WordPress Privacy Tools – WPQuickies

In this lunchtime #WPQuickies, I talk about WordPress privacy tools for users.

WordPress Privacy Tools – WPQuickies webinar

Privacy Policy

Depending on where you live, national or international regulations may require you to provide a Privacy Policy on your website disclosing your collection and sharing of personal data.  All Australian websites should legally provide a Privacy Policy page.

Private data includes but is not limited to things like users’ name, email, phone, physical and IP addresses etc.

You may also be required to provide your users with the means to request a copy of the information you hold about them, or request its deletion.

This is certainly the case for the 2018 General Data Protection Regulation (GDPR) European law.  So if you specifically target users that reside in the EU, your sire will need to be GDPR compliant.  Here’s a link to what GDPR is all about https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Fortunately WordPress was quick to add simple administrator tools to allow compliance for GDPR and general privacy policy regulation.

Privacy Policy Page

From the WordPress dashboard navigate to Settings > Privacy.

wordpress privacy settings

Here you can create a new privacy policy page or select an existing page you already have.

There’s a link to a guide which gives helpful information about what to include on a privacy policy page if this is your first time creating one.

Headings such as: Contact Forms, Cookies, Analytics, Data Retention, Where We Send Your Data, Where We Store Your Data

All these things and more should be covered by a privacy policy.

If you are looking for a more legal document but don’t have the money to hire a lawyer to put one together I suggest using Lawpath https://lawpath.com.au/  They have specific legal documents for Australia and New Zealand and you get one free document on registering.

Exporting User Data

From the WordPress dashboard navigate to Tools > Export Personal Data

WordPress export personal data tool

The process here is to send an email to the person requesting the data for their verification.  

Once they have verified their email address, you can download a zip file of their user data from your site and email it to them.

A link is also sent to the verified email so they can download the data themselves..

The data is stored in a .json file.  

Remember that the data is only from within WordPress and participating plugins – there is likely more information you store about the user on your website.

Erasing User Data

From the WordPress dashboard navigate to Tools > Erase Personal Data

WordPress erare personal data tool

The process here is similar to the previous exporting user data, where you should verify the requesters email address first before erasing any personal data.

An administrator must manually approve the request to remove the data in question.

Deleted data is permanently removed from the database. Erasure requests cannot be reversed after they have been confirmed. 

Note that it does not remove the data from backups or archive files so if you do restore a backup, please respect any data removal requests and redo them.

Again this only removes user data from WordPress and participating themes and plugins.

This tool does not delete registered users or their user profile – an administrator will have to manually delete the user from the Users dashboard area.
Also, note that a site administrator is not obliged to delete data that they may be required to keep for other legal or statutory reasons; tax on sales, or investigations etc.

Consent To Do/Store/Process…

User some national and international regulations you may be legally obliged to explicitly ask a user for their consent before you do or store or process their personal information.

e.g. for storing cookies – cookie bar, or submitting a contact form.

WordPress doesn’t have this ability built into core because its application can vary depending on what you are trying to achieve.

There are heaps of plugins out there that deal with GDPR, cookie and other consents.

It is considered best practice, however, to include a consent box on all your forms – a simple checkbox with the words “I consent to my submitted data being collected and stored” would cover the basics of consent.


Make sure you check that your website has a privacy policy and if you create client websites, make sure they have one too!


Join me every Thursday at 1 pm Sydney time for some more WPQuickies – WordPress tips and tricks in thirty minutes or less.

Broadcasting live on YouTube and Facebook.

Suggest a #WPQuickies Topic

If you have an WordPress topic you’d like to see explained in 30 mins or under, fill out the form below.


Was this article helpful?

Leave a Comment

Your email address will not be published. Required fields are marked *

Keep In Touch With My Weekly Blog Email

A once-per-week daily digest of my posts from the week. No sales, no spam and I will not share your details with anyone else.


Wil is a dad, WordPress consultant, WordPress developer, business coach and mentor. He co-organizes the WordPress Sydney meetup group and has been on the organising committee for WordCamp Sydney since 2014. He speaks at many special events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.

Leave a Comment

Your email address will not be published. Required fields are marked *