Frustrations are mounting, as WordPress.org plugin developers plead with WordPress leadership to restore access to the active install growth data for plugins after it was removed last weekend without any public discussion. A ticket calling for bringing back the charts is home to a heated discussion on the matter but so far the developer community has not been able to get any clear answers on why access to the data was cut off.
In his first response on the ticket, Matt Mullenweg asked developers to explain their reasoning for bringing the stats back, without communicating why they were removed in the first place, asking them to present “that side of the argument.” No decision makers have confirmed this to be a security issue.
Mullenweg’s second response on the ticket evades the questions plugin developers are asking and instead states that the availability of an API for this data was never promised:
As has been pointed out, there was never an API made for public use or with any promise of availability, people just reverse engineered and exfiltrated the data to create the chart.
I definitely think we can show some more stats to plugin authors about their own plugins, and I’m hearing that for newer plugins every new install can be a motivator. Feedback loops are important. It will take some work but it’s doable.
While he seems open to finding a way to show more stats, Mullenweg did not promise the return of the active install growth data, the most important metric for plugin authors tracking the trajectory of their user bases. Many businesses rely on this data to make product decisions.
“I think that one of the main things (from my perspective) is that this change has made us feel vulnerable and powerless,” WordPress plugin author Ross Morsali said.
“I’m about to change a repo based on three years of work, and I won’t even know how it does until I lose or gain at least 10,000 users. Feels kind of insane, not a good foundation for my business.”
Morsali commented on the ticket to explain the importance of the data:
It is literally the only way to know how your plugin is doing – which in itself, is pretty bad – the removal of it just put blindfolds on everyone – so we have to wait until the next tick of install growth (up or down) to get any idea – it’s not reasonable – this can take 6 months or more in some cases, and literally forever if your plugin is neither going up or down in active installs.
Participants in the discussion on trac were so inflamed that one suggested plugin developers should strike by offering no more support, updates, or new plugins to the directory unless WordPress brings back the growth charts. This simply isn’t possible for the many people who make a living from their plugins.
“As someone who is in the early days of trying to grow a freemium plugin, I’m incredibly frustrated,” Equalize Digital CEO Amber Hinds said. “We were using that as one way to gauge the efficacy of our marketing efforts and now it’s just gone. Also, in investor conversations being able to show growth is vital.”
George Stephanis, an Automattic employee who was not involved in the decision, claims that, “This chart was removed due to a Security or Privacy concern,” and speculates that it hasn’t been disclosed yet because it can’t be shared without putting users at risk.
“It was never explicitly stated it was removed for a security or privacy concern,” Earle Davies said in response to this claim. “It was removed due to ‘due to insufficient data obfuscation’ which to me does not mean security or privacy. Privacy is PII which this chart did not include. The obfuscation is because ‘we’ (whoever we is) did not want people to be able to see ‘exact’ stats.
“Framing a summation of this as a privacy or security update isn’t accurate. What may be most useful is if Matt stops flying by with 1-2 sentence non-answers and finally addresses in detail and plain language WHY this was removed. Short of that it should be reinstated ASAP and work on better charts in the future.”
WordPress plugin developers may never know the details behind this chart’s removal. If it is in fact a security issue, this could have been confirmed in a transparent way by the people involved. Instead, plugin developers have been set on edge by the demand that they present their side of the argument for bringing back the stats.
Mark Zahra, the author of the ticket to bring the stats back, tweeted to bring attention to how many people are following the ticket and invested in its outcome.
“Even if 10,000 people commented and appeared to agree that would still be a small fraction of the wider WP community,” Mullenweg responded. “That’s one of the hardest things to navigate in open source, and product and community development generally.”
This reaction drew the ire and frustration of those hoping for some real answers. It also makes it exquisitely clear who has the power in this situation, whether to withhold information or turn off access to data. Despite overwhelming consensus on the ticket from the people impacted the most by this decision, 10,000 wouldn’t be enough to wield any influence over the outcome.
At this point, the protracted lack of transparency in this matter has further damaged trust in WordPress.org as the best distribution channel for free plugins.
“The way that this has been dealt with has made me seriously question if WordPress is the right platform for me, for the first time in years – it’s made me and my business feel vulnerable,” Morsali said.