Findings
It is difficult to check this plugin functionality prior to installation on a production site, as local development is not supported, and setting up on a testing server requires it to be set up on the production server first (as per https://sitekit.withgoogle.com/documentation/using-site-kit-on-a-staging-environment/). This is a weakness of the current architecture, whether by necessity or design. It is also a fairly large codebase to review (at 61873 source lines of code) including dependencies and third-party libraries. From a basic inspection the code appears to be generally well-written.
Reason for the 'Use with caution' result
The plugin has been given this recommendation at the tester's discretion:
The reasons for use with caution rating are:
- A key issue is the need for the implementing user to implement any data protection requirements. For example, the plugin can include Google Analytics tracking, and the onus is on the user to ensure that any cookie consent controls are coded in ( with reference to https://wordpress.org/plugins/google-site-kit/#is%20site%20kit%20gdpr%20compliant%3F )
- Due to the extensive nature of the plugin, and the limitations of testing on non-production sites, it is difficult to fully assess the impact of the plugin on website configuration.