WordPress

Should I Give Permission for WordPress Plugins to Collect Data?

Published on 27. April, 2023

One of our readers recently asked whether it’s ok to give WordPress plugins on your site permission to collect usage data.

They were concerned about whether there are security concerns in sharing website usage data with plugin developers, and whether there are any benefits for doing so.

In this article, we’ll discuss the pros and cons of letting plugins collect data from your WordPress site, and when it poses an unacceptable security risk.

Which WordPress Plugins Collect Data From Your Website?

Most plugins DO NOT collect any data from your WordPress website. However, some plugins may ask you to share anonymous usage data with the developers, so that the plugin can be improved.

For example, on the WPForms plugin’s Miscellaneous Settings page, you will find an option called ‘Allow Usage Tracking.’

Some Plugins Ask You to Allow Usage Tracking

The description explains, ‘By allowing us to track usage data, we can better help you, as we will know which WordPress configurations, themes, and plugins we should test.’

Similar to leaving plugin reviews, sharing anonymized data with reputable plugins is a helpful way to support plugin developers.

WordPress.org rules require that all free plugins MUST get user’s consent before enabling such usage tracking, so you can be certain that no one will collect your website’s data unless you specifically authorize them to do so.

Now you may be interested to learn about the types of usage data that help plugin developers.

How Do We Use Usage Data Collected by Our Plugins?

It may be helpful to give you our perspective, and let you know about the types of data we collect from our plugins, as well as how we use the data to improve our products.

Awesome Motive, the company behind WHOOPS.ONLINE, develops a suite of free and premium WordPress plugins that are used by over 25 million websites.

Our plugins include OptinMonster, MonsterInsights, WPForms, SeedProd, WP Mail SMTP, RafflePress, All in One SEO, Smash Balloon, and many more.

Some of our plugins give you the option to enable anonymous usage tracking. This helps us to improve each plugin and make better decisions about future feature development.

The data we collect is always anonymous. It is not tied to your website in any way. For example, here is a screenshot from the OptinMonster Miscellaneous settings page.

OptinMonster Asks You to Share Anonymous Usage Tracking

You can think of the data we collect as telemetry. It allows us to monitor how our plugin is being used in real-time.

It is important to understand that we are looking for how our plugins are being used across our entire user base, not on your particular website.

That means we will never know which settings and plugins are being run on a specific website such as syedbalkhi.com. But we will be able to discover, for example, the percentage of all users who have installed a specific version of our plugin.

We also find it useful to collect information about the server environment being used by your WordPress hosting provider, including your PHP version, MySQL version, and locale / language.

This allows us to test our plugins for the most popular versions among our users. It also allows us to improve coding standards by safely deprecating older versions.

For instance, the diagram below shows the different versions of PHP being used by one of our plugins’ users. It shows that PHP 5.5 is used by very few users, and this helps us to decide whether to deprecate support for that version of PHP.

The Data We Collect Lets Us Make Decisions About Which Versions of PHP to Support

We’re also interested in which plugin features are being used and which settings are active. This information gives us a better idea of which features are doing well, and which aren’t.

Besides that, we gather aggregated data to improve our cross-plugin and theme compatibility to ensure that our plugin updates does not lead to any conflict with other popular plugins that happens so often in the WordPress industry.

Again, this is all general, aggregated data and not tied in any way to you and your specific website.

We NEVER collect any data about your website’s visitors, customers, or any other personal identifiable information.

Should You Allow WordPress Plugins to Collect Data From Your Site?

Now that you can see the benefits sharing usage data gives to the plugin developer, we’ll answer the question of whether you should allow plugins to collect data from your WordPress site. This decision needs to happen on a case-by-case basis. Here are some guidelines.

Anonymous Usage Tracking

When a reputable plugin collects data from your website anonymously, then it is normally safe to share usage data with the developer.

You can look for the author’s reputation. If the plugin is popular, then you can be confident they will collect and use the data responsibly. You could even reach out to them and ask how they use the data they collect.

Also, if you rely on the plugin to add needed features to your website, then you can help the developer to improve the plugin and add features by sharing anonymous usage data.

Data Tied to Your Website or Email Address

However, not all data is collected anonymously. For example, there may be plugins that tie your usage activity to your specific website or even an individual email address.

In these cases, you should exercise caution. It is normally not a good idea to freely share such detailed information about your website with third parties.

You can learn more by reading our guide on WordPress security best practices.

Nulled or Pirated Plugins

Also, if you want to keep your website secure, then you should never use nulled themes and plugins, or pirated copies of premium WordPress products.

That’s because you have no way of knowing how they have been modified. They might collect sensitive information about your website without your permission. They may even spread malware to your users or give hackers access to your site.

Nulled and pirated plugins pose a serious security risk. That’s why we recommend that you do not ever allow data collection from a nulled or pirated plugin or theme. For more details, see our guide on why you must avoid nulled WordPress themes and plugins.

We hope this tutorial helped you learn whether you should give permission for plugins to collect data from your site. You may also want to learn how to speed up your WordPress performance, or our expert pick of must-have WordPress plugins for business sites.

OceanWP - a free Multi-Purpose WordPress theme