GRA4 – BuddyPress plugin or replacement?
-
Seems to me that GRA4 is meant to replace BuddyPress, not supplement it? Do I have reading problems?
-
It’s a different solution for a social network. Other options are great but I warn that the developer could drop support after you’ve built a site. BuddyPress will continue to be developed plus there is a growing BP theme & plugin community.
Test it out. I’m curious to hear what people say about the other options.
@lunchgirl @modemlooper GRA4 has been removed from the WP Plugin Extend. It was “phoning home” without user knowing it among others #7 https://wordpress.org/extend/plugins/about/guidelines/
@lunchgirl if you’ve already installed/activated the plugin, I can only recommend that you delete it from your installation.
Ouch!
Interesting ‘plugin’ that GRA4.. it is a connection to their website. A little more than phoning home. Your members get included into their website. Wherever their ‘plugin’ is activated, all the members show up on all the other websites. They have a plugin for oscommerce, phpbb and wordpress and they are working on a plugin for drupal. All members are gathered to their website and you have NO admin privileges. You have NO control over the content on the website and I don’t know for sure, but I think there could be some major security (and privacy) concerns for all of your website members.
They don’t tell you straight out that you aren’t adding functionality to your WordPress website, they are providing a portal to their website, which shows up on your website making it appear like it’s your website. Quite crafty. – A FACADE-
They are using ‘elgg’ social software on their server. They authenticate using cookies and they secretly provide your website with a ‘secret key’ and their coding changes the .htaccess rewrites for your website to redirect your members to their website. The page they tell you to add, is the same name as the directory of their plugin and the rewrite for permalinks makes it appear that your members are looking at a page, but they are looking at another website. The shortcode they tell you to put on the page you create for their plugin calls the function that imports the data from their website to display on that page. So, basically.. it’s an interface with their website gra4.com. Their website shows up on an ip address in the United States, but they are Russian (no prejudice, just an observation), to share the information. Part of their coding calls a another website virturossiya.org/c (which shows up as ‘GRA4SetConfigValue(‘GRA4_remote_url’… in one of the files. That website also shows up on an ip in the USA, but the page title is in Russian and the favicon is a red star. (looking at that last domain name I can see ‘virtual russia’).
In conclusion, from my perspective, it’s a scam. You do NOT get your own social network with their ‘plugin’, you get to include your members into their website, without your members knowing it.. I don’t think that would be consistent with the spirit of WordPress or BuddyPress. I would stick with BuddyPress or one of the other true WordPress plugins that provide social networking within WordPress, unless you want to find yourself answering questions you have no answer for sometime in the future.. Let alone the risk of your own website and hosting information somehow being hacked. The concern I have is, if they are being honest, why hide all of this from WordPress users of their plugin? With their obvious ability to rewrite and redirect, who knows (really) where your website and member information is going?
If they do get back into the WordPress Repository, I would really be careful of these people. Always check to see if a plugin requires a connection with remote servers before you consider using a plugin.
Their site is based on Elgg
@arrogance-is-bliss thank you for providing a detailed report on the extent of the plugin’s abuse. I just saw the first few lines of one of the plugin’s files in repo and reported it right away at plugins@wordpress.org
This is a shitty concept and is a poor example of plugin usage!
There are a few different social networking platforms out there and someone coming up with a safe way to integrate one or more of them with WordPress (or visa-verse) would be a welcomed development, in my opinion. However, a ‘plugin’ like GRA4 that takes unsuspecting members from WordPress sites and opens the WordPress site owner(s) up to potentially (MAJOR) security and privacy issues (as well as hosting and server violation issues) is not a plugin. It is a dangerous interface that WordPress webmasters would be well advised to stay away from.
One thing to consider when allowing a ‘plugin’ to use a remote server is, you can not know the intentions of the people on the remote server. Once that avenue is opened, a site can be vulnerable to many things unseen and unimagined.. That is Dangerous.. Unfortunately, a lot of people using WordPress do not look at code. Even if they did, they don’t know how to spot potential dangers. As website developers, webmasters, and the like, we do have a responsibility to those who use our websites, to be careful of providing something that could violate the rights and privacy of our users as well as open our own servers and/or hosting, to unsavory and malicious intruders.
It pays to ask questions, @lunchgirl thanks for doing so. I wasn’t aware of gra4 until I saw this thread and @mercime pointing out that it isn’t available in the Repository anymore caused me to want to know what it did. So, I looked it up and found that they are attempting to infiltrate several different and independent platforms. If anyone uses those other platforms or knows someone who does, I would let them know about that plugin (or in the case of some, it’s a drop-in). It is still available in those other platforms and shouldn’t be. Please spread the word..
@arrogance-is-bliss Thanks for the info. Its a shame how some people use their knowledge destructively vs constructively. I will never jeopardize the integrity of the platform just to have a malicious plugin or theme released.
I installed on a website I am setting up and decided to delete it as I was more happy with BuddyPress so I deleted the plug in but the link to GRA4 is still on my site. Anybody an idea for this beginner techie to get rid of it? See http://www.happinesz.com
@panthony54 Did you create a page to post the shortcode per installation page I see in WP extend? Go to Pages > All Pages and delete that page.
Thank you so much. I did it and it is gone now. It’s a creepy plugin.
@panthony54 Yes it is 🙂 Double check wp_options table in database that there’s no GRA4 options lurking around, just in case.
- The topic ‘GRA4 – BuddyPress plugin or replacement?’ is closed to new replies.