Core Plugins
GDPR Navigation
Read This First
The information below regards the core set of third-party plugins Austin DesignWorks typically installs on client websites to add necessary administrative functions for your custom theme and common website features, such as contact forms, as well as some frequently requested features, such as social media feeds.
Your site may or may not have these plugins. Your site may even have others, so it’s still important to do a plugin audit, and a cookie audit.
If a plugin does not collect personally identifying information on users, then it’s most likely compliant. But you still need to check anytime you add a new plugin, just to make sure.
Contact Form 7
Purpose:
Site Feature
Reason for Installation:
Create contact form(s) for email.
Specifics:
- Does not store form submission data to the WP database, unless database add-on has been installed
- Does not store IP address or add to message
- Austin DesignWorks does not install the database add-on, which would do the above two things.
Cookies: n/a (standard configuration)
Compliance: You will need to add some sort consent statements with checkboxes for users to check. Consent statements must clearly state what information you’re gathering from them (email, name, etc.), what you will use it for, and that they agree to their data being handled as specified in you privacy policy. You may need to other checkboxes but these are the ones I’ve most commonly seen online. DO NOT EVER have boxes pre-checked, on anything.
- See GDPR regulations on general email data (unrelated to email marketing/newsletter)
- https://www.sparkpost.com/gdpr/#effect-delivery
Custom Field Suite
Purpose:
Administrative Feature (necessary for custom theme)
Reason for Installation:
Used to create custom data fields that work in conjunction with the special site templates in your custom theme.
Specifics:
- Does not add fields on its own and Austin DesignWorks does not use this plugin to create custom fields to gather private data from website visitors.
- Does not store user information to the database unless a field has been specifically created to collect that information and made accessible to site visitors.
Cookies: n/a
Compliant: Based on its function, it would appear to be compliant.
Device Theme Switcher
Purpose:
Site Feature
Reason for Installation:
To deliver the mobile theme to smartphones and the desktop version of the site to tablets and computers.
Specifics:
- Detects what type of device is accessing the site – smartphone or tablet or computer.
- Does not rely on user data to detect the device type (uses screen size/resolution)
- Does not store any user data to the site database, such as the IP address
Cookies
Cookie Name: (domainnamewithoutdotwhatever)-alternate-theme
Cookie Type: Session Cookie (User Interface Preference)
Cookie Function: Stores User Preference for duration of (whatever you set)
Cookie Placed because of user action (choosing to view the desktop site from the mobile device through links at bottom of mobile version of the site)
Expires: Yes (session cookie)
Revokable: Yes (by switching back to the default theme for the device)
Compliant:
- Despite the cookie, based on the plugin’s function, it would appear to be compliant.
- Cookie is exempt from consent * (possibly)
- Reference the cookie in the cookie policy.
EZP Maintenance Mode
Purpose:
Administrative Feature
Reason for Installation:
To temporarily replace the website home page while a customized page that indicates that the site is in maintenance mode.
Specifics:
- Serves specific function. Administrative only.
- Does not require or use personal data. Inform’s visitors that site is in maintenance mode.
Cookies: n/a
Compliant: Based on its function, it would appear to be compliant.
WP BackItUp & Other Backup Utilities
Purpose:
Administrative Feature
Reason for Installation:
Interface to backup site files and/or WordPress files and database within the WordPress admin area.
Specifics:
Serves administrative function
Cookies: n/a
Compliant:
Regarding user data, it depends on what’s stored in the site database. Comments are one instance where user information is stored in the site and therefore would be contained in the backup files.
WP Statistics
Purpose:
Analytics
Reason for Installation:
Track user activity on the site, such as page visits, what pages visited, etc.
Specifics:
Stores only geolocation and pages visits
Cookies: Yes
Cookie type, function, name, etc., depends on how the plugin is set up.
Compliant:
Depends on how it is set up. Data can be anonymized by:
- Setting IP addresses to be hashed (replaced with a set of random series of characters and numbers
Exempt: In some regions if set to anonymize. Some regions require anonymizing stats.
https://wp-statistics.com/2017/05/26/settings-page/
Master Slider
Purpose:
Site Feature
Reason for Installation:
Add slider feature (usually on the home page)
Specifics:
Does not store user data within the database.
Cookies: n/a
Compliant: Based on its function, it would appear to be compliant.
TinyMCE Advanced
Purpose:
Administrative Feature
Reason for Installation:
Provides an enhanced and customized content editor (WYSIWYG)
Specifics:
- Serves specific function. Administrative only.
- Does not require or use personal data.
Cookies: n/a
Compliant: Based on its function, it would appear to be compliant.
WPBruiser (with Contact Form 7 Add-On)
Purpose:
Security & Anti-Spam
Reason for Installation:
To thwart Brute Force bot attacks against WordPress and protect contact, WordPress comments, and login/password reset forms from spam-bots.
Cookies: n/a
Compliant:
- As a security measure, it may be exempt.
- Detects suspicious activity from IP addresses and blocks them.
- Temporarily logs IP addresses that have been blocked.
- Logs can be set to purge after number of days you set.
wpDiscuz
Purpose:
Site Feature
Reason for Installation:
Provides enhancements to the native WordPress comments system and is used in conjunction with the WPBruiser anti-spam plugin.
Cookies: Yes
Cookie Name(s):
- wc_moderate_comments_7
- wpdiscuz_last_visit
Compliant: Partially
Notes:
- This plugin provides enhancements to the native WordPress comments system.
- They are preparing to release a version with a GDPR consent box
- Other changes may be in the wings as WordPress developers work to upgrade the WP core with GDPR features
Disqus
Purpose:
Enables blog commenters to publicly comment on blog posts using the Disqus comment platform
Reason for Installation:
To combat spam and provide enhanced commenting
Specifics:
- connects to Disqus.com
- enables enhanced comments
- users with an established social media account (Facebook, Twitter, Disqus) are allowed to comment
- don’t have to create user accounts within WordPress
Cookies: Yes
3rd-party cookies in relationship to social networks and advertising
- _utmt
- _insp_wid
- _utmb
- _utma
- _utmc
- _utmz
- _insp_norec_howoften
- _insp_norec_sess
- _insp_nv
- _sm_au_c
- _insp_ref
- csrftoken
- disqus_unique
- _insp_slim
- _insp_targlpt
- _insp_targlpu
- mp_ … _mixpanel
- _qca
- _mc
Compliant: Undetermined
Recommendation: Backup comments from Disqus, deactivate plugin and replace with WP Discuz and configure to reduce amount of third-party tracking cookies
XML Sitemap & Google News Feeds
Purpose:
Search Engine
Reason for Installation:
Search engines, such as Google, access a site’s XML sitemap, which are basically a text directory of the pages and posts on the site, in order to index your site.
Specifics:
- Serves specific function.
- Does not interact with or collect user data.
Cookies: n/a
Compliant:
- Based on its function, it would appear to be compliant.
- Does not interact with personal data.
Facebook Feed (SmashBalloon)
Purpose:
Social Media Feed
Reason for Installation:
Shows recent posts from Facebook
Specifics:
- Displays feed only.
- Any potential commenters are routed to Facebook to make a comment
- Depending on configuration, may show the personal data of commenters, including their name, comment, and profile picture.
Cookies: fr
(even configured according to the developer’s GDPR configuration recommendations)
Compliant:
- Has a temporary cache but what information stored in the cache is based on configuration.
- If only your data is cached, then likely compliant
- Can set expiration of the cache
Recommendation: Make settings so only your data is retrieved and displayed on your site.
The developer of this plugin has offered snippets to include in your policies: https://smashballoon.com/gdpr-and-our-plugins/#improve-gdpr-compliance
Configuration & GDPR Compliance:
https://smashballoon.com/custom-facebook-feed-gdpr-compliance/
Twitter Feed (SmashBalloon)
Purpose:
Social Media Feed
Reason for Installation:
Displays your recent tweets
Specifics:
- Displays feed only.
- Responses to the tweets or retweets are conductied ON facebook
- Depending on configuration, may show the personal data of commenters, including their name, comment, and profile picture.
Cookies: Yes
Cookie Name: tfw_exp (even configured according to the developer’s GDPR configuration recommendations)
Compliant:
- Has a temporary cache but what information stored in the cache is based on configuration
- Can set expiration of the cache
Recommendation: Make settings so only your data is retrieved and displayed on your site.
The developer of this plugin has offered snippets to include in your policies: https://smashballoon.com/gdpr-and-our-plugins/#improve-gdpr-compliance
Configuration & GDPR Compliance:
https://smashballoon.com/custom-twitter-feeds-gdpr-compliance/
Instagram Feed (SmashBalloon)
Purpose:
Social Media Feed
Reason for Installation:
Displays your recent instagram posts
Specifics:
- Displays images only.
Cookies: could not trigger one when configured according to the developer’s GDPR configuration recommendations
Compliant:
- Has a temporary cache but what information stored in the cache is based on configuration
- If only your data is cached, then likely compliant (for your site)
- Can set expiration of the cache
Recommendation: Make settings so only your data is retrieved and displayed on your site.
The developer of this plugin has offered snippets to include in your policies: https://smashballoon.com/gdpr-and-our-plugins/#improve-gdpr-compliance
Configuration & GDPR Compliance:
https://smashballoon.com/instagram-feed-gdpr-compliance/
Bloom
Purpose:
Newsletter Signup – Popup
Reason for Installation:
Popup window to display newsletter signup form
Specifics:
- Displays newsletter form
- Does not store user data to your site
Cookies:
- Cookie Name: etBloomCookie_optin*
- Cookie Type: Session Cookie (User Preference)
- Cookie Function: Control the display of the newsletter registration form in a popup window.
- Expires: Persistent (expires after a set period of time that you set)
- Revokable: Yes
- Compliant:
Based on its function, it appears to be compliant
Notes:
Cookie Placed because of user action (after signing up using the popup or closing out the popup window), which sets a preference.
PopUp by Supsystic
Purpose:
Newsletter Signup – Popup
Reason for Installation:
Popup window to display newsletter signup form
Specifics:
- Displays newsletter form
- Does not store user data to your site
Cookies:
- Cookie Name: pps_show_*, pps_times_showed
- Cookie Type: Session Cookie (User Preference)
- Cookie Function: Control the display of the newsletter registration form in a popup window.
- Expires: Persistent (expires after a set period of time that you set)
- Revokable: Yes
Compliant:
Based on its function, it appears to be compliant
Notes:
Cookie Placed because of user action (after signing up using the popup or closing out the popup window), which sets a preference.