GDPR Tag Archives - Wooassist

The GDPR took effect on May 25. WooCommerce store owners are still scrambling to make sure that their sites are compliant with GDPR requirements. If you serve clients from the European Union, then it is imperative that you make your WooCommerce store GDPR-compliant. Don’t know what to do? Read on below.

What is the GDPR?

First off, a brief introduction about the GDPR. The General Data Protection Regulation (GDPR) is a new regulation in the European Union that sets out standards and regulations for data protection. Data protection reform was initiated way back in 2012 and the GDPR is one fruit of that labor. If you are interested in seeing the GDPR in its purest form, you can check out this link.

Why Comply with GDPR Regulations?

If you do not serve customers from the European Union, then there is no need for you to comply with GDPR regulations. Still, your customers will appreciate the gesture if you make an effort to comply. This shows that you value their data and privacy.

If you serve a specific country in the EU or serve a global audience, then you are covered by the GDPR. That means you may receive hefty penalties of up to €20 million if you are found to be in violation of its provisions.

How Can I Make My WooCommerce Store GDPR Compliant?

Due to harsh penalties, it is recommended to act to make your WooCommerce store compliant. We will now detail the tasks that you need to do to comply with GDPR regulations.

Step 1: Update Your Site

The first thing you should do is update your site. The latest versions of WordPress and WooCommerce have implemented features to be GDPR-compliant. WooCommerce now has a feature that allows users to export their data and delete their data. Site administrators are also granted tools to determine how long data will be retained as well as an option to delete user data. Don’t forget to back up your site and test updates on a development site before updating your live site. For more information on the changes relating to the GDPR, you can check out this post.

Other popular plugins that manage user data such as MailChimp and Google Analytics have also implemented measures to make their services GDPR-compliant.

Step 2: Secure Your Site

Another mandate of the GDPR is that store owners should make their site secure. One way of keeping your site secure is by using the HTTPS protocol. You’ll need an SSL certificate to use HTTPS. You can follow this guide on how to install an SSL Certificate on your WooCommerce store.

There are a few other things that you can do to increase the security of your WooCommerce store. This includes keeping your site updated or using a security plugin. You can check this blog post for other important security tweaks.

Step 3: Create Important Pages

You will need to create a Terms and Conditions page, a Privacy Policy page and a Cookie Policy page. We would still recommend consulting your legal department about creating these pages. If you already have these pages, you need to make sure that you add provisions specific to the GDPR.

Create a Terms and Conditions Page

You can create your own Terms and Conditions page or you can generate a terms and conditions page using this tool from Shopify. If you choose to generate a terms and conditions page, you’ll still need to tweak it. And make sure to add any specific terms and conditions unique to your business.

Create a Privacy Policy Page

You can create your own Privacy Policy page or you can download a template here that you can tweak depending on your needs.

Create a Cookie Policy Page

You can create your own Cookie Policy page or you can download this template and tweak it according to your needs.

Notes on Important Pages

After you’ve created all the pages above, you will need to ensure that these pages can be accessed from any page on your site. For this purpose, we recommend adding links leading to these pages on your WooCommerce store’s footer.

Step 4: Create a Data Breach Response Plan

As per GDPR requirements, you will need to detail how your organization deals with a security breach. You can download a template here. Populate it with pertinent information about your Security Incident Response Team and external contacts.

In case of a security breach, you must also inform all customers whose data may have been leaked. You will need to have a template ready for communicating the breach. You can download the email template here.

Step 5: Add a Cookie Notification Pop-Up

You might have noticed that most, if not all, websites that you visit now have a pop-up that declares that the site uses cookies. That’s because the GDPR also requires website to declare that they are using cookies to track user data. Implementing this is easy on WordPress. You can use the UK Cookie Consent plugin to create a cookie notification pop-up on your WooCommerce store.

Step 6: Ensure that Your Email Opt-in Forms are GDPR-Compliant

If you are using MailChimp, you will need to turn on the GDPR fields on your opt-in forms. Note that this does not make your opt-in forms GDPR-compliant. Rather, this is the first step to making your WooCommerce store GDPR-compliant.

You will still need to get consent from new contacts and existing contacts. You read that right. Even if users have already consented to receive emails from you prior to the GDPR, you will still need to get consent again. For more information on how to get consent, you can check out this article from MailChimp.

If you are using a different tool for your email marketing, you can check with your service provider. Check if they have made any changes to help you comply with GDPR.

Step 7: Ensure that the Plugins You Use are GDPR Compliant

To ensure that your plugins are GDPR compliant, you will need to do a plugin audit. This task may be tedious as you have to sift through all the plugins that you use. First, you’ll need to check if the plugins are still being updated by the plugin author. If that plugin author has not updated the plugin in months (or worse, years), then that’s a red flag. A plugin that is not being updated is a security concern and GDPR requires that websites need to be secure.

Once you’ve weeded out the outdated plugins, you’ll need to identify which plugins manage or use user data. Example of plugins that deal with user data are analytics plugins, contact form plugins, and opt-in form plugins. Check if the plugins that manage user data have taken steps to become GDPR compliant. If they have not, consider finding another plugin that is GDPR-compliant.

Final Notes

Doing all the steps above does not guarantee that your WooCommerce store will be fully GDPR-compliant. We still recommend seeking legal advice. If you need any help getting any of these tasks done, you can contact the Wooassist team and we should be able to help.

Do you have any other tips on how to make a WooCommerce store GDPR-compliant? Let us know in the comments.

How to Find and Remove Abandoned Plugins

You probably already know that keeping your site updated is important for security and to keep everything running. But did you know that just updating your WordPress core, themes and plugins might not be enough? What else should you be doing? You should find and remove abandoned plugins.

WordPress does not automatically warn users using a plugin when plugins are abandoned by their developers. This is important because when developers abandon their, they do not receive updates. This includes critical security updates and other updates to make sure that the plugins stay compatible the current versions of WordPress and WooCommerce and your theme.

Why is it Important to Find Abandoned Plugins?

Abandoned plugins are critical security issues as they are likely to contain deprecated code and vulnerabilities that may be exploited by hackers. Abandoned plugins can also break functionality on your WooCommerce. Your lucky if it breaks a layout or something else minor. In some cases, abandoned plugins can affect your product purchase process. Imagine breaking your WooCommerce store’s checkout because of an abandoned plugin.

How to Find Abandoned Plugins?

You can search for abandoned plugins manually by going to your plugins page and clicking on the “View Details” link on each plugin. Clicking on this link would take you to a different page and your next action would depend on where the link takes you.

If the plugin is not in the plugin repository, you might find a different link to visit the plugin’s site.

It Takes You to a Page with the Plugin Details

If you got the plugin from the WordPress plugin repository, you will most likely be taken to a plugin page with all the plugin details. There you can see when the plugin was last updated. You should be wary of plugins that have not been updated for several months. If you find that the plugin has not been updated in over a year, note it down.

It Takes You to a Page that Tells You that Plugin Has Been Remove From the WordPress Repository

If you find yourself on a page that tells that the plugin has been removed from the WordPress plugin repository, this is a major red flag. There are several reasons why a plugin could be removed from the repository. The less alarming reasons are if the plugin author has requested removal of the plugin or there are some licensing issues. However, in some cases, it would be because the plugin has violated the WordPress Plugin Guidelines or has been identified to have a security vulnerability severe enough to warrant a removal. If this is the case, remove the plugin immediately and scan your site for malware.

It Takes You to a Third-Party Plugin Vendor’s Site

If clicking on the link takes you to a plugin vendor’s site, you might need to do some further digging to find if the plugin is still being updated. Search for the developer’s change logs on the plugin to see when it was last updated. It might also be worth checking how often the plugin developers release an update. Also check if you have the latest version of the plugin installed. If it is a premium plugin, there is a likelihood that you are not getting automatic updates because of an expired license. In this case, renew your license and update.

It Takes You to a 404 Error

If it takes you to a page with a 404 error page, check the site’s home page and try to find information on your plugin. The plugin developers may have already gone out of business which means the plugin has been abandoned.

As you are probably thinking by now, scanning your site for abandoned plugins can be a handful. Thankfully, you can use WordFence to scan your site for abandoned plugins. Just install the WordFence plugin and run a scan, if there are any abandoned or outdated plugins on your site, WordFence should alert you of it.

So You Found One or More Abandoned Plugins on Your Site. What now?

In a perfect world, you just remove abandoned plugins and be done with it. However, things are usually more complicated than that. Chances are you are actively using the plugin and you might not be noticing any problems with it. But that doesn’t make the plugin any less of a security threat. We recommend removing the plugin and finding an alternative plugin that is not abandoned. If there are no alternatives available, you can customize the functionality instead. These should all be done on a staging site so as not to disrupt your live site.

But What if the Plugin is Critical to Your Site Functionality?

There’s not really much you can do in this case. You can try to contact the plugin developer or hire a developer to create your own plugin. It is most likely a bigger risk to your business if you keep using an unstable and unsecure plugin. Under the General Data Protection Regulation (GDPR), you will be liable to your customers if their data gets leaked because of a security breach. The fines are hefty so it might be best to err on the side of caution.

If you’ve fixed all the abandoned plugins on your WooCommerce store, you might want to keep yourself updated on the latest security news concerning WordPress and WooCommerce. You can subscribe to our newsletter to receive security updates on your inbox.

If you are looking for more things to do to make your site more secure, you can also check if your site is running the latest version of PHP.

Get started today

Get 2 Hours of FREE SUPPORT

Free eBook

Quick Links

Wooassist

Connect