I updated the All In One SEO Plugin on this website today. The next thing I knew, I had two new plugins installed for me, the Monsterinsights and some sort of opt-in plugin called Optinmonster.
Yeet!
I deleted all that shit faster than you can throw a watermelon off an overpass. After googling around a bit to figure out what had happened, I discovered this post that keyed me in to what was going on:
MonsterInsights is Auto-installed
https://wordpress.org/support/topic/monsterinsights-is-auto-installed/
This is a terrible practice I hope no other WordPress plugin developers emulate. If you do, I hope the community shames you into reconsidering your ways.
Why is this so bad? Let me enumerate they ways:
Installing one plugin should never, EVER install more plugins without giving a person the awareness that this is happening! It’s bad form, it’s stealing a website’s resources, it’s stealing screen real estate, it’s introducing unknown risk, and broadening your website’s threat profile without telling you.
Then you get all these banners asking you to set up all these paid connections for these plugins to work. Bad form, again!
The Kicker
To top it all off, after walking through the All In One SEO setup steps, I found an email waiting for me moments later:
I did not opt in for this! This egregious action is most certainly in violation of the US CAN-SPAM laws. I can’t wait to report them. In fact, I will go do that now…
Ok, I feel a little better now.
If you offer a plugin for people to use, you should never assume they want MORE plugins installed, and never grab their email address from their WordPress settings to sign them up for ANYTHING outside of your plugin installed.
Be First to Comment