Did the plugin get hacked in November, 2018?
Sadly some versions of the plugin before 1.4.3 contained vulnerabilities. When reported to us we released 1.4.3 the following day. Because of widespread online media attention hackers figured they could target any site using older versions of the plugin and this caused a lot of trouble for many people.
We apologise for allowing these vulnerabilities to get into the plugin that was relied on by over 100,000 websites at the time. We will continue work on the plugin as planned but with a higher regard for security in our code.
What is GDPR?
In short: the European regulation to give people control over their personal data. It impacts every business operating in or with (customers in) the European Union (EU) and thus nearly every website and webshop. For a more thorough explanation please visit this page.
Is my site 100% GDPR compliant after installing the plugin?
No. It remains impossible to say what makes a site 100% compliant with GDPR or not because the regulation is not specific on (technical) solutions.
With future updates we’ll expand the plugin to include more features helping you take care of as many parts of GDPR as possible.
What does this plugin do?
With the WP GDPR Compliance plugin it is possible to automatically add a GDPR checkbox to Contact Form 7, Gravity Forms, WooCommerce and WordPress Comments. By ticking this checkbox your visitors and customers explicitly allow you to handle their personal data for a defined purpose (i.e. taking care of their order).
With version 1.3 (or higher) of the plugin your visitors are able to request the data stored in your website’s database through a special Data Request page. Upon receiving an email they are granted temporary access to a page containing all of the data found. There they can also request their data to be deleted.
To help people understand and get used to the regulation we’ve also added a checklist so you can see for yourself if your site has to comply.
What about cookies?
Cookies are covered by the European legislation called ePrivacy Directive (2002) and are mentioned once in GDPR. You might already have a ‘cookie wall’ or ‘cookie consent bar’ in place on your website but as GDPR is understood now it requires your cookie notice to be a clear affirmative action (a click, not a scroll for example) and consent needs to be as easily revoked as it was given.
Future updates of the WordPress GDPR Compliance plugin will help you with a GDPR ready cookie notice. Right now we suggest using other existing cookie plugins.
Which 3rd party plugins do you support and what versions?
Version 1.3 (or higher) of WP GDPR Compliance supports Contact Form 7 (>= 4.6), Gravity Forms (>= 1.9), WooCommerce (>= 2.5.0) and WordPress Comments.
Will you support [name of plugin]?
We might! Check out our roadmap or suggest your preferred plugin in the comment section on that page.
Why don’t I see the GDPR checkboxes?
We made sure our plugin doesn’t interfere with your (custom) WordPress theme so missing checkboxes or other changes to your front-end are unlikely.
It is possible your theme misses certain hooks we use to establish an integration. In that case please consult your web developer. A list of the hooks we use will be included in the plugin files soon.
Why don’t I receive the data request email?
We use the wp_mail() function present in every WordPress installation.
Most servers are not configured correctly to handle sending mails or your webhost blocks this function. If you experience this problem please use a dedicated delivery service like Sendgrid (paid) or Sendinblue (free).
Why do I get an error when visiting the data request page?
To keep your visitors’ data secure we made the Data Request Page only available to the same device with the same IP address and the same browser session the request was performed from. If any of these do not match an error is shown and the data cannot be accessed.
Do you offer support on this plugin?
Yes. We like to hear from you through the WordPress plugin repository Support channel. See you there!
We don’t respond to support requests through email or any other channel.