WordPress GDPR Plugins

GDPR

For the record I am not a lawyer and I will not guarantee that any of the content below will help you in being GDPR compliant.

Normally I don’t pay a lot of attention to laws coming out of the European Union, because frankly I live in Canada and for the most part their laws have no day to day effect on me. That changed when I started reading about the General Data Protection Regulation (GDPR). If you are like me, odds are you probably did not spend anytime thinking that the GDPR applies to you and your website being run and operated in Canada or the United States. Unfortunately it appears that this would be incorrect and anyone that operates a website that can have a European citizen visit it now needs to comply with the GDPR.

Personally I think this law is misguided (downright stupid actually). It is a law that is really aimed at the large Internet companies that have HUGE budgets like Google, Facebook, Twitter etc, that can track users across the Internet and know what people are searching for, what they do and who they see. The only reason this law really applies to my little tiny corner of the Internet is the fact that I have a website that I placed ads on and then allows Google (in this case) to know more about you to show you better ads. The European Union has tried to disguise this law about being about the average person and their data, when really it is about trying to reign in the Google and Facebook companies of the world. Should the Google and Facebook companies and the data they collect be constrained, sure, but making me spend my own time and money to do it for them is not how to go about this. But I digress.

Note, that NONE of these plugins will automatically make your website GDPR compliant. In order to do that you will NEED to modify the code on your website, know how to prevent code from automatically running and setting cookies and how

GDPR

This plugin by Trew Knowledge is my favourite GDPR plugin for a few reasons. Perhaps the best reason to like and use this plugin is for what is not directly in the plugin but the excellent knowledge base that they have about how to use the plugin and integrate it into your WordPress website. The plugin also has an active Github repository where you can browse code, look through issues and get help if you need it. The plugin has several PHP and Javascript functions that will help you in blocking cookies from being set and makes it pretty easy to set the information people need to have agree to your cookie settings. The Javascript functions come in handy if you use a caching plugin to be able to still block cookies while still being able to serve cached pages. I have had some issues with the CloudFlare Rocketscript settings and the Javascript functions not being defined if jQuery is loaded using Rocketscript, but it might mean you have to make sure the jQuery Javascript file is not served through Rocketscript.

The GDPR Framework

This plugin by Codelight has great potential and probably is more useful for WordPress users that are in the European Union. It allows you to track consent and gives people some good tools to view, export and delete their personal data, but it is missing the tools to offer cookie management and consent. Without the cookie solution it is only have a GDPR plugin. The plugin does create a nice Privacy tools page to allow visitors to manage their data. Until this plugin gets a cookie management system it feels like only half GDPR plugin.

WP GDPR Compliance

This plugin by Van Ons does offer some nice integration with popular contact form plugins like Contact Form 7 and Gravity Forms for example. It can also add a nice acceptance check box on the comments form. It takes a different approach to preventing cookies and scripts from running prior to acceptance. It allows you to enter in the Javascript you want to run and if you want to Javascript to run in the header or the footer. When people accept the script it will load it. It is a more user friendly approach to preventing scripts from automatically running before approval. Inserting ad code could be more difficult but it might be possible to prevent ads running using this method. It is certainly the most user friendly plugin but website owners will still need to have an understanding of what scripts they can control and it will certainly not fix all the scripts that might be present in other plugins and even themes. In my testing I had a problem with the Jetpack sharing buttons showing up in the footer alert and the privacy settings modal. I could not find a quick way to turn it off but something to be aware of.

GDPR Cookie Consent

This plugin by webtoffee was previously called the Cookie Law Info plugin. The plugin might have been very good for the previous cookie law but it feels a little hastily thrown together for the GDPR. Granted most of us in North America are probably all scrambling thanks to the GDPR and the fact that it applies to us, but you would think that a plugin made for the previous Cookie law in Europe would be and feel more prepared. What I do like about the plugin is the nice custom post type to add information about cookies and the ability to use a shortcode to display that information on a page. There does not seem to be a way for people to select cookie categories to allow or reject though. It is all or nothing and while I like the idea of all or nothing I think (in my reading about GDPR) that is not good enough. You need to give people the option to accept some cookies and deny others.

7 Essential WordPress Plugins in 2017

If you are just starting out with WordPress it can be daunting. The huge amount of themes and plugins to choose from is huge, not to mention the learning curve of purchasing a domain name, setting up your hosting, installing WordPress and eventually getting to writing and publishing your website. Adding in more things like plugins can just be too much for some people and lets face it there are plugins out there that are just not worth your time. So if you are just getting started with WordPress or have been using it for awhile and are looking for how to make your day to day use and management of it just a little easier here are my top five WordPress plugins that you should install and use.

Google Analytics for WordPress by MonsterInsights
You want to know how many people are visiting your site and this is still my favorite Google Analytics plugin. It used to be a Yoast plugin I believe but they sold it to MonsterInsights and it has gotten better since then. Two of the things I like best about this plugin is the simple and easy to read dashboard with stats and the fact that you just click a box to have outbound links tracked. Just makes it easy to get Google Analytics up and running on WordPress.

VigLink
We all want to make money and pay the bills from our sites, the problem is creating and managing affiliate relationships and links can be a huge time suck. Especially if you just want to make the odd link to Amazon.com or to the latest product or service that you just bought. VigLink helps take care of all of that for you and helps to monetize all those outbound links that you have on your website. If you are not using CloudFlare(that is a whole other post) then you should sign up with VigLink and install the VigLink plugin.

Redirection
Sooner or later you will need to redirect people from one page or post on your website to the new one that replaced it but messing with htaccess is just not very quick. There are other uses for the Redirection plugin as well. For example the link to VigLink in the paragraph above, did you notice it has /go/viglink.html as the link. I often use Redirection to help manage outgoing affilaite links, not to hide but simple to make it easy to change in the event the merchant closes, or I need to send people to a different page. I like VigLink but if you have long term affiliate relationships or links you want to manage Redirection comes in very handy to help with that as well.

Wordfence Security
Keeping the bad guys out is a full time job but who has time to sit there and monitor your website 24/7 for the bad guys. While there are many different options to prevent brute login attempts, hacking and other types of attacks the free version of Wordfence Security will help you keep your website safe.

All-in-One WP Migration
You might not use this plugin everyday but when you need it, it sure is handy. Although the name of the plugin is about migrating your site from one server to another it is also very handy for making regular backups of your website and then in the off chance that your site is hacked, or you do need to move to a new host you can easily restore it. I regularly use this plugin on sites to make regular backups and download them. It can be automated but that is a post for another day, but even if you manually create your backup and download it you it can save you lots of time. In fact if you do need to move to a new host I would guess you can restore your whole WordPress website between 15 to 30 minutes and be up and running again.

Contact Form 7
You will want a contact form on your website, and Contact Form 7 is awesome. Easy enough for anyone to setup and use, but for those that want to get in there and tweak things you can do that as well. As a bonus if you want to save contact forms straight to your database and be able to export them as a spreadsheet check out the CFDB plugin as well. It is no longer in the WordPress plugin repository but it is a great plugin to have along with Contact Form 7 so you don’t rely on email alone, because email somehow will just disappear.

Anti-spam
Spam, both the food and unwanted comments, suck! We all know it sucks the anti-spam plugin helps to keep it all at bay. Anti-spam will help keep the spammers away or a least stop the spam from actually making it into your comments. They also offer a pro version but for more people the free version is all you will probably need.

BONUS

3 Plugins to Avoid When Starting out with WordPress

I will start out by saying that I love WordPress, it is awesome, but not everything by Automattic is awesome and in fact probably be avoided for several reasons.

Akismet
Now you are probably wondering why would I recommend you use Anti-spam above instead of Akismet, the spam defense by Automattic. The answer is pretty simple actually, Akismet is only free for personal blogs. If you are using WordPress for business, have an ad on your WordPress website, link to any site through an affiliate link then you no longer are a personal blog and you have to pay for Akismet. Pricing in USD starts at $5.00/month/website. If you are just starting out, don’t make a lot of money from your website or are a business you are suppose to purchase Akismet. Is Akismet good at stopping spam, yes, but if you are just starting out or don’t make TONS of money from your website save your money and use Anti-spam. In fact I would say Akismet makes my list of plugins to remove on install.

JetPack
As much as I say I LOVE WordPress, I have the exact opposite feeling for JetPack. In fact I would go far as saying I LOATH JetPack. I dislike JetPack for different reasons that I dislike Akismet. JetPack has some nice features, except for the odd feature that you want to use with JetPack you need to get ALL of JetPack. There are simply other options available. Aside from the fact that I think the user interface for JetPack is horrible, perhaps the biggest reason I dislike JetPack is the fact that is calls home all the time and needs to have access to your site. Sure it makes it easy to administrate your website through WordPress.com, but how often does anyone actually use WordPress.com to administrate their self install version of WordPress? In fact I bet most people never use it.

Yoast SEO
I am going to pick on the Yoast SEO plugin because it is one of the most popular, but any SEO plugin is really not needed anymore. In fact of all the sites I help manage these days there are only a few that still have Yoast SEO or any SEO plugin installed. Has traffic changed on those sites? Nope. In fact if anything traffic has improved, not because the SEO plugin is no longer there but because of other SEO factors improving like better hosting.

CloudGuard

It was not long ago that I was looking for a way to block visitors from some countries on some of my clients websites. The sites really only needed to be accessible from North America and did not need to be exposed to the extra visitors, bandwidth and possible hackers that might just want to hack their websites for fun. Since I setup all my clients with CloudFlare now it is possible to turn on IP Geolocation in CloudFlare to know what country users are from, but unless you are an enterprise customer with CloudFlare you cannot outright block a whole country.

I had been using a simple PHP function on my customers websites to simply look for the CloudFlare IP Geolocation header and if the person was not from the country that was not allowed I was blocking them, but had never gotten around to turning it into a full blown WordPress plugin. Now thanks to CloudGuard I can retire my quick test and use their plugin to only allow visitors from the countries we want to be able to access a website.

Using CloudGuard you can simply whitelist the countries you want to be able to login to the website and know that the rest will be blocked. You even get a nice map showing you the countries that have been blocked.

The plugin has cut down on the number of hacking attempts on WordPress considerably and it is very easy to use if you are a CloudFlare user, even free users are able to use it. Just a matter of turning on the IP Geolocation in CloudFlare so CLoudGuard can read the location header that CloudFlare adds to a visitor when they visit your website. The only feature that might be nice to have on CloudGuard would be the ability to block people not just from the login but from the whole website altogether.

If you want to cut down on the number of hacking attempts and limit access to your WordPress login to a country or two and are a CloudFlare user as well I suggest you give CloudGuard a try. It has been a great help since I installed it on clients websites.

Download it at the WordPress plugin repository.

UTF8 Sanitize

Minnie Mouse

There are times when little problems pop up using WordPress that you just might not expect. Most users don’t know or care about what character encoding their computer and browser are using but when that character encoding is different from what WordPress uses it can lead to some odd problems.

Usually the tell tale sign of a character encoding problem is the appearance of odd characters in a WordPress post. Boxes where there should be characters or quotation marks that look odd. Sometimes there might not be any visible signs of a problem, but certain pages just do not seem to load properly. It can be a frustrating and confusing problem because you just don’t quite know what is going on.

If you have had this kind of problem odds are if you copy the content of your post in text mode over to a plain text editor, my favourite is Bluefish these days, you might be able to actually see the characters that have the problem and fix them. You can then copy and paste the content back to WordPress.

If you don’t want to go through that trouble and you have this problem regularly take a look at UTF8 Sanitize. It is an older plugin but so far it does seem to work still with the new WordPress. It takes the content of your post and tries to remove the non UTF8 characters.

If you do have this problem regularly you might want to check your computer character encoding settings or the editor you usually write in. It can be a hard problem to find the solution to fixing but once you do your WordPress posting will be easy once again.

Spam, Spam and More Spam

Some WordPress Spam

As long as there has been the ability to leave comments on websites there has been spam. I recall creating a guestbook for a client once and even though the guestbook used a captcha it did not take long before it started to become overwhelmed with spammy comments. Fighting spam has become so difficult in fact that it can start to distract you from what you need to be focused on with your website in the first place, creating good content, attracting leads and making sales. If spam has become a constant battle with your WordPress website here are some ideas and tools that might help turn the tide on the battle.

Turn Off Comments

Depending on the purpose of your website you might not need or want comments in the first place. By turning comments off altogether your spam problem can be virtually eliminated over night. Even if you run a popular blog you can still turn off comments, much like Copyblogger did last year. I you do turn off comments altogether you might also want to add a redirect on the WordPress wp-comments-post.php file. Many spammers simply post to that WordPress file and never actually visit your website. By redirecting it using .htaccess or some other redirect you can simply send the spammer off to some location where they will do no harm.

Use Another Commenting System

There are several other commenting system that are available that can help cut down on the amount of spam you receive. Services like Disqus, Facebook Comments and IntenseDebate all offer the ability to host comments for you. Depending on your needs they might be just want you are looking for. They certainly can help in reducing the amount of spam your comments receive.

Use an Anti-Spam Plugin

If you do decide to keep comments on your website making sure you use a decent anti-spam plugin is essential. Many people will simply tell you to use Akismet, and while I would say Akismet is certainly a good plugin, if your website uses any ads or is for any kind of commercial use AT ALL then you should honestly stay away from Akismet unless your website has grown to the point of being able to earn enough money to be able to afford the Akismet monthly rates.

Thankfully Akismet is not the only anti-spam plugin available. Some of the more popular plugins include Anti-Spam, WP-SpamShield Anti-Spam and one I have been testing on some sites, Spam Destroyer. There are even some that use Google’s new “No Captcha reCaptcha” like this plugin Google’s No Captcha reCaptcha.

Use Cloudflare

One of the best ways to keep spam off your website it to not let them get to your website in the first place. Some people dislike Cloudflare but it can help a great deal in reducing the automated spam from bots. You can even create a special page rule to protect the wp-comments-post.php file to increase the checks done no the people and bots trying to post a comment. This can make it much easier to keep the bots away and by even just making it a little slower to try and post a comment to your website.

What is your favourite anti-spam technique on your website?

TinyPNG Plugins

Optimizing your WordPress site to be faster is good for your users, but it is also good for your search engine results. It is one of the things that is in your control. One of the best ways to optimize your PNG images is to use TinyPNG. Previously you had to manually use the site to optimize your PNG images and then upload them again to your server. Not a very friendly or easy way of doing things. Thankfully TinyPNG has now developed an API and there are several WordPress plugins that have been developed to take advantage of it.

For all of these plugins you need an API key from TinyPNG. You can get one for free at their developer page. You can use it free for up to 500 images a month but after that you need subscribe to one of their paid plans. For many bloggers 500 images a month is a lot but remember for every PNG image you upload WordPress makes several version all that need to be compressed and optimized.

Compress PNG for WP

Compress PNG for WP
This is my favorite TinyPNG plugin and the one that I have actually installed here on WP Paradise. The plugin integrates nicely with the existing media gallery in WordPress allowing you to automatically optimize all new PNG images that you upload and optimize existing PNG images on your WordPress website.

TinyPNG for WordPress

TinyPNG for WordPress
This might have been the first TinyPNG plugin added to the WordPress plugin repository. It provides you with an alternative to use TinyPNG. It does not integrate with the media gallery in WordPress, which could be good if you only use PNG’s occasionally and want to have control over what images are optimized or not.

WP TinyPNG

WP TinyPNG
This plugin was released just a couple days ago and has a few more options than the other two TinyPNG plugins. It also integrates with the media gallery but has an option to keep the original file.

Optimizing your images goes a long way to speeding up your website for your visitors. These TinyPNG plugins make it even easy to make sure your PNG files are the smallest file size they can be. Take a look and let us all know what you think in the comments.

Control Automatic Updates in WordPress

One of the new features in the WordPress 3.7 is the ability for WordPress to be able to update itself. This has also been one of the more controversial features, but personally the new ability to had WordPress automatically update when a new security update is available is a fantastic idea. If you are not comfortable with WordPress auto updating you have a couple of choices to turn off auto updates.

If you are comfortable with editing the WordPress configuration file you can easily following the instructions at WPBeginner.com. Just a simple matter of editing your wp-config.php file and adding the following line:

define( 'AUTOMATIC_UPDATER_DISABLED', true );

If you do not want to mess with code, and lets face it most people don’t, you can check out the new plugin called Update Control. It looks like it gives you the control you would want to control your automatic update all without editing the wp-config.php file.

autoupdateoptions

Which method do you prefer?

Lazy Load Images to Improve Page Load Speed

Great images in your blog post is great for readers, but there is a catch to using lots of images on your site. All those images can slow down how fast your website loads. There are many different ways to speed up the load time of your WordPress website but an easy way if you use lots of images is to take advantage or lazy loading. Lazy loading images is essentially loading them on demand when the user needs them. If the image is place lower down on the page, load the page and then load the image when then user starts scrolling down to wear that image is. Here are some of the plugins I found that can help you set up your website to use lazy load images.

Unveil Lazy Load

Unveil Lazy Load
This plugin only has one review but it sounds like it does what it is suppose to. No fancy stuff here just install it and it starts working. No settings to worry about, just a simple lazy loader. Is you want simply might be just the one you are looking for to speed up your website.

Simple lyteload

Simple lyteload
You do have some settings for this plugin but mostly for settings styles if you want to do something special. Again pretty simple and the couple reviews rate it high.

Image Lazy Load

Image Lazy Load
This plugin is new to the WordPress Plugin directory as of today, October 24, 2013. This plugin might be new but the developer has several other plugins.

Lazy Load

Lazy Load
This plugin has the most reviews and many are positive. Appears to do what it is suppose to do.


These plugins are just one way to help speed up your WordPress powered website but can be very effective if you have a number of images on your website. If your site is still slow after using one of these plugins you could have other problems with your website that you might want to look into. Using a free tool like Pingdom Tools might help you to determine where the slow down in your website load times are.

How to Duplicate a Post in WordPress

A question I get asked fairly often is how to duplicate a post in WordPress. There are many plugins available to do this for you but I like to use Duplicate Post.

Duplicate Post is a free plugin which allows you to clone a post or create a draft post based on a previous post (which is the option we tend to use more often.) The plugin also offers the same functionality for pages as well. There are also customisable options on what is copied when you duplicate the post such as date, attachments etc.

How It Works

Duplicate Post

On the ‘All Posts’ screen, there are new options under each post title: clone andnew draft.

I tend to use the new draft option as it creates a draft post identical to the original and allows you to edit it before publishing.

Important: when you create a new draft, the permalink is also copied with a ’2? added to the end. Obviously you will need to change this to something more meaningful before you publish.

This is one of those ‘does what it says on the tin’ plugins. It is simple and saves a lot of time especially if you are creating similar posts or pages on a regular basis.

Custom Post Type Sticky Posts

Sticky Custom Post Types
A project I was working on today uses custom post types for part of the content of the website. In this case though some posts in the custom post type need to be sticky. Well the client did not call it that but in the end that is what they described, those posts need to be at the top of the list when readers browse that section of the website and it needs to be easy for them to be able to change the sticky posts easily.

The site is using the Pods Framework to create the custom post type and I thought I must have missed the option to turn sticky posts on but after some searching I came to the conclusion I did not miss it, it is not there. I then went looking for a way to enable sticky posts for custom post types.

Thankfully the WordPress community often has a plugin that can solve problems like this and a quick search in the WordPress plugin directory and I found the Sticky Custom Post Types. Once the plugin was installed it was just a simple matter of going to Settings ? Reading and turning sticky posts on the custom post type I needed them on.

The plugin has not been updated for over a year but it is still working as expected when I installed it today. My client can now select sticky posts for their custom post type content and if they decide to use it on another custom post type they will have no problem turning it on or off.