Posted on

WordPress.org Removes Russian Pro-War Plugin From Directory

After considerable pushback from the Plugin Review team, WordPress.org has removed a plugin called Zamir, which was created by a Russian developer to display the Z symbol in support of Russia’s 2022 invasion of Ukraine.

The plugin gained attention after Gravity Forms founder and CEO Carl Hancock noticed that it was listed under the “New” list of plugins for WordPress.com customers.

Hancock contacted WordPress’ plugin team to request its removal but was met with a defense for its inclusion based on what the representative deemed to be a lack of violation of the guidelines. The representative told Hancock via email that “it is permitted as long as it does not devolve into hate speech or encouraging violence.”

Outrage over the plugin being hosted on WordPress.org sparked heated conversations on Twitter, Post Status Slack, and in WordPress’ #pluginreview Slack channel where project contributors work in the open.

Mika Epstein responded to discussion in the #pluginreview channel to confirm that the plugin was allowed to be in the directory:

This is an annoying, but allowable, thing at this time. We have no restrictions about plugins that are for ‘support’, as long as they avoid hate speech, encouraging violence, and raising money for military orgs (regardless of which side).We have a number of plugins that people find personally objectionable. Someone might hate a ‘show support for LGBTQ’ plugin after all. In this case, the plugin is a ‘show support for Russia’ and has no violation to the guidelines. Much like the porn-embed plugin that a number of people hate, you don’t have to use it. Hosting plugins here does not now, nor has it ever that I’m aware of, conferred any sort of approve besides it being secure and not violating guidelines at the time of submission.

Meanwhile, the plugin had begun racking up negative reviews and Hancock had managed to get WordPress’ project leadership to take a second look. The plugin was temporarily suspended while leadership considered the matter.

The “Z” symbol has been used by the Russian government as a pro-war symbol and a propaganda tool, and is frequently seen painted on the Russian tanks and military trucks that have invaded Ukraine. It is widely regarded as a symbol of war and violence. The Zamir plugin’s header image includes a black and orange ribbon, the Ribbon of St. George, which is also a symbol of the Russian military. The symbol was banned by Ukrainian lawmakers in 2017 as a symbol of “Russia’s war and occupation of Ukraine.”

A few participants in the discussion in the #pluginreview channel seemed blissfully unaware of the symbol and flippant in response to concerns, while others who have been more immediately impacted by Russia’s aggression tried to explain what it symbolizes.

“Here is some context about what this plugin is actually in support of, from a person sitting in a city bombed by cruise missiles,” Ukrainian WordPress contributor Andrey Savchenko said.

“To be crystal fucking clear, this is way ‘morally offensive’ and ‘abuse directed at any other member of WordPress community’ under item 9 of WordPress plugin guidelines.

“For anyone not closely familiar with the context – Z and V, that started as markings on Russian military vehicles invading Ukraine, were adopted by Russian state as symbols of gleeful support for the war, denying it is a war, denying they are killing civilians, and so on.”

Many are incredulous that the plugin was even approved in the first place.

“I’m completely appalled by having such a thing even being considered for inclusion,” Bas Schuiling said in the #pluginreview channel discussion. “I’m a refugee and fled Ukraine, and this exact symbol is being used to applaud and cheer the murder on my country, friends, and family.”

“We’re watching the birth of a hate symbol in real time,” Hancock contended.  “You’d have to be living under a rock to not see that.”

After a lengthy discussion, WordPress Executive Director Josepha Haden Chomphosy decided made the call to have the plugin permanently removed from the directory, overruling the plugin team’s decision. She followed up later with a published statement, clarifying why it was removed:

The plugin’s description, “Shows the Z symbol to support Russia,” eluded initial plugin checks. While it is true that there is no current plugin guideline barring plugins that “support” political leanings, this icon symbolizes something more complicated than that. Contributors were right to report this and, with their help and the help of WordPress community members, the plugin has been removed from the directory. 

In a separate post on the Make WordPress Plugins blog, Haden Chomphosy said that since Z is an emerging symbol of hate, “it was considered a grey area in initial checks and on further review was removed.”

“As a reminder, WordPress guidelines call upon all community members–including extenders like plugin authors– to ‘be kind, helpful, and respectful,’ she said. “A symbol that is connected to an ongoing war and humanitarian crisis is none of those things.” 

Many of those initially outraged about WordPress.org hosting this plugin are satisfied with the outcome, but it highlighted a disconnect between WordPress’ values and the current processes in place for addressing symbols of hate in extensions.

“I’m glad that plugin was removed from the repository,” Hancock said. “It was absolutely the right call. But I wish that it didn’t take rattling cages for that to happen. I think comparisons that were made between this situation and others that may offend people (such as a porn embed plugin) were completely off base.

“I would hope that the WordPress Plugin Repository is not a place for plugins used to facilitate the spreading of propaganda and hate symbols that support war crimes and genocide in Ukraine. And that is exactly what the Z symbol has become.”

Haden Chomphosy’s statement indicated that the project may be reexamining its plugin review policies in the future.

“I am aware that this issue leads to natural questions about clarifying our plugin policies moving forward,” she said. “I’ll work with the community to explore our guidelines and create a clearer framework for how plugins can be evaluated in the context of current events.”

Posted on

WP Engine, Pantheon, and Others Drop Support for Russian Business Customers

WordPress managed hosting company WP Engine has joined Acquia, Fastly, Gatsby, Netlify, and Pantheon to begin booting Russian companies off their platforms.

In addition to the joint protest, each organization has also pledged support to the Open Observatory of Network Interference (OONI), a non-profit that documents internet censorship around the world.

“As part of that effort to increase our support, we are adopting a stronger stance against the actions of the Russian government while supporting the ideals we hold true as an Open Web company, which is why WP Engine has joined with other Open Web companies Acquia, Fastly, Gatsby, Netlify, and Pantheon to stand with Ukraine,” WP Engine said in a statement. “WP Engine has ceased all business with Russian companies that were using our platform.”

These stricter measures came after the company had already donated to Polish and Ukrainian humanitarian funds, matching employee funds. WP Engine condemned Russia’s invasion in its first published statement on the matter:

As the world watches in horror, Russia’s invasion of Ukraine continues to leave heart-wrenching destruction in its wake. It is truly shocking that in 2022, a major world power would launch an unprovoked attack on a sovereign nation, causing the largest humanitarian crisis in Europe since WWII.

As they face unimaginable hardships, we stand firmly with the Ukrainian people and condemn the actions of the Russian government in Ukraine.  

Similarly, Acquia tweeted earlier this week that the company “will not provide software or services to organizations based in Russia.”

The coalition of organizations is sanctioning Russia in a similar way to Namecheap, and many other companies, that have terminated service for Russian customers. The world has never seen anything like it with the number of companies across every industry willingly sanctioning the Russian market without a government requirement to do so. Widespread outrage against Putin’s invasion of Ukraine has provoked a massive response from corporations and private enterprises.

“The net effect of so many companies exiting or pausing operations in Russia means the government sanctions might almost become a moot point. “It’s a chicken and egg story,” Leo Feler, senior economist at UCLA Anderson School of Management, told TIME magazine. “If enough businesses abandon the Russian market on their own, the Russian market is also going to shrink. You don’t need sanctions to do it if everyone self-sanctions.”

In the world of open source software, individuals, companies, and projects are grappling with the ethical implications of staying neutral versus imposing some form of sanctions. One misguided attempt at “protestware” was included as a dependency for a popular npm package with malicious code that deletes data by overwriting files for users based in Russia and Belarus. People are desperate to make a difference for those suffering in Ukraine, but they don’t always know the most effective way to direct their efforts.

The Open Source Initiative (OSI) has taken a firm stance on the immutability of the freedoms and protections that open source licensing confers.

“Civil society has many non-violent ways at its disposal to resolve conflicts and it’s important to explore all possible avenues,” OSI Executive Director Stefano Maffulli said.

“When it comes to open source software, however, the Open Source Definition is clear: There must be ‘no discrimination against persons or groups’ and ‘no discrimination against fields of endeavor.'”

Maffulli elaborated on these thoughts in an interview with The New Stack, noting that limiting distribution is one option for protesting but that this could hurt Russian citizens more than “the Russian military and powerful elites who certainly have the means to develop workarounds.”

Limiting distribution would likely be far more difficult than denying service to Russian businesses, which is why this tactic has been more readily adopted. Businesses are using whatever means they have within their spheres of influence to make an impact.

The WordPress project stopped short of explicitly condemning the aggression and has focused more on the humanitarian crisis and supporting peacebuilders. The project produced a special edition of its WP Briefing podcast to address the situation in Ukraine earlier this month.

“The downstream humanitarian crises of the invasion are unimaginable,” WordPress co-creator Matt Mullenweg said.

“And seeing destruction in the world we live in is confusing, disconcerting, and difficult.”

Mullenweg invited the WordPress community to stand “with those in the world working to end conflict and working toward a world of peace, promise, and opportunity.”

Many companies have followed this same approach with efforts aimed at providing relief for refugees and economic support for Ukrainians who are still fighting. WP Engine, Acquia, Fastly, Gatsby, Netlify, and Pantheon were compelled to go beyond their humanitarian efforts to put some pressure on Russia. It’s not yet clear whether disempowering Russian companies will have any bearing on the outcome of this conflict.

After a nearly month long war that has left cities like Mariupol in ashes, with Russia’s war crimes on full display across media outlets around the world, companies are coming under more pressure to act.

Posted on

How the WordPress Community Is Supporting Ukraine’s Resistance Against Russian Invasion

While Russia is decimating Ukrainian cities in an unlawful attempt to occupy the country, WordPress companies and individuals are seeking ways to help refugees fleeing the violence, as well as those who have stayed behind to fight.

We are living in one of those rare times in history where events have captured the attention and hearts of people around the world, with a powerful unifying force. In the face of such unmitigated hostility and injustice, many feel helpless to make a difference, but the WordPress community is finding creative ways to support the brave efforts of the Ukrainian people.

After identifying an attack on Ukrainian universities’ websites that coincided with Russia’s invasion, Wordfence announced it has enabled its real-time threat intelligence for more than 8,000 of its users on the Ukrainian .UA top-level domain (TLD) until further notice. Ordinarily, this is a paid feature. It includes a commercial-grade IP blocklist, real-time firewall rules, and real-time malware detection.

“This is the first time in the history of our company that we are taking this action,” Defiant (makers of Wordfence) CEO Mark Maunder said. “We are doing it as a response to the crisis that has unfolded in Ukraine.”

Servebolt, a company that hosts WordPress sites, among other platforms, has offered free hosting to anyone working to help the Ukrainian people.

In one extraordinary individual effort that raised €3500, mainly from the WordPress community, Ines van Dijk, a mother of three, living in the Netherlands, drove 2500 km to Poland to donate items and chauffeur refugees.

“Many, many people have been displaced”, she said. “I am unable to sit with that quietly and do nothing, so I decided to rent a van, load it up with things refugees might need, and drive to Poland.”

She collected bags of clothing and blankets, personal items, bought food and water, and transported it to refugees in Poland.

One week after Russia began its invasion of Ukraine, more than a million people have fled the country in what the United Nations is calling the swiftest refugee exodus this century. Meanwhile, many have chosen to stay behind and some Ukraine-based companies are struggling to stay in business while sheltering for their lives.

Crocoblock, a company with plugins on WordPress.org as well as commercial products, is made up of a 40+ person team of Ukrainians.

“Our team is located in three cities (Mykolaiv, Lviv, Kyiv),” Crocoblock Partner Manager Lana Miro said in an update on Post Status Slack. “We are safe, working somehow. Some stay in basements, some stay in apartments (and use the bathroom during air alarms). Our mood is optimistic and we believe/help our army. Thanks everyone for your support and everything will be fine.”

Crocoblock has updated the banner on its site, which links to a donation page for the Ukrainian Army. The banner references the last words of Ukrainian soldiers who were believed to have died defending Snake Island in the Black Sea. They may have been illegally captured by Putin’s forces but this has not yet been confirmed. Their brave last words have become a rallying cry, echoing the sentiments of pro-Ukrainian supporters around the world.

Paid Memberships Pro CEO Jason Coleman has written a tutorial on how internet businesses can find their Ukrainian customers and email them to see how they can be of help. There are specific instructions in the article for those using the PMPro plugin can on how they can find users with a Ukrainian billing address, Ukrainian email addresses, or Ukrainian websites. It is also more broadly applicable to those using other CRM or e-commerce software solutions.

The team at Codeable, a WordPress freelancer platform, is also working with its developers in Ukraine and Russia to support them in ensuring their clients still receive services.

“We are a two sided marketplace between our developers and clients,” Codeable Expert Community Development Lead Mike Demo said. “We are doing daily wellness checks, expedited payouts to our developers in Ukraine and Russia, and helping clients with Ukraine and Russian experts find alternative development help if needed at no cost to the client or money lost for the expert.”

Earlier this week, Namecheap took a highly controversial approach to making a difference, terminating service for Russian customers with just six days’ notice. (Namecheap has since revised the deadline to March 22). This includes Namecheap Hosting, EasyWP (Namecheap’s managed WordPress hosting), and Private Email with a domain provided by another registrar in zones .ru, .xn--p1ai (рф), .by, .xn--90ais (бел), and .su.

The email to customers puts the onus on subjects of authoritarian rule, a tactic that sparked a fiery debate on Hacker News:

“Unfortunately, due to the Russian regime’s war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia. While we sympathize that this war may not affect your own views or opinion on the matter, the fact is, your authoritarian government is committing human rights abuses and engaging in war crimes so this is a policy decision we have made and will stand by.”

As sanctions are having a catastrophic effect on the Russian economy, and many Russians are scrambling to get out of the country, some contend that these measures are hurtful to those who are trying to help. One user on Hacker News, @_vtoj, highlighted a few reasons why this approach is problematic:

Dude, right now all of us are in deep shock, while:

– some are trying to find their relatives in Ukraine

– some are coordinating and volunteering

– some are trying to get themselves and their families outside of Russia (which gets harder by the minute because of prices and sanctions)

– some are trying to smuggle at least some of the money outside, because their entire life savings are now blocked

– some are trying to preserve what they have despite ruble and market crashing

– some are hunkering down with what they have and their loved ones, trying to stockpile some food before prices skyrocket

And no one has any time to cope and process anything – don’t forget usual workloads, too. Planning for a week feels like it’s already a strategic, not a tactical scope.

I get what you’re trying to do, but can’t you at least give more time for everyone? Right now I need to drop everything and migrate my DNS as well because my private email that I use for docs will stop working in 6 days. And to figure out how to pay the transfer fees while doing all that. It’s very much fucking stressful already.

GoDaddy, another major domain registrar and host, took a slightly different approach, announcing today that the company is renewing, at no cost, any products or services that are set to expire in the next 60 days for Ukrainian customers. The company is also donating $500,000 to humanitarian relief in Ukraine and matching donations from employees, and providing assistance for Ukrainian contract workers.

“What’s happened in Ukraine is horrible,” GoDaddy said. “We do not condone the unwarranted aggression from the Russian Government.”

The company is also making specific business decision that impact Russian customers but may not affect existing customers as strongly as the Namecheap’s sanctions:

  • Removing the Russian version of our website 
  • No longer supporting new registrations of .ru and .ru.com
  • Removing all .ru domain names from our domain name aftermarket
  • Removing the Russian Ruble

WordPress managed host WP Engine is donating to Polish Humanitarian Action and the Ukraine Humanitarian Fund, as well as matching employee donations.

If you are looking for ideas on where you can lend your support, longtime WordPress contributor and the co-organizer of the first official WordCamp in Ukraine, Andrey Savchenko, recommends donating to the Ukrainian Armed Forces and Come Back Alive fund. He is currently sheltering in Kyiv.

These are a few examples of the ways the WordPress community and broader hosting communities are using their influence and resources to help with relief efforts. If your company is launching an effort that was missed here, feel free to leave information about it in the comments.