[wp-meta] [Making WordPress.org] #4696: Hide profiles.wordpress.org from non-logged in users
noreply at wordpress.org
Thu Aug 22 11:07:21 UTC 2019
#4696: Hide profiles.wordpress.org from non-logged in users
Reporter: jdembowski | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: Profiles | Resolution:
Comment (by jdembowski):
This remains pertinent and none of the replies have addressed this.
1. What is the purpose of profiles.wordpress.org?
2. Is there an AUP for that free HTML hosting?
3. What's the proposed process for finding and dealing with new and
existing spam profile pages?
There has been reference to what some think the profiles should be about
but that's not documented anywhere. If anyone wants to define that then I
think they should also consider taking ownership and managing that as
well. Someone would have to.
OK, onto the latest reply.
Replying to [comment:40 joostdevalk]:
> I'm sorry but hiding data that is meant to be public (which is what it
is), because "spam", is against everything we stand for.
That sounds quite dramatic and really re-frames this problem to make this
about something it's not. Again. The solutions proposed have been to show
some information, have been to make it ''[ Log in to see the link ]'',
only index based on a TBD criteria, etc.
That's not the same as being against everything we stand for.
> I'm very willing to discuss all sorts of spam prevention on the signup
page, and further down the line, but the profile pages will be extended
and have more things on them if all the plans I have for WordPress.org go
If anyone reading this wants to create their own ticket for Miracle Spam
Registration Web Page Logarithmic Magic™ then please do.
I've not looked but for all I know there may be one already. I'll even
chime in on that ticket as that would need a new work flow and new owners
of those tasks that does not exist at the moment for profiles.
But again, please stop trying to make this a boil the ocean problem.
That's what spam fighting is (and for goodness sake, ''do not write that
I'm against solving the spam problem'' as that would be amazingly
dishonest). I'm talking about profiles and implementing a control that was
done on the forum profile pages already.
> The example you gave of the support profile (
https://wordpress.org/support/users/jdembowski/ ), is one of the problems
in my eyes, it should be merged with and redirect to your
profiles.wordpress.org profile in my opinion.
I agree. Having two profiles isn't optimal and the two should be
See how easy that was? But as I stated earlier:
> The forum post and replies, the make blogs, the plugins, the themes,
''all of these are already indexed appropriately in search engines.''
Nothing here will change that so who's SEO are you referring to?
I forgot to mention the document pages, Codex, etc. but you get the idea.
At the moment profiles.wordpress.org is a free un-managed web page hosting
for WordPress users. It is being abused everyday and I am proposing that
gets addressed by removing the business driver for spammers.
There are 1.7+ million registered accounts here and, conservatively I am
sure it is much higher, a quarter of those users have a spam page on that
site. Saying this is a spam problem doesn't do anything for the existing
spam pages. Making the registration somehow foolproof does not address
those existing pages.
Creating an account on wordpress.org, creating a spammy profile page is a
business driver for spammers. That's the situation right now and has been
If anyone wants to propose different solutions to ''this'' problem then I
am all for it and want to discuss that and implement something to address
this problem of spammy profiles.
> So, with that, I would like to suggest we close this ticket, open a new
one and use all the brilliant minds in this thread to come up with good
spam prevention measures.
Please do not. You or anyone else can create a new ticket to address that
spam and spam registrations.
If someone in authority (Matt? Otto? Gary? Someone.) comes along and
explains why this ticket isn't being implemented then let's just make it
"Won't fix". But if they do then I would appreciate if that person would
scroll up to the top of this comment and address the three points at the
''*Drinks coffee, so good*''
Look, this is not a hill I'm willing to die on.
OK, that's not the best metaphor. Let me try again.
The profiles.wordpress.org is a free hosting service for spammers. It is.
That's not a debatable point. Not directly addressing this won't make my
life better or worse. I'm not a SEO expert by any means but I am confident
that any site being a spam page host isn't good either. Dealing with this
will make WordPress better if only from a web reputation point of view.
If I could crawl all 1.7+ million profiles (and don't worry, I wont divide
the task up and do that) and count the number of links in each profile,
run those links and profile text as a comment into Akismet then I could
give you actual numbers to better illustrate the problem. I would if that
were achievable but I don't think that would matter to anyone who is
against the idea of a control to fix this.
Whatever benefit you believe the profiles provide legitimate users is far
outweighed by that spam because there is no vetting and no controls on
Focus on the problem ''here''. What can be done to take away that business
driver for spammers for the profiles?
I've proposed making logging in a condition to see those pages, others
have helpfully suggested other options such as ''[ Log into see those
links ]'' as well as not index the profiles that do not pass a condition
What change can be implemented on profiles.wordpress.org to address this?
Ticket URL: <https://meta.trac.wordpress.org/ticket/4696#comment:42>
Making WordPress.org <https://meta.trac.wordpress.org/>
More information about the wp-meta