Core Plugins

Read This First

The information below regards the core set of third-party plugins Austin DesignWorks typically installs on client websites to add necessary administrative functions for your custom theme and common website features, such as contact forms, as well as some frequently requested features, such as social media feeds.

Your site may or may not have these plugins. Your site may even have others, so it’s still important to do a plugin audit, and a cookie audit.

If a plugin does not collect personally identifying information on users, then it’s most likely compliant. But you still need to check anytime you add a new plugin, just to make sure.

---

Contact Form 7 

Purpose:
Site Feature

Reason for Installation:
Create contact form(s) for email.

Specifics:

• Does not store form submission data to the WP database, unless database add-on has been installed
• Does not store IP address or add to message
• Austin DesignWorks does not install the database add-on, which would do the above two things.

Cookies: n/a (standard configuration)

Compliance: You will need to add some sort consent statements with checkboxes for users to check. Consent statements must clearly state what information you’re gathering from them (email, name, etc.), what you will use it for, and that they agree to their data being handled as specified in you privacy policy. You may need to other checkboxes but these are the ones I’ve most commonly seen online. DO NOT EVER have boxes pre-checked, on anything.

• See GDPR regulations on general email data (unrelated to email marketing/newsletter)
• https://www.sparkpost.com/gdpr/#effect-delivery

---

Custom Field Suite

Purpose:
Administrative Feature (necessary for custom theme)

Reason for Installation:
Used to create custom data fields that work in conjunction with the special site templates in your custom theme.

Specifics: 

• Does not add fields on its own and Austin DesignWorks does not use this plugin to create custom fields to gather private data from website visitors.
• Does not store user information to the database unless a field has been specifically created to collect that information and made accessible to site visitors.

Cookies: n/a

Compliant: Based on its function, it would appear to be compliant.

---

Device Theme Switcher

Purpose:
Site Feature

Reason for Installation:
To deliver the mobile theme to smartphones and the desktop version of the site to tablets and computers.

Specifics:

• Detects what type of device is accessing the site – smartphone or tablet or computer.
• Does not rely on user data to detect the device type (uses screen size/resolution)
• Does not store any user data to the site database, such as the IP address

Cookies
Cookie Name: (domainnamewithoutdotwhatever)-alternate-theme
Cookie Type: Session Cookie (User Interface Preference)
Cookie Function: Stores User Preference for duration of (whatever you set)
Cookie Placed because of user action (choosing to view the desktop site from the mobile device through links at bottom of mobile version of the site)
Expires: Yes (session cookie)
Revokable: Yes (by switching back to the default theme for the device)

Compliant:

• Despite the cookie, based on the plugin’s function, it would appear to be compliant.
• Cookie is exempt from consent * (possibly)
• Reference the cookie in the cookie policy.

---

EZP Maintenance Mode

Purpose:
Administrative Feature

Reason for Installation:
To temporarily replace the website home page while a customized page that indicates that the site is in maintenance mode.

Specifics:

• Serves specific function. Administrative only.
• Does not require or use personal data. Inform’s visitors that site is in maintenance mode.

Cookies: n/a

Compliant: Based on its function, it would appear to be compliant.

---

WP BackItUp & Other Backup Utilities

Purpose:
Administrative Feature

Reason for Installation: 
Interface to backup site files and/or WordPress files and database within the WordPress admin area.

Specifics:
Serves administrative function

Cookies: n/a

Compliant: 
Regarding user data, it depends on what’s stored in the site database. Comments are one instance where user information is stored in the site and therefore would be contained in the backup files.

---

WP Statistics 

Purpose: 
Analytics

Reason for Installation:
Track user activity on the site, such as page visits, what pages visited, etc.

Specifics: 
Stores only geolocation and pages visits

Cookies: Yes
Cookie type, function, name, etc., depends on how the plugin is set up.

Compliant: 
Depends on how it is set up. Data can be anonymized by: 

• Setting IP addresses to be hashed (replaced with a set of random series of characters and numbers

Exempt: In some regions if set to anonymize. Some regions require anonymizing stats.

https://wp-statistics.com/2017/05/26/settings-page/

---

Master Slider

Purpose:
Site Feature

Reason for Installation:
Add slider feature (usually on the home page)

Specifics: 
Does not store user data within the database.

Cookies: n/a

Compliant: Based on its function, it would appear to be compliant.

---

TinyMCE Advanced

Purpose:
Administrative Feature

Reason for Installation:
Provides an enhanced and customized content editor (WYSIWYG) 

Specifics:

• Serves specific function. Administrative only.
• Does not require or use personal data.

Cookies: n/a

Compliant: Based on its function, it would appear to be compliant.

---

WPBruiser (with Contact Form 7 Add-On)

Purpose:
Security & Anti-Spam

Reason for Installation: 
To thwart Brute Force bot attacks against WordPress and protect contact, WordPress comments, and login/password reset forms from spam-bots.

Cookies: n/a

Compliant:

• As a security measure, it may be exempt.
• Detects suspicious activity from IP addresses and blocks them.
• Temporarily logs IP addresses that have been blocked.
• Logs can be set to purge after number of days you set.

---

wpDiscuz

Purpose:
Site Feature

Reason for Installation:
Provides enhancements to the native WordPress comments system and is used in conjunction with the WPBruiser anti-spam plugin.

Cookies: Yes

Cookie Name(s):

• wc_moderate_comments_7
• wpdiscuz_last_visit

Compliant: Partially

Notes: 

• This plugin provides enhancements to the native WordPress comments system. 
• They are preparing to release a version with a GDPR consent box
• Other changes may be in the wings as WordPress developers work to upgrade the WP core with GDPR features

---

Disqus

Purpose:
Enables blog commenters to publicly comment on blog posts using the Disqus comment platform 

Reason for Installation:
To combat spam and provide enhanced commenting

Specifics:

• connects to Disqus.com
• enables enhanced comments
• users with an established social media account (Facebook, Twitter, Disqus) are allowed to comment
• don’t have to create user accounts within WordPress

Cookies: Yes
3rd-party cookies in relationship to social networks and advertising

• _utmt
• _insp_wid
• _utmb
• _utma
• _utmc
• _utmz
• _insp_norec_howoften
• _insp_norec_sess
• _insp_nv
• _sm_au_c
• _insp_ref
• csrftoken
• disqus_unique
• _insp_slim
• _insp_targlpt
• _insp_targlpu
• mp_ … _mixpanel
• _qca
• _mc

Compliant: Undetermined 

Recommendation: Backup comments from Disqus, deactivate plugin and replace with WP Discuz and configure to reduce amount of third-party tracking cookies

---

XML Sitemap & Google News Feeds

Purpose:
Search Engine

Reason for Installation:
Search engines, such as Google, access a site’s XML sitemap, which are basically a text directory of the pages and posts on the site, in order to index your site.

Specifics:

• Serves specific function.
• Does not interact with or collect user data.

Cookies: n/a

Compliant: 

• Based on its function, it would appear to be compliant.
• Does not interact with personal data.

---

Facebook Feed (SmashBalloon)

Purpose:
Social Media Feed

Reason for Installation:
Shows recent posts from Facebook

Specifics:

• Displays feed only.
• Any potential commenters are routed to Facebook to make a comment
• Depending on configuration, may show the personal data of commenters, including their name, comment, and profile picture. 

Cookies: fr
(even configured according to the developer’s GDPR configuration recommendations)

Compliant: 

• Has a temporary cache but what information stored in the cache is based on configuration. 
• If only your data is cached, then likely compliant
• Can set expiration of the cache

Recommendation: Make settings so only your data is retrieved and displayed on your site.

The developer of this plugin has offered snippets to include in your policies: https://smashballoon.com/gdpr-and-our-plugins/#improve-gdpr-compliance

Configuration & GDPR Compliance:
https://smashballoon.com/custom-facebook-feed-gdpr-compliance/

---

Twitter Feed (SmashBalloon)

Purpose:
Social Media Feed

Reason for Installation:
Displays your recent tweets

Specifics:

• Displays feed only.
• Responses to the tweets or retweets are conductied ON facebook
• Depending on configuration, may show the personal data of commenters, including their name, comment, and profile picture. 

Cookies: Yes
Cookie Name: tfw_exp (even configured according to the developer’s GDPR configuration recommendations)

Compliant:

• Has a temporary cache but what information stored in the cache is based on configuration
• Can set expiration of the cache

Recommendation: Make settings so only your data is retrieved and displayed on your site.

The developer of this plugin has offered snippets to include in your policies: https://smashballoon.com/gdpr-and-our-plugins/#improve-gdpr-compliance

Configuration & GDPR Compliance:
https://smashballoon.com/custom-twitter-feeds-gdpr-compliance/

---

Instagram Feed (SmashBalloon)

Purpose:
Social Media Feed

Reason for Installation:
Displays your recent instagram posts

Specifics:

• Displays images only.

Cookies: could not trigger one when configured according to the developer’s GDPR configuration recommendations

Compliant:

• Has a temporary cache but what information stored in the cache is based on configuration
• If only your data is cached, then likely compliant (for your site)
• Can set expiration of the cache

Recommendation: Make settings so only your data is retrieved and displayed on your site.

The developer of this plugin has offered snippets to include in your policies: https://smashballoon.com/gdpr-and-our-plugins/#improve-gdpr-compliance

Configuration & GDPR Compliance:
https://smashballoon.com/instagram-feed-gdpr-compliance/

---

Bloom

Purpose:
Newsletter Signup – Popup

Reason for Installation:
Popup window to display newsletter signup form

Specifics:

• Displays newsletter form
• Does not store user data to your site

Cookies:

• Cookie Name: etBloomCookie_optin*
• Cookie Type: Session Cookie (User Preference)
• Cookie Function: Control the display of the newsletter registration form in a popup window.
• Expires: Persistent (expires after a set period of time that you set)
• Revokable: Yes
• Compliant:

Based on its function, it appears to be compliant

Notes: 
Cookie Placed because of user action (after signing up using the popup or closing out the popup window), which sets a preference.

---

PopUp by Supsystic

Purpose:
Newsletter Signup – Popup

Reason for Installation:
Popup window to display newsletter signup form

Specifics:

• Displays newsletter form
• Does not store user data to your site

Cookies:

• Cookie Name: pps_show_*, pps_times_showed
• Cookie Type: Session Cookie (User Preference)
• Cookie Function: Control the display of the newsletter registration form in a popup window.
• Expires: Persistent (expires after a set period of time that you set)
• Revokable: Yes

Compliant:
Based on its function, it appears to be compliant

Notes: 
Cookie Placed because of user action (after signing up using the popup or closing out the popup window), which sets a preference.