MotoPress Plugins Are Not Available on WordPress.org (updated)
Nov 9, 2021Oct 28, 2021The plugins can’t be reinstated all at once since the wp.org team must carry out an extra review of all of them one by one first, and it takes time. We are happy to share this news with you and thank you all for still sticking to MotoPress.
Stay tuned!
Oct 8, 2021Meanwhile, we’ve also updated the MotoPress Slider plugin, you can download the latest version here or, if you’re on Pro, update it from your account.
WordPress Slider 2.2.1
We saw all your comments on wp.org and here, and can’t thank you enough for your support and help!
Oct 1, 2021Getwid 1.7.5
Timetable & Event Schedule 2.4.3
Restaurant Menu 2.4.1
We’re also still engaged in negotiations with the wp.org representatives as for the possibility of getting our plugins back to life in the repository. As soon as we’re successful, we’ll also update the plugins there.
Sep 28, 2021But we’re not going to give up, we’re trying to reach out to the wp.org representatives and see whether there is anything we can do to help people and companies who use MotoPress plugins get rid of this hassle.
Sep 24, 2021On September 14, we received a one and only “final notice” from wp.org saying that our account would be blocked if we continue publishing ‘fake reviews’.
On September 20, after our support representative had answered a question on the support forum on wp.org, his account, along with all other accounts of our team, and MotoPress plugins, were blocked.
So, the MotoPress account on wp.org was closed because we were accused of creating fake accounts for black activities. We were not provided with details of how many, when, and what fake reviews had been created. We’ve been on wp.org since 2013 and have never attempted to game our way there; 80% of our plugins are completely free, without paid versions, meaning we don’t receive any money from their popularity.
There are only 20 members in our team, and everyone who has an account on wp.org is ready to confirm it at any moment. All in all, it’s a very unpleasant experience for us.
About vulnerabilities that were found after our account had been blocked
A few days ago the Plugin Vulnerabilities service helped us discover a few vulnerabilities in our products (thanks for their help) but the former are not critical and we’re already working on fixing them. So far, we’re unable to provide you with the updated plugin versions via wp.org and, as a temporary solution, plan to release them on github. It’s easy to update a plugin from there – just download it as a regular .zip file from github and then upload it to your WordPress as you would normally do with other plugins (or do the same via FTP if you’re familiar with it).
About product updates
We’re now most concerned with how to deliver updates to thousands of people who use our free plugins. We also encourage you to refer to wp.org forums to raise a concern and help us move on with restoring the plugins. Also, feel free to update or download plugins from github as we described above.
We’re very thankful for all your supportive messages and also hope things will get back to normal as soon as possible!
Sep 23, 2021Important note: The issue has nothing to do with the plugin vulnerabilities of any sort, the plugins are 100% secure, and you can continue using them on your websites with peace in mind.
If you wanted to download any of the plugins but couldn’t do that, remember that many of them are still available for download directly from the MotoPress website: Download Plugins
Since the wp.org accounts of our team were also affected, we are, unfortunately, not able to reply to your questions on wp.org forums.
We’re more than sorry for all the troubles you might have encountered during these few days and are very thankful for your support.
There are around 100K users of our plugins so far, and we’re hopeful the issue will be resolved as soon as possible.
Contact us if you have any questions or need help in downloading or updating any of the plugins.
Hope Getwid will come back soon
I want to see it alive and I would like to contribute to improve it !
Hello Tarzane! It certainly will! Thanks for your support.
Wow this sounds like a nightmare for you all. Hope WP.org gets it together.
Thanks,
Sorry this is happening to y’all. Love the section block – it’s the best I’ve found!
Wish WordPress.org were being more transparent.
I’ve commented on my approach on dealing with this situation on WordPress.org, but it appears that I’m put under moderation now – so here’s my thoughts:
@ansleyfones – MotoPress mentions that they have fixed the CRSF – vulnerability in the latest release 1.7.5, which is available on their website and github.
I’ve only got basic knowledge of these kinds of vulnerabilities, but my impression as for now is that exploitation requires a hacker to trick a WordPress administrator of a site using the Instagram block, into clicking a bad link. If that’s the case, I’m less worried, as:
1) My users and content creators don’t have administrator privileges.
2) I don’t use the Instagram block on any, but a single site.
3) I disable blocks that aren’t used anyway.
4) Motopress have patched the code now.
5) Getwid is available for everyone to inspect on github, and the source code is neat.
6) Instagram is down anyway 😉
Personally, I’m going to update my existing sites using Getwid and of course still adhere to good security practices including using a firewall and working .htaccess security headers that limit or completely prohibits the possibilities of cross site scripting etc.
Regarding switching to other block plugins. I’ve yet to come across 3rd party Gutenberg blocks that HTML validates. While most people don’t care about the quality of code, it’s important to me and my “clients”. The majority of Getwid blocks output nice, valid semantic HTML, which I really appreciate.
I really hope that MotoPress and WordPress get whatever dispute they have resolved. Leaving 40k+ users in the cold without an easy way to get their code patched, appears to me, to be an unnecessary and potential hurtful act – but that’s just a personal view based on the limited insights in what’s going on here.
Peace and love!
Bjarne
Hi Bjarne, huge thank you for your support! Getwid is on its way back to wp.org 🙂 We’ve almost finished our communication with repo representatives.
Hello. I just speak with moderator WP about this plugin. They said that you have trouble with SECURITY your plugin. Your plugin i found is very interesting and made all site with your block. It is shock for me. I must repaid my website and find another solutions – it is terreble. I just want said that if you really want working next in platform you must now immediatly connection with administration wp org and speak with them. Maybe made public theme because i think that this trouble have many people.
One more problems i have when i made edit page with you block. i give link now to print screen error. https://drive.google.com/file/d/1YFtoaA8a4M8t_XYsNBYkMMQni4yxgC17/view?usp=sharing
I hope that you can find solution for all situation. Good luck team GETWID
Thank you, Petr, it wasn’t easy, but we’ve finally found the solution and Getwid will be available soon on wp.org. There is no need to use other blocks 🙂
Ugh, such a drag. I hope it’s not too much to sort it out easily. Best of luck
The repo now says the closure is permanent. What is going on?
Is there a way to get notified of any updates before you get back online with WordPress?
Is the following http://www.pluginvulnerabilities.com report incorrect? Or it is correct, but not that big an issue or concern?
https://www.pluginvulnerabilities.com/2021/09/21/gutenberg-blocks-plugin-with-40000-installs-contains-multiple-vulnerabilities/
They are not critical and we’re already working on fixing them.
We a wait your plugin in the WordPress coming soon. We believe that you can get it
Great! Thank you for keeping your users in the loop 🙂 Hope you get things sorted somewhat easily.
Kind regards
Bjarne