[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Dec 7 09:34:36 UTC 2016

#16778: wordpress is leaking user/blog information during wp_version_check()
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:

Comment (by nofearinc):

 Automatic WordPress updates are still something that many organizations
 avoid at all cost (or even pick another CMS/WCM) due to the lack of
 control and inherent dependency on 3rd party (be it WordPress.org in that

 Being transparent about what internal data is being sent externally is
 mandatory. Handling an undefined set of data probably gets in the gray
 legal area within the EU, possibly some USA states, China, many Arab
 countries and others that actually care about data privacy.

 I like the patch sent by @toscho many years ago as the safer option (or a
 Settings -> Privacy checkbox), together with an update of
 https://wordpress.org/about/privacy/ that @dd32 shared here with a more
 detailed list of internal data items transferred over the web.

 The bold statement above regarding "reading and editing the codebase"
 completely fails to comply with "Democratize Publishing". A Content
 Management System is such as it doesn't require IT intervention at all

Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:50>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list