[wp-trac] [WordPress Trac] #43443: Add a method for confirmation of requests for deleting or anonymizing of personal data
WordPress Trac
noreply at wordpress.org
Wed Mar 7 00:02:36 UTC 2018
#43443: Add a method for confirmation of requests for deleting or anonymizing of
personal data
-------------------------------------------------+-------------------------
Reporter: azaozz | Owner: mikejolley
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.0
Component: General | Version:
Severity: normal | Resolution:
Keywords: gdpr has-patch dev-feedback needs- | Focuses:
testing |
-------------------------------------------------+-------------------------
Comment (by azaozz):
feature.43443.diff works quite well. Only changed it so we always delete
the stored token when the hash matches, and fixed a typo in var order.
Left the ticket open so we can iterate/enhance it further.
Things to consider:
- Prevent "flood" of requests. If a request is made and is hasn't expired,
perhaps limit how many new requests can be made for the same email.
Something like 10 should be plenty to cover legitimate user cases.
- Perhaps add garbage collection function to delete expired requests.
- Consider how this can be user through the REST API and add an endpoint.
- Log confirmed requests and perhaps show them on the dashboard? Typically
an admin will have to perform the requested action. When a site has more
than one admin, would be good if all can see pending requests.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43443#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list