[wp-hackers] Revisiting phone home and privacy

Matt Mullenweg m at mullenweg.com
Tue Dec 8 06:40:05 UTC 2009

On 2009-12-06 10:33 PM, Lynne Pope wrote:
> The reason it was hacked was that the owner didn't know of an update that
> would have protected his site. The reason he didn't know was because he was
> using plugins to prevent update checks - and was only using those because he
> didn't want to send his site URL to WordPress. (Ok, he would have known if
> he had been keeping track of updates externally, but this is a case where
> privacy concerns removed an important feature from WordPress and
> disadvantaged him in the process).

One would imagine if you install a "disable update check" plugin you'd 
be conscious of the responsibility of checking for updates manually.

Even with updates on many people don't update, unfortunately.

There was a different plugin that just hashed the URL but still checked 
for updates, which we recommended for the paranoid.

All in all though, not a high priority. I've never met anyone in person 
who disables update checks.* (Maybe they're scared to come to WordCamps.)

* I have met people who disabled it for clients whose sites they managed 
and were responsible for.

Matt Mullenweg
http://ma.tt | http://wordpress.org | http://automattic.com

More information about the wp-hackers mailing list