Is WordPress Ready for the New EU Privacy Rules?

Data is invaluable in the digital age, and if you have online presence, particularly if you run a website, then you are automatically part of the data game. With the new EU rules on data protection set to come into force in less than a year from now, how will WordPress – everyone’s favorite platform – be affected?

The GDPR Will Affect WordPress, too

Chances are that if you are running your own website dedicated to design and your craft, you are most likely using WordPress: with almost 16 million active websites using WordPress and over 76 million WP blogs out there, it remains the most popular Content Management System – representing 50% to 60% of the entire CMS market – and powers 28% of the whole internet. Not bad, huh? Now imagine all the personal data that flows through these WP sites daily. If the picture is overwhelming, try to consider how a major change in data protection rules, like the upcoming advent of the new EU General Data Protection Regulation might influence the landscape.

Replacing the previous 1995 regime, the brand new GDPR provides a single, comprehensive set of rules that foster the protection the personal data of all EU residents and visitors – meaning that it extends to any company, whether based within EU/EEA borders or abroad, that collects, stores and processes personal data of individuals within the EU in the context of monitoring them or providing goods and services, even if it does so for free.

That includes WP for sure. The GDPR is currently set to go into effect on May 25, 2018 and non-compliance can incur fines up to more than $23,000,000 or 4% of an organization’s total global profits. As the deadline looms in, companies rush to prepare for the new, more rigid rules – and WordPress is no exception.

Do WordPress Security Features Comply with the GDPR?

The WP platform stores and analyzes vast amounts of personal data daily, like personal data of the site’s owner as well as its visitors’ credentials and emails, if programmed to do so, in order to make sure that its sites run smoothly and that updates are implemented across billions of blogs.

Users have proposed, for instance, telemetry in order to ensure compliance with data privacy concerns like those mirrored in the GDPR. This would support the gathering of anonymized data and promote security. WordPress has long struggled with security vulnerabilities: According to the BBC, in February 2017 more than 1.5 million websites running on WP were affected by a hacker attack. As an infographic on WPTemplate reveals, most of WP sites are compromised due to vulnerabilities in their hosting providers, which makes up for 41% of affected sites. A further 29% are attacked through insecure themes and 22% get hacked through plugins as points of entry for cybercriminals.

Security issues on WordPress are often fixed through adding plugins – individual software elements that you can add on your site, that are dedicated to promoting security in various ways – but you must be cautious and only add plugins from trusted sources. Perhaps tellingly, some plugins have begun to be added under a “GDPR” tag specifically dedicated to the new EU Regulation. Besides taking simple security steps like a strong password and limited access permits on your site, plugins can prove your most valuable ally in the fight against cybercrime.

Plugins such as Login Security Solution or Login LockDown limit a user’s individual login attempts to a humanly possible number, thus thwarting automated attacks, while others like Duo Two-Factor Authentication and OpenID implement a two-step authentication process that increases security. Even in the case of these plugins, though, it’s important to check the trustworthiness of their source and their code.

All in all, as many other companies out there, WordPress has yet to announce a detailed compliance plan to tackle GDPR requirements. But things are moving towards the right direction, and the signs – and the plugins – are there, for anyone willing to pay attention.

Leave a comment

Your email address will not be published.