Matt Mullenweg's strange philosophy of keeping only barebones
features in "core" Wordpress and having all other functionality be delivered
by plugins. This means that even to have a basic site, you just have to
install various plugins to deliver key features, which leads to the bloat,
instability and security problems that Wordpress is infamous for.

~~~
Angostura
> strange philosophy

He likes to avoid bloat and keep things modular. That's not a 'strange'
philosophy

~~~
creshal
Modularity isn't free. Wordpress' obsession with it – and bad implementation
of it – leads to bizarre, 80000+ recursion level deep callback hells even on
simple pages once you have 3-4 plugins running.

------
hjek
That's an incredible number of people they've managed to piss off with that
ad! This sounds like a plausible theory:

> Honestly, I wouldn’t be surprised if this was an advertising stunt to create
> a viral situation for additional exposure.[0]

[0]: [https://wordpress.org/support/topic/spammy-black-friday-
on-e...](https://wordpress.org/support/topic/spammy-black-friday-on-every-
admin-page/)

~~~
jonny383
Seems like a pretty risky move, but the owner has historically been
controversial so wouldn't be too surprised.

[https://wptavern.com/yoastcon-overshadowed-by-twitter-
storm-...](https://wptavern.com/yoastcon-overshadowed-by-twitter-storm-joost-
de-valk-seo-industry-leaders-called-out-for-objectifying-women)

~~~
yc_2345
Actually the comments indicate that the "controversy" seems to be imagined by
many people. By the way, I don't know anything about Joost, so he may not be
innocent. But the article is an excellent example of an inability to
distinguish between consensual but obnoxious stuff and clearly non-consensual
behavior.

Also read the comment by Jenny Halasz, it seems very telling: "I had the
audacity to start a thread on twitter where I suggested that perhaps we should
ask the women involved if they were being harassed before we leveled
accusations at the supposed harasser.

For my trouble, I got called a woman hater, an enabler, and plenty of other
terrible things (now conveniently deleted by the people who said those awful
things: Cohen, Rayner, a handle by the name of callis1987, and Forden)"

------
buboard
if only people here held their FANG bosses to the same standard they hold
_wordpress plugin developers_ ... there would be less complaining

------
huxflux
Perhaps Yoast thought they were cleaver. I hope someone reads this who works
there. Because of "this", and as a precaution for further abuse one of my
agencies removed Yoast SEO from over 2000 Wordpress-sites last week.

Update: Just found out that Yoast CEO is a woman and apologize with GIF:s on
Twitter. Awaiting my ban and #forevershame.

~~~
arkitaip
Which SEO plugin did your agency go with?

------
marpstar
glad I'm not the only one who was annoyed by this. it's not a _huge_ deal, but
it made me "WTF?"

~~~
jonny383
I disagree - to me, it _is_ a huge deal. It's an overstep of a boundary that
definitely should not have been crossed.

Yoast has always been borderline spammy with their upgrade nags, but at least
historically they followed the WordPress guidelines and kept them inside of
the Yoast pages. But flat-out injecting ads into every admin page with not
much context is a step too far in my opinion.

As far as I'm concerned, automattic should revoke their wordpress.org plugin
hosting until this has been addressed (as this clearly violates their hosting
guidelines) and a public apology is issued.

~~~
dvko
It has been addressed and their CEO offered hundreds of apologies on Twitter.
It is definitely not okay and I would still not use them as there are better
plugins out there, but they (now) say they made a mistake and owned it.

~~~
that_guy1
which SEO plugins would you recommend?

~~~
dvko
The SEO framework (slug: autodescription) is great and performs about 30x as
good as Yoast SEO in terms of processing time. They’re also pretty strict
about sticking to WordPress’ native styles.

------
stevenicr
article thread is a dupe of:
[https://news.ycombinator.com/item?id=21661075](https://news.ycombinator.com/item?id=21661075)
(?)

could / should (?) be merged.

as for all the doom and gloom, I think the main thing that makes this so bad
is that the ad was hard to close - the X was not very visible / easy to click,
some said clicking it still brought you to ad site...

to me the bad thing was that the ad was moving / not static. Might be time for
a checkbox, 'allow plugins to show disounts / partners / third party ads' \-
some of them are helpful / wanted.

when a plugin hijacks your next screen, like wp-statistics does after an
update sometimes (others too, eg all-in-one-seo sometimes )- I hate that even
more than what this yoast ad did.

------
rambojazz
Did this happen on their GPL version, or their "premium" version, or both?

~~~
brylie
GPL version it seems:

[https://github.com/Yoast/wordpress-
seo/issues/13961](https://github.com/Yoast/wordpress-seo/issues/13961)

------
lettergram
I noticed that! Actually pushed me to remove it from my site...

------
chakintosh
You have come the very thing you swore to destroy.

------
tuananh
i haven't used wp in a long time. does it come with permission settings for
plugins now?

~~~
creshal
The plugin exists to inject seo-relevant tags into your page, so I don't see
how a permission system would help to prevent them from injecting _other_ tags
into your page.

And no, there's no real capability system for plugins in Wordpress. Plugins
can define their own _user_ permissions that hooks into WP's system to
determine what user can use what feature, but that's entirely opt in on the
plugins' part.

------
_Codemonkeyism
Innocence once lost can never be regained.

