WP 2.3 Update Notification vs. WP-Plugins DB
Posted by Philipp in General, Homepage, Webmaster, WordpressAs there’s currently some discussion ongoing if WP 2.3 should send your plain URL to WP.org (while checking for some newer versions of your plugins you use), or not.
I would like to mention one alternative, at the same time I’ll cover some lacks of this one as well.
WP-Plugins DB
The WordPress Plugins DB is quite new, but already some big resource for Plugin Versions. It’s created and managed by Sugan Shan. You need to install some additional Plugin from the Website in order to use this Website, you can grab your copy here. After you activated that Plugin you can let your Plugin Versions be checked for the latest release, by visiting the Plugin admin page.
Now we reach already some currently big problem of that Project. It’s managed fully by Sugan, so if he hasn’t enough time to update the Plugin versions, you may think you run the latest version, while you don’t do. Maybe it doesn’t even needs to be a lack of time, from what he suffers. He may only don’t know about some never Version of a given Plugin. You can create as well your own Developer account on that Website, but it doesn’t offer the features WP.org does, nor what WP-Plugins.org does.
But this fact doesn’t need to mean anything as the project is quite new, and many exciting features may come with the time.
WP 2.3 Build-in
As mentioned above WP Plugins DB, suffers under the lack of some features, which are offered on WP.org for Plugin developers. Maybe it’s not intended to be anything like WP.org or WP-Plugins. So you can’t keep track upon your Plugin Downloads and you’re not able to compare them with your competitors. But the Plugin doesn’t sends anything home, except your Plugins name and Version, and mostly that data isn’t even stored. Where WP.org does store your URL as well, in plain text. So that may be the biggest pro for that Plugin. Matt doesn’t even know for what these URL data could be useful, so why don’t he add that step if it would be needed(or at least useful)?
How to get rid of it
So if you don’t like to have your Blog URL stored on WP.org and don’t want to use that function at all you can disable it, by doing some change to one WP core file. The file you need to edit is wp-admin/includes/update.php.
After you opened the file move to this line of code:
43 function wp_update_plugins()
Now add after that line this one:
return false;
Save the file. Now your blog doesn’t use the Update Checker from WP any more(as long as you apply the change to every newer Version of that file).
If you only want to prevent it from submitting your real Blog Url, change this line from the same file:
85 $http_request .= 'User-Agent: WordPress/' . $wp_version . '; ' . get_bloginfo('url') . "\r\n";
To something like:
85 $http_request .= 'User-Agent: WordPress/' . $wp_version . '; http://example.com \r\n";
Why WP suffers too
Anyway WP.org repository of Plugins, isn’t anything near to be a complete snapshot of all WP Plugins out there. As only Plugins get added who are under a GPL compatible license released.
And even that isn’t a guarantor to be added.
So it may be that you be better with using WP-Plugins Tracker than the build-in WP function.
Conclusion
So as you see there’s no perfect Solution available currently which covers every area fully. But from my point of view the WP-Plugins DB is the better way for it as everything can get added, equal under which license it’s published or if there’s a commercial Pro Version of it. And why should security checking stop by borders like license or Money?
As the Plugins DB isn’t perfect at it’s current state, we maybe need to use both versions in order to keep track with our Plugins and security.
Update:I just found these Plugins which disable the Core Update and Plugin Update functions.
Tags: Auto Update, Phone Home, Plugins, Security, Wordpress
Entries (RSS)