Title: trademarks – Make WordPress Plugins

---

#  Tag Archives: trademarks

 [  ](https://profiles.wordpress.org/ipstenu/) [Ipstenu (Mika Epstein)](https://profiles.wordpress.org/ipstenu/)
5:10 pm _on_ November 29, 2021     
Tags: [reminder ( 30 )](https://make.wordpress.org/plugins/tag/reminder/),
[security ( 15 )](https://make.wordpress.org/plugins/tag/security/), trademarks 

# 󠀁[Please don’t ‘test’ submitting other people’s plugins.](https://make.wordpress.org/plugins/2021/11/29/please-dont-test-submitting-other-peoples-plugins/)󠁿

tl;dr: **Never** test vulnerabilities on someone _else’s_ live site without their
permission.

By now, a lot of you have read the post about the so-called “[WordPress Plugin Confusion](https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/)”
whereby a pluginPlugin A plugin is a piece of software containing a group of functions
that can be added to a WordPress website. They can extend functionality or add new
features to your WordPress websites. WordPress plugins are written in the PHP programming
language and integrate seamlessly with WordPress. These can be free in the WordPress.
org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. hosted on WordPress.orgWordPress.
org The community site where WordPress code is created and shared by the users. 
This is where you can download the source code for WordPress core, plugins and themes
as well as the central location for community conversations and organization. [https://wordpress.org/](https://wordpress.org/)
can ‘override’ a plugin not hosted here, by using the same name/permalink. Someone
even made a [CVE](https://nvd.nist.gov/vuln/detail/CVE-2021-44223) for it.

Please stop ‘testing’ this vulnerability with us.

This is not a new issue by any means. Heck, this has been something people report
on now and then for years. In the past, the plugin team coordinated a release of
a plugin to intentionally do that and protect users from a significantly dangerous
plugin. We’ve locked out permalinks to prevent abuse and so on.

Sadly, the post conflated a couple of issues, which have to do with social engineering
and a misunderstanding of why we have those permalink-checks for trademarks. Also
it’s entirely incorrect with this one claim:

> and the whole approval process is automated

This could not be further from the truth. All new plugins submitted go through **
_human_** review. When you submit a plugin, somebody reads your plugin code, your
submitted slug and name, checks on the history of the plugin, checks that the developer
isn’t a returned banned user, etc. The process is by no means “automated” and while
it has some automated pre-flight checks, they’re really there to weed out things
that would end with a pended review, to make the process faster for everyone. While
we have some tools we run, they don’t actually approve or reject anything, they’re
just fancy code-sniffers, customized to look for specific patterns or known bad 
behavior, outside of the overall quality like PHPCSPHP Code Sniffer [PHP Code Sniffer,](https://github.com/squizlabs/PHP_CodeSniffer)
a popular tool for analyzing code quality. The [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards/)
rely on PHPCS. (you are using that, right?). Submitting things to test out what 
you think is an “automated” system is wasting the time of our volunteers and reviewers.

See, that trademark ‘blockBlock Block is the abstract term used to describe units
of markup that, composed together, form the content or layout of a webpage using
the WordPress editor. The idea combines concepts of what in the past may have achieved
with shortcodes, custom HTML, and embed discovery into a single consistent API and
user experience.’ isn’t actually there to protect trademarks _for_ the owners. We
have them to make our life easier and to protect **you**, the developers, from making
some pretty common mistakes. Just for an example, we block ‘akismet’ not because
we were asked to by Automattic, but because over 50 people a year tried to submit
a copy of Akismet instead of uploading it to their own site.

As the post (properly) notes, you can’t submit a plugin with a permalink that’s 
already in use, be it on WordPress.org _or_ if it has a notable user-base outside
of WordPress.org. Even if a name gets by those checks, the review team can see if
the permalink is being used and by (roughly) how many people. That’s a large part
of why we have humans checking these things. A human can look at an email and a 
plugin and check for proper ownership.

By the way, as a number of people have complained about, this is **why** we require
official plugins to be owned by demonstrably official accounts (like with an email
address that uses the right domain, and so on). It’s not just to prevent trademark
abuse, it’s to ensure that kind of thing is less likely to happen.

Now. Do you need to test this? No. All you’re doing is making things more stressful
and more likely to be missed, which doesn’t solve a problem. Do you need to add 
your trademark to the blocked list? Again, no. Unless it’s being actively abused,
or there’s a high-risk situation that it might be, it’s just adding more work for
a low (to negligible) risk in the first place.

How **DO** you protect your own, non-org hosted plugins, from this?

Use the [UPDATE URI](https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/)
flag.

We check for it on .org, and won’t allow you in with it (since… why?) but for plugins
we don’t host, well that’s literally why it exists 🙂 Use it. Love it. But please,
remember the first step in ethical hacking is _never_ trying out a vulnerability
on someone else’s site without their permission.

[#reminder](https://make.wordpress.org/plugins/tag/reminder/), [#security](https://make.wordpress.org/plugins/tag/security/),
[#trademarks](https://make.wordpress.org/plugins/tag/trademarks/)

 [  ](https://profiles.wordpress.org/ipstenu/) [Ipstenu (Mika Epstein)](https://profiles.wordpress.org/ipstenu/)
1:34 am _on_ March 10, 2021     
Tags: [guidelines ( 27 )](https://make.wordpress.org/plugins/tag/guidelines/),
trademarks   

# 󠀁[Reminder: Trademarked Logos Cannot Be Used In Banners/Icons](https://make.wordpress.org/plugins/2021/03/10/reminder-trademarked-logos-cannot-be-used-in-banners-icons/)󠁿

**tl;dr: **Using someone else’s trademarked logo in your pluginPlugin A plugin is
a piece of software containing a group of functions that can be added to a WordPress
website. They can extend functionality or add new features to your WordPress websites.
WordPress plugins are written in the PHP programming language and integrate seamlessly
with WordPress. These can be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. icons or banners is a trademark 
violation, and they have the right to have us remove your plugin at any time.

We’ve [posted about this before](https://make.wordpress.org/plugins/2018/09/26/reminder-respecting-trademarks-includes-icons-and-banners/),
and it’s apparently time for a reminder. Logos for brands are generally trademarked.
Those logos **cannot** be used in your plugins banners or icons **unless** you have
their express permission.

Trademark infringement is the _unauthorized_ use of someone else’s registered trademark.
This means you are using their logos without permission. When we talk about misuse,
it’s more clear to think about it in terms of physical products. Lets say you make
electronic gizmos and they happen to work with MacOS. If you put Apple’s logo on
your products, you would be infringing on their trademark. Basically you’re misrepresenting
yourself in a way that implies or suggests that the trademark owner approves of 
your work when this is not true.

If you got an email from us (either a warning or a closure notice) about this sort
of matter, please address it promptly. Check your banners and icons, and your display
names, to make sure you aren’t in violation. Remove all trademarked logos from your
plugin banners and icons (yes, even social media ones), and make sure it’s clear
that _your_ plugin is not an official plugin (unless it is, and then you don’t have
to worry).

Some quick questions:

## Why do trademark owners care?

Trademark owners who _do not_ protect their trademark usage end up being unable 
to enforce it legally later on. So it’s in their best interests to monitor the use
and prevent misuse. Also, customers often get confused about the origin of the plugins,
and will complain to the wrong people if there’s an issue. Finally, you are essentially
profiting from the goodwill that the trademark owner has generated.

## Who actually complains to [company] about a 3rd party plugin!?

A lot of people, actually. A high number of people complain to companies and the
companies come back to us and say we’re encouraging the behavior which causes confusion
with users and a loss of trust in the trademark owners. After all, if your unofficial
plugin breaks someone’s site, and they blame the trademark owner? Well that wasn’t
fair at all.

## Why are other people getting away with it?

They aren’t. They’re just living on borrowed time, as the saying goes.

We have getting close to 100k plugins. They are all monitored by humans (not automated
for this one yet) and a human has to check if you had permission or not, if you’ve
been warned or not, if your plugin merits a grace period or not, and if the trademark
owner has officially demanded we close your plugin immediately. Plus a large number
of people argue about this, which eats up time. We do things in batches to try and
stay sane.

Also … we strongly recommend you never use that excuse. It makes you sound like ‘
sour grapes’ or childish to argue that someone else didn’t get caught _yet_, so 
you should be allowed to keep breaking the rules. That just makes this process take
longer for everyone.

## I reported someone, but you didn’t do anything! Why not?

Unless it’s **your** trademark, we generally don’t do anything right away because,
again, we have close to 100,000 plugins. The number of violations is high, and in
order not to ‘play favorites’ we do them in the order we’ve got them. We don’t bump
people higher (or lower) on the list just because someone complained or is our friend.
That would be terribly unfair!

If it was your trademark, we probably did bump them to the top of the list. We do
try to get the developers to fix things before we close (especially for larger plugins
that would have a massive negative impact on the community), but this isn’t always
possible.

## Isn’t it fair-use to use social media logos for related plugins?

No. Besides the fact that ‘fair use’ doesn’t apply to trademarks, it’s a matter 
of **how** you’re using it. Social media companies usually give permission to use
their logos on your website as a direct link to your presence on their ecosystem.
So a bird links you to Twitter. However. That is **not** the same as using a logo
for **advertising** which is what many of them consider banners and icons to be.
Their argument is that WordPress.orgWordPress.org The community site where WordPress
code is created and shared by the users. This is where you can download the source
code for WordPress core, plugins and themes as well as the central location for 
community conversations and organization. [https://wordpress.org/](https://wordpress.org/)
is not your site. We’ve argued about this, but some companies have slapped us with
legal threats so there we are.

## What about screenshots?

Some trademark owners demand we prevent that too, some don’t. I wish we had a clearer
answer here, but just to grab an example, there is a certain social media company
who doesn’t want to see you use the logos in screenshots. Meanwhile, there are other
credit card companies who don’t mind. Keeping track of those is incredibly hard!
We recommend you not use them in screenshots.

## What if I redraw my own version of the logos?

Then you’re probably going to get a legal demand from the owner to stop because 
you broke their usage guidelines for the logo. We should note here, when you _intentionally_
try to get around trademark law, you are effectively confessing guilt. You know 
what you’re supposed to be doing and you’re actively trying to get away with something?
The trademark lawyers will be able to take you down in seconds.

## How can I promote my plugin’s associations without violating?

First and foremost, the directory isn’t for _promoting_ anything, it’s for listing.
If you’re doing all this to basically be a big “Click Here!” method, you’re going
about it the wrong way.

Now if you’re really asking “How can I improve my usage by getting people to click
on _my_ plugin?” then you start by making a great banner that is memorable.

Stop treating a banner or an icon as a billboard. You don’t need to show off what
your plugin can do, you need to be memorable and noticeable. The best banners are
the ones that stick in people’s minds, and the odds are not a single person remembers“
Oh you’re the one with the logos in this order…”

But no, you don’t need all the examples of the possible social media uses on your
plugin banner.

## What about Display Names?

In general, you can use “For [Trademark]” in your display name. There are _some_
vendors who are particular and won’t even let you do that. We do our best to try
and warn you ahead of time, but sometimes vendors change things on us without notification.
Most are pretty cool about working out a plan so we don’t have to close plugins,
some are not. I wish I had a better answer there.

[#guidelines](https://make.wordpress.org/plugins/tag/guidelines/), [#trademarks](https://make.wordpress.org/plugins/tag/trademarks/)

 [  ](https://profiles.wordpress.org/ipstenu/) [Ipstenu (Mika Epstein)](https://profiles.wordpress.org/ipstenu/)
10:46 pm _on_ August 8, 2019     
Tags: [guidelines ( 27 )](https://make.wordpress.org/plugins/tag/guidelines/),
trademarks   

# 󠀁[Trademark Enforcement](https://make.wordpress.org/plugins/2019/08/08/trademark-enforcement/)󠁿

Many of you have received an email from us regarding pluginPlugin A plugin is a 
piece of software containing a group of functions that can be added to a WordPress
website. They can extend functionality or add new features to your WordPress websites.
WordPress plugins are written in the PHP programming language and integrate seamlessly
with WordPress. These can be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. closures for trademark violations.**
These emails were absolutely _not_ made in error.**

Due to recent demands by trademark owners, we will now be more strictly enforcing
trademark abuse when it comes to plugins. While it should be sufficient to tell 
you “Don’t abuse someone’s trademarks.” the reality is that those things are complex
and confusing.

We will have altered our system to prevent the submission of those plugins that 
violate trademarks. This is not something we do lightly, however we have been compelled
to close a great many plugins recently. It’s more efficient to prevent potential
abuse than to clean it up after the fact.

## How Trademarks Apply

Trademarks apply to the following aspects of your plugin:

 * **The Slug** – Your plugin slug may not begin with someone else’s trademarked(
   or commonly recognized) term
 * **The URLURL A specific web address of a website or web page on the Internet,
   such as a website’s URL www.wordpress.org** – You may not use someone’s trademark
   in your _domain_ name
 * **The Display Name** – You may not begin the display name with someone else’s
   trademarked (or commonly recognized) term and, in many cases, you may not use
   the name AT ALL.
 * **All Images** – You may not use trademarked logos/images in your banner, screenshots,
   logos, etc

We do our best to take care of the first one – the slug – when you submit your plugin.
Plugins approved **pre 2015** with trademarks in the URL are ‘grandfathered’ in 
and permitted to remain. All plugins approved after 2015 are required to meet this
restriction. All plugins, _no matter when they were approved_, must comply with 
trademark usage in display names and images.

We also keep our eye on similar names. There’s a concept known as brand confusion,
so naming your company or plugin **similar** to another company (like Facerange,
say) you can _still_ be legally compelled to change the name. This is why, for example,
you cannot use ‘pagespeed’ in your URL for a site optimization tool, even though
Google’s only trademark is on ‘page speed’ (two words). The name is similar **enough**
that we have been required to close plugins.

## Additional Restrictions

In addition to the above, many brands have an above-and-beyond requirement. You 
must _also_ avoid representing the brand in a way that:

 * Makes the brand the most distinctive or prominent feature
 * Implies partnership, sponsorship or endorsement
 * Puts the brand in a negative context as part of a script or storyline

Also many have statements like this when regarding _applications_ specifically:

 * Don’t modify, abbreviate or translate the brand name to a different language 
   or by using non-English characters, or use any logos to replace it.
 * Don’t combine shortened versions of the brand with your own brand.
 * Don’t use our ‘wordmark’

This is where it all gets crazy weird. But an example would be the brand Facerange.
With the above restrictions, naming your plugin (which is an application) “WordRange”
or “FacePress” and having it be a plugin to work with Facerange would be a violation
of their terms.

It all comes back to making it painfully clear that you and your work have NO relationship
to their products. Some allow you to use their product name wherever you want, and
some won’t permit it at all. When in doubt, the best course of action is to assume
you don’t have permission and not to use it.

## Quick FAQ

**Can I use ‘for BRAND’ in my plugin display name?**

Sometimes. It depends on the brand. We don’t have a complete list, which makes this
very complex. It’s important to pay attention to the rules for brand usage and _application_
uses. Some brands have separate rules. In general, if they’ve trademarked their 
_wordmark_ then no, you cannot use it for an application. And yes, a plugin is an
application.

**What’s a wordmark?**

That’s the name. So Facerange’s wordmark would be “FACERANGE.”

**I have permission from PayBuddy to use their wordmark/logo, is that okay?**

We’d rather you not use it on your PLUGIN pages. It’s impossible for us to verify,
and many agreements with brand owners are rescinded. Brand your webpage all you 
want, but leave their official logos and word marks off your plugin.

**A brand contacted me directly and asked me to change things. Is that a real demand?**

More than likely they are. They’ll usually include links and directions and contact
information. Use that and comply with them, because if you don’t, they’ll come to
us.

**What about existing violations?**

We’re handling them in batches. You don’t need to report them to us.

**But if you haven’t closed them, why are you closing my plugin?**

Because there are thousands of plugins and we do them in small batches for sanity.
Also brand owners sometimes give us a priority list, and you just happened to be
higher than someone else.

**Don’t they get an SEO boost?**

No. Write a better readme that uses the brands properly and contextually, and you’ll
be fine.

**Someone’s infringing on MY brand, what do I do?**

Contact them first. Ask them to stop (nicely please). Link them to your brand documentation.
If they ignore you, email us the same. We’ll close the plugin until they fix it.

We recommend you **BE CLEAR** about what you require. Remember, most people aren’t
familiar with trademark laws and their intricacies, so it’s very easy for them to
get confused.

[#guidelines](https://make.wordpress.org/plugins/tag/guidelines/), [#trademarks](https://make.wordpress.org/plugins/tag/trademarks/)

 [  ](https://profiles.wordpress.org/ipstenu/) [Ipstenu (Mika Epstein)](https://profiles.wordpress.org/ipstenu/)
4:26 pm _on_ September 26, 2018     
Tags: [guidelines ( 27 )](https://make.wordpress.org/plugins/tag/guidelines/),
trademarks   

# 󠀁[Reminder: Respecting Trademarks Includes Icons and Banners](https://make.wordpress.org/plugins/2018/09/26/reminder-respecting-trademarks-includes-icons-and-banners/)󠁿

This is a reminder that one of our guidelines is respecting trademarks and brands.

## tl;dr

Using someone else’s trademarked logo in your pluginPlugin A plugin is a piece of
software containing a group of functions that can be added to a WordPress website.
They can extend functionality or add new features to your WordPress websites. WordPress
plugins are written in the PHP programming language and integrate seamlessly with
WordPress. These can be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. logo or banner is a trademark violation,
and they have the right to have us remove your plugin at any time.

## Explanation

Normally trademark situations come up when you submit a plugin like Facerange Messenger,
but you don’t happen to work for Facerange. We change your slug from `facerange-
messenger` to `messenger-for-facerange` (or something to that effect) and ask you
to rename the plugin to “Messenger for Facerange”. Another common instance is when
we have to explain `bobo-facerange-messenger.com` is a violation of their trademark
use, and you need to rename your domain.

As of late, companies have begun enforcing logo usage as well. Originally they were
just picky about the icon or banner being _only_ their logo, but now they’ve moved
on to the use at all. What this means to you is simple: **Don’t use someone else’s
logo in your plugin’s icon or banner.** Period.

If you don’t have the _legal rights_ to use it, don’t. If you’re not sure if you
do, assume you don’t. If you lose the legal right (like no longer being a part of
PayFriend’s trusted developer program), you must _immediately_ remove their logo
from your plugin’s public facing pages.

## FAQ

### What happens if a company complains?

You will receive a warning via email that a complaint has been filed and you are
to correct the icon and/or banner immediately.

### How long do I have to comply?

0-days. Technically you’re already a violation. They don’t have to let us give you
a chance to come correct, so we would appreciate it being done within 48 hours.

### Do I have to push a new version of my code to do this?

Nope. Just fix the images in your assets folder.

**Addendum by Otto**: This includes screenshots. If you have somebody else’s logos
in your plugin itself, or displayed on your service, then you might want to consider
getting those removed as well.

### What do I do if a company asks me to change my icon/banner?

Change it. Seriously, it’s not worth it. Make your own unique and distinct logo 
for your plugin. It’ll make you more memorable in the long run.

### Do I have to change my display name as well?

Yes, you do. Remember: Don’t start your display name with _someone else’s_ trademark/
copyright/commonly known name. If it’s not _your_ name, it’s not a good idea.

### Isn’t this contrary to the GPLGPL GPL is an acronym for GNU Public License. It is the standard license WordPress uses for Open Source licensing 󠀁[https://wordpress.org/about/license/](https://wordpress.org/about/license/)󠁿. The GPL is a ‘copyleft’ license 󠀁[https://www.gnu.org/licenses/copyleft.en.html](https://www.gnu.org/licenses/copyleft.en.html)󠁿. This means that derivative work can only be distributed under the same license terms. This is in distinction to permissive free software licenses, of which the BSD license and the MIT License are widely used examples. and open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL.?

No. Licences like GPLv2 are separate entities, and in fact the GNU supports [the use of copyright in code](http://www.gnu.org/licenses/gpl-howto.html).
As for open source, it’s not above the law. Check out [FOSSMarks](http://fossmarks.org)
for more information and as always, contact a lawyer with your legal questions.

**Addendum by Otto**: Also note that Trademark and Copyright are two entirely different
things. There is no “licensing” for trademarked items. The GPL and any other license
will not apply. Basically, if something is trademarked, then you need to get explicit
permission to use it, in writing, or you just don’t use it.

### I think it’s fair use. Will you let me keep the icon while I fight them?

Alas, no. We have to consider the directory as a whole and it’s over 60k plugins.
The risk for us is too high, and we will side with the legal request.

**Addendum by Otto**: There is no concept of “fair use” in trademark law. Don’t 
use other people’s trademarks. Period.

### What about existing plugins that you let violate trademarks in the slugs?

That’s because we do not have the technical ability to rename a slug without breaking
it for all users. They’d be abandoned. And you can’t automatically migrate users
from one plugin to another, so because of that limitation, most companies have permitted
us to retain plugins that violate their trademark in the slug. Some have not, and
we’ve been forced to close those plugins.

Since the logo and display name _can_ be safely changed, it’s a different matter.

### Someone else is violating too! Why didn’t you shut them down?

We email people in batches. You’re welcome to report fellow plugin devs who are 
violating the guideline, but the odds are we’ve already been in contact with them(
or will be shortly). You’re not being singled out, we just have a lot of plugins
to work through and we take breaks. Keep in mind, if it’s not YOUR trademark, we
generally just warn.

### Someone’s using my trademark in their icon/banner, how do I get them to stop?

Contact them first and point to this post (and [the 17th guideline](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#17-plugins-must-respect-trademarks-copyrights-and-project-names))
and just ask them _NICELY_ to please change it. If they blow you off or don’t respond
in a reasonable time (like 2 weeks), you can email us at `plugins@wordpress.org`
and we’ll follow up.

[#guidelines](https://make.wordpress.org/plugins/tag/guidelines/) [#trademarks](https://make.wordpress.org/plugins/tag/trademarks/)

 [  ](https://profiles.wordpress.org/nacin/) [Andrew Nacin](https://profiles.wordpress.org/nacin/)
5:21 am _on_ May 11, 2012     
Tags: trademarks   

# 󠀁[The WordPress trademark and domain names](https://make.wordpress.org/plugins/2012/05/11/the-wordpress-trademark-and-domain-names/)󠁿

A friendly reminder to pluginPlugin A plugin is a piece of software containing a
group of functions that can be added to a WordPress website. They can extend functionality
or add new features to your WordPress websites. WordPress plugins are written in
the PHP programming language and integrate seamlessly with WordPress. These can 
be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. authors: Per [the WordPress trademark policy](http://wordpressfoundation.org/trademark-policy/),
do not use “wordpress” in your domain name. We have been actively notifying developers
that reference such domains in readme files or plugin headers. If you are violating
the trademark, please update your plugins. Your next step should be to switch to
another domain.

As our [page on wordpress.org](https://wordpress.org/about/domains/) says, “We see
this most frequently with spammy sites distributing plugins and themes with malware
in them, which you probably don’t want to be associated with.”

[#trademarks](https://make.wordpress.org/plugins/tag/trademarks/)