After noticing suspicious review activity for the AccessiBe plugin, accessibility consultant Joe Dolson reported the fake reviews to WordPress.org’s plugin team. The reviews were removed in under 48 hours, thanks to Dolson’s detailed research.
At the time of reporting, Dolson found 31 five-star reviews, 2 four-star reviews, and 2 one-star reviews. After putting these into a spreadsheet, he found certain correlations among the first 11 five-star reviews:
“All eleven user accounts I viewed had a common pattern of registration and use: between zero and 3 support topics raised and 4-7 reviews over the last 18 months.“Every one of these eleven accounts had at least one point of overlap with another user in that group. That is, for each plug-in or theme interacted with by one of the accounts, at least one of the other accounts also interacted with that plug-in or theme.“Multiple accounts had submitted one-star reviews on another plug-in, and in a quick assessment of other one-star reviews on that plug-in, I quickly found another account that had also submitted a five-star review on AccessiBe.
Approximately 33 reviews were removed from the AccessiBe plugin’s page after the report. Plugin team member Mika Epstein said that the team “passes the reports to a volunteer who is amazing at hunting down VPNs and IPs for that.” She also recognized Dolson’s legwork and reporting as being instrumental in this particular case.
Dolson allowed me to view his spreadsheet, where he logged URLs for each suspected fake review, along with dates and reviews left on other plugins. These were not saved to the Internet Archive, but Dolson said they were all “pretty generic,” and that each one was a one-sentence review. The user profiles still appear to be there but do not have any activity listed.
“As a WordPress plugin author myself, I find