Woopra Analytics Plugin Reveals TOO MUCH

If you hang around the Lab much you know I’m in the middle of a series of posts on Page Load time Analysis and Improvement.

In the course of doing this I’m looking at the page source checking the page load code I put in place that tells me how many queries were run and how long it took to load the page.   I’ve been pretty focused on that one line till a couple of days ago when my eye was caught on my email address.

Woopra WordPress Plugin Reveal

I’m thinking, “Why the Heck is my email address in the page source?”   And, my name is there along with my email address.   Howly Craptastic what is that doing there.

It was/is in the Woopra Tracking code from the Woopra WordPress Plugin.

<!-- Woopra Analytics Code -->
<script type="text/javascript" src="//static.woopra.com/js/woopra.v2.js"></script>
<script type="text/javascript">
woopraTracker.addVisitorProperty('name','Dave Smith');
woopraTracker.addVisitorProperty('avatar',more stuff here');
<!-- End of Woopra Analytics Code -->

Yes that’s my real name, NO that’s not my real email address.

But if you have the Woopra Plugin active on your blog check out the page source.   There you will find around the bottom of the page the same Woopra Analytics Code with your name and email address hanging right out there for every spam bot in the universe.

How Do I Remove This and Keep Woopra Analytics

It is a simple fix.

  1. Log into your Woopra Analytics Account
  2. Go to your blog settings and copy the tracking code provided
  3. Go to your Theme Editor and paste the code into the Footer.php file
    just above the </body> tag, then save.
  4. Go to the Plugin Tab and Deactivate the Woopra Plugin

Your Tracking will be un-interrupted and you won’t be giving away your name and email address to every spam dick and harry in the universe.

Now aren’t you glad you hang around the Blog Lab ?


  1. Why would I not want this info in my source code?
    .-= Keahi Pelayo´s last blog ..One Honolulu House For Sale =-.

  2. Keahi,

    You never, NEVER want your email address anywhere on the web if you can prevent it. There are spam bots out there gather email addresses constantly.

    This is why we use a contact form. They can email us, but we don’t expose the email address on the web.

    Fax, Phone, but I never give out my email address. Spam bots are only looking for email addresses to harvest. So if you want more email on how you can get drugs or enhance your body parts. Go ahead and publish your email address. (Oh if you are lonely and don’t get much email is another reason) Otherwise, protect your email address and use a contact form.


  3. It is universal that I must give my e-mail address when leaving comments on various sites.

    About 90% of them keep their word and never publish them.

    But, the last 10% do not.

    As a result, if a person blogs a lot, especially if he or she enjoys visiting other blogs, you can be sure that within a few short weeks, one’s e-mail address is going to be fully compromised.

    It is the price one pays in this world of blogging.


    ToysPeriod is a leading online shop specializing in lego sets and model railroad equipment.
    .-= Beth Charette´s last blog ..New Product: BRIO 33478 Transportation Station Two Track Train Depot 1996 =-.

  4. Beth,

    We aren’t talking about the same thing. You are talking about a blog owner who exploits the email addresses that are left by those that comment on their blog.

    When you leave a comment on a blog your email address does not show up in the source code. If you look at the View Page Source for this page and do a Find on your name, you will find it, but not your email address. It is not published in the source.

    What I’m talking about is the Woopra Plugin publishes your email address right in the source code for any spam bot to find while harvesting email addresses from the net.

    Totally different issue.


  5. Good catch! Real estate bloggers need to be more vigilant about exactly this type of thing, which is why I train all the agents I coach to check the source of whatever they install. It’s simply a smart habit.

  6. Often times, we get caught up with snazzy new features for our websites and don’t slow down to assess the way these “new features” change our sites. Duplicate URLs, 404s, and other SEO-hindering plugins are one thing, when it’s your personal information or security, it’s another.

    Any word from Woopra on this?

    I have been using Google.Analytics for WP and looking for an alternate solution that works just as well.
    .-= Brainerd Minnesota´s last blog ..Top Five Minnesota Lake Homes =-.

  7. Brainerd,

    I haven’t heard anything from Woopra on this. I do like Woopra better than Google Analytics. It is instant and live. I love knowing how much traffic all my sites are getting live.

    The answer to the Woopra Plugin issue. Don’t use it. Get your Woopra Account and put the tracking code into the footer.php file. It takes a second longer and you have to remember of you change themes to add the code to the footer of the new theme. But that is true of almost all tracking codes.

    If you have less than 30,000 visitors in a month you can get the free account. I track 7 sites all from my desktop application. All of them live. It is great.