What Data A/B Testing is loading from an external server?

Hi

We tested some plugins

What data exactly A/B Testing is loading from an external server or why is this request needed at all – to where does it connect?

Kind regards

Andi

  • Majid
    • Recruit

    Hello Andi

    I hope you are doing fine today :slight_smile:

    The HTTP request you see in the message is made by the plugin’s mini dashboard which all of our plugins use, and it’s there to allow the plugins communicate with WPMU DEV servers and check for updates and display notifications mainly, so It’s totally safe and there is nothing to worry about.

    Cheers,

    Majid

  • Andi
    • The Exporter

    Bu this means also that the following plugin does not get checked right even it is WPMUDEV or – why not?

    The point is that we as providers would really need to know what data gets send from and to the site if the customers are asking us. The laws in EU are very strict and even very strict in Germany when it comes to sending data without that the customer agreed. So what would be the correct text to be written into the AGB / Terms / Privacy statements that there no problems with law enforcement companies (Abmahnungen) and customers will occur?

    Kind regards

    Andi

  • Andi
    • The Exporter

    Comment Indexer v. 1.0.9.1 and Comment Form Text are some more plugins which do not contain that callback stuff or an unsafe callback call – the one of comment indexer is safe! – why not integrating that safe one in all other plugins of wpmudev?

  • Andi
    • The Exporter

    Please have a look at fundraiser plugin – it still has functions which are even deprecated since WordPress 2.8!!!!

    Things like that not really speak for code quality! – actually, it shows that those plugins at WPMUDEV don't get actually the attention of their developers which would be needed to keep them updated and working with clean code also in 4.9!

  • Andi
    • The Exporter

    What would be actually the correct settings if using what is suggested here:

    Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.

    Blocking won’t help I guess as the plugin would need access to the wpmudev server but to avoid that any server could actually access a restriction of hosts could help – what would it be? WP_ACCESSIBLE_HOSTS?

    Is there a way that this actually could be set automatically by the plugin so that that error won’t even appear?

    Kind regards

    Andi

  • Ivan
    • Developer

    Hi Andi,

    Requests are only made to check for updates. There is no safe and unsafe version because there is nothing security related happening there. As for setting accessible hosts it would affect any other plugin that interacts with different APIs like Twitter, Google, Facebook etc. or doing anything related to getting data from outside source Google Analytics amongst others, so we can not do that from our code.

    We are working on improving code base by removing deprecated functions, we are more focused on getting more features out for our members and this had a lower priority.

    As for privacy concerns no personal data is being communicated in any of our remote requests and certainly not any type of site visitors tracking.

    Getting this kind of report when check is done on a plugin that was downloaded from suspicious sources should trigger some caution and further inspection of what code in question is doing. And it is always good to check with plugin developer just to confirm that everything is in order.

    Thank you for your feedback.

    Kind regards,

    Ivan

  • Andi
    • The Exporter

    Hi Ivan

    Thanks for the explanation and it actually would be good to have nothing encrypted or base64 encoded in those WPMUDEV plugins as than all those questions would not come up at all and the error messages in the plugin check would also not appear.

    Kind regards

    Andi

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.