Congratulations, you get the dubious distinction of being my first review.
I am reporting you to Plugins.
For the people who do not know what “phone home” means, it means that this plugin sends information about your site to themselves without your permission.
EDIT: I am editing this review to provide more information in light of the questions asked below.
/wp-content/plugins/if-menu/if-menu.php:334 makes a call to
https://layered.market/get-plan?site=[redacted]&for=if-menu&_nonce=[redacted]&licenseKey=to check for a license key – something that should not be happening for a free plugin in the repo. This allows the author to see which sites are using the free plugin and for how long, without asking.
It is possible to monitor and block external calls made via the WP API. Some plugins allow domain-specific blocking. I highly recommend installing one on a test site to monitor calls made by plugins before installing it on a production site – and to consider blocking if you are concerned about the privacy of your own or client sites and cannot find an alternative to a naughty plugin.
- The topic ‘Phones home without my permission? Naughty plugin.’ is closed to new replies.