Snitch for WordPress monitors outgoing network activity
WordPress in many aspects requires as much attention as the operating system of your computer. One of the things that you should monitor regularly are the outgoing connections that the blog software or installed plugins make. This can not only be useful to detect malware before it is running rampant on the blog and affecting search engine rankings and the blog's reputation, but also to make sure that plugins or scripts do not phone back home.
Snitch is a new plugin for WordPress that monitors the outgoing network traffic activity of the blog. You can compare it to a limited firewall that is set to monitor by default. While monitoring may be useful enough for some purposes, the real strength lies in the ability to block further outgoing connections to select addresses.
Say you have installed a plugin that you really like, but noticed that it phones home whenever a blog article is updated. If there is no reason for that, you may prevent that from happening. The same can be true for other connections that are made by plugins, scripts or even WordPress itself. You can also use it to prevent regular connections from being made, say the pinging of specific destinations.
Once you have installed Snitch on your blog, it will automatically record all outgoing connections that are made on it. You can test that right away by updating or publishing an article, or wait some time to watch the list grow naturally.
Each connection is listed with its destination, the file that caused it, the state, code and time the connection happened. For each WordPress file, you also see the line of code that originated the connection which can help you with your research. The program furthermore highlights if the file is a WordPress Core file or a plugin or theme.
When you hover the mouse cursor over an entry, you get options to block hosts or files so that they can't create new connections anymore.
The plugin uses WordPress' HTTP API to monitor the network traffic which means that it won't catch external connection attempts, e.g. from scripts that have been integrated manually into the theme.
Note that Snitch's description on the WordPress Plugin respository is in German right now. The plugin interface on the other hand is in English as well.Advertisement