Bill Nye_The_security_guy

I have updated my original post to say:
***Update*** This issue is resolved and iThemes has not crippled the plugin. Rather, InfiniteWP compatability was removed due to security issues. Thank you to the developer for clarifying this.

I have also changed the rating to a 5 star rating.

What we have here is communication issue.

Let me first start off by revealing my name since that means so much to you.
My name is: None of your business
Are we clear on that?

We are talking about security. A business which I have been involved in for many years. You don’t go around publicly touting your name when you are dealing with security. You have no idea what kind of repercussions something as simple as stating your name can have when you are dealing with security. Transparency is good, but think for instance how someone in the CIA operates, you don’t reveal your name for obvious reasons. “You” are dealing with security now. Anonymity is something you deal with in the security field and is one barrier of protection. Deal with it. Point #1.

Point #2: I don’t post things online. Ever. For anything. This account was specifically created to anonymously come out of the shadows and voice a concern of which YOU created by not addressing what you were doing by removing InfiniteWP compatibility and WHY you were doing it. That is called a “Lack of transparency”. By lacking transparency and just removing compatibility without explaining why it was removed is where you went wrong.

First I want to apologize to Chris and iThemes.
Chris, thank you for explaining why compatibility was removed.

My trust in Better WP Security was broken based on:

The newest 3.6.4 update lists:
Removed InfiniteWP Compatibility

I compared the source code to previous versions and saw what was deleted and modified.

If the newest update were to list:
“Removed InfiniteWP Compatibility due to a security vulnerability. We are working with the developer to address this issue.”
Then there would be no need for concern and this posting would have NEVER HAPPENED.

Simply stating that InfiniteWP Compatibility was removed when you have your competing product iThemes “Sync” without stating why it was removed “of course” will arouse suspicion.

Read that sentence again.

Simply stating that InfiniteWP Compatibility was removed when you have your competing product iThemes “Sync” without stating why it was removed “of course” will arouse suspicion.

If a company were to buy a product, modify it and add in advertising and things like “Latest blog updates and posts” from your company, and then remove a competitor’s product compatibility “without explaining why” do you think users would not be slightly concerned?

Of course people would be concerned. I voiced that concern the day the plugin was updated.

You labeled my post as “baseless” and “insulting”
As for “baseless” my post was “based” on, again:
“If a company were to buy a product, modify it and add in advertising and things like “Latest blog updates and posts” from your company, and then remove a competitor’s product compatibility “without explaining why” do you think users would not be slightly concerned?”
As for “insulting”
I said: With the iThemes acquisition of Better WP Security the plugin is not only starting to severely degrade but iThemes is crippling the functionality of the security plugin.
In regards to degradation and crippling, the new inclusion in the Better WP Security plugin now advertising iThemes with its blog and advertisements to use the iThemes services are seen as annoying at best. Removing the ability for a competitor’s plugin to function is both a degradation of the Better WP Security plugin and also crippling of the Better WP Security plugin. Obviously removing compatibility of InfinityWP because of security issues is not crippling of Better WP Security but is instead enhancing of the security of Better WP Security. Obviously.
Obviously, as well, not communicating this is the problem.
The inclusion of advertising is annoying at best. Fact number one. Deal with it.
Seemingly breaking a competitors plugin compatibility is crippling. Fact number two. Deal with it.
(Obviously it is now clear that it was removed because of a security vulnerability)
Nothing of which I stated was insulting. Only facts were stated and emotions were specifically kept out.

I stated this next fact: “Trust” should be the number one thing a “Security plugin” should instill within its users and crippling this (or any) plugin destroys user trust.

The logical conclusion for a security minded product or company degrading its users trust is for the user to feel severely disturbed. This is a logical conclusion based on a fact. It is not an emotion or something that is insulting, it is a logical conclusion.

I stated:
The WordPress community should be severely disturbed by iTheme’s actions…
(Obviously it has now been made clear why compatibility was removed)

I said nothing baseless and nothing insulting as I have just shown.

Fact number three: Furthermore, I don’t appreciate someone telling me that what I said was baseless and insulting. Everything I said had a solid base from which to be said and what was said are those two facts which you took as insulting. “I” didn’t make up those two facts. “You” created them. The only person who should be insulted is “myself” for being told that what I said was baseless and insulting.

I love Better WP Security. I think it is one of the best WordPress plugins that exists.

“I” said nothing wrong. I stated facts and I stated a logical conclusion to be drawn from those facts based on the information available at that time. It is hard for people to admit when they mess up. “YOU” messed up by not communicating WHY you did something. Just work on your communication a little. You have a great product and I will support you. I am sorry we even had this dispute. I love Better WP Security which is why I have taken the time to write this. I am passionate about it and I believe in it.

As for an agenda. My “Agenda” was to bring this issue up because you broke “MY” trust. If you broke “MY” trust you probably broke “OTHER PEOPLE’S TRUST” as well. You messed up because you removed the compatibility of a competitor’s plugin and you didn’t tell other people WHY you did so. I don’t even USE InfiniteWP!!!!!!!!!
I felt betrayed because the security plugin I love so dear and much was bought up by some unknown company (to me) and now they are putting their branding all over it and it seemed like you were starting to change it so much that if something wasn’t said NOW then what would WE the WordPress community think? Are we supposed to hope that you will not force other plugins as well to be incompatible? We don’t know! You didn’t make it clear what your intentions were. It looked as if you were starting to look like Apple who will buy up a company and then remove that great application from the Google Play store just to force “we the people” to buy an iPhone if we want to continue using that product. Well maybe we want to have CHOICE. Maybe we don’t want to use an Apple product. The way you handled not telling your customers why you were doing what you were doing made YOU seem just like another future Apple company trying to destroy something which was once great. All of this could have been alleviated if you were to just put:
“Removed InfiniteWP Compatibility due to security vulnerability. We are working with the developer to address this issue.”
I don’t care at all about InfiniteWP. But you better be sure I want the ability to choose to use it in the future if I feel like it. I also want to be able to use a product that maybe you compete with and not have Better WP Security mess it up. I even had to look up InfiniteWP because I didn’t even know what compatibility was even being removed!
The problem was communication! You didn’t communicate what was going on!
Is that clear?
I appreciate Chris going in detail about what was going on. But truly he didn’t even have to go into that kind of detail. All he had to say was:
Hi, we removed InfiniteWP compatibility temporarily because se of a security issue. We are communicating with the developer about it and will restore compatibility as soon as the issue is resolved.

I extol you for hiring Chris to work on Better WP Security full time. I am even fine with you advertising your business on it. I am even fine with you having upgradable features. It is great, really. Hell, I will even support you too. I love Better WP Security. I use it on every website I run. It is the very first thing I install every time.

My trust was broken because “we the people” were not told “why” something was happening to something we trust dearly. Our own dollars and our own bank accounts are on the line if we don’t have something like Better WP Security. I voiced my concern. I am truly sorry I have offended you.

I will even re-rate this plugin because I believe in it. It has always deserved a 5 star rating.
Of all the plugins I use on all the different sites I run there will always be just ONE that I will always install and that is Better WP Security.

On a different topic, and I know you are still irritated, here are two unrelated suggestions:
1.) If Chris Wiegman is the person who created the plugin then please give him credit in the description on the Better WP Security description in the WordPress plugin repository as the “creator” of the plugin. You say “It’s now being maintained and developed full-time by Chris Wiegman for iThemes.”. Ever since iThemes got involved I was under the impression that the original developer sold out and sold the beloved Better WP Security plugin to the next wanna be “Apple of WordPress” (as in Apple computers buying up other companies and products). I have been feeling a little uneasy since the iTheme involvement and THAT could have easily been eliminated by just crediting him as the creator of the plugin. That is not clear when you say “It’s now being maintained and developed full-time by Chris Wiegman for iThemes.”

2.) Better WP Security did not handle the WordPress botnet last year as well as I and others had hoped. The Botnet would still hammer sites with Better WP Security installed and fully maxed out as I am sure you are aware. You should have a look at something like:
https://codecanyon.net/item/wp-secure-hide-the-fact-and-speed-up-your-site/5362078
If you could implement what this plugin does with Better WP Security I would pay you in a heartbeat. I have already paid that developer for his work as well. His plugin however does not work with multisite.

Thank you for taking the time to address this issue.
Take care
-Security minded anonymous individual