[wp-trac] [WordPress Trac] #44518: GDPR Functions 4.9.6 need improvements & customisation

WordPress Trac noreply at wordpress.org
Thu Jul 5 07:37:04 UTC 2018


#44518: GDPR Functions 4.9.6 need improvements & customisation
---------------------------+-----------------------------
 Reporter:  lifeforceinst  |      Owner:  (none)
     Type:  defect (bug)   |     Status:  new
 Priority:  normal         |  Milestone:  Awaiting Review
Component:  Privacy        |    Version:  4.9.6
 Severity:  major          |   Keywords:
  Focuses:                 |
---------------------------+-----------------------------
 When attempting to use the GDPR enhancements such as Export Personal Data
 & Erase Personal Data in WordPress 4.9.6 they create more issues than that
 address. It seems to have good intent but seems to have been rushed into
 implementation.

 As has been discussed in a number of forums...

 **ISSUE 1 - GDPR EMAILS sending address**
 ----

 They are sent from wordpress at sitename, this is diabolical and should as a
 minimum use the admin configured email address.  More significantly the
 core function must support a customised email address which is stored in
 _options, that way the email could come from  a configurable address such
 as privacy at sitename.

  Using the email address wordpress at sitename will often result in may email
 systems and gateways marking the email as spam.  **The sending address
 must be configurable.**


 **ISSUE 2 - GDPR EMAILS content**
 ----

 The default email messages are also poor in terms of wording, style etc
 and look like someone has hacked a site to generate some prank as they
 contain no styling elements from the site. Ideally these should be
 customised, but as a minimum there should be a hook so that a theme or
 plugin can change the email content.  This needs to be properly documented
 so that it is then clear what needs to be returned to ensure that the
 email is appropriately customised.

  As have been noted in a number of forums, the ability to Brand the emails
 are essential to enable recipients to affirm the authenticity of the
 sender and not mark it as spam. This needs to be configurable or hooks
 with proper documented use and examples provided.

 **Issue 3 - Security - Exposing admin URL**
 ----

 The confirmation emails exposes the WordPress admin login URL, which is
 detrimental for security reasons. Also it looks much less professional and
 may lead some people to think the message is spam. You should create a
 custom landing page for such requests which is not associated to the admin
 URL, this could be something such as sitename/gdpr-confirmation-request.

 Due to the use of admin URL, the confirmation email links will often fail
 when used with various security plugins, especially if those plugins hide
 the WordPress admin login. The confirmation emails should not use a wp-
 admin URL.

  This is security 101 and needs to be addressed to not use the admin URL.

 **Issue 4 - only accessible by admin**
 ----

 These tools are only accessible by the supersite admin, good practice
 should limit the use of this admin account. These functions should also be
 available to a lower level authority such as Editor or you may need a new
 user level account called Data Administrator (which again ties back into
 the GDPR legislation requirements to have an identified Data
 Administrator).

  Need the ability to access GDPR functions from other WordPress user
 levels.

 **Sundry other issues or improvements**
 ----

 * The functionality should provide the ability to send the zip file as an
 attachment to the customer when the send email button is pressed, this
 saves the customer having to connect tot he site again to retrieve their
 requested data.

 * In the admin interface, sometimes after clicking on the send request
 button sometimes you receive a message link expired.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44518>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list