For the record: this is not a Magento exploit or Magento vulnerability. It’s only a security risk if your admin password is breached or you install a malicious extension. Obviously in either case, security can be compromised but this is not a flaw in Magento’s architecture. It’s bad behavior on the administrator’s part for not maintaining their password securely or performing a code review of any extension installed.
Nexcess is one of the best places to host Magento by the way, as proven by that article and the steps they took to scan all clients using their infrastructure.
Has anyone ever had an item update rejected?
First ask the author if they’re available for customization work. Nobody is better suited to help you efficiently.
First, don’t assume the theme is broken and the extension isn’t. Second, don’t assume either is broken. Third, what you probably need is integration so both can work fine together.
There are over 6500 extensions and themes listed on Magento Connect alone. It’s impossible to expect zero collisions when pushing two independently developed sets of code together.
Be realistic. Themes can’t test with thousands of extensions. Extensions can’t test with thousands of themes. Both extensions and themes can do things that break the other even when all best practices are followed. That’s the nature of modifying or extending core code in any platform.
You need to work with a developer to resolve conflicts from integration. It’s not the extension or theme developer’s job to complete your project’s integration. It’s your job to retain someone who can do that because your project requires it. Requesting a refund because you didn’t do that is not a bug in those products.
All I see is green. It’s kind of distracting because it looks like one author dominating every thread. Was much better when the grey default avatar receded into the background (like a user without any avatar should).
I would be dollars to pesos for almost any website that Safari for Windows has fewer users than IE7.
Don’t waste your time testing all browsers. Test relevant browsers. When a project has specific needs then test further.
Have the client buy it, or make an account for them and hand it over. It saves a huge headache when they want to update later and aren’t working with you (it happens more than you think). If they own the license and have a valid purchase code it clears away so much frustration vetting them.
Elite authors have already earned so much more because of the Elite program
It’s the other way around. Authors earn the Elite program because they sold a specific amount outside the program. The program doesn’t change their earnings at all, or change their commitment/expectation. It’s simply a signifier of sales volume by price.
I think your expectations aren’t realistic regarding how Elite’s relate to the marketplace’s business model. Unless you were willing to pay more for increased value (assurance of updates) then authors and Envato won’t change their behavior.
I do think this change needs to happen. Otherwise it’s basic economics. Authors should not put effort into updates that yield no profits. Why would anyone?
That’s what is driving dissatisfaction here. Customer experience is important, but it doesn’t override economics. If you can’t maintain a product fiscally then it’s not worth doing for any customer.
Personally, I would hope that Envato would ask all Elite authors to sign a new contract when they accept the new status. The contract could simply say that if the author chooses to no longer support a theme that is sold as Elite, then Envato will maintain it and keep the profits.
Authors have no contract with Envato, and Envato cannot assume ownership of copyrighted work to modify/sell it themselves. This isn’t how a marketplace model works or could work legally.
Perhaps Envato needs to provide the customers with a guarantee that every Wordpress theme will be updated for at least two years from inception?
How much would you pay for that assurance? Because that’s a big risk for an author if the item doesn’t sell well and they still need to devote resources to maintaining a product nobody buys.
At the very least, Envato should remove products immediately when an authors announces they are no longer updating a theme of this kind. Allowing it to be sold while it is no longer comparable is unethical and is a guaranteed bad customer experience waiting to happen.
Envato should be more aggressive removing outdated products. It reflects poorly on the marketplace.