WP GDPR Compliance gets a premium version: Privacy WP

In early August 2019 we’ve acquired the premium plugin Privacy WP created by Scott DeLuzio (Amplify Plugins) to bundle both WordPress database and third-party integrations helping you take care of GDPR requests as easily as possibly.

In this post we update you on the why and on the future of both WP GDPR Compliance (free) and Privacy WP (premium).

Why?

While WP GDPR Compliance integrates with WordPress and plugins that store their respective data in the WordPress database itself Privacy WP interacts with third-parties directly through their APIs. It assembles the data into a single location and allows you to then manage the data as needed.

Imagine having a site where visitors log in through WordPress and are able to also subscribe to a MailChimp newsletter. A common situation for many sites.

With WP GDPR Compliance that user can request her data and she will receive all the available personal data linked to their WordPress user profile but not any of the data collected by MailChimp as it is stored on MailChimp’ servers.

With Privacy WP that MailChimp data is collected through the API and both the user profile and MailChimp data is presented through WordPress’ core GDPR functions.

So data you had to collect previously by hand or wasn’t included in the GDPR data request at all is now bundled together automatically.

What does this mean for the WP GDPR Compliance plugin?

Don’t worry! We will continue to release free “service updates” for the foreseeable future to make sure the plugin continues to work with future WordPress updates.

We’ll also continue to respond to Support requests.

What changes for existing Privacy WP customers?

Part of the deal to acquire Privacy WP is to honor all valid license keys and provide support and assistance to customers with valid license keys until they expire.

You can expect new and improved features this year!

Next steps

As a first step we plan to bundle Privacy WP with existing WP GDPR Compliance functionality to create one premium plugin that does it all.

Currently WP GDPR Compliance doesn’t use the WordPress core GDPR functions because at the time of our release those weren’t available in core. We’ll rebuild those for the next update of Privacy WP.

After that we will rely on customer requests to expand the plugin where necessary.

WP GDPR Compliance 1.4.3 Security Release

WordPress GDPR Compliance 1.4.3 is now available. This is a security release for all previous versions and we strongly encourage you to update immediately.

Download 1.4.3 or venture over to Dashboard → Updates and simply click “Update Now”.

Fix

After 1.4.3 became available hackers started to actively target previous versions. Anyone who didn’t update the plugin right away on November 7th, 2018 should look for changes in their database. Most noticeably there will be one or several users you don’t recognise with admin rights. Any account that you do not recognise should be deleted.

If possible we recommend restoring a complete backup of your site from before November 6th, 2018. After restoring please update to 1.4.3 right away.

There are also tools (freely) available that help you clean your database of any malicious injections.

We asked the Plugin Directory Team to see if there’s a possibility for a forced plugin update but they told us that is not an option.

Discovery

The vulnerabilities were reported to us by the WordPress.org Plugin Directory Team on Tuesday, November 6th 2018. Thanks to their thorough analyses and quick response we were able to release 1.4.3 within 24 hours.

Changelog

Wrong handling of possible user input in combination with unsafe unserialization can make previous versions vulnerable to SQL injection.

* Security fix: Removed base64_decode() function.
* Security fix: Correctly escape input in $wpdb->prepare() function.
* Security fix: Only allow modifying WordPress options used by the plugin and by the user capabilities.

WordPress 4.9.6 supports GDPR!

Good news from the WordPress Core team: 4.9.6 gives site owners several privacy related functions.

  • WordPress Comments now show a checkbox to explicitly save your data for the next visit. If you don’t tick it your data will not be saved when you end the session.
  • You can easily add your Privacy Policy to the standard WordPress register and login box.
  • User data can be exported or erased.

Third-party plugins will be able to designate personal data in their plugin so the Core function to export or erase knows what data is present.

Handy features to help everyone take care of several parts of GDPR.

Right now it is not possible to let visitors directly request their data through Core. Something that is available through the WP GDPR Compliance plugin. Be on the lookout for future releases as we’ll also take care of cookie consent for you.