Sends information to plugin-author without asking by php-code

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Pressjitsu

    (@pressjitsu)

    Thank you so much for your review!

    Please note, that the auth.php code that you’re referring to is actually the screen that ASKS the user to grant permission to send post IDs and permalinks to a third-party service. We DO NOT send such information without the user explicitly clicking “Allow” and thus giving consent.

    This is needed for our Sync service to work, which syncs numbers with other services such as Google Analytics. Previously when we did syncs manually, we would ask the users for their login credentials, which is not secure. This new way, however, allows site owners to temporarily and securely grant access ONLY to the data that is truly necessary for our service to work.

    Again, nothing is ever sent to the Pageviews Sync service without explicitly asking the user first.

    Cheers!

    Plugin Author Gennady Kovshenin

    (@soulseekah)

    It’s definitely the automated sync with Google Analytics screen (initiated via https://pageviews.io/sync/), nothing more nothing less. It sends exactly what it says it does, when it says it does and only if you hit Allow Access.

    View post on imgur.com

    We appreciate your concern with security in WordPress plugins. Good looking out ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Sends information to plugin-author without asking by php-code’ is closed to new replies.