wildwolf/wp-disable-browse-happy

This package is abandoned and no longer maintained. The author suggests using the wildwolf/wp-performance-tweaks package instead.

WordPress plugin to disable calls to the BrowseHappy API

Maintainers

Details

github.com/sjinks/wp-disable-browse-happy

Homepage

Source

Issues

Installs: 31

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 2

Open Issues: 0

Language:Shell

Type:wordpress-plugin

1.3.0 2020-06-03 01:28 UTC

Requires

Requires (Dev)

MIT e822cd2b576e6b10e12c68355ceb66381db60c05

  • Volodymyr Kolesnykov <volodymyr.woop@wildwolf.name>

pluginwordpressprivacybrowsehappybrowse-happy

This package is auto-updated.

Last update: 2021-08-14 06:47:44 UTC

README

WordPress plugin to disable queries to BrowseHappy API (for example, for privacy reasons).

When you go to the Admin Dashboard of your WordPress site, WP checks whether your browser is up-to-date, and displays a notice if it is not (i.e., "You are using an insecure browser!" or "Your browser is out of date!").

This is probably not a bad thing, but:

  1. It could be annoying for Linux users (they may have a browser with all security patches backported yet its version will not be the latest)
  2. wp_check_browser_version() function, which implements the check, does that with a call to http://api.wordpress.org/core/browse-happy/1.1/ (or https:// if the SSL support is enabled):
// include an unmodified $wp_version
include( ABSPATH . WPINC . '/version.php' );

$url = 'http://api.wordpress.org/core/browse-happy/1.1/';
$options = array(
        'body'       => array( 'useragent' => $_SERVER['HTTP_USER_AGENT'] ),
        'user-agent' => 'WordPress/' . $wp_version . '; ' . home_url( '/' )
);

if ( wp_http_supports( array( 'ssl' ) ) ) {
        $url = set_url_scheme( $url, 'https' );
}

$response = wp_remote_post( $url, $options );

You can see that this code sends your user agent string, WordPress version, and the URL and IP address (implicitly) of the blog. Strictly speaking, it is enough to send only the user agent to check whether the browser is up-to-date, the rest of the information is not necessary.

WordPess plugin guidelines say that "In the interest of protecting user privacy, plugins may not contact external servers without the explicit consent of the user".

I think that the same should apply to the WP Core itself; since WP "leaks the data" by default, and there is no way to opt out of that in the UI, you can use this plugin to turn off that functionality.

Installation

Via composer

Run from WordPress root directory

composer require wildwolf/wp-disable-browse-happy

Traditional way

Upload the plugin to wp-content/plugins/, go to the Admin Dashboard => Plugins and activate the plugin.

Note: after you install and activate the plugin, it is possible that you still see the warning in the Dashboard. This happens because WP caches the check result for some time. You can either wait until it goes away, or, if you have WP-CLI, you can run this from your WP root directory:

wp transient delete --all