How to meet the RGPD in WordPress comments

Updated on 05-29-2018

One of the main requirements of the RGPD, mandatory since May 25, 2018 is to obtain the express and conscious consent of the users of the data that you will keep from them on your website .

And one of the elements of your website that stores user information is comments

You might think you can save it if, in the comment settings, you uncheck the email request box and name.

But no, WordPress will continue to store the IP so the trick will not do you any good.

What you have to do is add a check box in which the user expressly allows you to store the information you save and with a clear link to the policy of priv Acid where you are reported by:

  • Who is the executor of your data
  • What data is stored
  • Who is shared with
  • How long do you store them
  • That the data will travel and be stored encrypted
  • Where and how to delete your user data .
  • Where and how to request your data.

But, in addition, you must also provide the first layer of information (summarized) of the above

Do we add it?

Add acceptance box of the privacy policy in the comments with a code

If you are one of those who prefer to add a simple code here I leave a series of filters that add the express acceptance box :

As with the previous code, review it to replace the example data with yours.

If you prefer, here's what you have with the first layer text in table mode:

Remember to change the sample texts again for yours.

Add acceptance box and first layer of information with a code ( all together)

Did you like it? So we put the two juntitos and you will have the full compliance of the RGPD in comments:

And you'll have this like this:

Add acceptance box of the privacy policy in the comments with plugins

If you prefer add the acceptance box with a plugin, there are a couple of them that comply with everything.

One of them, very simple to use, is called WP Comment Policy Checkbox recently updated at my request, and you just have to install it, activate it, tell it in Settings> Comments what is your privacy policy page, the basic information text and that's it.

The box and the text will appear at the end of the comments form, and before the submit button.

Another good option is the plugin GDPR Comments .

Not only does it allow you to add the acceptance box and the information text but you can also anonymize the IPs of the new comments and even those already stored previously.

You will find the settings in Comments> Compliance with the RGPD ]

Will WordPress do something to help us fulfill the RGPD?

Well it seems that it is also possible, in fact a specific group has been created to work in the changes that would be necessary in one's own WordPress core to adapt it to the RGPD.

And one of the proposals made is to natively include the acceptance box in the comments, and could even create in the WordPress installation pages for the privacy policy ].

Puedes seguir el avance del grupo en los artículos del blog Make WordPress con el hashtag gdpr-compliance.

Con cualquiera de estos métodos solicitas el consentimiento expreso de tus usuarios para almacenar sus datosles informas de tu política de privacidad en primera y segunda capa (en el enlace a tu política completa), y se guarda el consentimiento en la base de datos, así que puedes dar por cumplida esta parte de la RGPD o GDPR.

Eso sí, hay más cosas que cumplir, que iremos viendo en el archivo de información de todo lo que debes saber para cumplir la RGPDque iré actua lizando poco a poco con más guías actualizadas.


Puede que también te ayude:

How to comply with Spanish cookies legislation

 law cookies españa

A few days ago the first fines have fallen to two Spanish websites for violating the legal rules on cookies . The fines have been of 3,000 and 500 euros respectively, but could have amounted to the not insignificant figure of 30,000 euros .

According to the sentence one of the sites, ] created with WordPress (although it confuses with, it used JetPack cookies ( _qca ), SlimStat (from the statistics module) and Quancast ( mc ]).

Of all this, some plugin warns us like Cookilian that we already saw in the article of how to comply with the cookie legislation in WordPress and it would not hurt install it and check the cookies that are on your site and create a page that adequately reports them, mostly to not get you upset.

What are the implications of these first two sentences? I personally think that it sends very bad messages …

The first thing is that, with all the big companies, and all of the IBEX, ignoring the flagrant legislation of cookies, that the Data Protection Agency breastfeed with two small companies I do not know if qualify it as a way to get noticed by setting an example against the little ones who can not or know how to defend themselves well, or as a warning to sailors to scare, again, the little ones.

Meanwhile, what is achieved is that every small business that tries to prosper on the Internet end up closing or moving your business to another country where they do not get so great with something that should be corrected with a software solution, by the hand of Microsoft, Google or Apple, then with a line code could perfectly block cookies unless expressly approved and for all, in their browsers.

But no, here we are more asshole and stupendous than anyone and we are dedicated to fuck the Easter to our SMEs to put obstacles in the way of entrepreneurs, to prevent electronic commerce from emerging and being able to give employment.

It is true that the laws are to comply with them but also administrations have the responsibility and the duty to make life easier for their managers, finding the best solution to the problems that arise, and something that could be arranged so easily by talking to the big software companies, instead is attacked the small webs that subsist with scarce penalties, but much easier to penalize with fines that can not be escaped due to lack of legal cabinets that make the processes "sleep" or even win them.

What they get is that something that should be good: guarantee the Internet user's right to privacy, end up being a brake on that same freedom, not to mention the flowering of new opportunities on the web.

So you know, if you're not a big untouchable multinational, you better prepare your website to comply with the cookie legislation. Do not get pimp because you see that the most important newspapers and portals do not comply, they will not touch them, but you do.

That you have not yet gotten to work to comply with the legislation of cookies? and get to work:

  1. Guide on the use of cookies by the Data Protection Agency (pdf)
  2. Guide to comply with the law of cookies in 5 steps of Adigital (pdf )
  3. How to comply with the law of cookies (by Pablo Fernández Burgueño)
  4. How to comply with the legislation of cookies in WordPress
  5. Cookies in WordPress
  6. Examples of privacy pages that comply with the law of cookies : 1 and 2

Cabreo I have hear!

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

It is impossible to delete your account in • WordPress Help

 delete fingerprint

The reasons are unknown, because Automattic does not explain it sufficiently, but the reality is that it is impossible to erase your account you just do not have a way to do it.

The fact is that in you can delete a blog, or all you have, but there is no human way to delete a user account Automattic does not allow it, how does this support page explain


You can change the username, even request – with a long wait – to change your email your account so that, for example, you open another account with the same email, but you can not delete your user account even if you do not have blogs, even if you do not use it, never .

In fact you will continue to receive email notifications unless you take the precaution to disable Rlos before leaving your account in the limb of the Automattic servers.

Not even the site which gets to remove your fingerprint from a stroke, just one click, a good amount of web services is able to do it, it is simply impossible.
 impossible to delete account

So if you want to be respected your right to digital oblivion to eliminate your fingerprints in the network, do not choose the free blog service of or simply use an email address and user that are not relevant for you, because you will not be able to erase it in the future.

I really greatly respect Automattic thanks to your great WordPress people are better every day, they are really committed to the development of free software, but User account policy of your blog service Free sincerely leaves much to be desired . We put green to Facebook and other networks on a daily basis but the reality is that even these reviled services respect your right to digital oblivion, and in no.

What does this policy mean ?, It can happen to you as in GoDaddy , that there is no way to avoid being sent over and over again promotional emails, then – there too – it is impossible to delete your user account, and take advantage of it.

 right-to-forget "width = "510" height = "410" class = "aligncenter size-full wp-image-71735" srcset = " 510w, 500w "sizes =" (max-width: 510px) 100vw, 510px "/> </p>
<p> I read there that they do this because with your user account you leave comments, even publish them in other blogs, and <strong> there would be conversations that would make no sense, even publications that would disappear </strong>but <strong> where are the rights of the user, their right to control their fingerprint and delete their presence in the network if they so wish? </strong>personally I believe that this last is what should prevail over issues "<em> functional </em> "of a network or community. </p>
<p> I grew up in the network in forums, and it was common currency not to allow the deletion of users for the same reason, so that conversations would not be spoiled or made no sense, but I think the same, that <strong> the first thing is the rights of the people </strong>. </p>
<p> Fortunately <strong> you can install your own WordPress completely free and under your control </strong> from <a href= and here you will learn every day to use it and take advantage of it, with total freedom and respect for your privacy .

What do you think about this matter?

NOTICE : this Publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Comply with European legislation on cookies in WordPress

 wordpress cookies

For some time now we have seen the requirements of European legislation regarding cookies and I think it was time for to see some plugins that can help us to comply with the law on our website in a simple way, without complicating us.

I have been testing some of the ones available to date so I tell you my impressions of each one …

EU Cookie Law / EU Cookie Directive Compliance Plugin
Once installed, ask visitors to your website if they agree to allow your site to create cookies. In addition to this basic function provides a link to the page of your website at where you can see the existing cookies on your site.

The page of settings is very complete in terms of appearance of the notice, being able to adjust all type of details of colors, links and locations, but it does not allow to personalize the text, a substantial failure under my point of view so I discarded it at once.

WP EU Cookie Law
Simple but at least this allows you to customize the main texts to be displayed, but not the buttons, a silly mistake. You can also choose between a pop-up window ( explicit ) or a higher banner ( implicit ).

It works instantly but I did not like it not allowing you to customize buttons and links, and that in the case of the banner does not follow the reader when doing scroll.

Cookie warning
Until now it is perhaps the one I liked the most, at least in effectiveness. Once installed, it shows a pop-up message that does not allow you to go forward on the web unless you take action.

If you accept cookies, you can browse normally, and if you do not accept, it takes you to the link that you personalize and deletes cookies of initial session of the site, so it is currently the best complies with European legislation .

You can customize the text that will appear, as well as the URL of the link in case of not accepting the storage of cookies, and also the text of the buttons of acceptance or not of the cookies, so in this aspect it is well covered.

What I like less is the default appearance of the pop-up window, because for example the default text is very small … and as a whole its appearance is a bit ugly. However, it fulfills the function for which it is intended.

 cookie warning adjustments

Cookie control
If it depended on the page of plugin information you would never choose it but nevertheless it is very complete and works great, being able to customize a lot of fundamental settings.

Once active you have your own settings page, very large, where you can configure the texts, the appearance and even have settings to disable Google Analytics cookies until there is no express approval of the visitor or, for experts, fields to add callbacks in JavaScript depending on the user's action.

I especially like that you keep a fixed icon on your website, from which activate or deactivate cookies at will . But it has some drawback, which is not as restrictive as Cookie warning, which we have seen before, because it allows you to browse normally even if you have not given your consent to cookies, and it does not delete the WordPress session cookies either.

that visually is the most but in effectiveness it sins something.

Electric Studio EU Cookie Law Compliance
I'm sure you'll love it if you can customize messages in an editor like WordPress. Otherwise it works very well and the default styles are great, unless you want to adapt them to the stylesheet of your active theme.

Once the user accepts cookies, they remain for 2 years, unless they empty the cache of the same. in the settings of your browser.

Not the most effective but complies with the basics.

 electric studio cookie law

EU Cookie Law compliance
Simple and allows to adjust some conditions and JavaScript codes, although the putada is that you have to modify the texts directly in the plugin files. On the other hand the operation is somewhat erratic and does not erase or block cookies so discarded altogether.

Cookie law info
It is the most configurations allows, with enormous difference being able to even create several warning messages in the style of personalized input types.

Custom messages offer a series of shortcodes to choose where to display and how the buttons of acceptance, links and others. You can also customize styles, fonts, colors, everything.

Among the settings you find you can choose where the warning will be displayed, the time it lasts, type of warning and many more options.

Do not delete cookies directly but it complies with the basics, and at the personalization level is as complete as it is . In addition, always leave a small link on the site to access the information message.

 cookie law info

] It is the one I am currently active after unsuccessful experiments with virtually all that exist and verify that they do not fulfill their purpose – for the annoying Spanish legislation – of not install cookies without permission .

su ghastly and tacky default pop-up window design which you can modify on your settings page as the author points out (and gives examples ), works wonders but, above all, offers some more interesting extra.

One of them is that it offers a shortcode through which to automatically display the list of cookies on your site on your page of pr policy Ivacity, for example.

 shortcode cookie list

In addition, and linked with it, it has a settings page in which to delete, add, modify or change descriptions of existing cookies s (which it detects and displays), and can even group them by sections. Very practical and useful.

 Cookilian cookie management

Let's not say the interesting thing about having cookie acceptance statistics for which It also offers an exclusive screen.

 cookilian statistics cookies

Equally useful is the page of configurations where not only it incorporates the possibility of personalizing the messages but it adds functionalities that you do not find in other plugins or scripts, and I quote some:

  • GeoIP to determine the visitors from which countries the cookie alert will be displayed
  • GeoIP Cache
  • Alternative GeoIP Server in case it fails the first, even accommodation in local
  • Consent by default or not (better choose not for Spanish legislation)
  • Custom alert texts that allow HTML
  • Custom CSS
  • Insertion box of scripts in the subject
  • Deletion of cookies before or after the visitor's decision
  • Cookie administration screen
  • Statistics
  • … a lot more

] In short, of the most complete that there is and, above all, that does what it should . For example, if you do not accept cookies, you only save a cookie, the one of the plugin to remember this decision, otherwise, and until you make a decision, if you have configured it in this way, it does not save anything.

[Nota: he detectado que en según qué instalaciones el plugin Wordfence (seguridad) instala una cookie que no es capaz de parar ningún script ni plugin, y que no está documentado que yo sepa donde evitarlo]

Anyway, keep in mind that all these plugins warn the reader and ask for their consent, with that all comply, but most do not block cookies, as there is much that deletes the initials if it is not accepted, so there are many of them who would not comply with the legislation in its strictest way (Spanish, for example, although the one in the United Kingdom), as it only gives the visitor the option to accept cookies and little else according to the chosen one, but something is something, in fact much more than what other websites do, including the government websites, which do not even comply minimally with their own legislation .

In any case there are honorable exceptions .

Which one to choose? because I encourage you to review the legislation of your country and use the one that best suits you.

In any case it is always better to put at least the notice, the user can always delete the cookies or navigate privately if you wish, although the legislator will verify that at least you have a page that reports the privacy policies, and better if it is clearly visible.

NOTICE : this publication is two years ago or plus. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Cookies, WordPress and legislation • WordPress Help

With the last legislative changes in relation to electronic commerce and websites in general it is becoming increasingly complicated to have a website legally, but everything is to respect the privacy of users right?

There are extremely rigorous cases, such as the United Kingdom, perhaps the most punctilious in the previous notice of cookies to the visitors, but where it gets especially tricky is in Spain because we have to add the requirements of the previous notice of storage of cookies to that here, because we are cooler than anyone, practically all web, and blog, it is considered e-commerce so only in very specific cases we would be exempt from applying the law on cookies.

But I do not say it, because as good quotes my friend Pablo Burgueño , abo Expert in new technologies …

The Cookies Act (or Cookie Act) obliges the owners of professional websites to prevent cookies from being installed on their users' computers, unless they have given their informed consent beforehand.

So what do we do with our WordPress?

Well the first thing is to know what cookies WordPress stores that, in a standard installation, and without active plugins, would be these:

The security cookies, the secret keys of WordPress and session are these:


The duration by default of these keys is:

  • 48 hours or browser shutdown
  • 14 days by checking the box in the access of " remind me "

This behavior can be modified, even the expiration of the cookies of session manually or by means of plugins, extending or reducing the time.

Some ways of modifying times would be these:

  1. Manually changing the session cookies in the file wp-config.php with what forces a new access to all users when deleting previous cookies. New cookies you get here
  2. Using some plugin like Configure login timeout that allows you to modify those times by default.

Then there are other cookies for comments, also temporary , which are stored on the visitor's computer under certain conditions, these:

  • comment_author
  • comment_author_email
  • comment_author_url

The duration of these cookies depends, fundamentally, on the browser settings of the visitor they are only saved if you have it configured in the browser. Although by current legislation you should warn if or if .

For these purposes, for a prior notice of acceptance of storage of cookies is not worth having a privacy page ( here an example of privacy page that includes the Dart cookie), but that must be notified to the visitor and have its express acceptance .

There are some plugins They promise to offer this but the truth is that I have tried almost all and are a complete truño. The only decent thing to date is this script which you can see up and running at the web of Abanlex attorneys (the company of my buddy Pablo).

But, As I have already pointed out to you, this is not always the case, because there are plugins that add their own cookies any of the polls, for example. So if you want to know what cookies your WordPress uses with all its plugins installed, you can create a function that, on a page, lists of all of them and their values ​​and times

The first thing is to add this code to your function plugin or file functions.php of the theme you're using:

And then put this shortcode where you want cookies to be displayed:

At least you will know, and your visitors, if you put that information on your privacy page the cookies stored on your WordPress.

Ah, and for the megafans of the social media and the mother who gave birth you know that if you have a corporate page on Facebook, you are also not complying with the Cookies Law .

And now the little question …

 Loading ... "tit le = "Loading ..." class = "wp-polls-image" /> Loading ... </div>
<p> I already tell you, not yet, because I'm still trying to find the best way, but I think I'll choose by the aforementioned scritp. </p>
<div id=

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Mailto – Complete user guide

Links mailto are those that, instead of taking your reader to a web page, are used as links for to send an email . They are little used, mainly to maintain privacy and control the spam but sometimes they are very useful.

As you can see, the basic structure is that of a link, but of the type mailto but there are several modifiers that you can include, as in the example:

Serious bug in WordPress 2.5.1

I read in aNieto2K that a important bug has been discovered in the recent version of WordPress 2.5.1 . If I would like to point out that, a few days ago, we commented on the existence of this error but not its definitive solution.

"Apparently, the link sent by email with the generated password that WordPress returns to us when resetting the password does not work making it impossible to access the blog after doing it. "

To solve it, as Ryan McCue explains in his blog we must modify these files:

In addition, aNieto2K reminds us that we can always modify the password directly from the database. As we reported when we published the existence of the bug.

Prologue – WordPress joins the Microblogging

It seems that the Automattic guys are not willing to make them Twitter or Jaiku compete and, with this intention or another, they just published a template it offers you what these microblogging services but without leaving WordPress .

The template, called Prologue and already available in your admin panel from WordPress. com can be protected to avoid intruders and would be perfectly suited to multi-user blogs in which to share thoughts or even serve as a mailing list between groups.