Posts

6 Plugins to Make Your WordPress Website GDPR-Proof

6 Plugins to Make Your WordPress Website GDPRProof

As the new privacy law — the General Data Protection Regulation (GDPR) — is about to come into effect, all sorts of plugins are marketed to help you get GDPR compliant. In this article we cover six practical WordPress plugins that enable you to make your WordPress website GDPR-proof!

GDPR Consent Plugin (€ 39 per year)

For WordPress websites in Europe, Sowmedia launches the GDPR Consent Plugin: a plugin for WordPress with which you first ask permission from your visitors, before your other WordPress plugins (and scripts) start collecting personal data. This way you prevent your website from already collecting personal data before your visitor has given permission for this. The GDPR Consent Plugin lets you define exactly which consents you want to request of your visitors, allowing you to present a clear overview of unique required and optional consents for your visitors to interact with. This GDPR Consent Plugin is the most complete WordPress cookie & consent plugin of all.

Delete Me (free)

The GDPR issues the ‘right to be forgotten’. This basically means that you have to be able to erase someone’s  personal data within a reasonable timespan upon their request. You could, of course, do this manually, but the WordPress plugin Delete Me offers your visitors to it themselves — that is, when it comes to data gathered by your website. Users can remove all their own posts and links, including their reactions to articles.

This plugin particularly comes in handy when you have a subscriber website or an active user group that regularly responds to your articles. Be aware, though, that this plugin will not remove data stored separately by additional plugins you may have added to your WordPress website.

Wider Gravity Forms Stop Entries (free)

The Gravity Forms plugin is our number one favorite plugin to build advanced forms for WordPress websites. Its form entries are stored in your WordPress site, but can also be mailed or forwarded to third parties, such as email marketing software. In case your entries are directly forwarded to another system, you may not need to additionally store these entries in your WordPress site.

The GDPR requires you to refrain from needlessly storing user data. This is why the Wider Gravity Forms Stop Entries is so convenient. This plugin removes entries immediately in your WordPress database, so form entries will only be stored in your external systems (or your mailbox). The only drawback is that you don’t have a backup of these entries any more in case you discover the link to your external system to be unresponsive, for instance. Alternatives to tackle this are the plugins below.

Gravity Forms Encrypted Fields ($ 27)

Do you store Gravity Forms entries within your website? Then you can protect these by encrypting them. The WordPress plugin Gravity Forms Encrypted Fields ($ 27) does this for you. User data is encrypted by this plugin within the database. Next, you can configure which persons are allowed to view specifically allotted entries. This may be required, particularly when you are gathering high risk personal data (like Social Security Numbers or medical information) that is not meant to be seen by all WordPress editors and administrators.

WP GDPR Compliance (free)

The GDPR demands ‘explicit consent’ of your visitors to allow you to process their data. Whether you want your visitors to subscribe to a newsletter, fill in a contact form, or react to a message, permission is required. Such explicit consent can be realized by virtue of providing a tick box for example. However, should a tick box be marked by default, then you are overriding the ‘privacy by default’ principle.

Forcing explicit consent in your WordPress website is largely done manually. Again, make sure that tick boxes aimed at having users agree with your terms, are not ticked by default. Fortunately, WP GDPR Compliance imbeds such tick boxes for you and supports plugins like Contact Form 7, WooCommerce and WordPress Comments. The author of this plugin has announced future support for other plugins as well.

Policy Genius (free)

An important part of GDPR compliance is making your privacy policy transparent. It is common practice to facilitate a link to a privacy policy in the footer of a website. Drawing up such protocols can be quite an endeavor. However, once you have constructed one that is explaining your policy in a clear and complete manner, you can then refer to it from any part of your website (for instance, places where you ask your visitors’ explicit consent).

The free WordPress plugin ‘Policy Genius’ helps you draw up a privacy policy in a few easy steps. This is no guarantee, however, that your policy then meets all requirements. It would be best to consult a lawyer to be safe.

18 Tools for WordPress Hosting, Maintenance and Management

18 Tools for WordPress Hosting, Maintenance and Management

When hosting, maintaining and managing hundreds of WordPress websites for our customers on a daily basis, you’ll need to guarantee stability for all these websites. To have them operate smoothly and safely you can use of a variety of tools. In this article we will go over the most important techniques and explain how we keep everything in-sync.

Note: Some of the provided links have an affiliate code.

WordPress hosting and maintenance: the ultimate worry-free solution

Our goal is to completely unburden our customers when it comes to WordPress. Practically, this means we take care of all the technical hassle so our clients only have to focus on the content of their website. This way, they don’t have to worry about WordPress hosting, updates, security or speed, because we got it all covered. Now, what tools do we use to accomplish all this?

Hosting

Managed WordPress hosting

We buy our hosting from the best Premium WordPress hosting parties, and continually and carefully look at the safety, stability and speed of their servers, and the quality of their support. Should we be able to guarantee a better speed on a different server, we may transfer websites between hosting parties.

Currently, we buy Premium WordPress hosting from WpEngine (starting at $29 pm) and Kinsta (starting at $100 pm for 1 website), among other hosting parties. In any case, we make sure we get the best match, which will depend on the specific requirements and requests of our clients.
[/av_textblock]

Managing

Making Sites Maintenance ready

Many clients that want us to maintain their website, have modified their WordPress theme. This often results in an inability on our side to update their theme without loosing the modifications they have made. This is why the first important step to prepare websites for our maintenance program, is to split the modifications into a parent theme (the original theme) and a child theme (the modifications made to the theme). This makes it safer and easier to update the parent theme without losing the modifications set in the child theme.

Once new clients are added to our program, we thoroughly verify whether or not hackers have had access to the installation. We also double-check if all users make use of complex passwords. Thirdly, we check if the installed plugins are malware free, non-conflicting and up-to-date. At times we may advise our clients to give up a certain plugin in exchange for a more solid solution.

InfiniteWP

Our update policy is an important aspect of our service. By virtue of performing controlled, daily updates, we guarantee the safety of our WordPress websites. All safety updates of plugins, themes and WordPress itself, are directly executed by us. For this daily taks we make use of  InfiniteWP (free, with add-ons at extra cost), enabling us to access and manage all of our WordPress websites within one interface, regardless where a website is hosted at that time.

In this central control system we can see how many updates are ready to be installed per website, and can perform these updates directly from a central admin panel without having to log into each separate website. We also check the impact of each update, and whether changes have an effect on the performance of the corresponding website. This way we resolve any issue that a new update may cause. All this is part of our service.

Other than that, InfiniteWP gives us the ability to clone a website, make backups, login directly, perform malware scans, install and activate multiple plugins at once, and much more. To cut a long story short: InfiniteWP is the linchpin in our centralized WordPress management system.

Plugins

Kraken.io

Images on a website are prone to take up a lot of loading time. By making use of image optimisation, we aim to limit file sizes to a minimum. For this we use Kraken.io (starting at $ 5 pm), a service that optimizes GIF, JPG, PNG and SVG files without any visible loss of quality. We use the Kraken Image Optimizer (free) plugin on every website, which automatically compresses every uploaded image, causing images of our clients to load over 50% faster.

Gravity Forms

Contact, sign up or request forms are indispensable for virtually every website we manage. There are but few WordPress form plugins that offer as many options as Gravity Forms (starting at $ 99 per year for multiple sites). Our clients use this plugin for many purposes. This is why we have a Developer License for Gravity Forms, enabling all of our clients to make use of this versatile plugin.

Akismet

Akismet (starting at $ 50 pm for multiple sites) is a spamfilter for WordPress websites that checks responses and form submissions. For this plugin we also have an Enterprise license, automatically filtering all comments, responses, requests and form submissions of all our clients.

Yoast SEO

We also install the Yoast SEO plugin (free) plugin for all websites of our clients. Another vital plugin to improve the findability of your website. With this plugin you can indicate each page’s title and a summery, and then immediately view how this would show up in Googles search results.

Monitoring

Uptime Robot

Uptime Robot (starting at $ 5,50 p/m) is an online service set up to verify whether a website is still up. Every website we host is being monitored via Uptime Robot. As soon as a website shows downtime, we are notified and can immediately investigate what is causing the site to be down.

Uptime Robot enables us to swiftly take action in case a site causes trouble. This way, the actual time a website is unavailable is significantly minimised. Uptime Robot also builds its own history, enabling us to compare the amount of downtime of multiple WordPress hosting providers over an extended period of time. Added to this, we are given insight into which websites are downtime prone. This, then, helps us to zoom in on specific problems so we can solve them.

Broken Link Checker

Once a website is transferred or going life, we double-check the links used on the site by virtue of Broken Link Checker (free). In some cases, we keep this plugin activated to be able to perform routine checks. Whenever links on a website are troublesome or no longer active, this WordPress plugin will notify us instantly via email.

Visual Monitor

Sometimes a website may be available and operative, but certain elements cease to operate as they should, like a slider that doesn’t function or a widget that suddenly disappeared. Logically, Uptime Robot won’t pick up on such inconsistencies. For this reason we have an additional monitoring system set up, that makes multiple screenshot per day of each website we host. This system then compares each screenshot with the previous one, and notifies us promptly when it detects any visual discrepancies. As a result, we can investigate what is going on as soon as part of a site changes or disappears.

Maintenance Mode Monitor

‘Maintenance-mode’ is selected by default when WordPress is updated. During such an update, visitors are shown a white background with a notice that the website is currently under maintenance. This notification only last seconds, for as soon as the update is completed, maintenance mode is deactivated. However, once in a while, it may occur that an update cannot be completed, which then results in WordPress staying in ‘maintenance-mode’.

To counter this we have developed a ‘maintenance-mode-detection’ in our visual detection system, which alerts us as soon as unusual quantities of ‘white’ are found in a screenshot. This detection also traces other issues (like a website that refuses to load completely), making it a valuable addition to the visual monitor mentioned before.

Robots.txt monitor

Search engines look for a file called ‘robots.txt’ on every website. For example https://www.wpupgrader.com/robots.txt. The ‘robots.txt’ file dictates which pages of your site may or may not be indexed by search engines. WordPress automatically generates this file for you. This, however, also causes you to have little of no influence on changes made within this file. Should this file store the wrong kind of information, then search engines may by default ignore you when indexing the internet. This is, of course, fatal when you want people to find you easily and swiftly. Our ‘robots.txt monitor’ checks whether each websites is configured correctly and alerts us as soon as it detects changes in this file.

PageSpeed monitor

For search engine optimalization (SEO) Google measures speed and optimisation by virtue of a so-called PageSpeed score. For this reason a fourth monitor is installed for all websites: the Google PageSpeed monitor.

Several times a day we verify the Google PageSpeed score of a website. As soon as major shifts are detected, we are alerted so we can investigate the reason behind an irregular score. Particularly when the PageSpeed score drops drastically all of a sudden, it is crucial that we find out why as soon as possible. The PageSpeed monitor helps us to inform our clients promptly when the alterations they make to their site negatively affect their score.

Dashing.io

Dashing (free). With Dashing multiple widgets can be projected onto a dashboard. Such a dashboard gives us a clean-cut overview of up and downtime monitors, pending updates, and much more. Instant alerts are given when one of our sites is down, or when there is an outage.

Dashing is open-source, but definitely a must for programmers. Dashboard is written in Ruby, Coffeescript, HTML and CSS. Additionally, you will find quite an extensive list of widgets for Dashing on GitHub, many of which can be installed as is.

Optimisation

CDN

A Content Delivery Network (CDN) is a server network that stores and delivers static content. By saving static content (images, scripts) in a CDN, visitors are able to load your website much faster because different segments of your site are delivered simultaneously from multiple servers. We make use of several CDNs, in accordance with the demands of our customer. Widely used CDNs are MaxCDN (starting at $9 p/m) and CloudFlare (free with paid add-ons). MaxCDN can be easily installed with an optimalisation plugin (read below), while CloudFlare is a bit more complicated in set up.

Optimisation Plugins

To improve the speed of a WordPress website a proper optimisation plugin is indispensable. Such a plugin first of all offers proper caching; a technique that memorizes frequently visited pages in order to prevent them from having to be rebuilt by the server every single time, thereby cutting loading time short. There are Premium Hosting companies that will handle caching themselves.
An optimisation plugin can equally help to combine and compress HTML, JavaScript en CSS, causing a webpage to load faster as it then consists of fewer files.

Lastly, linking a CDN is another option. In doing so, the plugin automatically loads images and other static content (like scripts) via the CDN.

Generally, we use two different optimisation plugins: WP Rocket (starting at $99 p/y for multiple websites) or W3 Total Cache. WP Rocket is conveniently simple to manage, works out-of-the-box, and automates many things. For more complexer websites we use W3 Total Cache, as it has more configuration options, like for instance specific script handling.