1. David Decker

    First, I don’t believe in auto activation. Second, as a security plugin we have an obligation to protect users privacy along with their site so anything that communicates remotely must be opt-in rather than opt-out.

    This is entirely true!

    I am glad that iThemes is going that route! It’s the only way the users privacy is fully respected. We need more companies that respect this and don’t use auto-activation and rather use opt-in techniques. The majority of users don’t want auto-activation of anything. And if you want to go internationally you should avoid it to avoid conflicts with legal restrictions in certain countries or areas. The mantra “decisions not options” doesn’t apply here because you should not patronize the user.

    I don’t know why the comparison with Jetpack is brought into this post here: both plugins are like apples and oranges. Jetpack don’t even has the pronounced brute-force module yet. And even if it had it one day, iThemes Security is a totally different plugin for 99% of other use cases.

    Some kind of module strategy may be a nice idea for iThemes Security, however, I doubt it makes full sense at the end of the day because many security tools depend on one another. So you should better collect modules or tools together that belong to each other or technically depend on each other to gain more security protection for the user.


    • Chris Wiegman

      Hi David,

      I don’t know about the Jetpack comparison either but iThemes Security already is modular in many ways (we just need our UI to reflect that). In our case all features are opt-in and if you haven’t selected “enable” for any given feature (as denoted by the individual meta boxes) than not only is that feature not active but its code won’t even load on your front-end ensuring that there is no performance issue or bloat left behind for the user. In addition, this allows to easily add or remove entire feature modules quite easily if needed.


Comments are closed.

%d bloggers like this: