Yep, it’s yet another post on the topic of Sponsored links found within WordPress themes. Now, before I begin, let me state my opinion on the matter: Personally, I don’t care. I can see why some folks consider such links to be “evil” and I can understand why some folks consider them to be a “necessary evil.” If I really wanted to use a theme that had such links, I’ve got to admit that I would take a look at the site that’s being linked to and make a choice to leave them in or remove them. That’s up to me. I still think my idea of doing a tag labeled “Sponsored Links” within the main WordPress theme site would have been a better idea than removing them. Let the “purchaser” decide with the best information made available in front of them.
But what bothers me about all this though is what occurred recently on the BrowseHappy.com site. You know the one. Where a number of Automattic staff, volunteers, developers, and others had that discussion and Matt Mullenweg goes out of his way to show how he listens to his endusers try to explain to him how a website that hasn’t been updated in years, contains outdated information, and even he finds to no longer apply really shouldn’t be linked to from the WordPress backend, totally ignores them, and we still have the link on the backend. (Quick aside: Instructions on how to remove said link. Not sure if they apply on the latest 2.3.2 version of WordPress but you should get the idea.)
So imagine my surprise a few weeks ago when I was reading a thread over on the wordpress.org forums on browsehappy. I decided to take a look at the site as I remembered that site having Adsense affiliate code links on it and I wanted to see if they were still there.
Imagine my complete surprise (I’m going link happy on the post, I know) to discover that there was actually a hidden link to freecookingrecipes.net in the footer of that site. As well as a hosted image.
Hmm, well that was strange.
I saved some quick screen captures to cover my ass in case anyone doubted me, reported it to that thread on wordpress.org and fired off an email to the WordPress Security email address. The links disappeared within a few minutes but my comment on the wp.org forums went unanswered and the email to security went unanswered as well. Again, someone must have heard because those links were gone within 15 minutes.
OK, let’s think about this for a second and cover some history. The folks at WordPress have done the hidden links previously and appear to not really be willing to talk about it. Matt says on his blog (I can’t find it right off. I guess you don’t get that link tonight.) that he made a mistake and/or the linkage was placed without his own personally knowledge. (Again I can’t find it right off so that may not be 100%. Please forgive me if it’s not.) edit: Here it is.
So anyway, let’s give some thought about this link and what it is doing there. I’ve been thinking about it for quite sometime and I can think of three methods of how it got there. Let me list them and explain the reasons why they shouldn’t be the cause. (Please note that I said “shouldn’t” instead of actually proving them not to be the cause. Keep reading. You’ll understand shortly.)
- The link was placed there by a well meaning Automattic employee, done with the holiday spirit in mind and everything’s fine and
cool. Gotta admit that this is the one that I want to believe but I can’t see it. The link was hidden and not visible within the browser. (Note the screencap to the right.) If the link was added with good intentions, it was done in such a strange way. I would think that you would want folks to be clicking on that link but no one could see it. Also a quick check of the main WordPress developers at the time showed no one else having such a link. If an Automattic employee had been exciting with adding in such a link, you would have thought that they would add the same link to their own personal websites. This was not the case.
- The link was placed as part of a hack against the website. I’m iffy about this one for two reasons, one more important than the other. The lesser argument, which Options makes here is how was the hacker, if there really was one, able to upload an image to the server. Granted, if they had access, they could have done it but wouldn’t they have gone after juicer options like the main wordpress.org site? (Which, by the way, did not have the link.) The other argument ag
ainst this comes from personal experience. I’ve had sites hacked before and every time it’s ever happened, someone else somewhere else has had the same thing happen to them. Hackers don’t pick a single site as a target, at least I’ve never seem them do it. A quick Google search shows no discussion about folks getting hacked with this link. In fact many pages have posters who seem quite happy to be adding in link to this site.
- The link was placed as a sponsored link with the intention of at least one member of Automattic staff. Gotta admit that I don’t like saying this but this is really the only choice we have left. There are arguments against this of course. The main one being of course how they got caught previously with the hidden links to advert pages on the wordpress.org site a few years back. Matt made a big deal with pulling themes with sponsored links in them from the WordPress Themes site. They make a big deal in the WordPress.com support forums over affiliate links and usually either get them removed from the blog or ToS the blog. It’s real hard though trying to find solid arguments against this as being where those links came from. I really can’t think of any but I’m trying.
That’s all I wanted to say. I think I’ve provided a case for what I believe really happened. I’m sure folks will disagree with me but I can’t do much about that.
Two forums threads on the topic as well as that email to security went unanswered. Email to the recipe site went unanswered as well. (I was curious.)
edit: Please excuse any typos. It’s been a long day and it’s time for me to go home.