Today, I will be talking about WordPress cookie consent – what it is, why you need to respect it, and how you can implement it on your website. It’s a subject that we all love to hate: on the one hand, those popups asking you to consent to cookies are very annoying, but on the [...]
The post 7 Best WordPress Cookie Consent Plugins in 2022: Stay on the Right Side of Data Protection Laws appeared first on Learn WordPress with WPLift.
Do you want to create GDPR-compliant forms in WordPress?
European Union’s new GDPR law requires explicit user consent to store personal information so that users can have more personal control over their data stored on websites.
In this article, we will show you how to easily create GDPR-compliant forms in WordPress.
The General Data Protection Regulation (GDPR) is a European Union (EU) law that became effective on May 25th, 2018. This new law aims to give EU citizens control over their personal data and change how companies and businesses handle data privacy around the world.
For more details, see our ultimate guide to WordPress and GDPR compliance which will answer all your GDPR-related questions in plain English.
A typical WordPress site may collect users’ personal information in a number of ways. One of which is by adding forms to the site. Most forms collect personal information, and you may want to make sure that your WordPress forms comply with GDPR.
In order to make your WordPress forms GDPR compliant, you will need to add the following features:
Having said that, let’s take a look at how to easily create GDPR-compliant WordPress forms. You can click the links below to jump ahead to any section:
We recommend using WPForms to make GDPR-compliant WordPress forms. It is the best contact form plugin for WordPress and has built-in GDPR enhancement features.
For instance, you get a 1-click GDPR Agreement field for your forms, GDPR-compliant data retention best practices, easy entry management system to quickly find, export, or delete user data upon request.
First, you need to install and activate the WPForms plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
For this tutorial, we’ll use the WPForms Pro version because it includes the disable user cookies and user details options. However, you can also use the WPForms Lite version to create a GDPR-compliant form.
Upon activation, you need to visit WPForms » Settings page and enter your license key. You can find the license key in the WPForms account area.
Next, you’ll need to scroll down to the GDPR section.
There, you need to check the box next to the GDPR Enhancements option.
Enabling the GDPR Enhancements option will reveal two more GDPR-related settings.
The first option, ‘Disable User Cookies,’ will stop WPForms from storing user sessions. This cookie contains a random unique identifier that helps WPForms add features like related entries, form abandonment, and geolocation. Disabling it will also disable those features.
The second option, ‘Disable User Details,’ will stop WPForms from storing user IP addresses and browser information. Both of these settings are optional, and you can check them if you feel that you don’t need these features.
Don’t forget to click the ‘Save Settings’ button to store your changes.
WPForms is now ready to create GDPR-compliant forms in WordPress. You can now go to WPForms » Add New page to create a new form.
You will be asked to enter a title for your form and select a template. These templates are ready-made forms that you can use as a starting point. In this tutorial, we’ll use the ‘Simple Contact Form’ template.
This will launch the WPForms builder interface.
You will see your form preview in the right column, and on the left, you will see all the fields that you can add to your form.
Simply drag the ‘GDPR Agreement’ field and add it to your form.
You will now see it appear at the bottom of your form. If you click on it, more options will appear in the settings panel on the left.
You can change the title of the form field and agreement text, and then use the description box to add details like a link to your privacy policy or terms and conditions pages.
Note: The GDPR Agreement field is always a required field, and it cannot be pre-checked to comply with the GDPR law. You can only add one GDPR agreement field to each form.
Next, you can go to the Settings » Confirmations tab in the form builder. Here, you’ll get different options to select when a user submits a form. For instance, you can show a message, a page, or to redirect users to another URL.
Once you are satisfied with the form, don’t forget to store your changes.
WPForms allows you to easily add forms anywhere on your website.
You can simply click the ‘Embed’ button at the top of the form builder to get started.
Next, a popup will open, which will ask you to create a new page or select an existing page.
We’ll use the ‘Create New Page’ option for this tutorial.
After that, you’ll need to enter a name for your page.
Once that’s done, simply click the ‘Let’s Go’ button.
Your form will now appear in the WordPress content editor.
Another way to add forms to any page or post is using the WPForms block. Simply add the block to your content and select your form from the dropdown menu.
You can now save or publish your post or page.
Simply visit your website to see your GDPR-ready WordPress form in action.
One of the requirements for GDPR compliance is to give users access and allow them to request the deletion of their data.
To do that, you can create a ‘Data access/delete form’ and add it to your privacy policy page. Users who wish to access their stored data or want it to be deleted can use that form to send you a request.
WPForms has an excellent entry management system that allows you to quickly find any data submitted via your forms.
You can access all form entries by visiting WPForms » Entries page from your WordPress dashboard and selecting the form you wish to view.
WPForms will show you all entries submitted using that form. You can search for a form entry by entering a name, email address, IP address, or keyword.
From here, you can simply click the ‘Delete All’ option at the top to remove form entries.
You can also delete individual entries or click the view button to see all data stored for that entry.
With WPForms, you get full control over which forms can store user data. You can disable user details to be stored for each individual form.
First, you’ll need to go to WPForms » Settings from your WordPress dashboard and scroll down to the ‘GDPR’ section.
Here, ensure that the ‘Disable User Details’ option is unchecked.
Don’t forget to click the ‘Save Settings’ button when you’re done.
After that, you can change each form’s settings in the form builder.
All you have to do is head to Settings » General in the form builder. Next, click the ‘Advanced’ section to expand it. From here, simply click the toggle for the ‘Disable storing user details (IP address and user agent)’ option.
This will prevent extra user information from being stored for individual forms.
We hope this article helped you learn how to easily create GDPR-compliant forms in WordPress. You may also want to see our article on how to track user engagement in WordPress using Google Analytics and the ultimate WordPress SEO guide for beginners.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
The post How to Create GDPR Compliant Forms in WordPress first appeared on WPBeginner.
Do you want to add a comment privacy optin checkbox in WordPress? European Union’s new GDPR law requires explicit consent for storing user’s personal information. If you have comments enabled on your website, then you need to add a comment privacy checkbox to comply with the new law. In this article, we will show you how to add a GDPR comment privacy opt-in checkbox in WordPress.
Recently, a new European Union law called GDPR (The General Data Protection Regulation) has become effective. The purpose of this law is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
To learn more, see our ultimate guide to WordPress and GDPR compliance which answers all your questions in plain English.
WordPress recently addressed GDPR compliance in the latest 4.9.6 release. If you haven’t updated yet, then you need to immediately update to the latest WordPress version.
One of the ways WordPress stores and uses personal information is in the comment form. When a user leaves a comment on your website, their name, email address, and website information is stored in a browser cookie. This cookie allows WordPress to automatically fill in user’s information in the comment form on their next visit.
With WordPress 4.9.6, the default WordPress comment form will now show a comment privacy opt-in checkbox. All WordPress themes that use the default WordPress comment form will now automatically show this checkbox.
If your site is showing the comment privacy checkbox, then you don’t need to read further. However if the comment checkbox is not showing on your site, then you need to continue reading, and we will show you how to add comment privacy checkbox in WordPress.
First, you need to make sure that you are using the latest version of WordPress and your theme. Simply go to Dashboard » Updates page to check for updates.
If an update is available for your current theme or WordPress, then go ahead and install it. Next, check your website’s comment form to see if the update added the comment privacy checkbox.
If both your theme and WordPress are up to date, and you still can’t see the comment privacy checkbox, then this means that your WordPress theme is overriding the default WordPress comment form.
You can ask your theme author to fix this issue by opening a support ticket. You can also try to fix it yourself until your theme author releases an update.
There are two ways you can add the comment privacy checkbox to your WordPress theme. We will show you both methods, and you can try the one that works for you.
Both methods require you to add code to your WordPress theme files. If you haven’t done this before, then see our guide on how to copy and paste code in WordPress.
Method 1. Add comment privacy checkbox to your theme’s comment form
This method is recommended because it tries to protect your theme’s comment form style and layout.
First, you will need to find the code used to override the default WordPress comment form. Normally, you can find it in the comments.php or functions.php file in your theme folder.
You will be looking for a code using the 'comment_form_default_fields' filter. This filter is used by themes to override the default WordPress comment form.
It will have lines for all of your comment form fields in a specific format. Here is an example code to give you an idea of what you would be looking for:
$comments_args = array(
// change the title of send button
'label_submit'=> esc_html(__('Post Comments','themename')),
// change the title of the reply section
'title_reply'=> esc_html(__('Leave a Comment','themename')),
// redefine your own textarea (the comment body)
'comment_field' => '
<div class="form-group"><div class="input-field"><textarea class="materialize-textarea" type="text" rows="10" id="textarea1" name="comment" aria-required="true"></textarea></div></div>',
'fields' => apply_filters( 'comment_form_default_fields', array(
'author' =>'' .
'<div><div class="input-field">' .
'<input class="validate" id="name" name="author" placeholder="'. esc_attr(__('Name','themename')) .'" type="text" value="' . esc_attr( $commenter['comment_author'] ) .
'" size="30"' . $aria_req . ' /></div></div>',
'email' =>'' .
'<div><div class="input-field">' .
'<input class="validate" id="email" name="email" placeholder="'. esc_attr(__('Email','themename')) .'" type="email" value="' . esc_attr( $commenter['comment_author_email'] ) .
'" size="30"' . $aria_req . ' /></div></div>',
'url' =>'' .
'<div class="form-group">'.
'<div><div class="input-field"><input class="validate" placeholder="'. esc_attr(__('Website','themename')) .'" id="url" name="url" type="text" value="' . esc_attr( $commenter['comment_author_url'] ) .
'" size="30" /></div></div>',
)
),
);
comment_form($comments_args); ?>
In this code, you can notice that comment_form_default_fields filter is used to modify the author, email, and URL fields. Inside the array, it uses the following format to display each field:
'fieldname' => 'HTML code to display the field', 'anotherfield' => 'HTML code to display the field',
We will add the comment privacy optin checkbox field towards the end. Here is what our code will look like now:
$comments_args = array(
// change the title of send button
'label_submit'=> esc_html(__('Post Comments','themename')),
// change the title of the reply section
'title_reply'=> esc_html(__('Leave a Comment','themename')),
// redefine your own textarea (the comment body)
'comment_field' => '
<div class="form-group"><div class="input-field"><textarea class="materialize-textarea" type="text" rows="10" id="textarea1" name="comment" aria-required="true"></textarea></div></div>',
'fields' => apply_filters( 'comment_form_default_fields', array(
'author' =>'' .
'<div><div class="input-field">' .
'<input class="validate" id="name" name="author" placeholder="'. esc_attr(__('Name','themename')) .'" type="text" value="' . esc_attr( $commenter['comment_author'] ) .
'" size="30"' . $aria_req . ' /></div></div>',
'email' =>'' .
'<div><div class="input-field">' .
'<input class="validate" id="email" name="email" placeholder="'. esc_attr(__('Email','themename')) .'" type="email" value="' . esc_attr( $commenter['comment_author_email'] ) .
'" size="30"' . $aria_req . ' /></div></div>',
'url' =>'' .
'<div class="form-group">'.
'<div><div class="input-field"><input class="validate" placeholder="'. esc_attr(__('Website','themename')) .'" id="url" name="url" type="text" value="' . esc_attr( $commenter['comment_author_url'] ) .
'" size="30" /></div></div>',
// Now we will add our new privacy checkbox optin
'cookies' => '<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"' . $consent . ' />' .
'<label for="wp-comment-cookies-consent">' . __( 'Save my name, email, and website in this browser for the next time I comment.' ) . '</label></p>',
)
),
);
comment_form($comments_args); ?>
Method 2. Replacing your theme’s comment form with WordPress default
This method simply replaces your theme’s comment form with the default WordPress comment form. Using this method can affect your comment form’s appearance, and you may have to use custom CSS to style your comment form.
Edit your theme’s comments.php file and look for the line with the comment_form() function. Your theme will have a defined arguments, function, or a template inside it to load your theme’s custom comment form. Your comment_form line will look something like this:
<?php comment_form( custom_comment_form_function() ); ?> You will need to replace it with the following line: <?php comment_form(); ?>
Don’t forget to save your changes and visit your website. You will now see the default WordPress comment form with the comment privacy optin checkbox.
We hope this article helped you learn how to add the GDPR comment privacy optin checkbox in WordPress. You may also want to see our tips on getting more comments on your WordPress blog posts.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
The post How to Add a GDPR Comment Privacy Opt-in Checkbox in WordPress appeared first on WPBeginner.
Are you confused by GDPR, and how it will impact your WordPress site? GDPR, short for General Data Protection Regulation, is an European Union law that you have likely heard about. We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. In this article, we will explain everything you need to know about GDPR and WordPress (without the complex legal stuff).
Disclaimer: We are not lawyers. Nothing on this website should be considered legal advice.
To help you easily navigate through our ultimate guide to WordPress and GDPR Compliance, we have created a table of content below:
The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
You’ve likely gotten dozens of emails from companies like Google and others regarding GDPR, their new privacy policy, and bunch of other legal stuff. That’s because the EU has put in hefty penalties for those who are not in compliance.
Fines
Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.
This brings us to the big question that you might be thinking about:
Does GDPR apply to my WordPress site?
The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).
If your website has visitors from European Union countries, then this law applies to you.
But don’t panic, this isn’t the end of the world.
While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.
The EU isn’t some evil government that is out to get you. Their goal is to protect consumers, average people like you and me from reckless handling of data / breaches because it’s getting out of control.
The maximum fine part in our opinion is largely to get the attention of large companies like Facebook and Google, so this regulation is NOT ignored. Furthermore, this encourage companies to actually put more emphasis on protecting the rights of people.
Once you understand what is required by GDPR and the spirit of the law, then you will realize that none of this is too crazy. We will also share tools / tips to make your WordPress site GDPR compliant.
The goal of GDPR is to protect user’s personally identifying information (PII) and hold businesses to a higher standard when it comes to how they collect, store, and use this data.
The personal data includes: name, emails, physical address, IP address, health information, income, etc.
While the GDPR regulation is 200 pages long, here are the most important pillars that you need to know:
Explicit Consent – if you’re collecting personal data from an EU resident, then you must obtain explicit consent that’s specific and unambiguous. In other words, you can’t just send unsolicited emails to people who gave you their business card or filled out your website contact form because they DID NOT opt-in for your marketing newsletter (that’s called SPAM by the way, and you shouldn’t be doing that anyways).
For it to be considered explicit consent, you must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese), and be separate from other terms & conditions.
Rights to Data – you must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask for their data to be deleted.
This will make sure that when you hit Unsubscribe or ask companies to delete your profile, then they actually do that (hmm, go figure). I’m looking at you Zenefits, still waiting for my account to be deleted for 2 years and hoping that you stop sending me spam emails just because I made the mistake of trying out your service.
Breach Notification – organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. However if a breach is high-risk, then the company MUST also inform individuals who’re impacted right away.
This will hopefully prevent cover-ups like Yahoo that was not revealed until the acquisition.
Data Protection Officers – if you are a public company or process large amounts of personal information, then you must appoint a data protection officer. Again this is not required for small businesses. Consult an attorney if you’re in doubt.
To put it in plain English, GDPR makes sure that businesses can’t go around spamming people by sending emails they didn’t ask for. Businesses can’t sell people’s data without their explicit consent (good luck getting this consent). Businesses have to delete user’s account and unsubscribe them from email lists if the user ask you to do that. Businesses have to report data breaches and overall be better about data protection.
Sounds pretty good, in theory at least.
Ok so now you are probably wondering what do you need to do to make sure that your WordPress site is GDPR compliant.
Well, that really depends on your specific website (more on this later).
Let us start by answering the biggest question that we’ve gotten from users:
Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. It’s important to note that when we talk about WordPress, we’re talking about self-hosted WordPress.org (see the difference: WordPress.com vs WordPress.org).
Having said that, due to the dynamic nature of websites, no single platform, plugin or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.
Ok so you might be thinking what does this mean in plain english?
Well, by default WordPress 4.9.6 now comes with the following GDPR enhancement tools:
Comments Consent
By default, WordPress used to store the commenters name, email and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favorite blogs because those fields were pre-populated.
Due to GDPR’s consent requirement, WordPress has added the comment consent checkbox. The user can leave a comment without checking this box. All it would mean is that they would have to manually enter their name, email, and website every time they leave a comment.
Data Export and Erase Feature
WordPress offers site owners the ability to comply with GDPR’s data handling requirements and honor user’s request for exporting personal data as well as removal of user’s personal data.
The data handling features can be found under the Tools menu inside WordPress admin.
Privacy Policy Generator
WordPress now comes with a built-in privacy policy generator. It offers a pre-made privacy policy template and offer you guidance in terms of what else to add, so you can be more transparent with users in terms of what data you store and how you handle their data.
These three things are enough to make a default WordPress blog GDPR compliant. However it is very likely that your website has additional features that will also need to be in compliance.
As a website owner, you might be using various WordPress plugins that store or process data like contact forms, analytics, email marketing, online store, membership sites, etc.
Depending on which which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant.
A lot of the best WordPress plugins have already gone ahead and added GDPR enhancement features. Let’s take a look at some of the common areas that you would need to address:
Google Analytics
Like most website owners, you’re likely using Google Analytics to get website stats. This means that it is possible that you’re collecting or tracking personal data like IP addresses, user IDs, cookies and other data for behavior profiling. To be GDPR compliant, you need to do one of the following:
Both of these are fairly difficult to do if you’re just pasting Google Analytics code manually on your site. However, if you’re using MonsterInsights, the most popular Google Analytics plugin for WordPress, then you’re in luck.
They have released an EU compliance addon that helps automate the above process. MonsterInsights also has a very good blog post about all you need to know about GDPR and Google Analytics (this is a must read, if you’re using Google Analytics on your site).
Contact Forms
If you are using a contact form in WordPress, then you may have to add extra transparency measures specially if you’re storing the form entries or using the data for marketing purposes.
Below are the things you might want to consider for making your WordPress forms GDPR compliant:
The good part is that if you’re using WordPress plugins like WPForms, Gravity Forms, Ninja Forms, Contact Form 7, etc, then you don’t need a Data Processing Agreement because these plugins DO NOT store your form entries on their site. Your form entries are stored in your WordPress database.
Simply adding a required consent checkbox with clear explanation should be good enough for you to make your WordPress forms GDPR compliant.
WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click.
Email Marketing Opt-in Forms
Similar to contact forms, if you have any email marketing opt-in forms like popups, floating bars, inline-forms, and others, then you need to make sure that you’re collecting explicit consent from users before adding them to your list.
This can be done with either:
Top lead-generation solutions like OptinMonster has added GDPR consent checkboxes and other necessary features to help you make your email opt-in forms compliant. You can read more about the GDPR strategies for marketers on the OptinMonster blog.
WooCommerce / Ecommerce
If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR.
The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant.
Retargeting Ads
If your website is running retargeting pixels or retargeting ads, then you will need to get user’s consent. You can do this by using a plugin like Cooke Notices.
There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. However, no plugin can offer 100% compliance due to the dynamic nature of websites.
Beware of any WordPress plugin that claims to offer 100% GDPR compliance. They likely don’t know what they’re talking about, and it’s best for you to avoid them completely.
Below is our list of recommended plugins for facilitating GDPR compliance:
We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features.
Whether you’re ready or not, GDPR will go in effect on May 25, 2018. If your website is not compliant before then, don’t panic. Just continue to work towards compliance and get it done asap.
The likelihood of you getting a fine the day after this rule goes in effect are pretty close to zero because the European Union’s website states that first you’ll get a warning, then a reprimand, and fines are the last step if you fail to comply and knowingly ignore the law.
The EU is not out to get you. They’re doing this to protect user’s data and restore people’s trust in online businesses. As the world goes digital, we need these standards. With the recent data breaches of large companies, it’s important that these standards are adapted globally.
It will be good for all involved. These new rules will help boost consumer confidence and in turn help grow your business.
We hope this article helped you learn about WordPress and GDPR compliance. We will do our best to keep it updated as more information or tools get released.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
We are not lawyers. Nothing on this website should be considered legal advice. Due to the dynamic nature of websites, no single plugin or platform can offer 100% legal compliance. When in doubt, it’s best to consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.
WPBeginner founder, Syed Balkhi, is also the co-founder of OptinMonster, WPForms, and MonsterInsights.
The post The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know appeared first on WPBeginner.
This week, we got the release of WordPress 4.9.6. True to the numbers, it’s technically a minor privacy and maintenance release. But because it adds some big new features to tackle the GDPR, some people think it straddles the line between minor and major release. CodeinWP also published the results of their 2018 hosting survey. ... Read moreWeekly WordPress News: WordPress 4.9.6…A “Major” Minor Release?
The post Weekly WordPress News: WordPress 4.9.6…A “Major” Minor Release? appeared first on Learn WordPress with WPLift.
This week, we got news that WordSesh will be back on July 25th. You can learn more about it at the Post Status Draft podcast. WordPress 4.9.6 release candidate is also out, and WPTavern has a good look at some of the new GDPR compliance tools that it contains. We also got message from our ... Read moreWeekly WordPress News: WordSesh Returns On July 25th
The post Weekly WordPress News: WordSesh Returns On July 25th appeared first on Learn WordPress with WPLift.
If you pay attention to the news, you’ve probably seen this strange four-letter acronym increasingly popping up among webmasters (perhaps with a sense of panic attached): GDPR. What does it mean? And do you need to care about it as a regular webmaster? In this post, I’ll give you a general overview of what the ... Read moreWordPress GDPR: What It Is And What You Need To Know
The post WordPress GDPR: What It Is And What You Need To Know appeared first on Learn WordPress with WPLift.