[wp-meta] [Making WordPress.org] #4696: Hide profiles.wordpress.org from non-logged in users

Making WordPress.org noreply at wordpress.org
Wed Aug 21 12:43:28 UTC 2019

#4696: Hide profiles.wordpress.org from non-logged in users
 Reporter:  jdembowski  |       Owner:  (none)
     Type:  defect      |      Status:  new
 Priority:  normal      |   Milestone:
Component:  Profiles    |  Resolution:
 Keywords:              |

Comment (by jdembowski):

 Replying to [comment:12 jonoaldersonwp]:
 > Let's separate out these concerns.
 > **Firstly**, on principle, we shouldn't be making decisions which
 negatively impact the experience and quality of life of our users, based
 on frustrations we have with spam and abuse. As a user, if I've completed
 my profile, I expect to be able to see my profile. Given that new users
 won't be able to, that's a potentially confusing experience. We should
 signpost that and explain the situation, or risk alienating new users.

 Did I mention we're not FB, Twitter or anyone's shingle? I did right? ;)

 I agree about setting expectations and what I am proposing will not in
 anyway impact anyone viewing your profile if you are a new or experienced
 user in the community. Being logged in is not a bar, it's a requirement.

 If you want to add a notice to the profile page editor then I am good with

 > **Secondly**, the profiles pages are for whatever users decide they're
 for. If they want to use them as their personal homepage, that's fine. If
 they want to use it to advertise their consultancy services, fine. With
 the exception of overtly 'spammy' scenarios, if they want to try and sell
 their lemonade from it, that's fine, too. We should encourage flexibility
 and ownership of use cases. That's good for our users, and good for

 Nope, I totally disagree with that. See my reply to the first concern and
 if a brief notice needs to reinforce that is needed then cool.

 I honestly and not trying to be repetitive but this is the real point: The
 profiles.wordpress.org pages are not anyones home page, it's not a social
 media, it is not a shingle for promotion of any kind. It is not a SERP
 quid pro quo for participation in the community and it is not a hosting
 service for light web pages.

 That is the reason that profiles.wordpress.org is such a quagmire of spam
 pages. The number of fake, temp email logins created just for that purpose
 outweighs the number of real users signing up for real support or
 participation. I believe the signups on a daily basis is ~2,000 and I am
 confident saying that only a quarter of those are legit.

 > **Thirdly**, if our issue is the creation of spam accounts, we should
 take steps to resolve that, rather than working around it at the expense
 of our users. Why don't we use honeypots, or, e.g., Google's invisible
 Recapcha system (with a ham/spam feedback mechanism, and a score threshold
 for instigating additional requirements such as an image captcha)? There
 are myriad options here to bag and tag these registration attempts before
 they ever get anywhere near having a profile.

 Again, I disagree. That just moves the solution from something that can be
 achieved to something that will not accomplish anything.

 Making the profiles.wordpress.org pages like the support/users in that you
 need to be logged in will work. I can prove it: it works on those other
 pages successfully. The spam target and business driver is
 profiles.wordpress.org. Let's fix that by making it hide the fields save
 the name and Slack handle ''unless you are logged in''.

Ticket URL: <https://meta.trac.wordpress.org/ticket/4696#comment:14>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list