So you were hacked and didn’t think to inform us

Thanks for your reply, and yes I do have some more feedback.

To reiterate, I would like to stick with Rankmath as I am very happy with what it does. I do not abandon software because of issues like this, but I will not continue to support those who try to hide the seriousness of a current situation.

What you do next though, will influence my decision.

You haven’t done nearly enough on this issue, and here is why.

This is a serious, serious issue, in case you hadn’t realised.

It caused two photography clients to call me in absolute rage and upset (one repeatedly) as their own customers had noticed their sites were redirecting to malware installations and porn sign ups.

You can imagine the loss of trust their customers have, and the loss of trust they now have in me.

So as you can see, it’s a serious, serious issue.

One in which I do not have any trust that you have done, or are doing, nearly enough to address it.

You’d think then, that you’d have something actually on your HOME PAGE about it. Or your BLOG. The is the absolutely prime place to be putting information on a problem your plugin has, that can cause websites to be redirected to PORN SIGN UPS. Forgive me for labouring this point. Also forgive me if you have such a message on your website and I can’t see it.

Can you then understand why “I felt it this way?”. Do not underestimate how furious I am to read that after an entire day lost trying to find the source of the problem.

Do not downplay your problem that is still in place causing your user’s upset because you are afraid to publish the seriousness of what is happening.

You have assumed that everybody will follow you on Twitter and Facebook. I don’t. I go to a company’s home page first. That should absolutely be included in a place of announcements.

I’m still waiting to be allowed access into your user’s group.

So anyway, you have made announcements by email, and on social media.

Here is the crux of your failure to communicate.

At no point did you ever say:

***WARNING AN EXTREMELY SERIOUS HACKING ISSUE WITH OUR PLUGIN IS HAPPENING***

Or something similar (remember, malware and porn sign ups? in case you think I am overreacting.)

Instead, the only slight reference to it is:

Twitter & Facebook “Bug & SECURITY fixes”

And on your CHANGELOG on March 26th.

“FIXED: A couple of REST API security issues reported by Wordfence team.”

What you have done is put this notice on the equivalent of Douglas Adam’s “The plans were on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

In short, you need to COMMUNICATE the seriousness of this issue, and CONTINUE to communicate it, using your home page, and pinning messages on your social media until such time as you think everybody has addressed it.

I see there are still users who are having the same problem, so allow them to keep the trust they have in you by taking these simple and crucially necessary steps.

DO MORE AND DO IT NOW. I don’t wish to have to tell others of what can happen to them, who may be in the middle of the same situation as me, but I will if you won’t and don’t.

Remember. PORNOGRAPHY SIGN UPS ON MY CLIENTS WEBSITES.

Thank you. Malc

Hi Michael, thanks for the reply – yes, I do really think that more is needed, even if just one other struggling person can be made aware that they can find out easily where the issue lies.

Especially at this time where things are a bit difficult, it’s really good to make sure you are looking after your users by being crystal clear about problems.

My clients have been suitably calmed down, and I’m really happy to hear you are passing info on and considering additional steps. That’s the sort of response I like, good stuff.

Take care wherever you guys are, Malc.