I’ve recently released a new WordPress plugin called Plugin Register. In a nutshell it allows plugin developers to be notified every time one of their plugins is activated. Report of these activations then gives the developer some statistics about who is activating what, and when, and what version. Quite simple, but not something that I’ve ever seen before, and certainly very interesting for developers.
It was very easy to build, I probably spent less than 3 hours development time in total. And maybe that’s where I slipped up, because I didn’t think clearly about the nuances of this plugin. You see, the first version of Plugin Register registered the activation of a plugin automatically, with no notification or consent from the user. And that is bad. I’ve since changed it to be an opt-in action to register a plugin.
Even though the only information it saves is the plugin name and version, and the site name and URL, that’s still too much information to be given away without the user knowing. WordPress is sometimes used by sites which need to be kept private, for example sites on an internal network which cannot be accessed from the Internet, or government sites. Even sites which have been set to not be seen by search engines may not wish for their information to be shared with a plugin developer. The bottom line for me was that this plugin should be opt-in, with users making a concious, explicit decision that they want to register their plugin.
However this doesn’t solve the other problem I’ve noticed with the few hundred sites who have registered use of my plugins. You see, traditionally WordPress plugin developers had no idea who was actually using their plugins, unless they got in touch to say “thanks” or report a bug. With Plugin Register they can know that information, and it can cause problems.
Among the sites who have registered using my plugins are sites with legally-dubious content, ‘adult’ sites and sites expressing attitudes and opinions I don’t agree with. When I wasn’t aware who was using my work, there was no problem. Now that I do know, what do I do about it?
Of course, the use of a WordPress plugin doesn’t make me culpable for what appears on these sites, and I can’t stop them using my work even if I felt strongly enough about it to try. With open source software the genie is well and truly out of the bottle. I suppose I could contact the sites I don’t agree with and ask them to not use my plugins, or to save mysefl future moral quandaries I could put a disclaimer on my work which asks people to use my work for good, not evil. But what is evil? My opinion is far from infallible.
And anyway, that’s not the open source way. Short of genuine illegal activites, open source software can be used for what ever you want – including helping political parties I may strongly disagree with. Historically I wouldn’t have known about who was using my work, in this case my WordPress plugins. But, by registering activations of my plugins, I now know. I’m not going to stop contributing to the open source world, but I do have a greater appreciation about the possibilities of how my work could be used.
You could always just point the reports to a self hosted service and just release usage stats minus the actual sites…