Disable Google spies from default WordPress during update time

This method is for a default WordPress archive taken from WordPress.org site, without external plugin. The explaination are against WordPress 3.8.3, upgrading from version 3.8. We will assume here, that your public web directory is www/, but it depends on hosting service, distribution or your own configuration.

Before starting the update, SAVE YOUR FILES AND DATABASE. I also assume that you use the default wordpress directory for serving your blog and database named wordpress.

tar cf wordpress.tar www/wordpress; gzip -9 wordpress.tar     # Archive directory containing WordPress installation.
mysqldump -a wordpress >wordpress.dump; gzip -9 wordpress.dump         # Dump the associated mysql database


Then unarchive the new wordpress version, outside ot the public directory.
Choose the corresponding line, depending on your file archive:

unzip wordpress.zip
tar xf wordpress.tar.gz

Copy files and directory (I wrot about another simple WordPress installation, think to verify what you will overwrite, else you will need to restore your backup, also, warning to the right of directories. WordPress script should be able to write to wp-content/uploads subdirectory for working :

rsync -a wordpress/* www/wordpress/
rm -R wordpress

The most important of all the ungooglization, is to replace the default Google spellchecker, by a local pspell installation, or a local web managed spellchecker. By default, it uses Google spell checker. That means that everything you type in your interface, immediatly goes on Google servers for analyze, without asking you

in the file wp-includes/js/tinymce/plugins/spellchecker/config.php :

        $config['general.engine'] = 'GoogleSpell';
        //$config['general.engine'] = 'PSpell';
        //$config['general.engine'] = 'PSpellShell';


Comment the first line (GoogleSpell) by adding a // at the begining of the line and uncomment the second (use local php libpspell function), or third, (use aspell command line function). In both cases, you will need to install pspell on your system, and a language spellchecker file, for exemple, aspell-en for english, aspell-fr for french, aspell-es for spanish, and so on… They are generally available in your distribution packages.

This should result in something better like that :

        //$config['general.engine'] = 'GoogleSpell';
        $config['general.engine'] = 'PSpell';
        //$config['general.engine'] = 'PSpellShell';

On Debian or derivated distribution for example, download for libraries : php5-pspell if you use the distribution php. And libpspell-dev libaspell-dev for compiling php with pspell support by yourself, and aspell for using aspell by command line.

2nd ungooglizing. By default, WordPress uses scriptaculous script (make some animation and effects on the interface), but load it from ajax.googleapis.com. So, Google know, when you connect to your WordPress interface, and when someone connect to your site (Using the HTTP referer).

If you want to use scriptaculous, download the zip from here, install it locally in your www/js/ directory, for example, think to rename scriptaculous-js-1.9.0 in scriptaculous, or to make a link scriptaculous => scriptaculous-js-1.9.0.

The links are in the file wp-includes/script-loader.php, here are the default lines :

	$scripts->add( 'scriptaculous-root', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js', array('prototype'), '1.9.0');
	$scripts->add( 'scriptaculous-builder', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/builder.js', array('scriptaculous-root'), '1.9.0');
	$scripts->add( 'scriptaculous-dragdrop', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/dragdrop.js', array('scriptaculous-builder', 'scriptaculous-effects'), '1.9.0');
	$scripts->add( 'scriptaculous-effects', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/effects.js', array('scriptaculous-root'), '1.9.0');
	$scripts->add( 'scriptaculous-slider', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/slider.js', array('scriptaculous-effects'), '1.9.0');
	$scripts->add( 'scriptaculous-sound', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/sound.js', array( 'scriptaculous-root' ), '1.9.0' );
	$scripts->add( 'scriptaculous-controls', '//ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/controls.js', array('scriptaculous-root'), '1.9.0');
	$scripts->add( 'scriptaculous', false, array('scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls') );
	$scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array('scriptaculous-dragdrop') );

Replace them like this:

	$scripts->add( 'prototype', '/js/scriptaculous/prototype/prototype.js', array(), '1.7.1');
	$scripts->add( 'scriptaculous-root', '/js/scriptaculous/src/scriptaculous.js', array('prototype'), '1.9.0');
	$scripts->add( 'scriptaculous-builder', '/js/scriptaculous/src/builder.js', array('scriptaculous-root'), '1.9.0');
	$scripts->add( 'scriptaculous-dragdrop', '/js/scriptaculous/src/dragdrop.js', array('scriptaculous-builder', 'scriptaculous-effects'), '1.9.0');
	$scripts->add( 'scriptaculous-effects', '/js/scriptaculous/src/effects.js', array('scriptaculous-root'), '1.9.0');
	$scripts->add( 'scriptaculous-slider', '/js/scriptaculous/src/slider.js', array('scriptaculous-effects'), '1.9.0');
	$scripts->add( 'scriptaculous-sound', '/js/scriptaculous/src/sound.js', array( 'scriptaculous-root' ), '1.9.0' );
	$scripts->add( 'scriptaculous-controls', '/js/scriptaculous/src/controls.js', array('scriptaculous-root'), '1.9.0');
	$scripts->add( 'scriptaculous', false, array('scriptaculous-dragdrop', 'scriptaculous-slider', 'scriptaculous-controls') );
	$scripts->add( 'cropper', '/wp-includes/js/crop/cropper.js', array('scriptaculous-dragdrop') );

In one line

sed -i 's/\/\/ajax.googleapis.com\/ajax\/libs\/scriptaculous\/1.9.0/\/js\/scriptaculous\/src/g' wp-includes/script-loader.php

3rd, ungooglize, themes. Two of the default themes will get fonts from Google. So here, that’s the same problem than 2nd Google know when you connect to your interface, and when user read your site. (via HTTP referer).

In twentythirteen (wp-content/themes/twentythirteen/functions.php), you need to replace //fonts.googleapis.com/css by "/css". So

$fonts_url = add_query_arg( $query_args, "//fonts.googleapis.com/css" );


Should become:

$fonts_url = add_query_arg( $query_args, "/css" );

In twentythirteen (wp-content/themes/twentytwelve/functions.php), you need to replace //fonts.googleapis.com/css by "/css", So

$font_url = add_query_arg( $query_args, "$protocol://fonts.googleapis.com/css" );


Should become:

$font_url = add_query_arg( $query_args, "/css" );

You need a local copy of the fonts in /css directory or to change the name of the fonts in the CSS. I probably prefer to have them in /fonts directory instead of /css, because fonts can also be used by a variety of tools.

Update. I find other googleapis refs for fonts after installing w3-total-cache plugin. :( So I disable it until I’ve time to clean the whole thing:

$ rgrep googleapis .
./wp-includes/script-loader.php:         $open_sans_font_url = "//fonts.googleapsi.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets";
./wp-content/themes/twentyfourteen/functions.php:		$font_url = add_query_arg( 'family', urlencode( 'Lato:300,400,700,900,300italic,400italic,700italic' ), "//fonts.googleapis.com/css" );
./wp-content/plugins/w3-total-cache/lib/W3/ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/lib/W3/PageSpeed.php:define('W3TC_PAGESPEED_API_URL', 'https://www.googleapis.com/pagespeedonline/v1/runPagespeed');
./wp-content/plugins/w3-total-cache/configs/0.9.2.6-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/configs/0.9.2.10-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/configs/0.9.2.11-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/configs/0.9.2.9-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/configs/0.9.3-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/configs/0.9.2.7-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-content/plugins/w3-total-cache/configs/0.9.2.8-ConfigKeys.php:        'default' => array('https://ajax.googleapis.com')
./wp-includes/js/tinymce/themes/advanced/skins/wp_theme/dialog.css:@import url('//fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=latin-ext,latin');

Gravatar

September 2, 2014 update: I forgot to disable avatars. Avatar activation on WordPress add search of scripts and assets at Gravatar slow network. This make several ping-pong, that slowed down my website thes evening at least by ten, so I noticed it. After removing it, pages come immediatly :)… Sorry for people that use this kind of crappy “social” network spies (think about where they get profits ;) ).