WP GDPR Compliance 1.4.3 Security Release

WordPress GDPR Compliance 1.4.3 is now available. This is a security release for all previous versions and we strongly encourage you to update immediately.

Download 1.4.3 or venture over to Dashboard → Updates and simply click “Update Now”.

Fix

After 1.4.3 became available hackers started to actively target previous versions. Anyone who didn’t update the plugin right away on November 7th, 2018 should look for changes in their database. Most noticeably there will be one or several users you don’t recognise with admin rights. Any account that you do not recognise should be deleted.

If possible we recommend restoring a complete backup of your site from before November 6th, 2018. After restoring please update to 1.4.3 right away.

There are also tools (freely) available that help you clean your database of any malicious injections.

We asked the Plugin Directory Team to see if there’s a possibility for a forced plugin update but they told us that is not an option.

Discovery

The vulnerabilities were reported to us by the WordPress.org Plugin Directory Team on Tuesday, November 6th 2018. Thanks to their thorough analyses and quick response we were able to release 1.4.3 within 24 hours.

Changelog

Wrong handling of possible user input in combination with unsafe unserialization can make previous versions vulnerable to SQL injection.

* Security fix: Removed base64_decode() function.
* Security fix: Correctly escape input in $wpdb->prepare() function.
* Security fix: Only allow modifying WordPress options used by the plugin and by the user capabilities.

WordPress 4.9.6 supports GDPR!

Good news from the WordPress Core team: 4.9.6 gives site owners several privacy related functions.

  • WordPress Comments now show a checkbox to explicitly save your data for the next visit. If you don’t tick it your data will not be saved when you end the session.
  • You can easily add your Privacy Policy to the standard WordPress register and login box.
  • User data can be exported or erased.

Third-party plugins will be able to designate personal data in their plugin so the Core function to export or erase knows what data is present.

Handy features to help everyone take care of several parts of GDPR.

Right now it is not possible to let visitors directly request their data through Core. Something that is available through the WP GDPR Compliance plugin. Be on the lookout for future releases as we’ll also take care of cookie consent for you.

WP GDPR Compliance v1.3 released

WP GDPR Compliance v1.3 is now available as automatic update and on the download page.

We’re very happy to release this update as it allows your visitors to request two important things: to VIEW or to DELETE* the data you have stored about them. A big part of GDPR.

In the future they will also be able to EDIT their data.

* We’re not actually deleting data at this point. Personal data is irreversibly ANONYMISED but the records in your database continue to exist. More on this in our this article.

v1.3 Changelog

Release date: May 7th, 2018
* Added the request user data page. You can enable it in the Settings tab.
* The newly created page contains a shortcode which allows visitors to request their data. WordPress Users, WordPress Comments and WooCommerce orders linked to their email address are then send to that email address.
* The request user data page becomes the delete user page when visited through this email. The link in the email is available for 24 hours (cronjob) and linked to the visitors’ IP and current session.
* Delete requests end up in the new Requests tab. Click on ‘Manage’ to view a request and tick the checkbox to anonymise. Make sure to take care of these requests as quickly as possible!
* For WordPress Users ‘anonymise’ means first and last name, display name, nickname and email address are substituted by the corresponding field name in the database.
* For WordPress Comments ‘anonymise’ means author name, email address and IP address are substituted by the corresponding field name in the database.
* For WooCommerce orders ‘anonymise’ means billing and shipping details are substituted by the corresponding field name in the database.

The right to be anonymised

In our upcoming release (v1.3) of the WordPress GDPR Compliance plugin we will give your users the chance to request all of their data available in your sites’ database. Upon reviewing their own data it is also possible to put in an additional request for deletion of said data.

We believe this to be an impactful measure for most sites and shops using WordPress and other content management systems.

The right to be forgotten

This has everything to do with GDPR’s ‘right to erasure’ also known as ‘the right to be forgotten’. Effectively this means users can request all of their personal data to be deleted from your database. Completely wiped from existence.

We suspect deleting records in a WordPress database may cause problems for certain plugins and page builders. As a WordPress agency we know this can also confuse site owners: “where did the content go!?” 

Even though a user is merely asking for deletion of his or her data that user can be linked to any kind of content depending on your sites architecture. WordPress users can for example be linked to posts, pages, comments, orders, locations or even be a post type themselves which is then linked to an off-site CRM.

When relying on WooCommerce deleting a user means orders previously linked to that user become incomplete and unusable.

The tool

While writing this post the work on the ‘right to access’ functionality is progressing steadily. The 1.3 update also allows users to send in an additional request to anonymise their data.

ANONYMISE.
NOT DELETE.

Version 1.3 of the WP GDPR Compliance plugin will not allow deletion of database records of any kind. It is most likely our last release before GDPR becomes active on May 25th and we don’t want to run the risk of causing havoc in over 10,000 WordPress installs using our plugin at this time.

Users’ requests will be visible for the site owner in WordPress and after inspecting the request a tap on the ‘anonymise’ button will do the trick. Depending on the plugin using that piece of data this will mean personal data like name, IP and e-mail address will be substituted for an unrelated string or become blank.

This way WooCommerce orders will stay intact but don’t contain personal data anymore. In other words: the order cannot be traced back to the individual who ordered it.

Upon releasing 1.3 we’ll be clear on how the anonymise function works for every plugin we support.

After May 25th

After May 25th development of the plugin will continue. We’ll also have to review how GDPR is enforced and what changes to the plugin are most urgent.

The WordPress Core team is working on privacy related functionality as well so with all the efforts going on it will become clearer what the technical impact of deleting records will be.

Until the next update – ciao!

Hello world!

We are very happy with the 200+ downloads so far. Thank you!

This is our first post regarding the WordPress GDPR Compliance plugin we released for free on November 4th, 2017. You can find it here.

We’ll publish a plugin roadmap soon so you can stay up to date on future releases.