It is every single website owner’s worst nightmare to realize that their website has been hacked. Infected sites can wreak havoc for everyone and cause a lot of damage in its wrath. It is a very serious matter that should be tackled as soon as the infiltration has been discovered. However, the first thing to do at this moment, is take a slow, deep breath, and know that your website will be up and running clean once again. Listed below is my step-by-step guide for anyone with an infected WordPress website who is wondering what to do next. [Read more…] about Oh no! My WordPress site got hacked!
The EU’s GDPR (General Data Protection Regulation) is coming up pretty quick. May 25, 2018 will be here before you know it. This law was actually approved back in April 2016 however had a grace period of two years before it went into full effect. Trying to understand all of the information out there is about like trying to understand tax laws with its 11 chapters and 99 articles. Most of the time it leaves you cranky and your head throbbing.
The quick rundown of GDPR
- Identifiable data is protected. Any data that can be used as identifiable for a visitor falls under the GDPR. This includes and not limited to name, email address, sex, race, age, address, phone number, and birth date.
- It requires that consent is given. If you have the opt-in box checked by default, you need to change it so it is unmarked by default.
- Parental consent will be required to process any and all personal data of children under the age of 16, can vary per member state in the EU (country) but it will not be below the age of 13.
- It gives the visitor the right to know what information is being stored about them and why it is being stored.
- It gives visitors the right to have their information to be removed at their request.
- If any data is ever lost, stolen, accessed without permission, the authorities must be notified within 73 hours of the breach becoming known along with every single person whose data was accessed.
- Any new site must be made with privacy in mind. Data requests should be strictly controlled and only given when required.
- Data can only be used for the reason it was given at the time it was given. Then it must be securely deleted when the data is no longer needed.
- A visitor can request their information at any time, transfer that data, or have it removed.
- It also allows national authorities to impose fines on companies breaching the regulation.
While this is an EU law, it affects every single person on the web in one way or another. For all of us in the United States who feel that the DGPR does not apply to them, the first thing you need to know is that if your site has a form, e-commerce, blog subscription, comments, or even a contact me, you will need to have your site GDPR compliant. If your site can be reachable by someone in the EU and it is collecting any type of information, that means you! Also, please do not consider just blocking EU IP addresses as that does not really work either. With the help of VPN’s, your site can still be accessible to the EU and still falls in the realm of the GDPR regulations. If you fail to comply, the EU can still fine you up to €20 million per infringement or up to 4% of the annual worldwide turnover. That can put a small site/business out-of-order.
What you can do to become GDPR Compliant
If you have any opt-in boxes or forms with boxes, you must ensure that they are UNCHECKED by default.
Another item that all sites will need is a Data Viewing and Removal option for visitors. You can find mine on the GDPR Personal Data page. A visitor to your site will now be able to remove their data from your site at any given time.
If you have questions, talk to a lawyer. Find one that is well versed in GDPR. In the long run, it is always better to pay a lawyer a few hundred dollars than possibly millions in fines.
Tools to make compliance easier
In my research of how to handle the GDPR changes for my clients, I have found two options to assist in being GDPR compliant.
Both plugins are free in the WordPress plugin repository and easy to configure. Please do your due diligence before choosing any option to become GDPR Compliant.
TL;DR: Get your website ready for GDPR. If you have questions, ask someone. Don’t just sit back and do nothing. It could become a very costly issue.
DISCLAIMER: Using my guide does not guarantee compliance to GDPR. This post gives you general information and ideas, but is NOT meant to serve as complete compliance package. Compliance to GDPR is a risk-based ongoing process that involves your whole business. Can’t Speak Geek is not eligible for any claim or action based on any information or functionality provided by this post or this website.
Michele got the chance to talk Beginner’s WordPress Security at WordCamp Montreal this weekend. WordCamp Montreal is always a great camp to go to and always has a great lineup of speakers.
Here are the slides from Michele’s talk.
There are over 35,000 free plugins on the WordPress plugin repository right now with thousands of premium plugins that can be found across the web. With that many plugins, how does one know which plugin to choose.
11 SIMPLE QUESTIONS TO ASK WHEN CHOOSING A PLUGIN
- Does the plugin do what you want it to do? Make sure the plugin does exactly what you want it to do. You don’t need all of the bells and whistles, just what you need it to do.
- When was the plugin last updated? If the plugin has not been updated in over two years, there will be a notice at the top of the plugin page. If it has been two years, the plugin is probably no longer supported and might not work with the current version of WordPress.
- Is this plugin still supported? Check to see if any of the support questions have been answered. If they are not on the repository, check to see if their website has a support forum or a way to contact someone for support. If the plugin is no longer supported, it is best to find a more current and supported option.
- What has others said about the plugin? I always check the user feedback of every plugin before I download it. Make sure you read the feedback comments though. Many 1 stars are due to not reading the documentation or not understanding the plugin. However, if there are multiple 1 stars that states the author will not respond, or shuts down a site as soon as it is activated, it probably is not the plugin you want to use.
- Does the plugin have any known vulnerabilities at this time? All code is built by humans and humans do make mistakes. Vulnerabilities are being found in rapid speed in all things WordPress. Most times, when a vulnerability is found, the plugin author makes a patch and pushes out a new version. This is why it is preached to always run the updates as they come out. If a plugin (or theme) has a known vulnerability and has not made a patch, it is advisable to use a different, safer plugin.
- Will it work with my current version of core, theme, other plugins, and my server? In the bottom right of a plugin homepage on the repository will be a box that says if the plugin works with versions of core. Make sure the plugin will work with the version of WordPress you are running on your site. Also, there are times that certain plugins do not work with other plugins or certain themes. There are also some plugins that will not work on a Microsoft server. Check the documentation before you download.
- Do you already have a plugin that does something similar already on your site? There are many multi-function plugins like Jetpack and iThemes Security that have many features built into one plugin. Also if you use two plugins with similar features, they might conflict with each other.
- Is there paid support available? Some have a paid installation option or their one -on-one support comes with a fee. Understand the support terms before you decide if that plugin is for you. If it has no option of support, try to find a comparable plugin that does offer some type of support.
- Is it a free plugin or does it have a free option? Many plugins have a free and a paid version. Sometimes all that is needed is the free version.
- Is the price per year or one time only? Some freemium plugins have a yearly fee while others are one payment and you own it. Make sure you know before you buy.
- Does the price include support? There are some plugins that do not offer support within their fee. Check to make sure you can get answers to your questions if they arise.
Today I had the privilege to talk to all of the beginners at WordCamp Nashville today about taking their website concept to a real life WordPress website. I always enjoy working with the beginners and helping them to reach their goals of becoming confident on their WordPress skills. This type of talk has easily gotten to be my favorite type of talks (other than talking security). I always look forward to coming to Nashville and they put on a great WordCamp.
If you missed the talk, here are my slides from WordCamp Nashville. See you next year Nashville!