[IMC-Tech] Anonymizing Wordpress

[Ringo Kamens]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hey IMC-tech,

I'm not sure how many of you use wordpress, but this should be helpful
for those who do. I looked all around and to my surprise I couldn't find
any articles on how to do this. It's obviously not all you need to do,
as Wordpress is by no means privacy-centric.

Wordpress provided no default way to disable the logging of personally
identifiable information. After messing around in the DB some, I found
you can just go to wp-settings.php and add the following line:

$_SERVER['REMOTE_ADDR']='0.0.0.0';

You can't do it in the first part of the file because you're declaring a
 variable that is going to scrap soon after. I personally did mine right
before "// Fix empty PHP_SELF" but you can probably put it anywhere
after the first routine. I'm not sure if you'd have to re-do this every
time you upgraded wordpress, but it's likely. For this reason, a
plugin/script would have to be written.

Of course, you can replace 0.0.0.0 with anything you want. Wordpress
just thinks that every visitor has whatever IP you put in there.

I did a quick grep and found that the following files also have that
call in them:
wp-includes/comment.php
wp-includes/class-phpmailer.php

Some of my plugins also used it. It is my guess that since this is a
global variable, it doesn't matter what other files do since they'd
always arrive at 0.0.0.0.

You can use the same method to block referrer tracking as well. Just add
this line:
$_SERVER['HTTP_USER_AGENT']='scrubbed';

If anybody is experienced in PHP, it would be fairly simple to make a
plugin to do this. Hopefully somebody else can make use of the several
hours I put into figuring this out.

Now onto the rest of the privacy problems with Wordpress.....

Solidarity,
Ringo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJlHA16pWcWSc5BE4RAvjHAKC3RO3ggM45MPXp6IOZPhq1R/xA5ACaA/cJ
WPPF4K+0Q6rcA92m7vfkO9Y=
=vdBS
-----END PGP SIGNATURE-----