[lang_de]Dieser Beitrag ist leider nur auf Englisch verfügbar. (Er darf aber gerne auf Deutsch kommentiert werden.)[/lang_de][lang_en][/lang_en]

The popular “Share this” WordPress plugin monitors your blog and your visitors. Each time a visitor calls a page of your website containing the Share This widget, they will download a so-called webbug. It’s the image at the bottom of the Share This widget.

Although the unique identifier of the webbug is generated randomly (something like 775e8ba2-8ea3-48a9-a071-6ebdd986d676) on your blog at the first usage, the sharethis.com server (from which the image is loaded) is able to associate your site with this unique identifier by the HTTP referer a browser sends. Therefore, using similar techniques as e.g. Google Analytics, sharethis.com is able to see how many visitors you have and which of your pages they viewed. In my opinion, this is quite insolent, as it massively invades your and your visitors’ privacy.

How can you protect yourself from this? You need to modify the file share-this.php from the plugin. The easiest way is to simply delete line 702 (in “Share this classic”, v1.5.1) where the image code is generated:

<div id="akst_credit"><a href="http://sharethis.com"><img src="http://r.sharethis.com/powered-by?publisher=<?php print(get_option('st_pubid')); ?>" alt="Powered by ShareThis" /></a></div>

Another option would to beat sharethis.com at their own game: Replace (also in line 702) get_option('st_pubid') with ak_uuid() (their internal function to generate the unique identifier), thus messing up their database. Just kidding — just remove the code as described.

Update: Looking a bit deeper into the plugin, I realized that it’s not only a webbug that the plugin loads, but also, each bookmarking is redirected to sharethis.com’s server! This means, whenever somebody clicks a bookmarking link, they are first sent to sharethis.com’s server and then redirected from there. You can overcome this, too, by a little modification: Change line 304 of share-this.php (in “Share this classic”, v1.5.1) to return base; — then you and your visitors are taken to the bookmarking service directly.

Update 2: More occurences of the offending technique are on the page which Share This displays when JavaScript is deactivated. Again, each bookmark link redirects to sharethis.com first, and the image in the footer is a webbug. To disable these items, change line 1132 in share-this.php to print('<li><a href="'.$link.'" id="akst_'.$key.'">'.$data['name'].'</a></li>'."n"); and remove the footer (some lines deeper).

Are you using Google Sitemaps, and does your website have very many pages? Then you will usually have a sitemap index file along with a number of sitemap files in your document root. Now, you might want to tidy up and move those sitemap files to a subfolder — but that doesn’t work, as Google requires the sitemap files to be in the document root. What to do? You can use mod_rewrite to solve this:

Create the directory gg_sitemaps and move your sitemaps index as well as all your sitemap files there.

Add the following line to the file .htaccess in your document root (if it doesn’t exists, create it):

RewriteRule ^(sitemap.*)$ /gg_sitemaps/$1 [L]

(Note: This assumes that your sitemap index and the sitemaps files start with the string sitemap, e.g. your sitemap index file it could be sitemaps.xml, while the sitemaps files could be sitemap0.xml, sitemap1.xml and so on.)

Now your sitemaps are out of the document root, but Google will still see them as if they were in there.

By the way, this also works for the Google sitemaps verification files: If you want to verify your site in Google Webmasters, you need to upload a file to your document root. (You could also add a meta tag, but that’s not so good.) Adding a single file isn’t a problem, but if you want to allow different people to manage this domain in different Google Webmaster accounts, or if you have multiple domains in the same document root, you will need to upload more than one file. Again, we can solve this with some mod_rewrite magic:

Create the directory gg_verify and move all your verification files there.

Add another line to the file .htaccess in your document root:

RewriteRule (^google.*$) /gg_verify/$1 [L]

Again, Google will think, the respective file is in the document root, while actually it is in the designated subfolder.