WordPress 2.3 introduced a new feature that checks whether or not your plugins and WordPress version are out-dated. Unfortunately, it takes the unnecessary step of sending a list of all your plugins—active and inactive—along with your URL to the WordPress servers. This stirred up a whirlwind of emails among WordPress developers, and it even made Slashdot.
Obviously there’s nothing wrong with someone knowing one’s URL alone. And I believe those at WordPress.org who are interested in this data do not have malicious intentions. However, I don’t necessarily want to be forced into sending a list of all the plugins associated with me just to know when new versions are available.
Unfortunately, that rules out the two plugins that simply disable the update check altogether.
So I’ve written this plugin—my Tinfoil-hat plugin—to check for plugin and WordPress updates without sending a list of plugins associated with my domain name. Here’s how it works: instead of sending in the URL, it sends in a wp_hash of the URL and plugin name for each plugin. It is unique so that WordPress.org’s statistics will be accurate, yet it’s very difficult to associate with a particular blog. Furthermore—in case you didn’t think my tinfoil hat was on tight enough—my plugin checks for each plugin individually at randomly-spaced times, using WP’s cron. And for each plugin, the only data it sends is the plugin’s file name. Unfortunately, due to the WordPress.org API, the plugin does have to phone in the WordPress version number. However, the URL associated with that version has been wp_hash-ed.
But that’s not all. I’ve actually expanded the update-check functionality. The built-in update-check requires the use of fsockopen, which some hosts disable. My plugin will still check for updates when fsockopen isn’t available, by using WordPress’s own Snoopy class instead. [Update: Quandary pointed out that Snoopy uses fsockopen as well, so in version 1.0.1 I’ve dropped Snoopy and used cURL or stream_context_create instead. ] And, I’ve added a nifty little feature that lets you tell the little plugin-update reminder to go away for a week.
Download version 1.0.2
Installation
Extract filosofo-tinfoil-hat.php, upload it to your /wp-content/plugins/ directory, and activate it. That’s it.
Internationalization
I’ve included a .po file with the downloads for those who want to translate the plugin into their own language. If you do, please send me a copy of the localized .po and .mo files, and I’ll post them here.
| WP Code | Language | PO Text File | MO Translation File | Plugin Version |
|---|---|---|---|---|
| de_DE | German – Deutsch | filosofo-tinfoil-hat.po | filosofo-tinfoil-hat.mo | 1.0.1 |
Please note: the update notices will not appear immediately, as the plugin schedules them to check every 12 hours, starting some time in the next 12 hours from activation.
I have suggestions or I need help. What can I do?
Please leave a comment in my support forum for this plugin or send me an email at if.website (located at) gmail (dot) com . Or you can leave a comment below.
See some of the other WordPress plugins I’ve created.
Like this plugin? Is it worth a latte?
This month I have received $31.50 in donations for the free plugins I offer here, which is about $0.01 per download.
