The Impact of the New Privacy Law (GDPR) on Your WordPress Website

As from the 25th of May, 2018, the new privacy law (GDPR) comes into force. From then onward, all of Europe will have to abide by the same privacy regulations. The Dutch Wbp will be suspended and replaced by new regulations for processing and editing personal data. These new rules apply to your WordPress website too should you have a contact form, make use of Google Analytics, or have a webshop. In this article we explain how the new privacy law operates and what applies to your WordPress website and, therefore, deserves your attention.

This is no juridical article and no rights can be derived from its content.

Moving from a user agreement to a handling agreement

The former privacy law already required a secure processing of personal data, which was to be defined in a user agreement. The new law requires every European organization to be able to account for a secure handling of all personal data, which is to be recorded in a handling agreement. This means that you, first of all, need to know exactly what kind of personal data your organization gathers.

Secondly, you need to be able to guarantee that personal data you share with third parties, is also protected; such as personal data you share with your accountant, with your CRM or within your email marketing software. This applies to software of non-European origin as well (e.g. software supplied by American companies). You are obligated to make agreements with all your suppliers. Practically, this means the GDPR has an impact on privacy policies of organizations worldwide.

You also need to make agreements with third parties that have access to your WordPress website; like your hosting party, editors, administrators and parties that can access personal data via a plugin.

What is personal data?

What is considered to be personal data? And, when is this data deemed privacy-sensitive? Basically, all data that can identify a person as an individual. For instance, when someone fills in a contact form on your WordPress website. Data like,

  • name
  • postal address
  • email address
  • location data (e.g. GPS coordinates)
  • IP-addresses

Keep in mind that company information (e.g. the name of an organization, email address, postal address, etc.) is not considered personal data.

When is personal data regarded as extremely privacy-sensitive?

On top of ‘standard’ personal data, there is an additional category: ‘privacy-sensitive’ personal data. Should you handle data within your organization that is categorized as such, then there are additional requirements. These requirements also apply to your WordPress website, when you gather data that involves,

  • Social Security Number
  • Race
  • Medical information
  • Sexual orientation
  • Religious / political preference

What rights do consumers have?

As mentioned before, the goal of the new privacy law (GDPR) is to protect the rights of the end user (consumer). This includes visitors of your WordPress website. But what exactly are their rights, and what can they demand from you as an organization?

Inform, permit and refuse

People have the right to be informed before their data is being gathered, edited and processed by your WordPress website. Users must give their explicit consent to this, too. This means providing a cookie announcement in the footer of your website, giving the option to sign up for a new letter via a tick box (that is not checked by default!). Ultimately, users must be given the option to withdraw their permission at any time, for instance by unregistering or reviewing the cookie settings again.

Easy access

Individuals you have gathered personal data from on your WordPress website, are allowed to request this data from you. Organizations have to deliver this data within a month and are, in principle, not entitled to charge any costs. In addition, there is the data portability right: personal data must be able to be inspected in a reasonable manner. Excel sheets or CSV files are relatively easy to open, but a direct database dump is not.

Edit, limit and remove

Consumers are entitled to ask you to rectify faulty information, as well as request to refrain from further editing of personal data (apart from storing it). Also, every person has ‘the right to be forgotten’. Put differently, upon request you will have to be able to remove people’s data completely.

The GDPR and marketing automation

Quite possibly, you make use of marketing automation in your WordPress website. This may consist of email marketing software reminding you to respond to a comment, or to send a follow up mail once the first email has been viewed. Or perhaps adverts that are shown based on customer behavior.

People have the right to demand from you that your software cannot make automated decisions based on their data and/or behavior, unless you have explicitly have asked their permission. Therefore, in case you use marketing automation, make sure you explicitly ask your visitors permission, as well as inform them that automated decisions are made based on their personal data.

How serious is all this GDPR stuff?

The penalties that can be imposed by this law are considerable. That is, fines can run up to € 20 million or up to 4% of the annual revenue. The provided ‘grace period’ that lasts until May 2018, foretells that the GDPR will be seriously upheld. Moreover, the GDPR is applies to every organization within Europe; not only the bigger ones or the multinationals.

Make sure your WordPress website is GDPR compliant

There are many aspects to take into account in order to make sure your WordPress website complies with the new GDPR regulations. Make sure you do a Checklist: Is Your WordPress website GDPR Compliant?

Checklist: Is Your WordPress Website GDPR Compliant?

By May 25, 2018, every European organization has to comply with a new privacy law to be allowed to process and handle personal data. This applies to the personal data you gather via your WordPress website as well. We already posted an article on the impact the General Data Protection Regulation (GDPR) has on your WordPress website. In this article, we provide you with a clear-cut checklist to help you determine whether your WordPress website meets the GDPR requirements.

This is no juridical article and no rights can be derived from its content.

1. Inventory and document

To start off, describe the target group(s) that visit your website. Then make up a spreadsheet in which you document the kind of personal data your WordPress website collects for each group (inform yourself here on what the GDPR marks as personal data). As you specify per target group, you’ll reduce the risk of missing something. Complete this inventory by checking the following list:

a. Hosting & Administration

External service providers have access to your website as well. Check how they handle your data and if you have made the right agreements with them.

  • Hosting Party
    • Theoretically, your hosting party has access to all data on your website. For this reason, you will have to make a processing agreement with your WordPress hosting party.
  • Managed hosting, external developers and administrators
    • Which administrators have access to your WordPress website? Should you contract certain bureaus (or freelancers) to work on your WordPress website, then you will have to set up processing agreements with them as well.
  • Backup Locations
    • Where and how does your hosting party make backups?

b. Plugins

Log in as administrator on your WordPress website and answer the following questions to complete the list above. In WordPress, go to ‘Plugins’, then locate what data is being collected by each plugin and determine whether this data is being stored or not:

  • Contact forms (e.g. Gravity Forms)
    • What information do you require from your users? And where is it being stored?
  • Usernet plugins (e.g. Ultimate Member, BuddyPress, etc.)
    • What profile information is stored for each user? And, what else can possibly be deduced about your users through membership? Think in terms of political activity, religious preference, financial status, or sexual orientation.
  • E-commerce (bijv. WooCommerce)
    • E-commerce will contain basic personal data, such as names, addresses , and banking details. However, it also reveals the kind of products people order. Do you, for instance, sell magazines with a political affiliation?
  • Email marketing widgets (e.g. sign up via MailChimp or CreateSend)
    • Which information do you require? What will you do once you obtain it from your users, and to which service do you forward it?
  • Links with external services, like accounting packages
    • g. a link between WooCommerce and Exact Online
  • WordPress reaction plugins
    • g. Akismet, which filters spam based on data gathered from your users’ reactions, email addresses and IP-addresses. Or, Disqus, which stores such information as well.
  • Safety
    • Safety plugins, like Wordfence, process IP-addresses and user locations for instance.
  • Backup plugins
    • Complete copies of your site are privacy sensitive should they end up in the wrong hands. Where are backups stored and how are they secured?
  • Statistics
    • Like Google Analytics or Google Tag Manager: are you aware of which parts of your users’ data is being stored.
  • Logging
    • For instance, activity monitors that register user activity.

c. Services outside the EU

Check whether you make use of services outside the EU. For instance, American service providers, for instance, that may process data from your website. Verify if they are GDPR compliant.

d. Duration

Check how long personal data is stored and ascertain yourself that this is done no longer than necessary. The following step will help you consider whether this time span is justifiable.

e. Other

Which users have access to your website, and are their pass words up to par? Are you using marketing automation or A/B-testing? If so, have the subjects been informed?

2. Justify

You have to be able to justify reasons for all personal data you are storing on your WordPress website. Make sure your data gathering stays within the boundaries of the law. If you intend to store data on your WordPress website, then this is only allowed when meeting one of the following criteria:

  • Because it is by consent, backed up by an agreement
    Like paid subscriptions on your WordPess website for which you need users’ banking details.
  • Because you are obliged to record this by law
    Like customer data in your WooCommerce shop that you also need for your administration according as the Tax Administration demands.
  • Because you have been given explicit consent to do so
  • By virtue of a cookie announcement on your WordPress website or a registration form by which one subscribes to your newsletter. Make sure that,\
    • consent is freely given (users are not to be misled or forced)
    • consent is explicit (that means no tick box checked by default!)
    • consent needs to be given per component (e.g. someone registers for an event, and also subscribes for a newsletter)
    • users have to be able to withdraw their permission.
  • Because the gathering of this data is justifiable
    Like tracing the location of a logged in user as an additional safety check to determine if the user is logging in from a likely location on the planet. Of course, determining what is justifiable data gathering is somewhat of a grey area. All the more reason to explain in detail why you consider it justifiable. And, when in doubt, you may want to consult a lawyer.

Go through the inventory list (step 1) and check each item for its justification.

3. Confine

Remove personal data that you cannot legitimately gather and store in your WordPress website.

Deactivate plugins that can’t do so either, or search for alternative plugins that do comply.

4. Draw up Procedures

Record different protocols for situations that may occur in the future. Make sure it is crystal clear which information is to be found where, so you won’t have to figure that out later on. In any case, record the following procedures:

  • Personal requests
    Individuals may demand access to their personal data stored by your WordPress website, but may also want to edit or delete their data.
  • Safety
    Record how you will guarantee data to remain confidential, now and in the future. Think about a consistent update policy for your WordPress website, plugins and theme, but also a safe back up storage and a complex password policy for every new user that is added.
  • Data breaches
    In case of data breaches, you are required by law to inform the Personal Data Protection Authority within 72 hours. Therefore, make sure you have a phased plan ready, as speed is crucial in such cases.

5. Inform and ask for permission

Inform visitors of your WordPress website in a clear and transparent manner. This can be realized by clearly referring to a privacy statement, for instance in the footer of your website and in the cookie statement. Also, ask visitors of your WordPress website explicitly for permission of data handling activities as documented in your privacy statement. Make sure that you get their permission as described in step 2c.

Tips and tools for professional WordPress website development

We see more and more often that internet businesses choose to use WordPress as standard CMS to build websites. We also come across many freelancers, just starting out, who place their focus entirely on WordPress. In this article we will make an summary of the best tools, techniques and plugins for developing WordPress websites that we have picked up over the years – and that we wish someone had shown us ten years ago when we first started working with WordPress.

Content

  1. WordPress development tools
  2. Standard plugins
  3. Developer plugins
  4. Cheatsheets
  5. Team work
  6. Stay up-to-date
  7. Finally

WordPress development tools

Over the years we’ve tested, used and thrown away lot of development tools. Which tools do we still use for developing WordPress websites?

  • Google Chrome
    Google Chrome has a powerful set of development tools that come standard. You can make CSS changes from the element-inspector, which means that you see the effect immediately before you make any changes in the css files. You can view existing JavaScript variables from the console or run new scripts. You can also view saved cookies, check the headers to see if your page is being cached and more. Mozilla Firefoxis a good alternative as well and offers many similar functions.
  • SublimeCoda
    Everyone has their own favorite text editor, but there are two that really stand out for us: Sublime and Coda. An important advantage of Sublime (Windows / Mac) is that it is that it is easy to expand, while Coda (Mac) is already very complete. In both editors it’s possible to change files directly on the server. This makes doing small, quick changes very easy.
  • FileZilla
    Maybe obvious, but maybe not at all. We use Filezilla daily for quick and secure FTP connections with our customer’s servers. Easy to use and ideal for quick changes. We do advise setting up a good version managed GIT workflow for bigger projects.
  • Browserstack
    You can use Browserstack to virtually test a website on any imaginable device. Like all desktop browsers on multiple Windows and OSX versions, but also all known Android devices, iOS devices and tablets. This is ideal for responsive tests, because simulations for mobile devices in desktop browsers tend to lack details. Browserstack also offers a Chrome extension, that you can use to simulate any website you visit on a different platform.
  • Ghost Inspector
    This fantastic Chrome extension makes it possible to record a numbers of steps on your website (for example: “visit homepage, click on ‘contact’, scroll down, fill in form”). The operations in these records are then regularly run by Ghost Inspector. If there are any abnormal results (for example a page is missing or the layout is different) you will receive a notification.
  • Photoshop
    Although you can do a lot in WordPress itself, Adobe Photoshop remains indispensable to our work. This is the favorite software package of everyone of our team members who works on design.

Standard plugins

Although every website is different, there are a few plugins that we use for every project. That is why we always install them for a new project. If we end up not using them we can always remove them:

  • Avia Framework
    This visual block builder is not available as separate plugin, but built into the Enfold theme (Dutch link). Very user friendly and makes it possible to build up content quickly.
  • Gravity Forms
    The most comprehensive form building plugin we know, with conditional logic, import/export function, various notifications etc. Many themes take this plugin into account in their styling.
  • io
    Make sure you have this plugin running before you upload your first image. That way you keep everything optimized.
  • Akismet
    Reduce spam on your website. Really a must-have.
  • Yoast SEO
    Helps you fine tune your SEO settings globally, and to easily make changes per page, to things like title and meta-description.

Developer plugins

There are many plugins for WordPress that simplify the development of your website. The most common plugins are listed here.

  • Password protected
    Protect your website with a password to prevent search engines and unwanted visitors from taking a look at your website before it’s ready.
  • Debug Bar
    Want to dig a little deeper into the code? The debug bar adds a button to your admin bar you can use to read various server variables, warnings,errorsqueries and requests. The Actions and Filters Addon makes it possible to see which hooks were triggered on your page.
  • Query monitor
    This plugin offers many of the same functionalities that the Debug Bar does, but also makes it possible to do targeted searches of the queries that were carried out, for example per plugin or kind of query, as well as sluggish performance.
  • Custom Post Types UI
    With this plugin you can easily make extra custom posts types. WordPress offers a number of posts and pages, but you may need an extra post type at times, for example ‘books’ for a kind of library. When you have set up the post type this plugin will have to remain active. To keep the number of plugins at a minimum and thus your website performance optimum we prefer adding post types via GenerateWP(see the ‘Cheatsheets’ below).
  • Advanced Custom Fields
    By default, you have a limited number of fields at your disposal in a message, page or custom post.Advanced Custom Fields (ACF) adds all sorts of extra fields; date planners, color pickers, taxonomy links, fields for extra images, you name it. ACF also works very visually and intuitively, so that you can prepare even complicated custom post constructions without using a single line of code. To then be able to use all the custom fields and show them on a page you can use short codes, or change the templates.
  • FacetWP
    This plugin allows you to create different filters to expand the search option for messages, pages and custom posts. This way your visitors are not only able to fill in key words in the search bar, but can also click on taxonomies (categories or tags) in a drop down or a selection box, to further specify the search results. Very interesting for large databases, with, for example, thousands of articles. You can put FacetWP to work, just like ACF, by using short codes and templates.
  • SearchWP
    Would you rather improve the standard search function in WordPress? Then SearchWP is our favourite This plugin indexes all of WordPress so that the results can be shown quicker. You can set the index to your own preferences. Choose, for example, which types of posts will be searched, which fields in a post are important or in fact irrelevant, whether or not to search for partial matches and much more.
  • P3 Profiler
    Is your website getting slower and slower? Use the P3 profiler to measure which plugins have the most impact on your load time. Sometimes it can help to get rid of a few plugins, to improve your website speed. Another solution is to choose super fastPremium WordPress hosting (Dutch link).
  • Broken link checker
    Before going live check to see if all the links on your website still work. Not missing anything, all external pages still available? You’ll get an e-mail if a link doesn’t work. You can even choose to have the check done regularly.
  • Redirection
    When you place your website online will you be replacing an old website?The older website has built up value in the search engines. To maintain as much of this value as possible you can redirect all the URL’s from the old website to the corresponding pages on the new website. This is a lot of work, but it is worth it. You can use the Redirection plugin, but in some cases a .htaccess file as well. Sometimes you can use one redirection rule to reroute multiple pages by using regular expressions (see the ‘Cheatsheets’ below) Dutch link.

Cheatsheets

There are many resources online dealing with developing websites, CSS procedures,  WordPress tweaks, typography etc. Below you will find a handy overview of cheatsheets we’ve saved in our favorites. Always good to have on hand.

  • Golden Ratio Typography Calculator
    Can’t figure out why your text is not very readable? Check your line spacing and font size with this tool. It will calculate the best line spacing, font size etc. based on things like the width of your content area.
  • Can I Use
    Just found a nice new CSS-feature? Want to use HTML5? Usecom to check and see which browser can/can’t use this code. Sometimes caniuse.com even gives fallback tips for older browsers. Look up ‘border-radius’ and then check the tab resources for an example.
  • comRegExr
    Website finished and you want to quickly add a few redirect rules to your htaccess file? Or are you programming and need to filter by pattern? If you are not familiar with regular expressions they can be headache inducing. txt2re.com helps by entering a string you want to match (for example an e-mail address, URL, telephone number or just a sentence). The tool generates suggestions of what a regular expression should look like. RegExr turns it around: input your regular expression and a piece of text and the tool shows you which parts of your example text match.
  • com
    A fantastically simple website that gives you the HTML code to embed things like YouTube URLs responsively. Also works for Vimeo, DailyMotion, Google Maps, Instagram, Vine, Getty Images and a normal iFrames.
  • w3.org
    Is the syntax of your website built according to the standards? The validator from W3 helps answer this question. Don’t let all the warnings scare you, a website that is 100% perfect is still just an illusion, especially when you work with themes and plugins. And yet, making fewer mistakes in your code makes your website more findable by search engines. A first tip: tick the box in WordPress ‘Automatically correct invalidly nested XHTML’ under General > Writing.
  • GenerateWP
    Need an extra custom post type for your website? Or want to add additional taxonomies to your page? GenerateWP walks you through a wizard and then gives you the code to place in the functiphp of your theme, super simple!
  • WordPress Code Reference
    The first place to go to look for hooks, functions and classes within It’s thephp.net for WordPress.
  • WordPress API’s
    A helpful overview of all API’s available for the WordPress core. Your code will be much more durable if you use these kinds of APIs. For example, by writing and and reading files via WordPress’s File system API your code will be better compatible with various server platforms.
  • io
    This website makes an attempt to inventory all the hooks for WordPress. You will also find all the actions and filters from a growing number of plugins and theme’s. This website has become a great resource for the better known plugins.
  • WcomWP Sniffer
    These two tools help you browse other peoples WordPress sites. You can see which theme is activated and what kind of plugins are running on the website. The picture it paints is not always complete, but it can help you find a underlying theme you like.
  • Google FontsAdobe Typekit
    A few years ago it wasn’t possible for all web browsers, but these days, in theory, it is possible to use almost every font on your WordPress website (which doesn’t mean that all fonts are ideal, load quickly or are readable on your website). Google fonts offers a growing selection of free fonts that you can use. If you are looking for a very specific font then Adobe Typekit may be a better option. You will pay an annual price, depending on the font. Lastly, you can turn your own fonts into web fonts. With the Webfont generator by Font Squirrel, for example.

Teamwerk

To keep the ball rolling for larger projects there is almost no escaping teamwork. The following tools really help us develop our WP websites in team.

  • Google Apps
    The complete suite of Google services is also provided for companies under the name ‘Google Apps’. E-mail, agenda’s, hangouts, analytics and contacts all run on user-friendly Google software, but under your own domain. Various extensions for Gmail (like Labelizer) make it possible to share e-mails within your team by using labels. We use this tool as task system at the moment.
  • LastPass (Enterprise)
    Indispensable when it comes to the safe keeping of your login details and those of your clients. Thanks to LastPass Enterprise we can also easily share logins within the team or change them safely. Very affordable and used by large companies like MailChimp and
  • GitLab
    To keep self-written code orderly and simple, we use GitLab as a version management system. GitLab is really a kind of open source GitHub alternative you can host yourself. By using GitLab multiple team members can work on the same project without getting in each other’s way.
  • Toggl
    A good timesheet isn’t just something your customers will appreciate; it helps you get better at estimating where the most time goes in a project. That’s why we use Toggl to track the hours we spend on a project. That way we can see, per project, if we are on schedule with our hours or if we need to make changes. Above all, customers gain insight in the time that was spent and how. Time tracking isn’t fun to do, but it is important.
  • Teamwork Projects
    For project management we used to use Basecamp Classic, a relatively old system (in internet terms). At a certain pointBasecamp Classic stopped meeting our needs because it wasn’t further developed. Teamwork Projects made it possible to transfer our entire archive from Basecamp Classic, so that we could keep all the history of our projects. Colleagues and customers can get access per project. There are to-do lists, where each task can be assigned to a colleague or customer.  You can confer with all involved parties per task. You can share files, messages and important milestones.

 

Stay informed

The WordPress landscape is constantly under development. To stay informed regarding new features, as well as upcoming changes, we recommend you put these websites in your bookmarks or subscribe to their mailinglists.

To close

Now that we have covered all kinds of tools, techniques, plugins and tips for WordPress, we would like to emphasize the most important tip we like to give WordPress professionals: keep it simple! Especially when you’re thinking of using a technically clever solution, always ask yourself: ‘is this not already lying around somewhere?’. Often the answer is yes, and your customers will be happy they don’t have to pay for re-inventing the wheel.  This will also enable you to spend more of your budget on making sure the content of the WordPress website is just right, and that is often more valuable to your client.

Do you use tools we haven’t named? Let us know in a response below!

18 Tools for WordPress Hosting, Maintenance and Management

When hosting, maintaining and managing hunderds of WordPress websites on a daily basis, you’ll need quite some tools. We’ll discuss the most important ones.