Wordpress GDPR: How to implement the new data protection regulation
If you use Wordpress for your website, you can easily implement some of the data protection measures required by the GDPR. We show you how to do it and what you have to watch out for.
GDPR: Wordpress core fit for the new data protection regulation
- The WordPress core team equipped the core of the CMS with new data protection tools in good time before the GDPR came into force.
- Wordpress version 4.9.6 enables the easy creation of a page for the data protection declaration. This declaration is automatically linked on login and registration pages. You can download the new version from our download portal.
- Two new tools make it easier to handle personal data. There is an entry for export and one for deleting the data.
- To ensure that the data is actually sent to the right person when you make a request, you can send the requesting, registered user a confirmation email in which they confirm their identity.
- Wordpress independently creates a ZIP archive of all information about the user who, for example, leaves a comment. This facilitates later export or deletion of the data.
Prevent saving of IP addresses with comments
Wordpress is well prepared for the GDPR. The storage of IP addresses in comments is a controversial issue that has not yet been fully resolved.
- The GDPR stipulates that only absolutely necessary personal data may be stored.
- It is discussed whether the IP address is really one of the necessary data for comments. One argument for storage would be that it is necessary in order to be able to trace comments that are relevant under criminal law.
- If you decide not to save the IP addresses of the comments, you have to program a little.
- To do this, open the file function.php of your theme in an editor and enter the following code without the quotation marks at the beginning and end: "function wpb_remove_commentsip ($ comment_author_ip) {return '';} add_filter ('pre_comment_user_ip', 'wpb_remove_commentsip' ); ".
- If you save the file and play it on the server, the IP address will no longer be saved for comments in the future. Please note that you have to change this file in your child theme. Otherwise the code will be overwritten with every theme update.
We have summarized what you as a website operator have to consider in a GDPR checklist.