Skip to content
Sale!
Anonymize HTTP Requests to API.WordPress.org (Annual Subscription)

Anonymize HTTP Requests to API.WordPress.org (Annual Subscription)

Original price was: $99.00.Current price is: $60.00. / 365 days

This WordPress plugin blocks and/or filters all HTTP requests sent from your WordPress website to API.WordPress.org to remove irrelevant data for built-in functionality regarding WordPress core version updates and public themes and plugins hosted on WordPress.org.

Category: Tags: , , , , , , ,

Description

This plugin is effective for safely and securely blocking, privatizing, and anonymizing API requests to WordPress.org. No other HTTP requests are affected!

Blocked Requests

The API requests listed here are completely blocked from being sent out from your website.

  1. browse happy Checks if the currently logged in user needs a browser update. Please be sure that all of your WordPress users with backend access are using the latest version of their browser to avoid UI errors. Alternatively, check this functionally internally.
  2. serve happy Checks if the PHP version needs to be updated. Please be sure that your PHP version meets the minimum required PHP version that your WordPress installation requires.
  3. importers Retrieves a list from WordPress.org of popular importer plugins. The WordPress install has a fallback list that it uses when this request fails, however it may only be in English and not translated properly. Only used when visiting Settings > Import.
  4. events Gets data about events near the location of the currently logged in user as identified by their partially anonymized IP address. Only used in the list for “WordPress Events and News” widget on the backend dashboard.
  5. credits Retrieves a list of contributors for the current WordPress installation. We thank the contributors but we do not need the list inside our install. Only used when clicking on the “Credits” tab of the WordPress about page in the backend dashboard.

Anonymized Requests

The API requests listed here are not blocked but have been modified to either anonymize or privatize the data being sent enough so that the functionality can still be used without compromising data about your WordPress install.

  1. checksums This protects the integrity and security of your WordPress install. Only the current version and site locale are sent for verification. The site domain and protocol are anonymized and omits the WordPress core version.
  2. core version Checks WordPress version against the newest version. This request is modified to only send the WordPress core version and site locales. It anonymizes the site domain and protocol while omitting data about your MySQL database, operating system, PHP modules, how many sites are installed (if multisite), how many users are installed, and a few other miscellaneous details it collected.
  3. block patterns Search and retrieve block pattern metadata. This request now anonymizes the domain and protocol and privatizes the WordPress core version.
  4. plugin update check Checks for available updates to plugins based on the latest versions hosted on WordPress.org. Despite its name, this function does not actually perform any updates, it only checks for available updates. This request is modified to exclude plugins with the Update URI header or pro (case-insensitive) at the end of its name. Constants and filters can be used to also check against a disallow list. It anonymizes the site domain and protocol. Additionally, the plugin data that is sent for every (non-excluded) plugin has been modified to exclude the description, author, text-domain, network, minimum WP version, minimum PHP version, and plugin requirements. It also no longer sends what plugins are active.
  5. plugin info Retrieves plugin installer pages from the WordPress.org Plugins API. This request is modified to only send the plugin translations and site locales. It anonymizes the site domain and protocol and omits the WordPress core version.
  6. theme update check Checks for available updates to themes based on the latest versions hosted on WordPress.org. Despite its name, this function does not actually perform any updates, it only checks for available updates. This request is modified to exclude child themes and themes with Update URI header or pro (case-insensitive) at the end of its name. Constants and filters can be used to also check against a disallow list. It anonymizes the site domain and protocol. Additionally, the theme data that is sent for every (non-excluded) theme has been modified to exclude the description, author, text-domain, minimum WP version, minimum PHP version. It also no longer sends what theme is active.
  7. theme info Retrieves theme installer pages from the WordPress.org Themes API. This request is modified to only send the theme translations and site locales. It anonymizes the site domain and protocol and omits the WordPress core version.
  8. secret key salt Returns a salt to add to hashes. Salts are created using secret keys. This request is modified to only send the salt request. It anonymizes the site domain and protocol and omits the WordPress core version.
  9. core translations Retrieve WordPress core translations from WordPress Translation API. This request is modified to only send the WordPress core translations and site locales. It anonymizes the site domain and protocol and omits the WordPress core version.
  10. plugin translations Retrieve plugin translations from WordPress Translation API. This request is modified to only send the plugin translations and site locales. It anonymizes the site domain and protocol and omits the WordPress core version.
  11. theme translations Retrieve theme from WordPress Translation API. This request is modified to only send the theme translations and site locales. It anonymizes the site domain and protocol and omits the WordPress core version.

Developer-Friendly Code

I want you to be in control of your data, so I have added filters, functions, and constants to allow you to customize your HTTP requests to API.WordPress.org if you do not want to use the out-of-the-box solutions my plugin provides.

Helper Functions

These are a list of functions that you can call anytime, just be sure to use…

    if( function_exists( "name_of_function" ) ) {
        name_of_function();
    }

…to check for its existance before you do. This will prevent fatal errors from happening if the plugin is uninstalled but your custom code still tries to use it.

  1. aurise_privacy_is_wp_api($url) Checks if the URL destination is to API.WordPress.org. Returns an array of URL parts on success or boolean false otherwise.
  2. aurise_privacy_generate_random_site_url() Generates random website URL. The domain length is generated randomly between 13 and 23 characters. The TLD is randomly chosen among a list that varies in length. The domain is not guaranteed to be unique, but absolutely random and unaffiliated with the real website URL. The function returns a randomly generated website URL with protocol and domain name, no trailing slash.
  3. aurise_privacy_get_siteurl($siteurl) Get the anonymized or privatized site URL. The $siteurl parameter is optional if you’d like to specify your own URL. Leave it empty to use the default which is a randomly generated URL.
  4. aurise_privacy_get_wp_version($wp_version = false) Get the privatized version of WordPress core. Pass whatever you want as the $wp_version parameter to use as the text to replace the WordPress version. It is an optional parameter and the default is PRIVATE if left false.

Constants

Constants are variables that are used in your entire WordPress install, including all subsites in a multisite/network installation, and they are defined in your website’s wp-config.php file like this:

define( 'NAME_OF_CONSTANT', 'value of constant' );

Below are a list of constants this plugin looks for and the expected variable type for proper usage.

  1. AURISE_PRIVACY_HTTP_REQUEST_SOURCE_URL Instead of using a randomly generated site URL for each request, you can define one here. Perhaps https://tinyurl.com/nopity-nop? Can also be modified with a filter.
  2. AURISE_PRIVACY_HTTP_REQUEST_WP_VERSION Define custom text to replace your WordPress core version in API requests. Can also be modified with a filter.
  3. AURISE_PRIVACY_HTTP_REQUEST_PLATFORM Define custom text to replace the word “WordPress” in the user-agent sent with API requests. Can also be modified with a filter.
  4. AURISE_PRIVACY_UPDATE_CHECK_EXCLUDED_THEMES A comma-delimited list of theme slugs to exclude from being sent in API requests. Can also be modified with a filter.
  5. AURISE_PRIVACY_UPDATE_CHECK_EXCLUDED_PLUGINS A comma-delimited list of plugin filenames in the format of dir/file.php to exclude from being sent in API requests. Can also be modified with a filter.
  6. AURISE_REQUEST_PRIVACY_API_KEY If you want me to maintain this plugin for you, please purchase a license key from my website and add it here.

Filters

Below are a list of WordPress filter hooks you can use to customize.

  1. au_http_request_user_agent The user-agent string sent in API requests to WordPress.org.
  2. aurise_privacy_http_request_source_tld_list A sequential array of possible top-level domains to choose from.
  3. aurise_privacy_http_request_source_url The site URL of the current website. Can also be modified with a constant.
  4. aurise_privacy_http_request_wp_version The core version of the current WordPress installation. Can also be modified with a constant.
  5. aurise_privacy_http_request_platform The platform used in the user-agent. Can also be modified with a constant.

Reviews

There are no reviews yet.

Be the first to review “Anonymize HTTP Requests to API.WordPress.org (Annual Subscription)”

Your email address will not be published. Required fields are marked *

Related Products