As of August 2016, there are at least 40,000 WordPress websites running our Shield security plugin. But we have no other information than this.
That’s a lot of sites, and while it’s a fantastic achievement, that’s unfortunately all that we know.
Here are some things we’d really like to know:
- Is this 40,000 websites figure accurate?
- Which security modules are actually being used?
- Which particular options are used and which are not used?
- How effective is Shield – could we get an handle on some sort of aggregated statistics?
Tracking of any data within a WordPress.org plugin, without the express permission of users, is prohibited. Naturally.
So with v5.5.0+ of Shield, we are now asking you to let us gather some information around your use of the plugin. It’s all anonymous and this short article is here to explain it fully and let you know the what, why and how.
Do we collect any identifiable information?
Absolutely not – we do not receive any information that would allow us to identify you or your website.
We filter out any plugin settings that could possibly contain such information. Furthermore, all information is sent over a secure SSL-encrypted connection.
So how can we recognise a website when it’s updating its information with us?
To do this we create a unique ID hash for your given plugin installation. This is sent along with the information so we can link it up with info we may have previously received.
What information do we collect?
We collect the following:
- All the options you have selected for the Shield plugin – excluding any options that could contain identifiable information, such as email address etc.
- All the current statistics for the operations of the plugin. e.g. how many comments have been blocked.
- How many plugins are installed and how many are active or require updates
And that’s it. Nothing else.
In-fact, you can view the exact data that would be sent from within the plugin itself (see below).
Why do we want to collect this information?
We want to see what people use most and least. This will allow us to:
- identify important options that are perhaps under-used and need further highlighting or development.
- identify options that are hardly every used, if at all.
- collect aggregated statistics so we can publicly publish this and demonstrate how effective Shield is on a global level.
- gain a deeper understanding on how much our plugin is being utilised
When does my site send this information?
To send along this information we’ve hooked into the WordPress cron. It’ll send it out once a week and so any impact on your site is negligible.
How can I opt-in or opt-out?
By default, your Shield plugin installation does not send us any information.
When you first install the plugin you’ll be presented with a notice to opt-in or opt-out. You can change your mind at any time.
To change your preference go to the menu option: Shield → Dashboard. In the page that loads, there will be a tab called ‘Global Options’ and therein is the option to enable or disable tracking. Simply check the box on or off as desired, and save.
Also with that option is a link so that you may view all the information that would be sent. It looks a bit like code, but you can still read it. You’ll not find any URLs, or any email address etc. We’re not interested in that. We just want to know how you use the Shield.
Questions, concerns or feedback?
We take your security and privacy seriously – we have from the day 0. This is in-part why we built Shield because we wanted to be in full control of our security and that you would too. So we’re not about to betray the trust you’ve placed in us ’til now.
But, if you do have any concerns about this, please do let us know. We’re happy to take on any feedback or suggestions you have. Please leave us your comments below.