8
Mar

SlimStat Banned Due to Security Flaw

A major security flaw in the SlimStat WordPress Plugin seems to have led to it being removed entirely from the WP plugin directory as well as being banned from various platforms including WPEngine.com.

I’m disappointed to see SlimStat banned because it was not long ago that I discovered the popular analytics system for WordPress. And while Google Analytics had always been my first choice, I liked the relative simplicity of SlimStat. Hopefully they will be able to fix the security flaw and then be able to get the plugin back into the directory. In case that’s already happened by the time you read this post here is the (currently broken) link to the plugin at it’s former location SlimStat WP Plugin.

The SlimStat website is still up and running and I could not find any details about why the plugin hasn’t simply been fixed and then restored to the WP plugin directory rather than outright removed. The download link from the SlimStat site does link to the previous location in the WP plugin directory so it’s clearly not a case of the plugin deciding to do it’s downloads directly on it’s own site. Which would never make sense for a free plugin anyway.

I do remember when trying to make some custom features work using SlimStat that functions availabele to work with were quite rough, very difficult. Definitely not a modern style of coding in the plugin I felt from what I saw of the code as I dug around trying to make custom queries on the SlimStat data. Of course I can’t judge the plugin as a whole but it didn’t surprise me based on the code I saw that it might have a serious vulnerability given the type of plugin.

According to a report about this issue on PCWorld over 1 million sites could be affected by the SlimStat security issue. However that same article also mentions upgrading to a newer version as fixing the issue. This suggests SlimStat did release a working version that resolved the security flaw. Am I missing something? Unfortunately when I search for SlimStat aside from these security flaw reports I don’t see a lot of “news” but just mostly advertising and comparisons and technical information about using and integration the SlimStat plugin. Is there really a deliberate removal of SlimStat, or is SlimStat banned from the WP plugin directory? Cannot say for sure but I know one thing I cannot get the plugin from the WP Admin plugin interface or from the plugin author site or the official WP plugin directory. That makes the project seem dead to me.

It seems like for now it’s back to using Google Analytics. However aside from GA to me seeming very complex in it’s interface and functionality, it has a number of potential accuracy issues first details in this article (perhaps biased article!) from GA alternative CrazyEgg. It seems to make some good points, that if you want truly consistent accurate reporting there are a lot of situations to consider and you could be losing visitors from a wide range of circumstances. The one that I took notice of was the suggestion that up to 30% of Google Analytics tracking might be lost due to deletion or refusal of cookies. And though I’m normally marketing to North America, I’m aware of the law now in the EU that requires a cookie notice and for cookies to be accepted by users from EU-based sites. How does this play into the situation with Google Analytics tracking? All questions I’ll be looking into and would appreciate comments about.

There are alternatives but most of these come at a price or have limited free usage. One that caught my eye is MixPanel which is similar in concept to KissMetrics. Unlike KissMetrics which is very pricy even at low levels of traffic the MixPanel is free up until a certain level. And comparison testing and reviews seem to suggest most prefer it over KissMetrics and others are only slightly leaning toward Kiss as the better tool. What is interesting is MixPanel gets straight to the useful data, the actual analysis or decision-making data unlike Google Analytics which still focuses on views and bounces and their main quantification of what visits are all about. MixPanel promises us the ability to measure every event on our site, and that’s a prospect that is exciting to me. With GA I know there is an API for event tracking, but if a developer like me finds it daunting then how many websites are actually implementing custom events tracking on things like video plays and subscription form views and other events?

This post originally about SlimStat has morphed for me into a research session and reporting about Google Analytics and alternatives. To wrap it up, SlimStat at least for now seems to be a dead project despite it’s once significant install count of 1 million plus. The search is still on for alternatives other than Google Analytics. And the question remains what is the best approach both to collecting but also analyzing and acting on user data? One thing is for sure in 2015 and beyond the marketer best able to make sense of data and best able to make data-driven decisions will be most capable of creating friendly and efficient user experiences.

About Joel Milne
Lead developer at GoldHat Group.
No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *