Devs admit: WordPress 2.3 Secretly Spying on Users

Marilyn Miller writes: Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally-identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide _any_ way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a 100-message thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to "fork WordPress" if they aren't willing to put up with this behavior.