1. Our Plugins
1.1 Plugins That Store Personal Info LocallyCopy chapter anchor to clipboard
Many of our plugins have features built-in that may result in the storing of personal information of your site’s visitors and users in your WordPress database. Please note, this personal information is not sent to, or stored here, at WPMU DEV (check here for plugins that may send information to WPMU DEV). In most cases, you will be able to see and access the data right inside of the WordPress dashboard in the settings pages for each plugin. For example, form entries in Forminator.
You should be aware of these plugins to ensure that you follow any local laws or regulations when it comes to disclosing to your users what data you store and how you use it. You may also need to provide users with copies of this data should it be requested and may need to fully delete the data when asked as well. Should you need any help with these requests, please reach out to our support team.
As a rule, you should:
- Delete or anonymize any and all personal data when you no longer need it.
The following WPMU DEV plugins may store personal information in your WordPress database (depending on your use of the plugin and settings):
- Defender – IP addresses, content, and user information of all site visitors.
- Forminator – Forms can be used to collect and store all types of information
- Hustle – Form tool can be used to customize information collected
- Smush Pro – Image files may contain EXIF data that could identify a user. By default, with Smush Pro enabled, EXIF data is not saved locally, but a setting in the plugin does allow for it to be enabled.
1.2 Plugins That Send WPMU DEV InfoCopy chapter anchor to clipboard
WPMU DEV Dashboard and API: The Dashboard plugin is used to connect your WPMU DEV account with your WordPress installation and sends to WPMU DEV the following information:
- WordPress/BuddyPress version and size
- Installed plugins/themes
- Site URL
The WPMU DEV API does NOT:
- Track any personal or user information
- Data is not sold or shared with any third-party
- Is only used for statistical, security, and support related requirements (this includes the ability to push security updates should it be required)
Some of our plugins require the WPMU API key and the WPMU DEV Dashboard plugin to be in place in order to make their features and services possible. These include:
- Defender Pro
- Integrated Video Tutorials
- Hummingbird Pro
- SmartCrawl Pro
- Snapshot Pro
- Smush Pro
- Shipper Pro
- WPMU DEV Dashboard Plugin
A few of our plugins may also send end-user or site visitor personal information to WPMU DEV, depending on the settings in place in your WordPress installation.
These plugins are:
Defender: If you choose to activate ‘Audit Logging’ in Defender Pro, we will track and store site and user activity, such as usernames, comments, posts, login attempts, setting changes, and upload timestamps on our secure servers. ‘Audit Logging’ is an optional feature that can be turned off in the Defender plugin.
Snapshot Pro: Used to store backups of your WordPress database, so this may include any personal information that is also in your WordPress database. You can fully delete backups at any time.
1.4 Plugins With 3rd-Party IntegrationsCopy chapter anchor to clipboard
Many of our plugins have features built-in that allow for integrations with various 3rd party services.
These plugins are:
- Forminator Pro: Google reCAPTCHA, HubSpot, Slack, Campaign Monitor, ActiveCampaign, Google Sheets, Trello, MailChimp, and AWeber
- Beehive: Google Analytics
- Hummingbird: Cloudflare and Stackpath
- Hustle: reCAPTCHA, Zapier, various email services including MailChimp, AWeber, Constant Contact, GetResponse, Sendy, Mad Mimi, Infusionsoft, Campaign Monitor, ConvertKit, social platforms like Facebook, Twitter, Pinterest, LinkedIn, Reddit, Vkontakte, 500px, Houzz, Instagram, Twitch, YouTube, Telegram, WhatsApp, and Email
- WPMU DEV Dashboard: Mixpanel/Matomo (analytics), LiveChatInc (in dashboard support)
- Defender Pro: Google’s blacklist monitoring
- The Hub Client: HubSpot
1.4.1 Usage TrackingLink to chapter 4
By default, we don’t receive any data from WordPress.org on how our plugins and their features are used. By opting into usage tracking, you’re helping us to improve Hummingbird based on real user usage. Opting-in ensures that we’re spending our resources on the most impactful improvements for you, our users.
We track non-sensitive data around feature usage, WordPress and server environment, and browser/OS type.
As of Hummingbird 2.5, we’ve made it possible for anyone to enable usage tracking from within their WordPress admin area. When usage tracking is enabled, it will send our developers basic data about how you are using Hummingbird to improve performance on your site.
Enabling usage tracking helps us:
- Understand what features are being used by our users so we can make better development decisions.
- Understand the number of sites impacted by a change to a product or feature and to act more quickly in resolving issues.
- Contact users if we detect a security issue.
Make better suggestions based on real-world user feedback.
By choosing to share your data, you’re helping us make Hummingbird better for everyone. Usage data helps us make more useful features, write better documentation, and make Hummingbird a better performance tool.
What we’ll track
We track non-sensitive data about how your site is using Hummingbird to improve performance. We do not track or store personal data from your visitors.
Full list of what is tracked in Hummingbird:
- Feature usage
- Plugin type and version
- WP Install Locale (language + country)
- Site URL
- Browser type and version
- Operating System
- PHP version
- MySQL version
- Server type (i.e. Nginx or Apache)
- Screen size
- WP installation type (Multisite vs. Single)
- WP version
- Active theme
- Current and Initial Referral URL
With the launch of Hummingbird 2.5, we start tracking user behavior within the Hummingbird plugin for those that opt-in. We track user behavior events, like how new users interact with the setup wizard and what features and settings are being used.
Data is sent automatically to the MixPanel servers once you choose to share data with us. Usage tracking for Hummingbird is not a default setting, requires opt-in consent, and can be started or stopped at any time.
Opt-out of Data Sharing
If you no longer want to share your site’s non-sensitive Hummingbird usage data with our developers, you can opt-out at any time.
To opt-out of sharing data with us, go to Settings > General > Usage Tracking
It is important to note that we do not have access to your WordPress database, passwords, or other sensitive data. We also do not and will not share or sell any of the data we collect.
The Snapshot plugin, in order to upload a backup of your site to the Google Drive destination, requires authentication of connection. The Google Authentication application is to connect your WPMU DEV storage space with your Google Drive account. This is done so that a site’s incremental backups can be uploaded to the Google Drive account.
After the Google Drive Authentication process is complete, we save a Gmail address, a Google Drive folder’s directory ID along with the Google access token on our servers, which is connected with your WPMU DEV account.
The authentication token is used for the following purposes:
- Uploading backups to a Google Drive account.
- Deleting backups created with Snapshot, when the time for rotation comes.
- Showing the email account associated with the destination.
You may revoke the connection at any time by deleting the Google Drive destination from the plugin – found in Snapshot Pro > Snapshot Backups > Destinations. Deleting the Google Drive destination will remove the Authentication Token.
The connected Google Drive destination will not be automatically removed when the plugin is simply uninstalled. We recommend that you manually remove the connected destinations yourself before uninstalling, to avoid any issues. See Snapshot4 > Destinations for more information.
If you want to revoke ALL access privileges from Snapshot to your account, please follow these instructions:
- Go to the Security section of your Google Account.
- Under “Third-party apps with account access,” select Manage third-party access.
- Select the app or service you want to remove.
- Select Remove Access.
Important: If you remove account access from a third-party app or service, it may retain info you provided from:
- When you signed in with your Google Account.
- When you granted additional Google Account access to the app or service.
Once all access privileges are revoked, the Google Authentication application will not be able to access any more info from your Google Account.
1.6 Hub API SecurityCopy chapter anchor to clipboard
The WPMU DEV Hub API calls various endpoints exposed by the Dashboard plugin installed on a WordPress site. For example, to trigger a plugin update on the site, or to enable the Dashboard to fetch information about available updates.
When connecting to the database of a WordPress site, authentication of these API calls is ensured by signing each request with a HMAC of the parameters, a nonce to avoid replay attacks, and the shared private API key of that user.
User Authorization Mechanism
The principle of least privilege is respected for all actions initiated from the WPMU DEV Hub.
Only programmatic access is made to a WordPress site or database by the Hub API based on user preferences (setting a plugin update schedule, Hub triggered actions, etc).
Users can create sub-accounts for the Hub and define their role restrictions to a high level of specificity.
The Hub and all WPMU DEV plugins use WPDB class parameterization and escaping functions for all database queries, thereby avoiding the risk of SQL injection.
Logs contain sufficient data to enable the ability to investigate issues without revealing unnecessary or personally identifiable information (PII) that could be leveraged by a malicious actor.
All API calls from the WPMU DEV Hub to a WordPress site with the WPMU DEV Dashboard plugin installed are recorded in access logs. Additional log detail can be enabled via a define added to the wp-config.php file. No PII is contained in the logs.