- It was an upsell to the Pro version of free plugin. Not some random ad spam.
- The ad was an admin notice - which appear in WordPress on top of every page in the backend Admin Area in what's generally the notification area.
- It's free, GPL, and open source - you know, "No Warranties" and all that.
Grayhat, and not something you should ever do. But not as nefarious as everyone is making it sound like.
WP.org is about freedom, so they're unlikely to restrict it either unless malicious: https://github.com/WordPress/wporg-plugin-guidelines/pull/69...
Being very involved in the WordPress industry, what I find funny is the majority of angry reviews masquerading as victims are from entitled pseudo devs who sell WordPress sites to clients and now they were made to look bad because they had automatic updates enabled while charging their customers for a retainer package with "plugin & themes updates".
How about buying premium version in the first place just as you charged your client for it.
2. If the ad was an admin notice, it didn't look like one. It's a banner image with an outbound tracking link .
It was a dismissable admin notice that looked like an ad and wasn't exactly a tracking link (in the wp.org classifications at least), but a generic marketing campaign link .
Wow. When I was playing with WP I saw this a ton. It was so annoying that I would have to make a point of disabling the phone line home.
Back then (maybe still possible now?), if you have a custom plugin named "abc" but which is not uploaded to wp.org repository, I can upload a plugin with the same id "abc" to wp.org, bump the version and WordPress will suggest to update the plugin. This will replace the real plugin with yours. I voiced the problem to the WP guys but they seemed cool with it.
I want automatic updates on; its better for security.
And I want the folks who built the sites available on short notice, so if automatic updates break something, I can get it fixed quickly without trying to do a contract with some random WP dev on short notice.
Making something available for free doesn’t absolve you from blame when you make stupid decisions. Well, it does legally, but from a social standpoint it’s still not nice.
The garbage user experience with most plugins led me to collect together a bunch of ideas from plugins I used and rewrite almost all of them entirely into one spam-free plugin. I did it for my own sanity as a user of my own plugin but I'd like to see more " old fashioned" plugins that are providing high quality code for everyone's free benefit.
Well, the root cause why the plugin ecosystem is a mess is the way plugins management and monetization is implemented in the vanilla wp.
As oposed to, e.g. Atlassian Jira plugins, WP doesn't really help plugin developers to seamlessly integrate with the core product.
Plugin devs can generally NOT be trusted with seamlessly integrating their plugins because it usually leads to all kinds of dark patterns and poor UI for WP as a whole. WP.org's strict plugin guidelines is one of the main reasons why plugins behave relatively well considering how huge the WP.org repository is.
> That BlackFridayBanner was not the best idea. We’re truly sorry for the annoyance and difficulties it may have caused. We did not think this through properly. If you want, you can update to a new version of our plugin without that banner. #blackfriday #neveragain #apologies"
> I OK'd this. I am the CEO. And I made a big mistake. I am sorry. 
In the early days of mass Wordpress adoption they got a lot of traction by offering a plug-in that made few basic seo improvements and that early success went to their heads. Every iteration since has been a bloated mess of features, most of which are entirely unnecessary.
I'd prefer it if CEOs would rather say "we got too greedy and clearly the market didn't like it" rather than disingenuous apologies.
In other words, we all make mistakes in our businesses.
Some of them are more obvious to the outside world than others. This one was a pretty serious cock up.
I admire her for owning it and saying sorry. Plus they fixed it pretty quickly.
Naturally that doesn't excuse the spam.
In many ecosystems this would warrant the plugin getting pulled from the ecosystem but WP just lets it fly.
Wordpress development is for developers, not consumers. They don't require the same level of hand-holding. When things like this occur, devs can make the choice to remove the plugin on sites they maintain.
For prospective users, every plugin page has a "reviews" section that tells them exactly if the plugin does anything shady. Yoast isn't a monopoly and thanks to how the plugin ecosystem has evolved over time, WP devs usually have a second or third option to go with, should their #1 pick no longer meet their needs.
That too - I put adware on my wp-admin pages in the same boat.
I've seen the JSON publishing route and I'm not 100% impressed with how it operates. In most WP situations you want to give people who are non-devs the capability to manage content which local setups like this don't accommodate well.
> I personally would prefer WordPress to allow whoever wants to make an app and give the users the responsibility to choose what to add and what not
I'm totally with you but that assumes that WP devs have the responsibility to make responsible decisions. The range of skill for a typical WP dev is outstanding, where on one end you have people who can't write a for loop adopting the "dev" title, and on the other end you have skilled engineers.
I've seen WAY too many people call themselves "devs" when all they do is try to install plugins to piece together a website. In relation to Apple and FF - average users are not savvy at all and have been shielded from the nuts-and-bolts decisions that we make on a daily basis. Trusting them with the responsibility to make good decisions is precarious.
wordpress plugin as well as mobile app stores are reminiscent of the ugly pc shareware and freewares of past 30 decades.
2. Private individuals who are happy to pay for software
3. Private individuals who aren't going to pay for software
The discreet notification is enough to get 1+2 to pay. Group 3 isn't going to pay anyways, and making the notification more annoying will just make it more likely that they crack it and never see it again. Most importantly, when people from group 3 start working at a company, they may get the company to buy a license (which is now a subscription, i.e. makes them a lot more money than a personal license).
A more annoying notification would likely win them very little, and lose them a lot (from people who use a different editor instead).
The plugin-landscape in Wordpress is plagued by bugs and ads, some spamming you to update or pay for a premium version. That is not something you would accept for professional CMS solutions.
If you consider yourself knowledgeable in SEO, then learn to walk the talk and stop relying on phony third-party plugins!
SEO is such a small part of owning a website, and ideally, any technical SEO that is needed should be integrated in the core CMS by developers and not fiddled with at random by clueless bloggers or SEO gurus.
Since Wordpress is such "crapware" out-of-the-box, you can easily create a Yoast replacement plugin to handle what is really needed. The rest is just useless bloat and clutter.
I would not touch Yoast in my wildest dream. It is totally redundant for people who can code themselves.
Not really, it saves time. I have my own website and I am a profesionnal developper, but I don't want to spend time learning wordpress programming. The few things I had to code for WP was very off putting.
The cynic in me wonders why such basics are not already included by now?
He likes to avoid bloat and keep things modular. That's not a 'strange' philosophy
You can run a perfectly fine blog using core.
There are certain plugins that deliver so much value that developing and maintaining them yourself is nonsense for most devs out there. Unless your agency manages thousands of plugins and you have some very specific needs, you don't need to re-implement everything from scratch. Even then, it's probably far cheaper and easier to re-use their GPL code as the basis for a less bloated plugin rather.
> Honestly, I wouldn’t be surprised if this was an advertising stunt to create a viral situation for additional exposure.
Also read the comment by Jenny Halasz, it seems very telling: "I had the audacity to start a thread on twitter where I suggested that perhaps we should ask the women involved if they were being harassed before we leveled accusations at the supposed harasser.
For my trouble, I got called a woman hater, an enabler, and plenty of other terrible things (now conveniently deleted by the people who said those awful things: Cohen, Rayner, a handle by the name of callis1987, and Forden)"
Yes I did, because I don't have any other account to use on HN. I am not sure what you are implying here.
Update: Just found out that Yoast CEO is a woman and apologize with GIF:s on Twitter. Awaiting my ban and #forevershame.
Yoast has always been borderline spammy with their upgrade nags, but at least historically they followed the WordPress guidelines and kept them inside of the Yoast pages. But flat-out injecting ads into every admin page with not much context is a step too far in my opinion.
As far as I'm concerned, automattic should revoke their wordpress.org plugin hosting until this has been addressed (as this clearly violates their hosting guidelines) and a public apology is issued.
Unfortunately Automattic only contributes to WordPress.org . Automattic actually owns WordPress.com  which is a separate-ish entity, and does not have any authority over plugins hosted on WordPress.org.
could / should (?) be merged.
as for all the doom and gloom, I think the main thing that makes this so bad is that the ad was hard to close - the X was not very visible / easy to click, some said clicking it still brought you to ad site...
to me the bad thing was that the ad was moving / not static. Might be time for a checkbox, 'allow plugins to show disounts / partners / third party ads' - some of them are helpful / wanted.
when a plugin hijacks your next screen, like wp-statistics does after an update sometimes (others too, eg all-in-one-seo sometimes )- I hate that even more than what this yoast ad did.
And no, there's no real capability system for plugins in Wordpress. Plugins can define their own user permissions that hooks into WP's system to determine what user can use what feature, but that's entirely opt in on the plugins' part.