Wednesday 26th September 2018

The latest WordPress upgrade includes new GDPR-related privacy features

The new features assist administrators in deleting and exporting personal data as well as compiling privacy policies. Logged-out commenters are now also asked whether cookies should be stored on their computers.
Jason Smith
by on 24th May 2018

WordPress, the world’s most popular content management system, has announced a range of new privacy features in WordPress version 4.9.6, its latest upgrade.

The features have been released in advanced of the GDPR, the European Union’s new privacy laws, which comes into force on 25th May. Users are being notified of the new features by a tooltip in the dashboard of their admin panels.

One of the new features allows users to configure a privacy policy via the settings menu in WordPress’s admin panel. Clicking “create new page” under the new menu sends the user to a template privacy policy compiled in WordPress’s WYSIWYG editor.

The template policy contains information on how the CMS handles comments, media uploads, contact forms and cookies.

Above the WYSIWYG editor, WordPress also links to a guide that provides advice on what information users should include in their privacy policies, while being clear it’s the user’s responsibility to write a “comprehensive privacy policy…[that] reflects all national and international legal requirements”.

The new privacy policy page will be displayed on user registration and login pages.

The latest upgrade also provides administrators with the capabilities to erase or export personal data from the database connected to the WordPress installation.

Under the “tools” menu it provides an “export personal data” menu option, which leads to a page that allows the administrator to search for a user by username or email address.

Once the administrator has submitted the search they are given an option to download the users data in a HTML document.

The data exported will correspond to the what data the CMS is configured to collect. In many cases, this will consist of the user’s registration date as well as his or her name, biography, email and user ID.

Under the “tools” menu, the CMS now also provides an “erase personal data” menu option which allows users with appropriate permissions to remove users from the CMS.

The new erasure tool will delete all personal data, including data collected by plugins.

Each erasure or export request is also accompanied by an autoresponder sent to the email address on record for each user.

Another important new feature is the inclusion of a checkbox at the bottom of the comment box that asks whether logged-out users wish to save their name, email and website in a cookie for the next time they decide to comment.