WordPress Mobile Plugin by Andy Moore does dirty things

Last week I wanted to take a look at the recently released WordPress 2.7 and of course wanted to give it a go on a mobile. As you might have noticed I’m on Google’s blogger and there is, unfortunately, no mobile version, so a proper mobile plugin would be a big plus for me and a good reason to move away.

I download the tiny zip from the official site, opened the readme.txt file. The file itself did not tell much if not that it would make my blog mobile. Fair enough, I took the php file and copied it in wp-content/plugins. That is all that was apparently required to install and in fact in the admin interface I had a new plugin available, I selected it and enabled on my Mac. The site URL was a local one, of course, wordpress.local (and added to my hosts file to access it).

Looking for some further information I went back to the official site (that I won’t link) and notice that in homepage there’s a nice link mentioning that my wordpress.local is the latest site which installed the plugin! A bit surprised I opened the small PHP file and noticed that there are two calls, one on plugin activation and one on deactivation. Being PHP it was not so hard to find what it does and I was very disappointed with the discovery. On both events the plugin calls a remote API AND send an e-mail to Andy Moore mentioning the site name, URL, and the admin’t email, YES, YOUR E-MAIL address.
In my case, the SMTP server was down, so the e-mail did not get delivered, but to my great disappointment the API was reached and that is why my local install was mentioned on the website.

Nothing wrong has happened, in fact I’m pretty sure if Andy wanted to contact me he would definitely find a way, but it was very disturbing to discover that this happens without letting the user know. If I had been a bit smarter I would have looked at the code and I would have discovered it, the problem is that the average wordpress user will not bother to look at the code and will probably not even be capable of understanding what’s going on. We are not all developers and my impression is that Andy is relying exactly on the inability of his users to disable the feature. The software is GPL and everyone is welcome to look at and change it and that is exactly why I did not even bother to look at it, I took it granted that nothing bad would happen.

In case you wanted to disable this functionality (but it’s probably too late now, I admit), what you should do is open wordpress-mobile.php, find the function wordpress_mobile_plugin_activate (it’s at line 1664 in version 1.3), go to the first line of the function and just add the following line:
return true;

Do the same for the function wordpress_mobile_plugin_deactivate (line 1673 in version 1.3).

Andy has definitely spent time to get this plugin working and maintaing it and I think it’s perfectly fair for him to ask for money and ask his users to provide usage details, but asking and taking are different operations, I my opinion.

3 thoughts on “WordPress Mobile Plugin by Andy Moore does dirty things

  1. Hi,Just thought I'd let you know about my mobile plugin for wordpress. It's called the Wapple Architect Mobile Plugin for wordpress and the URL is http://wordpress.org/extend/plugins/wapple-architect/Whilst the plugin you mention does a call back home for stats, mine does a web service call in order to provide a much better service.To start with, device detection is better and the site works on more handsets. To try and do this without a web service call just using regular expressions would be near impossible.In addition, once the site has been changed into WAPL (http://wapl.info), it does another web service call to turn this into meaningful markup for the device. Again – doing this locally would be difficult.I don't try and hide the fact that I do web service calls in my plugin – I do, and the site looks better as a result. It doesn't however do it just for stats reporting – it's all for providing a better service.If you fancy giving it a go, please let me know what you think of it!Thanks!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s