I’m mystified by the way affiliate tracking is implemented. This is a security risk like bending over in a prison shower.
s2member is a great product, but rather than expose all this information by putting it on a page where anyone can see it and anyone can write malicious code to intercept and manipulate it – I have no particulars on what malicious interceptors might do with it – doesn’t appeal to me in the least. I’d much prefer if s2member would keep the my data, e.g., and especially, user ids and names, on my server. I see no reason why any third party, including but not limited to affiliate trackers, should have my internal data. Any third party with whom I have an account should permit to create ids on their system to that map to may data, not include my data. Any required communication should provide a secure way to exchange data. Any identifying information should be exchanged in a manner that can’t be interpreted by anyone without direct access either to my server or to the third party server. Reasonable security is reasonable to implement. Even simplistic security would be better than what they’re doing. The complete absence of security is one reason – what I consider high cost for little or no useful product or service is another; the ease of doing it myself is another; and the ability to have what I want rather than what an affiliate tracker wants to give me is another – why I’m handling my own affiliate tracking.
s2member is an $89 plugin. You shouldn’t and you don’t have to go the expensive and ridiculously complicated and difficult route of third-party affiliate trackers.