WP DoNotTrack

Straight from WP DoNotTrack’s page on wordpress.org:

WP DoNotTrack stops plugins and themes from adding 3rd party tracking code and cookies to your blog to protect both your visitor’s privacy, your own security (in the admin-pages) and offering performance gains (limiting requests executed in the browser to render your pages).
This plugin can be useful if you want to:

  • make your WordPress blog/ site honour visitors who request not to be tracked, even if the 3rd parties you include do not (conditional privacy)
  • stop tracking by 3rd parties for all your visitors (absolute privacy)
  • protect your blog from rogue plugins that dynamically add malicious code to your wp-admin pages (security)
  • limit the number of external servers that are called from your blog (performance)
  • make your blog more compliant with the EU Cookie Law as implemented in a.o. the UK and Holland (with other EU countries to follow) using conditional privacy

WP DoNotTrack uses (a slightly modified) version of jQuery AOP to catch and inspect elements (images, iframes and scripts) that are about to be added to the DOM and renders these harmless if the black- or whitelist say so. You can block 3rd party tracking for all you visitors, or just for those that have navigator.doNotTrack set to “1” or based on a browser cookie.
The “forced” and “SuperClean” modes use WordPress’s output buffering to change the HTML slightly (“forced”) or thoroughly (“SuperClean”). SuperClean uses Simple HTML DOM Parser to filter unwanted 3rd party code from the HTML.
Feedback is welcome; see info in the faq for bug reports/ feature requests and feel free to rate and/or report on compatibility on wordpress.org.

You can find the most recent WP DoNotTrack information on this here blog. Feel free to ask questions or provide me with feedback in the comments on this page.

34 thoughts on “WP DoNotTrack”

  1. Heey,
    found out about the wordpress stats injecting quantserve only today, so I immediately tried your plugin.
    It does kill of the quantserve cookie for my blogs 🙂 Yay 🙂
    However I noticed that the js file from stats.wordpress.com ( http://stats.wordpress.com/e-201247.js ) makes a call to quantserve wich loads in another js file.
    Any way of blocking this to ? I’d love to keep using wordpress stats, but quantserv tracking is a very big no-no to me.

  2. I have donottrack installed on my wordpress site and have jetpack stats as well. I am using the ghostery chrome plugin to check for the tracker. Last night I finally got a page loaded that only showed google analytics and wordpress stats. Today the edge.quantserve.com cookie is back. I checked my settings–block for all, superclean, blacklist.
    Am I doing something wrong? It killed the quantcast on the admin page but not the blog page. I have dumped the cached pages and I still have this garbage coming through. Thanks for the help.

  3. One of the things that we want to be big on is offering more privacy to users who visit anything we offer.
    Perhaps a silly question but do you have plans to continue updating this plugin for a while? So many good plugins seem to die and site owners must abandon them. I love this idea and am hoping you’ll maintain it for a while.

  4. Great plugin but there are some problems when using the plugin on a SSL enabled WordPress site.
    Google Chrome, for example, interprets javascript:void(0) as unsecure content.

  5. This is a relatively known problem with Google Chrome and some IE versions.
    These browsers are considering javascript:void(0) as unsafe content for some kind of reason.
    This problem arise in donottrack.js and the following code:
    function aop_around(myTarget, myMethod) {
    aop.around( {target: myTarget, method: myMethod },
    function(invocation) {
    if ((typeof(invocation.arguments[0].src)==='string')&&((invocation.arguments[0].tagName.toLowerCase()==='script')||(invocation.arguments[0].tagName.toLowerCase()==='img')||(invocation.arguments[0].tagName.toLowerCase()==='iframe'))&&(invocation.arguments[0].src!=='javascript:void(0)')) {
    if (sanitizer(invocation.arguments[0].src)===true) {
    return invocation.proceed();

    Would be great if it is possible to change the code to fix this unsafe content problem.

  6. Sorry. My last suggestion generated a JavaScript error.
    Try to updated invocation.arguments[0].src='javascript:void(0)'; to the following invocation.arguments[0].src='';
    Now everything seems to work correctly.

  7. Please update plugin!! i use the extension in firefox not sure if its made by same peoeple but you should definately tweak it to latest trentds and release a new Version!! it would be a hit
    Last Updated: 184 days ago
    Requires WordPress Version: 3.2 or higher
    Compatible up to: 3.4.2

  8. Hi, great plugin! Gets rid of that pesky quantcast injection.
    Anyway, I’m not really tech-savy and I have a question regarding your plugin.
    I’m going to apply for Google Adsense soon and was wondering if running this plugin would cause a rejection. Is there anyway to allow the adsense scripts to run while WP DoNotTrack is running, thus preventing a rejection when I apply?
    You said something about whitelist/blacklisting. If I use the black-list option, will Google Adsense run normally if I make sure it isn’t added into the list? Or does WP DoNotTrack automatically block it?
    Basically, how do I ensure that I get approved for Google Adsense and stay approved while running WP DoNotTrack?
    Thanks for the clarification. Sorry if I sound like an idiot. I’m still new to this stuff, haha.

  9. Several WordPress plugins serve this tracking code called b.scorecardresearch.com … which sometimes seems to slow down page loading.
    Examples of plugins that introduce this tracking code:
    http://wordpress.org/plugins/share-this/ (ShareThis)
    http://wordpress.org/plugins/outbrain/ (outbrain)
    http://wordpress.org/plugins/nrelate-related-content/ (nRelated Related Content)
    … and many others that I won’t list (seems to be a popular tracking code).
    The opt-out page is on:
    I tried blocking “scorecardresearch.com” with DoNotTrack plugin, but alas, no luck.

    • Your plugin stops 3rd party cookies and respects a browser’s Do Not Track setting – is that correct?

      Well, it can stop 3rd party assets (javascript, images, iframes) from being loaded. If those assets are blocked, no cookies will be set. WP DoNotTrack will not stop 3rd party cookies from being set if the assets are allowed to be loaded (example; if you have youtube on your site, youtube/ google cookies will be set).

      Are all first party cookies excluded from this?

      indeed, you own site domain is automatically included in the whitelist and (off course) is not on the blacklist either.

  10. Hi,
    Thank’s for your plugin, i use it but i just discover it cause problem in AMP validation then i desactivate it.
    Hope you’ll find solution

  11. Hi. Wordfence is reporting that the plugin has been removed from the repository. Are you still maintaining it? Do you feel it is still safe to use?

    • It has indeed been removed. I am still using it myself, but I must admit the code is sub-par and it _should_ be rewritten from scratch focusing on allowlists & CSP, but I’m afraid I lack the time to do so …


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.