What Data A/B Testing is loading from an external server?


We tested some plugins

What data exactly A/B Testing is loading from an external server or why is this request needed at all - to where does it connect?

Kind regards

  • Andi

    Bu this means also that the following plugin does not get checked right even it is WPMUDEV or - why not?

    The point is that we as providers would really need to know what data gets send from and to the site if the customers are asking us. The laws in EU are very strict and even very strict in Germany when it comes to sending data without that the customer agreed. So what would be the correct text to be written into the AGB / Terms / Privacy statements that there no problems with law enforcement companies (Abmahnungen) and customers will occur?

    Kind regards

  • Andi

    What would be actually the correct settings if using what is suggested here:

    Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

    Blocking won't help I guess as the plugin would need access to the wpmudev server but to avoid that any server could actually access a restriction of hosts could help - what would it be? WP_ACCESSIBLE_HOSTS?
    Is there a way that this actually could be set automatically by the plugin so that that error won't even appear?

    Kind regards

  • Ivan

    Hi Andi,

    Requests are only made to check for updates. There is no safe and unsafe version because there is nothing security related happening there. As for setting accessible hosts it would affect any other plugin that interacts with different APIs like Twitter, Google, Facebook etc. or doing anything related to getting data from outside source Google Analytics amongst others, so we can not do that from our code.

    We are working on improving code base by removing deprecated functions, we are more focused on getting more features out for our members and this had a lower priority.

    As for privacy concerns no personal data is being communicated in any of our remote requests and certainly not any type of site visitors tracking.

    Getting this kind of report when check is done on a plugin that was downloaded from suspicious sources should trigger some caution and further inspection of what code in question is doing. And it is always good to check with plugin developer just to confirm that everything is in order.

    Thank you for your feedback.

    Kind regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.