[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Wed Dec 7 09:50:29 UTC 2016
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------
Comment (by DvanKooten):
Replying to [comment:52 MattyRob]:
> Pending action in the core code that may or may not happen I've created
some code after many hours of messing about logging and blocking all
requests and come up with a few functions that reduce the leaking of data.
Apologies it's not well documented in what it is doing at the moment and
there may be more in there than you need (like blocking auto-updates) but
if you are concerned already you are free to use my code:
>
> https://gist.github.com/mattyrob/2e492e5ecb92233eb307f7efd039c121
I just created a simple plugin for this as well, although it only strips
off the number of users from the version check request for now. It's on
GitHub here: [https://github.com/dannyvankooten/my-precious: my-precious].
It also does not get rid of the auto-update functionality, which is super
valuable IMO and makes for another discussion altogether. :-)
> Not my place to step on any legal team toes but what steps are being
taken towards GDPR compliance? WP will need to publicly clarify all data
collection as well as the legal basis behind it in any case.
[https://twitter.com/WebDevLaw/status/806429014630002688: Heather Burns]
just pointed this out on Twitter as well. The
[https://en.wikipedia.org/wiki/General_Data_Protection_Regulation: General
Data Protection Regulation] is taking effect in May 2018 and it seems that
does REQUIRE this sort of behavior to be documented, so it seems there is
a legal side to this too.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:53>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list