Your plugin has been closed as it has been found to be in violation of the directory guidelines, found here:

https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/

In specific, your plugin is tracking users without clear opt-in consent.

https://wordpress.org/plugins/multi-currency-wallet/

What to do next

We understand that this is frustrating to hear, and that having your plugin closed is never a great day. To help restore your plugin as quickly as possible, you are required to do the following:

Remove all non-optional tracking code
Perform a full security and standards review on your own code
Increase the plugin version
Ensure the 'tested up to' version in your readme is the latest release of WordPress
Update the code in SVN
Reply to this email and request a re-review

If you feel this decision was made in error, you please reply to this email and explain why.

Plugins are closed immediately and the developer contacted when this happens, in part because we have an imperfect system of notifications. This means until your plugin is corrected to meet our guidelines, we will not reopen it.

When we re-review your code we will look at not just the changes, but the entire plugin, so there may be a delay.

Why this is a violation

We do not permit plugins to track users of their code without the tracking being 100% optional, and turned off by default. We feel strongly about the privacy of plugin users, and by that standard, they should not have their actions recorded.

Furthermore, even just contacting your own servers without disclosure and consent is a GDPR and EU Privacy violation. In the United States, California has already instituted a law related to these. By not allowing your users to opt-in to sending data to or pulling information from your servers, you put yourself in severe legal jeopardy which we will not be able to protect you from.

Your plugin sends back data usage to https://noxon.wpmix.net/counter.php?msg="+encodeURI(msg)

While you claim there's no 'private' data, the reality is that by sending data AT ALL, without express and clear OPT IN consent, you have violated our guidelines.

In addition, looking at your plugin, your readme fails entirely to properly document that you use these services:

https://mainnet.infura.io/v3/5ffc47f65c4042ce847ef66a3fa70d4c
https://www.blockchain.com/btc
https://live.blockcypher.com/
https://etherscan.io
https://ghostscan.io
https://explore.next.exchange
https://horizon.stellar.org
https://api.blocktrail.com/v1/BTC
https://data-api.defipulse.com/api/v1/egs/api/ethgasAPI.json?api-key=53be2a60f8bc0bb818ad161f034286d709a9c4ccb1362054b0543df78e27
https://api.bitcore.io/api/BTC/mainnet
https://next.swaponline.io/mainnet
https://api.blockcypher.com/v1/btc/main"
https://noxon.wpmix.net

And? Some of those have API keys in public. We checked DefiPulse and while they don't expressly state each individual human needs their OWN API key, they do limit keys heavily to the point that if you have more than 1000 users, your code will start costing you money.

Not to mention you can track the API usage on your own, which again is illegally tracking users without permission or consent.

Please either remove the code for tracking or change to be an opt-in feature of your code.

If you have any questions, please let us know.

нужно по умолчанию держать левые блокчейны типа ghost и т.п. отключенными, убрать сендпульс и прочие, по максимуму юзать rpc

• по умолчанию опция отправки дебага должны быть отключена (проверить что на counter.php нет запросов)
• добавить описание всех эндопинтов в ридми
• ключ инфуры должен настраиватться в админ панели (по умолчанию наш)
• убрать дефипульс

при загрузке админу указать комментарий.

Sending debug data is now optional (disable by default), API keys to infura can be changed in the admin panel, defipulse removed. The description of all the endpoints is added to the readme.

дефипульс убран. Использовали для запроса цены на газ. Сейчас запросы к рпс

readme updated 7da339d