Plugin Name:IP Logger v.2.8
Date of review: 24th January 2010
Author profile: M. Retzlaff
WordPress plugin directory link: IP Logger
“IP Logger” WordPress plugin tracks records about every visitor of your site in the separate MySQL table in your WordPress blog database. Visitor’s information has a lot of data including IP-address, user agent, country code, country name, city, etc… Convenient graphical visual presentation for that data is available via admin dashboard widget. Data can be exported into CSV or XML format. Plugin offers undesirable visitors blocking feature also.
For more details about this plugin functionality you can visit plugin page at wordpress.org and original IP Logger plugin page at the author’s site. I just tell you about my impressions after investigating this plugin in this technical review.
Author of this plugin follows general coding standards. His code is accurate, easy enough to read. After investigating the source code I can confirm that
"IP Logger" WordPress plugin operates as declared by its author in general.
Just for your sites security, I have to tell you about one thing about which M. Retzlaff didn’t write in the plugin description:
“IP Logger” WordPress plugin uses unknown external WEB service to get visitor IP address details.
“IP Logger” uses the “IP Details” PHP class written by Chetan Mendhe. This class sends request to "http://220.127.116.11/ip/?ip=" every time "IP Logger" tries to track your site visitor IP address. Server "18.104.22.168" belongs to Chetan according to the "IP Details" PHP class description. That's all information available about that WEB service.
M. Retzlaff, "IP Logger" plugin author, wrote in the
"IP Logger" plugin description:
"It is important for your security and to keep 'spying' services like Google Analytics outside".
Well made, guy, you keep legal and well-known all over the world Google corporation service outside successfully, but send the same data to another 'spying' WEB service instead. That unknown WEB service works without any guarantee that it will work tomorrow or next month. Did '22.214.171.124' service show any user data privacy statement? I didn't see it. How server owner uses all statistical data from sites sending IP Details requests to it? We don't know.
I'm sure that WordPress plugin author MUST declare to the plugin users such things as the hidden use of external WEB service. It is the plugin user choice after that to use that service, sharing with them his\her critical data, or not. As for now there is no chance for such decision for any "IP Logger" plugin user without strong technical background. That's the main reason I decrease the total score for
"IP Logger" plugin in this review by 2 points.
I think that it will be good for M. Retzlaff to build its own web service with the same functionality to correct the situation. This way
"IP Logger" plugin users will have guarantee that
"IP Logger" plugin will work correctly while M. Retzlaff supports it.
Except the mentioned above,
"IP Logger" has not any hidden code which make something malicious or not declared by the author in plugin description.
I didn't meet with bugs during installation and light tests I made. M. Retzlaff (the author) made a good job and works on enhancing his plugin.
"IP Logger" plugin executes uninstallation code every time you deactivate it. It fully removes its tables from your database. So be ready to loss your site statistics during upgrade the plugin to the next version :). It is a good practice to deactivate plugin before upgrade it. WordPress built-in plugin upgrade feature make this: deactivates plugin, updates files, activates plugin. Another case is when you meet some problem with blog functionality you deactivate plugins one by one to find what plugin makes bad job. Do you suppose to lose your statistics or another data when just deactivate plugin for a minute?
Be careful with
"IP Logger" plugin deactivation, make backup copy of prefix_ip_logger, prefix_ip_logger_block MySQL database tables before it if you need to save your site statics.
"IP Logger" plugin has the statistics data records auto delete feature. It is convenient for sites with large traffic volume. But just imagine, this auto delete code is called every time visitor hits your blog page. SQL delete command uses where condition to compare record creation date with your blog days quant option. 'stamp' column (in which record creation date and time are stored) has no index. If you have a lot of records in the ip_logger table such delete command will read all table data every time your site shows its page. You can get performance degradation easily with such functionality.
For example, if you wish to make deletion once a day, you can add option to store the date of the last deletion. Thus, delete operation must be executed only, if the date in such option is not equal to the current date. Similar for deletion execution once a week, etc.
"IP Logger" plugin stores its data in the database tables very ineffectively. For example, every record has country, region, city character fields with length from 50 to 100 characters. Relational database allows to decrease data size in this case with use of linked tables. Store country name 'France' one time in the separate table and put into main statistics table just the id of that country record. Record length will be smaller, all data of the table will be processed faster...
With all criticism above I can give this
"IP Logger" plugin only 3.0 mark with this review. I hope M. Retzlaff will read it and make updates needed to improve his plugin in the nearest future. We will read about it in the next
"IP Logger" plugin review :).
Thanks for the reading,
Tags: wordpress plugin review