• jlc1964

    (@jlc1964)


    I just found out that after testing the WooCommerce plugin and installing jetpack, it gave wordpress.com access to the back-end of my site. I deleted jetpack, yet it was still linking wordpress.com to the back-end of my personal WP site. This is a hacker’s haven and never say never. Now come the intrusive large jetpack nagware ads. Wow, just wow.

    Why would I use WooCommerce and jetpack if it is going to have the Mothership linked to my server? I was actually thinking about using WooCommerce with WooPayments, but got so overwhelmed with all the intrusive ads and the linking of my back-end to WordPress dot com. Now I simply have trust issues and just can’t trust what is being baked into WooCommerce. I also really don’t want all the bloat of jetpack.

    • This topic was modified 10 months ago by jlc1964.
    • This topic was modified 10 months ago by jlc1964.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Sandip Mondal – a11n

    (@sandipmondal)

    Hi @jlc1964,

    I just found out that after testing the WooCommerce plugin and installing jetpack, it gave wordpress.com access to the back-end of my site. 

    Jetpack is a plugin that allows you to use features developed for WordPress.com on your self-hosted website through the Jetpack plugin. Since these features were built for WordPress.com sites, the connection to your site via the Jetpack plugin to a WordPress.com account is suggested.

    It does not grant access to the backend of your site. Jetpack offers multiple features that require a connection to the WordPress.com site. You can read about these features here: Which Jetpack features can I use without connecting my WordPress.com account?

    I deleted jetpack, yet it was still linking wordpress.com to the back-end of my personal WP site. 

    Please disconnect your site by following the instructions in this documentation to disconnect Jetpack from your WordPress.com account. Deleting the plugin does not automatically disconnect the WordPress.com connection.

    Now come the intrusive large jetpack nagware ads. Wow, just wow.

    You can disable the WooCommerce.com marketplace suggestions by navigating to WooCommerce > Settings > Advanced > WooCommerce.com > Marketplace Suggestions.

    I was actually thinking about using WooCommerce with WooPayments, but got so overwhelmed with all the intrusive ads and the linking of my back-end to WordPress dot com. 

    I am sorry to hear about your experience. Rest assured that Jetpack and WooCommerce do not provide backend access to your site.

    If you decide to proceed with using WooCommerce and WooPayments, please feel free to set them up by following this guide, and if you have any questions along the way, don’t hesitate to reach out to us for assistance. We will be happy to help and answer your questions!

    Thread Starter jlc1964

    (@jlc1964)

    Thank you for getting back to me and the link to the guide.

    For the cost of plugins, I might as well just go with a pay service which is much more streamlined and I don’t have to waste time building a secure site from the ground up.

    Regarding the WooPayments plugin, I really do not like that I have to stay connected to WordPress dot com to use the commerce payment gateway. Even the guide you gave me is pushing jetpack so the writing seems to be on the wall where you all are heading. I know you are trying to monetize, but let the powers that be know that the intrusive nag ads are a total turn off and pushed me into looking at other avenues and other CMS’s with less headache. I would rather just give you a percentage of sales than have to jump through all the plugin muck.

    <gwmw style=”display:none;”></gwmw>

    Plugin Support Sandip Mondal – a11n

    (@sandipmondal)

    Hi @jlc1964,

    Thanks for getting back.

    Regarding the WooPayments plugin, I really do not like that I have to stay connected to WordPress dot com to use the commerce payment gateway.  

    WooPayments requires a connection to a WordPress.com account to facilitate payment processing and provide sellers with transaction details, deposit information, and support for disputes, as mentioned in the documentation. This integration is designed to offer a seamless experience for both buyers and sellers.

    However, it’s important to note that WooCommerce itself does not require this connection. You have the flexibility to choose the payment gateway that suits your requirements.

    Even the guide you gave me is pushing jetpack so the writing seems to be on the wall where you all are heading.

    We understand your concern. If you prefer not to use Jetpack with WooPayments, you have the option to disable and remove it. You can follow the steps outlined in the guide provided here: If you do NOT have or want Jetpack

    It’s worth noting that the guide I shared at the end of my previous reply was WooPayments start-up documentation. If you decide to try WooPayments, please feel free to give it a go, and you can choose whether or not to use Jetpack based on your preferences and needs.

    Let me know if you have any further questions! 🙂

    Thread Starter jlc1964

    (@jlc1964)

    I changed the review to 3 stars for now since you all were responsive to my complaint. Once I turned jetpack off, I can actually focus on the process of building out a store and the payment gateways.

    Jetpack was really off-putting, I would suggest maybe tone it down and let the users discover it on their own terms instead of pushing it as a glaring advertisement in my admin area. I may play with it later, but I am not liking that it is tied to the mother ship collecting data.

    Now that I am testing the woocommerce plugin and tightening up my secrurity, it is interesting that I am getting hammered from an automattic ip address trying to break into my site via xmlrpc. I will assume the ip is being spoofed. – screenshot

    I am reading that the woocommerce plugin is using Rest API. So I will also assume it is safe to disable xmlrpc with no issue if I decide to go live with woocommerce.

    Thank you for pointing me in the direction regarding the payment plugin. Yes, I am looking at the woopayments option and will play around with it. I have absolutely no problem with you all monetizing that way through partnerships. The obnoxious and annoying jetpack advertisements in my admin area was a bit alarming.

    Plugin Support Sandip Mondal – a11n

    (@sandipmondal)

    Hi @jlc1964,

    I changed the review to 3 stars for now since you all were responsive to my complaint. Once I turned jetpack off, I can actually focus on the process of building out a store and the payment gateways.

    Thanks for updating the review.

    Jetpack was really off-putting, I would suggest maybe tone it down and let the users discover it on their own terms instead of pushing it as a glaring advertisement in my admin area.

    Please disable the marketplace suggestions by navigating to WooCommerce > Settings > Advanced > WooCommerce.com > Marketplace Suggestions to these turn off.

    Now that I am testing the woocommerce plugin and tightening up my secrurity, it is interesting that I am getting hammered from an automattic ip address trying to break into my site via xmlrpc. I will assume the ip is being spoofed. – screenshot

    I am reading that the woocommerce plugin is using Rest API. So I will also assume it is safe to disable xmlrpc with no issue if I decide to go live with woocommerce.

    I can verify that this IP address does not belong to Automattic. If you don’t have a Jetpack connection, there should be no XMLRPC requests being sent to your site. The origin of these requests might be related to other connections. You have the option to disable XMLRPC and check.

    Should you have any further questions, please feel free to reach out. We are here to help!

    Thread Starter jlc1964

    (@jlc1964)

    Well, that is interesting.

    I am not sure where you are getting your information, but 192.0.82.193 does belong to Automattic.

    <gwmw style=”display:none;”></gwmw>

    Yes, I know I can disable xmlrpc. That is not the question here, so let’s not get off topic. You sort of answered my question indirectly by letting me know that jetpack uses xmlrpc. Logically, this means that automattic is pinging my site looking for jetpack which I do not have installed.

    So, basically what I am extrapolating from our conversation is that: 1) I removed jetpack from my site, 2) jetpack needs xmlrpc, 3) an automattic server may be calling my site looking for jetpack that I removed, 4) automattic server can’t find it then pings my server aggressively, 5) this led to my firewall blocking an automattic ip 6) and I can safely remove xmlrpc becasue Woocommerce does not need it.

    <gwmw style=”display:none;”></gwmw>

    Thank you, in a convoluted way I got my questions answered.

    Plugin Support Sandip Mondal – a11n

    (@sandipmondal)

    Hi there,

    Yes, I know I can disable xmlrpc. That is not the question here, so let’s not get off topic. You sort of answered my question indirectly by letting me know that jetpack uses xmlrpc. Logically, this means that automattic is pinging my site looking for jetpack which I do not have installed.

    Jetpack indeed uses XMLRPC, you can read more about it in this documentation: Jetpack and XML-RPC.

    As mentioned above, please disconnect your site by following the instructions in this documentation to disconnect Jetpack from your WordPress.com account. Deleting the plugin does not automatically disconnect the WordPress.com connection. You can also disable XMLRPC to disable those pings.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘And I am supposed to trust this plugin?’ is closed to new replies.