Support » Plugin: WP Statistics » file_get_contents Security issue

  • gaambo

    (@gaambo)


    Hi,
    I tried WP Statistics as an alternative to Google Analytics on a few sites. I’m happy with functionality & numbers so far.
    But the plugin makes multiple requests to external resources via file_get_contents– which should totally be avoided. Also because on many servers this is disabled via allow_url_fopen.
    I see the requests are being made by a dependency named “whichbrowser” to do user agent sniffing.
    The best way to make these calls is to use the WordPress functions (wp_remote_get) oder cURL. I know these calls are being made by a dependency but please check your dependencies thoroughly.

  • You must be logged in to reply to this review.