In 2014, just before the Automattic Utah Grand Meetup I got an automated email from my site. It said that there was a suspicious file in a folder on my site. I checked, the contents were okay by me and I carried on.
On the way to the GM my mind suddenly popped up with “Hey, that folder, it’s not part of your site. Why did I get that email?”
I will try to explain.
If you have a self-hosted WordPress site – like this one you are reading – and nothing else on the server your www / public_html directory will look like this:
But you might be hosting other domains, you might upload images, text, data to other folders that you know about but no-one else. In that case your www / public_html directory might look like this:
Look at those four folders at the top.
They do not have WordPress installed, they are not part of the WordPress installation and they may well be private to you.
Jetpack looks inside them.
Does it log your data? No idea
What data does it actually send to Automattic? No idea
When I installed Jetpack I expected that it would look after the files inside /wp-content. Plugins, uploads.
What I did not expect was that Jetpack would go out of the WordPress folder, go to root and roam around freely looking at whatever it wanted.
I checked the terms of the Jetpack install at the time and this was not mentioned.
I p2’d a concern but … tumbleweed
I do not believe that Automattic make it clear exactly what Jetpack will do. They should do.
If you have Jetpack installed on your site and you have nothing else there that you would not mind being known by someone else, fine. Use it.
But if, like me, you do have other domains / folders and you expect privacy? Remove Jetpack.