Advertising, Upselling, and Cross-Selling on WordPress.org and the Admin Dashboard

It’s a recurring thing and the big topic surfaces repeatedly:

• What forms of advertising are allowed in the WordPress admin dashboard?
• What forms of upselling and cross-selling are acceptable on the WordPress repository (wordpress.org)?
• How far is too far?
• Are standards the same for everyone?

If you’re a small plugin author, this topic is something you’re probably worried about because you’re always investigating new ways to attract more paying users to your plugin embracing a sustainable and by-the-rules approach.

But things are more difficult to understand as rules aren’t clear for everyone. Sometimes, it seems, a few plugin authors might succeed in bending rules in their favor.

But let’s start with a clear example:

Yoast, one of the most active and famous company in the WordPress ecosystem, pushed a banner — that’s the word — linking to their page featuring all their products discounted by 30% for Black Friday.

Of course, people on Twitter started to talk about it:

Marieke’s apology tweet

These are just a few of the many harsh comments Yoast received. To keep things nice and easy, here’s a summarized version of my take on it:

Did Yoast make a short-sighted branding decision?

Yes, they should have anticipated all the comments like these, which talks about “damage”:

Did Yoast bend the rules in their favor?

Yes, more on this later with other examples.

Did Yoast push it a bit too much with their banner?

Yes, they did as it was shown in the main dashboard, the media page, the settings, the post page, and many other places. So, ya, a bit too many.

But…

Is Yoast’s choice completely inconsiderate?

Not at all, it’s a marketing tactic they pushed at the right time in one of the many “areas” of the platform their product integrates with. Yeah, there are guidelines on the types of notifications, information, and promotional messages in the WordPress dashboard but they’re not rigid. As we all know well.

Is Yoast to condemn?

Are we serious, people? Just chill. I endorse each word Barbara used to summarize this “scandal”. And Marieke, Yoast’s CEO, stood up in the first place on Twitter and said they were sorry:

For even more wrap-up about this, please check Issue #5 of The Repository from MailPoet and the latest Note from Post Status.

Yoast is just the last example of a recurring issue.

And here we are at the culprit of this thread, which always pops up from time to time because we still haven’t found a common answer:

1. Plugin developers need to make money to keep releasing newer versions of their plugins and/or extend their offers with more products or services.
2. To make money, you need to sell it to someone = you need paying users.
3. To get paying users, you have different ways, one of which is telling them about your products and your limited-time offers.
4. You want to capitalize on seasonal events such as Black Friday to get the highest exposure possible.

And this is a combination of several elements (your site, landing pages, emails aka your MVC) but also the WordPress dashboard and your public page on wordpress.org, both of which are not under your control and have rules to follow.

See the conundrum we’re facing? So let’s take a step back and let’s lay out the rules and give some examples of plugin advertising and upselling going wrong.

What’s Allowed and What Isn’t on WordPress.org and the WordPress Dashboard?

While WordPress doesn’t usually employ a zero-tolerance policy for plugins, you want to know from the beginning what’s allowed and what isn’t.

The possibility of your plugin being taken down, even temporarily, is scary. And having to put everything on halt while you re-do the “blamed” parts of the code isn’t fun at all.

The Jetpack feature suggestions debacle from earlier 2019 is further confusing matters.

Just how far are you as a WordPress plugin developer allowed to push the bar? And will following Jetpack’s example get you banned?

Many developers feel that the largest plugins aren’t being treated the same and it’s caused an upset in the WordPress community.

I get it: you may be confused and concerned.

If you haven’t already, you should read through the detailed plugin guidelines. This covers most bases, you can contact plugins@wordpress.org if you have a specific question about whether your code falls within the guidelines.

Let’s go over all of the rules related to advertising and upselling in detail.

Rule 5. Trialware is not permitted.

Rule 6. Software as a Service is permitted.

In essence, this means you can’t create a plugin that does nothing but validate a license key or in which all functionality is disabled after a certain period of time.

Attempting to loophole this rule by including one tiny feature and locking 90% of functionality behind a paywall is also against the guidelines. Your WordPress plugin must contain something of actual value and not serve primarily as a placeholder for a premium plugin.

You are allowed to create a separate premium version of your plugin, and software as a service (SaaS) is allowed as well, even if it uses a third-party API people need to pay to access.

An example of this is Genesis Layout Extras, a plugin that doesn’t do anything without the paid Genesis framework. Because it does provide features once you connect to Genesis, it’s still allowed.

However, any code distributed through WordPress.org must be freely available. You can sell addons or a premium upgrade on your own site and advertise it through your free plugin, but you can’t include restricted functionality that’s unlocked through a payment within the free version of the plugin.

7. Plugins may not track users without their consent.

You can collect user data, but you must explicitly ask for permission. Most notably, you cannot include any third-party advertising that tracks users. So Google Adsense or anything like that won’t fly.

SaaS plugins are exempt from this rule when they’re required to connect to third-party interfaces to function, like Akismet, which uses an outside database to detect spam comments.

9. Developers and their plugins must not do anything illegal, dishonest, or morally offensive.

This is a big one, and it covers a lot more than just advertising, but in short: Do not imply that your plugin can drive traffic or guarantee legal compliance, do not pressure or compensate users for reviews, and do not mislead users into thinking that a free feature in your plugin can only be obtained by paying for the premium version.

In addition, don’t intentionally try to find loopholes in the guidelines.

10. Plugins may not embed external links or credits on the public site without explicitly asking the user’s permission.

You may not include a credit or external link on a public page without explicit user permission. In other words, no advertising yourself, your other services, or anything else on any front-facing pages.

The exception is SaaS plugins, which are free to “brand their output” or include external links/credits as long as it’s handled within the service code, not the plugin code.

11. Plugins should not hijack the admin dashboard.

This is where things get complicated. Any notifications — be they alerts, prompts, requests for reviews, or upsells for the premium version — must be limited in use. The exact number of prompts you can include is not specified.

It’s encouraged, but not required, that any pop-ups are placed only within plugin settings pages. Notifications outside of these areas, however, must be manually dismissable or remove themselves.

This entire section is somewhat of a gray area. Almost anything is permissible as long as it’s not excessively overdone, and is able to be removed if it’s outside the plugin settings pages. But within your plugin pages — (almost) anything goes.

17. Plugins must respect trademarks, copyrights, and project names.

You may include trademarked/brand names or other projects’ names in your plugin title, but they can’t be the first term in the title or your slug. This includes “WordPress”. You can call your plugin “Anti-Spam for WordPress”, not “WordPress Anti-Spam”.

This is to avoid misleading users into thinking you represent a brand or a plugin you don’t own for advertising purposes.

In summary, here’s what’s allowed as far as advertising goes:

• Offering a paid version of your free plugin, or selling paid addons/updates.
• SaaS that connects to a third-party API, even one that’s non-functional without a paid key. (And tracking users using that API.)
• Using a brand name in your plugin title (as long as it’s not the first word).
• Upselling your commercial plugin within your free plugin.
• Notifications and advertising in the WordPress admin area “within moderation”.
• Possibly third-party advertising that doesn’t track users (such as affiliate banner ads); this has been discouraged but regardless appears in some plugins.
• Dismissible notifications outside of your plugin settings pages.
• Notifications and advertising within settings pages, including premium addons tabs, review requests, upselling your premium addon, and so on.

And here’s what isn’t allowed:

• Tracking users without their consent and third-party advertising that tracks users.
• Using guaranteed legal compliance or increased traffic as an advertising scheme.
• Compensating users for reviews, or forcing them to leave one.
• Misleading users into paying for free features.
• External links or advertisements on public pages.
• Using a brand name you don’t own as the first word in your plugin title or slug.
• “Excessive” notifications in the WordPress admin.
• Notifications outside your plugin’s settings that aren’t dismissable or don’t resolve themselves.
• Abusing loopholes in the guidelines.

Within the current guidelines, advertising is discouraged but not disallowed. Over-advertising may be subject to scrutiny, but the occasional box on the plugins settings page won’t get you instantly nuked by the moderators.

Why the Rules

The WordPress guidelines were created to protect users and ensure a minimum standard for every plugin hosted on the repository. Since the official plugin repository is the go-to for a majority of WordPress users’ search for plugins, it’s expected that everything downloaded there is safe and high-quality.

Without the guidelines, the repository would be inundated with low-quality, useless addons, or ones that spam admin pages with advertisements. While some of the guidelines can feel overly restrictive for developers, the repository would be subject to heavy exploitation without them.

For instance, in the past, the rule against excessive advertising was not very clear or well-enforced for a time. Many plugins added constant advertising spam, nags, and upsells throughout the backend admin area, many not dismissible at all. Before a stop was put to this, things got out of control.

Once it’s established that plugins can game the system without being punished, they will do so. That’s why the guidelines exist: to give users a good experience.

But recent events might leave you questioning — do big plugins actually follow these rules? Is a small plugin dev able to do the same things a popular plugin can?

Disciplinary action against WordPress plugins is not often noticed, unless it’s a large plugin or the author complains. It’s hard to know who’s being punished for what rules, and if enforcement is consistent. But there are a few past situations that shed a little light on the issue.

WordPress Plugin Controversies

Some WordPress users have raised complaints that big plugins get special treatment (think of Yoast recently), while small plugins are hastily punished for similar if not identical infractions.

While calling this malicious and intentional is venturing into the realm of conspiracy theories, one thing seems certain: Big plugins seem to set the bar for what’s allowed and what isn’t and they certainly encourage smaller devs to follow their lead when they begin to push the rules.

They may not be purposely and systematically allowed to get away with these things just because they’re well-known, but they’re the biggest influence on the plugin repository, its guidelines, and how those guidelines adapt and are enforced.

Jetpack Advertisements in Plugin Search

Early this year, the WordPress developer community experienced a big upset when it was revealed that Jetpack had added feature suggestions to plugin search results.

Jetpack is an all-in-one WordPress plugin that comes with quite a few core features, many only available in the premium version. In this update, if you use plugin search to look for something Jetpack already comes with, you’ll be shown a “feature suggestion” for the existing Jetpack module.

At first, this might not seem too bad. You’re just being shown features that already exist in Jetpack. The notices are even dismissible. Even if they’re sometimes paid addons, is that really so bad?

But this development has concerning implications for developers struggling to fairly compete with one of the most popular WordPress plugins of all time — Jetpack already has 5+ million user’s attention. Many smaller devs feel this is an underhanded way of eliminating competition.

In addition, the effects this could have on the plugin ecosystem are extremely worrying. It’s one thing for a single plugin to push suggestions of this sort, but it’s opening the gateway for dozens of other plugins to insert advertisements into the search results.

Despite the clear displeasure from developers that spread across social media, the Plugin Review Team concluded that these feature suggestions weren’t against the rules.

However, the first release of Jetpack did include upsells for paid modules and the review team said this was likely violating the guidelines. So for the time being, blatant upsells in the search results won’t fly. Jetpack later removed the paid promotions with an apology and the dust began to settle.

Even if this usage case isn’t against the guidelines, many users feel it’s a slippery slope that could soon turn to hundreds of plugins abusing this newfound feature.

This could lead to another repeat of the advertisement-filled disaster that was the WordPress backend before “don’t hijack the admin area” was made into a rule. It could mean having to scroll past pages of injected results and upsells just to see a real plugin.

Someone has already created a Jetpack Without Promotions plugin to remove all the nags and upsells, but if dozens of addons begin adopting this behavior, it’s going to be difficult to deal with.

Shortly after all this transpired, a guidelines amendment was proposed on Github that concerningly changed the phrase from the current rules: “Advertising within the WordPress dashboard should be avoided” to “Advertising within the WordPress dashboard is permitted within reason”.

While the proposal makes some of the currently blurry lines more clear, it also opens up the floodgates for a much less user-friendly WordPress. Luckily, the guidelines haven’t actually changed yet, but there’s no saying what could happen in the future.

Jetpack is already known to skirt the rules in some ways — with over 5 million installs and many web hosts relying on it, removing it from the repository would do serious damage.

So in many ways, Jetpack and plugins like it are often the ones setting the standards for what’s allowed and what isn’t. And for other developers, it can feel like they’re not even following the same rules.

One user did create a library to inject artificial suggestions into plugin search results, but it’s yet to see if a less popular plugin author has used it and been banned.

In the end, what Jetpack is doing isn’t completely egregious, but it’s less about the features they’ve implemented and more about the implications it could have on over-monetization in the WordPress repository. When a large plugin sets a standard, everyone will try to follow.

WooCommerce Marketplace Suggestions

While the Jetpack drama was still boiling, WooCommerce — owned by Automattic, like Jetpack — announced their new Marketplace Suggestions. These advertisements for paid extensions appeared on admin product pages and were dismissible but only for 24 hours, and then 1 month after you dismiss enough notices. No way was provided to permanently turn them off.

WooCommerce already comes with an Extensions area built-in to their settings page, so people felt this was more than excessive. While it didn’t cause the same level of uproar, many shared their displeasure, but WooCommerce pushed through with the release.

A few days later, they dialed back the advertising, removing them from product screens and allowing you to shut them off for good. Overall the outcome was positive, but this change so shortly after the Jetpack update upset many.

Yoast Premium Nags in Admin Area

Let me say this first: I use Yoast on my website, we use them at Kinsta, we’ve used their plugin at Codeable. Plus, I know them and think they’re a great company that’s doing great things. Really.

But here we’re trying to dig deeper on plugin upsells, promotional messages, and the like.

And users have long been unhappy with the frequent message boxes within the admin area of Yoast, inside and outside of its plugin interface. Besides the upsells there are update notifications, warnings, widgets, and a lot more.

Things are certainly better with Yoast than they used to be before the rule against admin area hijacking was implemented, but visiting its setting page is immediately overwhelming.

Users have always called Yoast’s advertising too much, even after they dialed it back, and there’s even a plugin to remove bloat and ads from the free version. The list of everything it gets rid of is staggering.

Nothing Yoast does is technically against the guidelines, as everything is either dismissable or confined to the pages it operates on. They were still one of the first plugins to implement the excessive advertising that many others soon adopted.

Now, my question is: would any other plugin likely have been able to get away with the same level of self-promotion?

Yoast also once released a PHP update nag which was both huge and non-dismissible without upgrading. While getting people to update their PHP version is inarguably best for everyone, this also caused some negative feedback due to bending the “no non-dismissible messages outside of plugin settings pages” rule.

How do you know as a dev when you’re pushing things too far? And can you be sure other plugins are being held to a similar standard?

Other Examples of Advertisement in the WordPress Admin

On the repo, you can find all sorts of examples of advertising and upselling. Many plugins might opt for a modest, dismissible popup, but some are more aggressive than others.

The guidelines are sometimes unclear, so how can you decide what type of design is appropriate and what’s definitely crossing the line?

Most people wouldn’t object to a small advertisement like the one below, or a limited amount of upselling; WordPress developers need to make money. But when does it become too much?

For example: is asking for reviews too obtrusive? Many of these nags take up space in backend areas or return after being dismissed. But it’s a popular choice within plugins, so it seems to be acceptable.

Upselling products directly related to your plugin is allowed as well, but it’s hard to know how far you can take it, and where you’re allowed to do it. Could you place a “Go Pro” link within your own plugin’s box?

Can you advertise outside of your plugins page if it’s a dismissible notice? Or a large, non-dismissible upsell within your own settings page? Is cross-selling related merchandise like ebooks acceptable?

Prompting users to sign up for a newsletter or join you on social media is also commonly seen. But if notices like these aren’t permanently dismissible, they tend to annoy users who don’t make use of these features. Still, they’re allowed.

What about deactivation questionnaires? Are these allowed as long as they’re skippable and what if they’re not? Do they count as dismissible notices?

In the end, the guidelines are called that instead of rules for a reason, but their vagueness can make it difficult to tell what’s acceptable to include in your plugin. It’s never clear what’s allowed until one popular plugin sets the bar and the rest follow behind.

How This Affects New Plugin Developers

While it can’t be definitively said that popular plugins are intentionally receiving special treatment for malicious reasons, there are definitely cases of unfair treatment of small plugins as large plugins seemingly do what they want.

A lot of WordPress developers feel alone right now. They feel that the community is changing for the worse, and that both users and devs are getting the short end of the stick. Some even think that this will end up killing WordPress for good.

If you’re a developer who wants to post on the repository, what you should you do, then?

It’s easy to say just follow the guidelines and avoid dishonest practices (if only because you might be banned for it), but it’s hard to know if what you’re doing it allowed.

Most developers don’t need to be overly concerned, as you’re not likely to be outright banned from the repository unless you do something intentionally exploitative or malicious.

There’s no way to get a straight answer without emailing the plugin team and asking for clarification. That’s your best bet for not falling outside the rules or reach out to them on their official Slack channel.

But it’s still a good idea to be careful..

Surviving on the Plugin Repository

Even if there are guidelines, moderators, and a dedicated plugin review team that checks whether developers are abiding by the rules, some infractions may be overlooked. Especially those by popular plugins that are, in some ways, subject to less scrutiny.

Right now, a lot of developers are understandably upset at the situation with Jetpack and other popular plugins. But this isn’t a black and white situation.

Some allege that WordPress is acting dishonestly, but it’s clear that their members do care and keep a close eye on the repository. And what can seem like infractions being willfully ignored is just certain developers abusing the system.

There is no one “bad guy” in this situation, and there’s likely no grand conspiracy to intentionally let popular plugins run rampant. It’s just a flawed system that’s sometimes taken advantage of.

The plugin repository isn’t perfect, and for growth and marketing, you shouldn’t solely rely on it to get you your users. Employ several methods of promoting your plugins to get an edge on the competition.

In the end, you should avoid bending the rules, even if you see another plugin doing it. You could have your work permanently or temporarily deleted. And if you want to do something you’re not sure is against the guidelines or not, emailing the plugin team and asking for clarification is a good bet.

The best thing you can do is joining the conversation when you notice something unfair going on in another plugin. Or even better, address a real, tangible pain point for users of bloated addons, and pack your fix into a plugin.