[wp-hackers] Revisiting phone home and privacy
Matt Mullenweg
m at mullenweg.com
Tue Dec 8 06:40:05 UTC 2009
On 2009-12-06 10:33 PM, Lynne Pope wrote:
> The reason it was hacked was that the owner didn't know of an update that
> would have protected his site. The reason he didn't know was because he was
> using plugins to prevent update checks - and was only using those because he
> didn't want to send his site URL to WordPress. (Ok, he would have known if
> he had been keeping track of updates externally, but this is a case where
> privacy concerns removed an important feature from WordPress and
> disadvantaged him in the process).
One would imagine if you install a "disable update check" plugin you'd
be conscious of the responsibility of checking for updates manually.
Even with updates on many people don't update, unfortunately.
There was a different plugin that just hashed the URL but still checked
for updates, which we recommended for the paranoid.
All in all though, not a high priority. I've never met anyone in person
who disables update checks.* (Maybe they're scared to come to WordCamps.)
* I have met people who disabled it for clients whose sites they managed
and were responsible for.
--
Matt Mullenweg
http://ma.tt | http://wordpress.org | http://automattic.com
More information about the wp-hackers
mailing list