1. Nick

    oh yeah, very nice, when you delete the personal data, the name is replaced to “Anonymous”, and a link is placed on it that points to http://site.invalid, causing the site to have a bunch of broken links. I’m sure Google will applaud you for all the broken links !

    I’m reporting this for a few days now, and nobody cares…


  2. Marcus Tibesar

    I believe this GDPR addition should have absolutely been a plugin. I then would have the option of whether to activate it or not.


    • John Dee

      No kidding! Thanks Core for deciding that the EU wags our dog for the whole planet Earth. I’m an American. I’m not posting a privacy policy on my blog just because some technocrat in Europe tells me to. Who cares about GDPR? I live in Las Vegas. Just more Corporate buggery.

      Wow, I just noticed this piece of art gives legal advice to the admin.

      “As a website owner, you may need to follow national or international privacy laws. For example, ….”

      Awesome. What does the Foundation do again?


      • Rob - Clarip

        There are a few states that do require privacy policies and the FTC has been engaged in privacy enforcement under its Section 5 authority for some time. There are also three bills in Congress to create privacy requirements in the US. It’s probably not something you can avoid for long.


      • Paul Barthmaier

        make use of wp-login.php, so it’s wont work if you use a custom login page.

        This is a false conclusion. All properly coded custom login scripts use wp-login.php


      • John

        I’m not posting a privacy policy on my blog just because some technocrat in Europe tells me to. Who cares about GDPR?

        Oh yeah? With such attitude soon you’ll be out of business:

        “(…) Even if you’re not being slapped with heavy fines, there will be reputational damage for not complying. And with all eyes on the commercial use of personal data right now, staying compliant with the current laws will only help you as new rules and regulations are developed.(…)”

        I wouldn’t like to be your customer and I’m pretty sure many people would think the same. Respect our privacy dude.


  3. Keith Davis

    Many congrats to WordPress – these tools, especially the “Privacy Policy” pro forma, is a great help for those rushing to comply with GDPR :)


  4. Nick

    Thanks John,

    Actually I had also posted this in the WP Taverns’s other post from the beta days, nevertheless…

    I don’t think the core would ever want to her from me as I lost my temper several months ago and called them out on their lies, propaganda, their attitudes, and basically called them communists, or at least practicing “software communism”, in a Gutenberg review.

    I’m since then placed on their “terrorist – shoot on site” list, and all my postings are moderated. It takes me 3 days to thank someone, or give a 5 star review for a plugin. Typical, they don’t like your speech, they shut you down. It’s laughable actually more than surprising !

    Thanks again John…


  5. Miroslav Glavic

    two things:

    1) site.invalid

    Can’t you just edit the .php file and put whatever you want?

    I don’t like it when people put their URL, in fact, I have been thinking of removing that option (haven’t implemented it yet). It tends to lead to spam.

    2) Privacy – all my own sites have had a privacy, disclosure, cookies and comments page starting 2007. Any new sites got those pages automatically.

    Can’t people just use the contact page on any of my sites to ask me to delete all the data?


  6. Shane Bishop

    I would be surprised if Google bothered following those links, since the .invalid TLD is reserved and specified as such in RFC-2606:

    “.invalid” is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.

    So the whole point is that a person can look at it and go, “well, duh, that’s not a real link, why would I click on that?” If Google hasn’t taught their search bots to be clever enough to avoid those, I’m sure they will soon.

    At any rate, I haven’t had a chance to try the new tools, but they looked very promising, and the privacy policy template was a very nice touch.


    • Armin

      Interesting, learned something new. In that case I actually like the idea of setting it to that as it indicates there once was something, but it is now invalid.


  7. CreateIT

    A little late but we’re glad that WordPress core is EU GDPR-compliant.



    • Brian77

      It is not EU GDPR-compliant, not at all, sorry. Core-content in backend available to all user roles including subscriber is hosted on third party servers without information and/or consent. User IPs are stored in database without notice, just look for session_token. User IPs are stored for comments. User email is used in filename for GDPR data export. Exported meta fields from user profile are hardcoded, export will be incomplete in most cases. And there are a lot of of bugs like privacy policy page can not be edited by editors, your clients need full admin access to edit that page now, good luck with that.


      • Lee

        And to be fully 100% GDPR compliant it all has to be opt-in by default. Those cookie banners that say ‘we use cookies’ are supposed to say ‘do you give us permission to set cookies?’

        I have been saying this^ for at least a year, 6-9 months publicly, and few are yet ready to realise or accept the full implications of GDPR. It is impossible to have a web presence and be 100% GDPR compliant without also being 100% in control of the data flow and data storage. Very few website owners/managers have that level of control. For this reason one can only advise people to be as compliant as they can be. The Internet will catch up eventually.

        GDPR can be interpreted in 2 ways, at least. It will be left to the courts to decide how GDPR holds up and is applied.


    • Johnyy

      Well, it requires much more to be compliant. I’ve just found this interview with a lawyer: https://www.digitalmarketer.com/gdpr-summary/


  8. Leon Wagner

    The email sent to our customers has “Howdy,” as its salutation. And I don’t see any template to change that. We would NEVER ever address our beloved customers with “Howdy”. So disrespectful.


  9. Jeffrey

    My site has been updated to the latest version but I haven’t had a chance to play with the new “feature”. So if someone left a comment on my site with URL entered by themselves, and later on they could request to have the URL removed? I am not very up to the speed about the GDRP stuff.


  10. Captain Black

    Is it possible to use a post (rather than a page) for the privacy policy?


    • Brian77

      No, you can’t. And you have to be admin to be able to edit the policy page once it is set as such. Which is a total fail, as every sane person will only provide (maybe slightly enhanced) editor role accounts to clients, so they can’t break stuff by accident.


  11. Dave

    It’s by no means a huge deal, but I’m just curious. Is anyone else experiencing no auto-update to 4.9.6 and wondering what’s going on?

    I got this on all my sites and others on different hosts.



  12. Ciprian Popescu

    Would this be enough for GDPR, in order to improve the implicit consent offered by the current cookie policy overlays?


    In my opinion, we only need a modal gate (similar to age gates for adult sites) and a properly crafted Privacy Policy page.


  13. Dan

    I’m confused about WordPress comments. A user has to input their email address and name, but doesn’t GDPR require people to let them know how that data will be used? Honestly I couldn’t even tell you how it’s used! I don’t even know why WP comments need an email address because by default there’s no way to receive emails for follow up comments unless you’re using a plugin. Even right here on this blog I would say this very form I’m filling out isn’t compliant with GDPR.

    Any thoughts?


    • George

      The email address is used to pull the gravatar images associated with the address.


    • Milan Petrovic

      That is why you should have a privacy policy so that users can read about the data you require, how you use the data and so on. WP has added checkbox that allows saving personal data in cookie.

      It would be nice to have the Privacy Policy linked automatically in the comment form above the submit button.


  14. Doug Wagner

    Like most things related to the WordPress team- The REST API, Gutenberg, now GDPR- Something that is functional and works for most people is held up by agencies and so-called developers.

    Despite excellent documentation in Github and what a basic understanding of React would give you we are forestalling WordPress for the masses (Gutenberg).

    Despite the reality of doing business in the EU we are saying businesses don’t have to comply with GDPR.

    There is always going to be a use case where a workflow or technology does not work on version Zero.

    At some point you have to push the update or people are going to keep using bad technology.

    Small businesses and NGOs are going to use and need blocks.

    I got a $3000 order today from a German company that appreciated we are compliant with GDPR.

    We’re compliant thanks to the core team.

    Like I say to most people who can’t figure out how to connect the printer to their computer – Disconnect your head from your ass, it works better.


    • Serge

      Like I say to most people who can’t figure out how to connect the printer to their computer

      Who needs a printer?


Comments are closed.

%d bloggers like this: