[wp-meta] [Making WordPress.org] #4696: Hide profiles.wordpress.org from non-logged in users

Making WordPress.org noreply at wordpress.org
Thu Aug 22 11:07:21 UTC 2019

#4696: Hide profiles.wordpress.org from non-logged in users
 Reporter:  jdembowski  |       Owner:  (none)
     Type:  defect      |      Status:  new
 Priority:  normal      |   Milestone:
Component:  Profiles    |  Resolution:
 Keywords:              |

Comment (by jdembowski):

 This remains pertinent and none of the replies have addressed this.

 1. What is the purpose of profiles.wordpress.org?
 2. Is there an AUP for that free HTML hosting?
 3. What's the proposed process for finding and dealing with new and
 existing spam profile pages?

 There has been reference to what some think the profiles should be about
 but that's not documented anywhere. If anyone wants to define that then I
 think they should also consider taking ownership and managing that as
 well. Someone would have to.

 OK, onto the latest reply.

 Replying to [comment:40 joostdevalk]:
 > I'm sorry but hiding data that is meant to be public (which is what it
 is), because "spam", is against everything we stand for.

 That sounds quite dramatic and really re-frames this problem to make this
 about something it's not. Again. The solutions proposed have been to show
 some information, have been to make it ''[ Log in to see the link ]'',
 only index based on a TBD criteria, etc.

 That's not the same as being against everything we stand for.

 > I'm very willing to discuss all sorts of spam prevention on the signup
 page, and further down the line, but the profile pages will be extended
 and have more things on them if all the plans I have for WordPress.org go

 If anyone reading this wants to create their own ticket for Miracle Spam
 Registration Web Page Logarithmic Magicâ„¢ then please do.


 I've not looked but for all I know there may be one already. I'll even
 chime in on that ticket as that would need a new work flow and new owners
 of those tasks that does not exist at the moment for profiles.

 But again, please stop trying to make this a boil the ocean problem.
 That's what spam fighting is (and for goodness sake, ''do not write that
 I'm against solving the spam problem'' as that would be amazingly
 dishonest). I'm talking about profiles and implementing a control that was
 done on the forum profile pages already.

 > The example you gave of the support profile (
 https://wordpress.org/support/users/jdembowski/ ), is one of the problems
 in my eyes, it should be merged with and redirect to your
 profiles.wordpress.org profile in my opinion.

 I agree. Having two profiles isn't optimal and the two should be

 See how easy that was? But as I stated earlier:

 > The forum post and replies, the make blogs, the plugins, the themes,
 ''all of these are already indexed appropriately in search engines.''
 Nothing here will change that so who's SEO are you referring to?

 I forgot to mention the document pages, Codex, etc. but you get the idea.

 At the moment profiles.wordpress.org is a free un-managed web page hosting
 for WordPress users. It is being abused everyday and I am proposing that
 gets addressed by removing the business driver for spammers.

 There are 1.7+ million registered accounts here and, conservatively I am
 sure it is much higher, a quarter of those users have a spam page on that
 site. Saying this is a spam problem doesn't do anything for the existing
 spam pages. Making the registration somehow foolproof does not address
 those existing pages.

 Creating an account on wordpress.org, creating a spammy profile page is a
 business driver for spammers. That's the situation right now and has been
 for years.

 If anyone wants to propose different solutions to ''this'' problem then I
 am all for it and want to discuss that and implement something to address
 this problem of spammy profiles.

 > So, with that, I would like to suggest we close this ticket, open a new
 one and use all the brilliant minds in this thread to come up with good
 spam prevention measures.

 Please do not. You or anyone else can create a new ticket to address that
 spam and spam registrations.

 If someone in authority (Matt? Otto? Gary? Someone.) comes along and
 explains why this ticket isn't being implemented then let's just make it
 "Won't fix". But if they do then I would appreciate if that person would
 scroll up to the top of this comment and address the three points at the

 ''*Drinks coffee, so good*''

 Look, this is not a hill I'm willing to die on.

 ''*More coffee*''

 OK, that's not the best metaphor. Let me try again.

 The profiles.wordpress.org is a free hosting service for spammers. It is.
 That's not a debatable point. Not directly addressing this won't make my
 life better or worse. I'm not a SEO expert by any means but I am confident
 that any site being a spam page host isn't good either. Dealing with this
 will make WordPress better if only from a web reputation point of view.

 If I could crawl all 1.7+ million profiles (and don't worry, I wont divide
 the task up and do that) and count the number of links in each profile,
 run those links and profile text as a comment into Akismet then I could
 give you actual numbers to better illustrate the problem. I would if that
 were achievable but I don't think that would matter to anyone who is
 against the idea of a control to fix this.

 Whatever benefit you believe the profiles provide legitimate users is far
 outweighed by that spam because there is no vetting and no controls on
 those pages.

 Focus on the problem ''here''. What can be done to take away that business
 driver for spammers for the profiles?

 I've proposed making logging in a condition to see those pages, others
 have helpfully suggested other options such as  ''[ Log into see those
 links ]'' as well as not index the profiles that do not pass a condition

 What change can be implemented on profiles.wordpress.org to address this?

Ticket URL: <https://meta.trac.wordpress.org/ticket/4696#comment:42>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list