The EU GDPR came into force on 25.05.2018. We offer you an overview of the technical precautions that we consider important against the background of the GDPR in order to operate your WordPress website in a legally compliant manner.
Disclaimer
Our blog post is not legal advice! As part of our work as a WordPress hoster, we have dealt very intensively with the applicable German data protection regulations and the EU GDPR. However, we are neither lawyers nor data protection experts. We assume no liability for the completeness, timeliness and accuracy of the measures and content provided by us.
Remove GDPR-critical WordPress plugins and replace them with GDPR-compliant alternatives
If plugins have to establish a valid connection to another website and pass on data such as the IP address, this becomes problematic. Such plugins should definitely be replaced with an EU GDPR-compliant alternative - at least until the manufacturers release a legally compliant version of their plugins.
Collect anonymous visitor statistics
Of course, we would also like to know what works particularly well on our website, what people like to read or share, how long visitors stay on a page or how high the bounce rate is. The EU GDPR has made the legal situation a little stricter. As under the previous German General Data Protection Regulation, you must completely anonymize every visitor to your website. However, no further personal data may be transferred to other services.
For this reason , we recommend Statify so that all anonymized personal data remains on your website and is not passed on to any other services.
According to the plugin information, the plugin does not process, send or store any personal data such as cookies or IP addresses outside your website.
Using legally compliant avatars for blogs and comments
- Avatar Privacy enables GDPR-compliant use of the WordPress Gravatar function
Avatar Privacy by Peter Putzer offers the following features for the implementation of the GDPR: Firstly, the hash of email addresses is not published if there is no Gravatar account. Secondly, it offers an opt-in or opt-out for the display of the Gravatar in comments and in the user profile. The plugin also provides new default avatars, which are loaded from the local server instead of the gravatar.com server in the USA.
An alternative is to completely deactivate gravatars on your own website:
- WP User Avatar instead of Gravatar
However, to deactivate Gravatar completely in WordPress, you need to make the following settings in the WordPress admin area under the menu item "Settings": Scroll all the way down in the submenu under Discussions until you reach the Avatars section. Then deactivate the checkbox: "Avatar display - Show avatars". Click on Save to apply the settings and delete the cache of your website. Your website should now no longer communicate with wordpress.com.
Double opt-in procedure for comments
It should be noted in advance that the notification of further comments on your own comment already assumes that data will be passed on. If you want to rule out a negative interpretation of this "gray area", use the free Subscribe to Double-Opt-In Comments plugin. This requires the visitor to actively confirm in advance that they really want to receive notifications about follow-up comments.
Restrict anti-spam protection to your own website
You can use Antispam Bee or Akismet, for example. Antispam Bee can be used in compliance with the GDPR if you observe the following plugin setting: The "Consider public spam database" function must be deactivated to prevent the IP addresses of your visitors from being transmitted to the Stop Forum Spam service. The language filter, which uses the Google API, is, contrary to what many assume, unproblematic in terms of data protection:
If the language filter has been activated, the first ten words of each comment are sent to the Google service for speech recognition. Three words of the comment content. Not the email address, not the name of the person making the comment, not the IP address. Bottom line: no personal data and therefore no problem. - Simon Kraft, member of the plugin collective
Possibly replace WordPress backup plugins with alternative solutions
To counteract the transfer of personal data to US servers, for example, and to free up additional performance capacity on your website as a positive side effect, you should consider doing without special WordPress backup plugins. There are also alternatives to a WordPress backup plugin that you can consider.
Use web server caching instead of WordPress caching plugin
Many caching plugins do a good job when it comes to caching your website. Caching allows the website to be delivered faster. However, caching also involves a loss of control over the data.
A legally compliant alternative, which also ensures that the performance-heavy plugins disappear, is to use the server-side cache.
The advantage: the data is already stored when it is delivered and, at least in the case of Raidboxes, is only stored on German servers with guaranteed ISO 27001 certification.
Prevent problematic social plugins
Share services often use data as soon as your visitors are on the website with an active social plugin. Even if nothing has been shared yet, the data is already being passed on. This is critical in terms of the GDPR.
Contact form plugins
According to the General Data Protection Regulation, sending a form requires the consent of the sender. Data includes not only the personal IP, but also the email address and the content itself. An opt-in for consent to data storage can be implemented with an additional acceptance checkbox in Contact Form 7 and in Gravity Forms, for example, with the free WP GDPR Compliance plugin. Nowadays, however, all plugins of this type should have implemented the GDPR requirements.
Newsletter & e-mail marketing
In your newsletter forms, only the email address should be a mandatory field, all other data such as first name and surname should only be requested optionally. As with all forms, the double opt-in procedure also applies to the newsletter form, as well as the greatest possible transparency in the information about what exactly you are aiming to achieve or offer with the newsletter.
If you have not done so before, then always use the double opt-in procedure! With double opt-in, the email recipient must explicitly click on the link in a confirmation email a second time after the first registration in order to be added to the mailing list. This ensures that nobody registers for a newsletter in your name and that you actually want them to register.
Technical measures outside of your WordPress plugins
SSL encryption
SSL encryption is not mandatory under the GDPR, but secure data transmission around your website is not possible without an SSL connection. You can also find out more about SSL in our extensive Let's Encrypt SSL compendium.
Don't want to set up the SSL certificate yourself? Then use SSL certificates from Let's Encrypt, for example, which you can activate quickly and easily for your WordPress website free of charge with a one-click installation.
Create Google Analytics opt-out
In this context, it should be pointed out once again that the complete anonymization of visitors is mandatory. To ensure this, the following line of code must be added to the frequently used Google Analytics:
ga('set', 'anonymizeIp', true);
If your Javascript snippet looked like this beforehand:
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXXXXX-X', 'auto');
ga('require', 'displayfeatures');
ga('require', 'linkid', 'linkid.js');
ga('send', 'pageview');
</script>
the code looks like this after adding it:
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXXXXX-X', 'auto');
ga('require', 'displayfeatures');
ga('require', 'linkid', 'linkid.js');
ga('set', 'anonymizeIp', true);
ga('send', 'pageview');
</script>
Furthermore, you must create an option in your privacy policy that allows visitors to your website to completely opt out of Google analysis. You can find a free opt-out plugin for Google Analytics called Google Analytics Opt-Out in the WordPress plugin directory. This installs a cookie that prevents analytics.js from collecting the data.
Anonymized IP addresses in blog comments
WordPress saves the IP addresses of commenters by default. However, the collection of IP addresses is not compliant with the EU GDPR. You can use a small PHP code in your functions.php to prevent the future storage of IP addresses. We recommend using a child theme for this so that the code is still integrated after the next update of your theme. The code to be inserted is
function wpb_remove_commentsip( $comment_author_ip ) {
return '';
}
add_filter( 'pre_comment_user_ip', 'wpb_remove_commentsip' );
Finally, you need to manually delete existing IP addresses from your website's database once. You can find good instructions on how to do this here.