WPWeekly Episode 320 – Building a Sustainable Web

WPWeekly Episode 319 – The Gutenberg Plugin Turns 30

In this episode, John James Jacoby and I are joined by Jack Lenox, Software Engineer at Automattic, to discuss his new project, SustyWP. Lenox explains how he built the site so that it only has 7KB of data transfer, what sustainability on the web means to him, and the relationship between sustainability and optimization to create a better user experience. We end the show discussing the latest WordPress headlines and share information on how you can watch WordCamp EU for free.

Stories Discussed:

BabaYaga: The WordPress Malware That Eats Other Malware
Ten WordPress Plugins By Multidots For WooCommerce Identified As Vulnerable And Dangerous
Plugin Detective Wins WordCamp Orange County’s 2018 Plugin-a-Palooza

WPWeekly Meta:

Next Episode: Wednesday, June 20th 3:00 P.M. Eastern

Subscribe to WordPress Weekly via Itunes

Subscribe to WordPress Weekly via RSS

Subscribe to WordPress Weekly via Stitcher Radio

Subscribe to WordPress Weekly via Google Play

Listen To Episode #320:

Read Full Article Here

Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)

Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)

There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […]

Read Full Article Here

A Beginners’ Guide to Privacy Policies

A laptop showing the EU flag with a padlock inside.

Among the important web development trends of 2018, user privacy and how websites handle collected data is at the top of the list. With the imminent introduction of the General Data Protection Regulation (GDPR), it’s more important than ever to ensure you have a privacy policy in place that adheres to its guidelines. Failing to do so could mean incurring severe penalties.

Fortunately, user privacy isn’t an impenetrable topic. There are a few key elements you’ll need to consider, as well as some tools that can help you put the optimal policy in place. There’s the obligatory WordPress plugin solution, but also comprehensive third-party offerings that constantly update based on changes made to your site’s elements.

In this post, we’ll explore what a privacy policy is and why you need one. Then we’ll cover five different ways to implement a privacy policy on your website. Let’s get started!

What a Privacy Policy Is

In a nutshell, a privacy policy is a legal document outlining your approach to managing user data. It explains what data you collect, how it’s used, where it’s stored, and anything else appropriate that your users need to know about the privacy of their collected data. For example, we have our own privacy policy linked to within the footer of every page:

Privacy policies are part of the same family as ‘cookie notices’ (i.e. website banners displaying whether a site collects cookie information). This is because both are implemented to clearly inform users that their data is being collected, as well as why and how.

As you can imagine, privacy policies can run to either a few lines or reams of detailed legal verbiage (although that would likely hamper the reader’s understanding). In short, you’ll usually find the following:

  • Clarification on what constitutes a user, the website, and any other relevant party.
  • Information on how data is collected on your site.
  • An overview of how the collected data is used once it’s been obtained.
  • What the visitor can do to make sure their data is deleted.

You may find that some privacy policies don’t include some of this information currently. However, as we’ll explain, all websites will shortly be required to add these elements, with heavy penalties facing those who do not comply.

Why a Privacy Policy Is Necessary For WordPress Websites

As we mentioned, the EU Cookie Law is almost a precursor to initiatives being introduced this year. The GDPR radically overhauls compliance for practically every website, and in contrast to the current Cookie Law, will include stiff penalties for those not complying with the directive.

While the GDPR, Cookie Law, and implementing a privacy policy, in general, is platform-agnostic, for WordPress users the waters become a little more muddied. For starters, there are many cogs that turn to drive the entire platform – elements such the plugins and themes you use will log data, for example.

What’s more, many users will have third-party tools and solutions that help them manage a site day-to-day, which is to be expected. If you or your clients use tools such as Google Analytics or InspectLet, these will also capture user data, meaning your privacy policy needs to reference this too.

It’s definitely a minefield, but one you will have to traverse if you want to stay on the right side of the law. Our advice is that if you’re considering this option solely based on the amount of work it will take to implement, it’s not a wise idea. The GDPR will mean authorities have the power to dish out millions of dollars worth of fines to non-complying sites. In short, the buck stops with you.

5 Solutions For Implementing a Privacy Policy on Your Website

Let’s take a look now at how to implement your privacy policy simply and effectively. Each of the solutions below is GDPR-friendly and are comprehensive enough (or have the scope) to handle any custom user privacy situation you or your clients may have. Let’s take a look!

1. Manually Create a Privacy Policy

First off, there’s nothing wrong with manually creating your own privacy policy if you feel it’s warranted. After all, it’s usually just a detailed statement of how you’ll capture and use visitor data. For websites with either zero or very little in the way of data collection, this method may be ideal.

We’ve mentioned what a privacy policy should contain already, but just to reiterate, you should include:

  • Details on the information you collect, and how you do so.
  • Why you’re collecting the information.
  • Whether third-party services associated with your site collect information, and the details (such as ad networks).
  • Clear guidance on whether users can opt out of data collection, and contact details in order to discuss things further.

However, unless you get the wording exactly right, your privacy policy could land you in hot water should any data breaches occur. Of course, you could get your privacy policy looked over by a legal professional, but you may find more value in a dedicated service. Let’s take a look at the rest of the options.

2. iubenda

The iubenda website.

In our opinion, iubenda is the most comprehensive and easy to use service available, and we really like the concept. Because many websites (especially WordPress-powered ones) are made up of many moving parts, you’ll likely have various data collection points throughout your site’s code. Keeping tabs on all of these could be difficult, but iubenda’s module-based system makes the process a breeze.

In short, you’ll piece together your privacy policy from a comprehensive list of services, resulting in a complete, ready to roll page that can be embedded or linked to as you wish. What’s more, each module is updated automatically when required. It’s going to be a great timesaver for high-traffic sites, or those handling sensitive data. However, it’s probably overkill for smaller blog-type sites.

As for pricing, it’s incredibly reasonable at its core. Ultimately, while there’s a free plan, you’re likely better off purchasing a license starting at $27 per year for one site, or a multi-license for $9 per month.

3. Shopify Privacy Policy Generator

The Shopify Privacy Policy Generator is (unsurprisingly) from the Shopify team – a leading non-WordPress specific ecommerce solution. Given that their business is heavily-focused on leveraging user data, it makes sense that they provide helpful tools for their user base. This particular service will be suitable for any e-commerce site owner, and what’s more, it’s completely free to use.

In a nutshell, this solution is just like creating your own privacy policy. Once you provide some essential details, you receive a tailored privacy policy in text form, which you can then paste into a post or page:

The Shopify Privacy Policy Generator.

It’s arguably the quickest and simplest solution available, which makes it great for Minimum Viable Products (MVPs) and startups in need of a quick launch. However, because it’s essentially a one-size-fits-all solution, it could miss out vital aspects of your site. In addition, it’s not WordPress-specific, so it won’t offer the same detail as other policies.

4. Auto Terms of Service and Privacy Policy

The Auto Terms of Service and Privacy Policy plugin.

As for WordPress plugins, Auto Terms of Service and Privacy Policy is one of the best available for creating clear-cut, and comprehensive privacy policies. By using this plugin, you’ll be amending the Terms of Service (TOS) and privacy policy of Automattic – the developers of WordPress – meaning it’s totally free to use.

It’s similar to Shopify, in that you’re adding your own details to a template privacy policy. However, Auto Terms of Service and Privacy Policy allows you to configure a more robust solution tailored to the specific requirements of your website. It’s also extremely easy to use.

Overall, Auto Terms of Service and Privacy Policy is going to be great for those needing a quick way to protect themselves temporarily, and the fact that it’s a WordPress plugin is a major plus.

5. TermsFeed

The TermsFeed website.

Finally, we have TermsFeed. This is one of the more popular third-party privacy policy generators, and it works in a similar vein to iubenda. In essence, you select what to include, and TermsFeed generates a privacy policy you can link to or embed, which is then updated automatically.

The main perk of TermsFeed is the vast number of different policies you can generate:

Examples of the policies you can create with TermsFeed.

We’d arguably put this aspect ahead of iubenda’s, although both services are pretty similar overall. However, where TermsFeed falls down is its ambiguous approach to pricing. While there’s a clause-limited free service, premium policies require a one-time payment that is calculated upon creation. Because of this, it’s likely not going to be a solution for the budget-conscious.

Conclusion

Making sure you have a privacy policy in place before ‘GDPR doomsday’ should, naturally, be a high-priority task. It’s not necessarily easy, but one you’ll want to undertake given the potential to be fined for a misstep.

This post looked at five ways to create a GDPR-friendly privacy policy for your website. Let’s recap them quickly:

  1. Manually create a privacy policy. If you can access the legal know-how, writing your own privacy policy is a great option.
  2. iubenda. A comprehensive service ideal for the vast majority of websites.
  3. Shopify Privacy Policy Generator. This solution can’t be beat for a quick e-commerce privacy policy template.
  4. Auto Terms of Service and Privacy Policy. As WordPress plugins go, this is a must-have for generating a quick privacy policy.
  5. TermsFeed. While this is also a comprehensive solution, you’ll likely need a decent budget to create your privacy policy.

Do you have a question about how to implement a privacy policy on your WordPress website? Ask away in the comments section below!

Featured image: mohamed_hassan.

John Hughes

John is a blogging addict, WordPress fanatic, and a staff writer for WordCandy.

The post A Beginners’ Guide to Privacy Policies appeared first on Torque.

Read Full Article Here

Why Not All Password Managers are Secure and What to Do About It

Do You Know Why Hackers Are Targeting Your WordPress Site?

With over 30 million monthly brute force attacks, it’s crucial to use strong passwords everywhere. But creating and remembering unique strong passwords across all your accounts can feel like an impossible task. A password manager can help…or can it?! While using and enforcing strong passwords is strongly recommended especially on your WordPress website, not all […]

Read Full Article Here

Server Issues That Affect WordPress (And What to Do About Them)

Server Issues That Affect WordPress (And What to Do About Them)

It’s a situation that we’ve all been through. You’ve just set up your WordPress page, everything looks great and you’re ready to go live and unveil your awesome website or blog.

Instead of loading, you get the following message: Error establishing a database connection

WordPress is a slick and intuitive system, but sometimes, errors can happen. And it’s dealing with those errors that can be frustrating for website owners and bloggers who just want their WordPress website to work. Fixing those errors should be your priority as visitors won’t be understanding towards a site that is slow, unresponsive, compromised, or even non-existent.

Lucky for you, a lot of the problems that affect WordPress can be fixed. And, it can be fixed easily as well. However, in order to quickly resolve these issues, it’s best to understand the root of the problems, so that you can solve them effectively.

Read on to understand the server issues that affect WordPress and what you can do about them.

Your pages are loading slowly

You’ve optimized your website and you’ve done all you can to speed up WordPress. You’ve checked the internet connection (with a speed testing tool) on your end and it’s not the reason for your website being slow.

Odds are, you might be suffering from hosting server issues.

What you should do then is to check on the server status of your current hosting company. Any issue that gets reported by your hosting company will most likely affect your website, or even take it down altogether. So, it’s best to keep an eye on the status of your hosting company.

Every host providers should have a “Server Status” or “System Status” page where you can check if there’s anything wrong with the servers.

If the hosting company are the ones causing the issue, then you should contact them immediately to know when it will be resolved. However, if you notice a pattern to the slow-downs, contact customer support to see if a neighboring website is affecting your server. Should that be the reason, then you might want to consider upgrading to a VPS or cloud hosting plan.

There is an “Error Establishing Database Connection”

One of the terrifying things to see when you load your website is the message, “Error Establishing Database Connection.” It can be frustrating for anybody to see that message, doubly so if you have to debug and fix it yourself.

Technically, a lot of the issues that can cause this message tend to occur from within your database. So, the first thing to do is to make sure that all of your data are correct. Check and confirm the information in your wp-config.php file, look at your username, password, and hostname fields. Make sure all of it is correct, then update, save, and check your site.

Should the problem still persist and you’ve made sure everything’s fine on your end, then it’s most likely that you’re looking at a security breach or you’ve been disabled by your hosting company.

To check whether your WordPress website has been breached, you need to use a security plugin such as WPscans or Plugin Security Scanner to run a scan. If there was no breach, then you might need to contact your web host as they might have temporarily disabled your database due to excessive use or for contractual infringement.

The “server does not exist” situation

If visitors load up your website and are greeted with a blank page and a message that says “Server does not exist,” then you need to contact your hosting provider immediately!

This tends to happen when a hosting provider has placed some sort of suspension on your account and your website. There could be many factors to this, such as domain names or hosting plans that have not been renewed and exceed the bandwidth and storage limitation of your hosting plan.

Regardless of the reason, the only way to get your website back online is to contact them immediately and resolve the issue.

Your email does not seem to be working

Most of the hosting plans will offer you the ability to create an email; in fact, you can even have your own branded email hosting with your domain name. For example, with a website called awesomeblog.com, you can create emails such as [email protected], [email protected], or even [email protected]

The problem comes when you’re not receiving your emails even after you’ve connected all of your forms to those emails and have published the address on your WordPress website. Assuming that visitors are not misspelling your email address (and neither did you), then there are a few ways that you can troubleshoot the issue.

First things first, test whether the address is working properly or not by emailing it using different accounts. In fact, try to have a number of people do it at the same time. If no one receives any message about the inbox being full, then you can rule out maxed-out server space as an issue.

Those that have set up the hosting emails to forward them to another account, you might want to check whether they’ve been configured properly. Check the email settings on your account and look at the email accounts and forwarding section. Make sure that your hosting email is listed there.

Finally, you can check whether the emails are coming through to your hosting provider by looking at the hosting account’s inbox. If there’s no mail, then it’s likely to be a configuration problem and you have to talk to your hosting provider to solve the issue.

It keeps showing “connection timed out”

When the server memory limit of your website has overrun, then you will probably see the “connection timed out” message when you load up your website.

There can be many causes for your website to exceed its memory limit. You might have experienced a surge of traffic in a short period of time, use too many plugins that eat up your server resources or even apply themes that are not fully optimized.

What you need to do is uninstall plugins that might be causing memory issue. Disable your current theme and revert back to the default WordPress theme to rule out any theme-related causes. You should also consider upgrading your hosting plan to handle more traffic.

Finally, you can also try to increase the maximum execution time in your php.ini file by contacting your web host provider or try doing it yourself by following WordPress Codex’s guide.

The wrap-up

When something goes wrong with WordPress and your website ends up with an error, it definitely sucks. Especially if the problem is something that’s beyond your control. Here are more common WordPress errors you can study.

We know it’s impossible to cover everything that can go wrong with WordPress but with the server issues we’ve detailed above, you should have a better idea of how to tackle most of them. Even if you’re not able to fix it by yourself, you’ll at least have the knowledge to get the right help.

 

Erica Silva is a blogger who loves to discover and explore the world around her. She writes on everything from marketing to technology, science and brain health. She enjoys sharing her discoveries and experiences with readers and believes her blogs can make the world a better place.

The post Server Issues That Affect WordPress (And What to Do About Them) appeared first on Torque.



Read Full Article Here

Essential WordPress Security 2018 – Part One

Essential WordPress Security 2018 – Part One

One of the most pernicious myths about WordPress is that it is vulnerable to hackers. As the most popular Content Management System, running almost 60% of all websites that use a CMS, there will always be some WordPress sites that are no longer actively maintained or whose owners are simply unaware of what they need to do, so, yes, we will keep hearing about WordPress sites that have been hacked.

The truth is, however, that the huge and extremely active WordPress community, who follow the latest security trends and spring into action whenever a vulnerability is discovered, make the most secure CMS if you follow a few simple steps.

Read Full Article Here

How to Replace Your Web Host with a Robot

How to Replace Your Web Host with a Robot

The best thing about attending WordPress meetups is when you chat with someone who has been working with WordPress for only a year or two, and you are able to tell them about a tool that will instantly solve a problem they have been struggling with every day. The look on their face as what you are telling them sinks in is always a joy to behold.

This article is about a tool that could impact your use of WordPress in that profound way if you currently pay for Web hosting.

Read Full Article Here

How Your WordPress Security and Activity Log Can Help You Move Towards GDPR Compliance

A security officer overlooking a city.

Keeping an activity log of everything that happens on your WordPress websites and multisite networks is a vital security measure. As such, it’s important to understand how the new General Data Protection Regulation (GDPR) will impact the way you use your security and activity log. With the GDPR set to roll out soon, you’ll want to ensure that you are following it to the letter.

Fortunately, WordPress plugins such as WordPress Security Audit Log can help you move towards compliance for your website, and for your security log itself. The GDPR stipulates that you must keep a log so you can remain aware of potential tampering on your site, and so you can make sure that only authorized people have access to sensitive data. To help you maintain compliance with this particular aspect of the GDPR, the WordPress Security Audit Log can be an invaluable tool.

In this article, we’ll explore what the GDPR means for your site. Plus, we’ll introduce some strategies you can implement to make sure your WordPress security and activity log, and your website as a whole, adheres to its requirements. Let’s dive in!

What the General Data Protection Regulation (GDPR) Is (And How It Affects You)

The General Data Protection Regulation (GDPR) is a European Union initiative. It’s designed to give users greater control over the way their personal data is collected and used online. The stipulations of the GDPR are applicable to all website owners who have visitors from within the EU.

To ensure that you are compliant with the GDPR, you’ll need to ensure that users have:

  • Right to Access: This means you will need to be as transparent as possible about how you’re using personal data. Users will also have the right to access and port their personal data.
  • Right to Be Forgotten: If a user wishes for their data to be completely erased from your site, you’ll need to comply.
  • Right to Be Notified of Data Breaches: Should a breach be detected on your site that has the potential to compromise the ‘rights and freedoms’ of any users, the relevant parties will need to be notified.

Failing to comply with the GDPR could mean incurring hefty penalties. Before you hit the panic button, however, rest assured that help is at hand.

How Keeping a Security Log Can Help You Ensure GDPR Compliance (4 Key Features)

As the name suggests, a security audit log (or WordPress activity log) is a record of all the activities that have occurred on your site within a particular time frame. WordPress Security Audit Log makes creating and managing this record simple, giving authorized administrators a clear overview of when and where all actions have occurred.

Since the GDPR states that your business must inform authorities and all affected users of any data breach within 72 hours of its occurrence, a log is a powerful forensic tool. It will enable you to better understand what has occurred, which security hole was exploited (so you can close it), and what information (personal data, customer data, or otherwise) was accessed.

The following is a rundown of four crucial ways an audit log can help your site remain GDPR compliant.

1. Improved Monitoring

An example of a security log.
WP Security Audit Log enables you to effortlessly monitor user activity, and block suspicious activity.

Using a security log, you can monitor the specific actions being taken on your site. This can include actions by staff, customers, and all other visitors. The GDPR stipulates that any breach needs to be acted on immediately.

WP Security Audit Log offers a number of advanced features that make the process of monitoring (and breach detection) simple. You can immediately see who is logged in, as well as who has logged in previously and when. Plus, you can view the changes users have made on your site, and even immediately terminate login sessions you deem suspicious.

2. Automated Email Alerts

Setting up email notifications.
With WP Security Audit Log, you can configure exactly what triggers an automated email notification.

Since it is usually impractical to devote hours to poring over a monitoring screen, an effective security log should send automatic emails whenever an important change on your site occurs. Notification emails can help you identify and resolve potential breach situations rapidly, ensuring that user data is protected in accordance with GDPR stipulations.

With WP Security Audit Log, you can configure triggers so that you receive an automatic email notification when specific events or changes happen on your website. You are also given the option to edit the email template and content to match your specific business requirements.

3. Automated Reports

Configuring security log reports.
A quality security log will let you generate an array of reports filtered by specific users, roles, IP addresses, and more.

GDPR compliance requires knowing which users have accessed what personal or customer data (and when). This means that your security log should generate automated reports, to give you a rundown of all actions that have taken place on your site. That way, you can rapidly identify discrepancies and potential breaches.

Using WP Security Audit Log, you can have automated reports emailed directly to you on a monthly, weekly, or even daily basis. You’ll also have the ability to specify the criteria of the reports to meet your specific requirements. These reports can prove invaluable for anticipating, as well as resolving, security issues. As such, they are ideal for helping you adhere to GDPR data protection requirements.

4. Search For Specific Activity

Searching for user activity.
It’s important to be able to search for particular types of activities that indicate possible security breaches.

When it comes to breach detection, certain user actions and changes will be more indicative of suspicious behaviors than others. Although reports can give you a picture of what’s happening on your site, it helps to have a more immediate means of searching for specific kinds of problematic activity.

With WP Security Audit Log, the processing of identifying breaches and finding out when they happened is sped up considerably. This is thanks to the search feature, which lets you type in any term associated with a potential breach, and get a comprehensive readout of related actions. You can also filter these security alerts, and view the IP addresses associated with them.

3 Ways to Ensure That Your Security Log Is Protected

So far, we’ve been talking about how to use your security log to ensure to help you move towards GDPR-compliance. However, it’s equally important to ensure that the log itself is protected and compliant. If unauthorized people gain access to your log, even if they are well-intentioned, that constitutes a breach of personal data. What follows are three ways you can optimize the security of your WordPress activity log, and ensure that only authorized personnel can access it.

1. Maintain Restricted Access

Keeping your log secure will mean restricting access only to personnel who have the necessary role and associated permissions. This will enable you to establish accountability when it comes to protecting user data for GDPR compliance.

WP Security Audit Log makes the process of restricting access to the log streamlined and intuitive. All you need to do is navigate to Audit Log > Settings. Once you check the Restrict Plugin Access box, you can proceed to add the roles (or specific users) who will be able to access the log. It is highly recommended that only admins, or staff with relevant data processing authorization in your agency, be given permission to view your log.

2. Follow Optimal Logging and User Notification Practices

To conform to the ‘Right to Access’ and ‘Right to Be Forgotten’ stipulations of the GDPR, you need to ensure that users are aware of how you are using their data. This is where a privacy policy comes in handy. If you’re using WP Security Audit Log, you can take advantage of the provided privacy policy template to inform users about how the plugin is being used for security logging purposes. This, in turn, can help you keep your site GDPR compliant.

Of course, it’s equally important to ensure that admins are only collecting and monitoring the user data they are entitled to. With WP Security Audit Log, you can exclude the monitoring of custom fields and IP addresses, to better maintain privacy. You can also manually select what changes the plugin should keep a record of.

Since the GDPR states that data can only be kept and used to fulfill a particular purpose, that data will need to be deleted once its purpose is fulfilled. WP Security Audit Log enables you to customize your audit log retention as required and automatically deletes information after a set amount of time. This handy feature also presents a way of ensuring that users’ right to be forgotten is upheld automatically.

3. Store Your Log In an External Database

It is crucial to store your log in an external database. This is to ensure that, in the event that your WordPress site is compromised, hackers will not be able to access or tamper with your activity log. Securing your log externally will also help ensure that users can safely port it, in line with GDPR guidelines.

The premium version of WP Security Audit Log enables you to move your log to an external database in just a few clicks. In addition to heightening security, this process can also improve loading times on your site. You are also given the option to export your log to external central logging systems, including Papertrail, or to your server’s syslog file.

Conclusion

Ensuring that your WordPress site’s security and activity log adheres to GDPR requirements may seem intimidating at first. However, as we have seen, there are a few simple methods you can use to make the process much easier.

A quality security log plugin like WordPress Security Audit Log, for example, lets you see and track everything that is occurring on your website. This helps you significantly reduce the risk of a breach occurring in the first place. In the unlikely event that a breach still does occur, your WordPress security log will give you the information you need to determine whether or not you need to notify users – well within the mandatory 72-hour time limit.

Of course, you’ll also want to ensure that the security log itself is protected and compliant. You can do this by:

  1. Maintaining restricted access.
  2. Following optimal logging and user notification practices.
  3. Storing your log in an external database.

Do you have any questions about ensuring that your security log is GDPR compliant? Let us know in the comments section below!

Images: Pixabay.

John Hughes

John is a blogging addict, WordPress fanatic, and a staff writer for WordCandy.

The post How Your WordPress Security and Activity Log Can Help You Move Towards GDPR Compliance appeared first on Torque.

Read Full Article Here