The Enterprivacy.com website is based on the WordPress CMS (Content Management System). In addition it uses the Kresi Coherence Theme. WordPress is a great tool for making incredible nice and manageable websites quickly and nearly effortlessly. Included in WordPress, automatically, are somethings that are common but nonetheless potentially concerning for a proactive privacy website. WordPress includes Facebook likes and Twitter tweets in it’s blogging platform.We notice this while surfing our site with the Ghostery plugin for Firefox. Ghostery is a nice littel add on that allows you to see the trackers that are on a given website you visit (and block them if you so choose).
While this can be extremely beneficial, there are some potential privacy implications. We decided, in order to minimize the privacy implications on our website to remove these critters from our site. While ultimately it was fairly easy to remove, it took some digging. Luckily our web host allowed us to modify the file in our theme. Unfortunately, it doesn’t appear that blogs hosted on WordPress.com have this option.
Here is what we did
- commented out the Facebook and Twitter segments in loop-index.php
- commented out the Facebook and Twitter segments in loop-portfolio-single.php
- commented out the call to avia_social_media_icons in header.php
- commented out the require_once( ‘includes/helper-social-media.php’ ) line in functions.php
While we didn’t extricate all the Facebook and Twitter code from the theme, we essentially made it unrenderable on the website. In addition, I double checked the pages with Simple Site Scooper to analyze the external objects to confirm we weren’t still connecting to Facebook or Twitter. As of right now, only Google Analytics is being called.
This points to an important lesson when using canned code, you need to analyze the code and the resulting product to find privacy risks and then, if necessary, extract that code from the program. Sometimes this can be extremely difficult if the code is highly integrated.