Setting up your WordPress privacy-friendly

By default, WordPress is not configured very privacy-friendly. However, you can improve it with tweaking settings and some plugins – because the community got you covered.

Default plugins

While not everybody’s favor, WordPress comes with two preinstalled plugins, Akismet Anti-spam and Hello Dolly. While the latter has no privacy implications, the first one actually does. Akismet sends so many data to servers of Automattic in the US, that it’s hard to practically impossible to justify its usage. Aside of it, its privacy policy is nowhere near the requirements in the European Union.

Thus, uninstall the Akismet plugin. And since you’re already in the plugins screen, uninstall Hello Dolly, too.

Emojis

Who would have thought that emojis can have a negative impact on your visitor’s privacy? This is because, by default, WordPress loads emojis from WordPress.org if the current client doesn’t support them natively. Since there is no valid reason to do so (since you could also just load them locally), you should disable that. Aside of it, it’s just no more thing. In practice, all devices nowadays support emojis out of the box. You can use the plugin Disable Emojis to have it disabled.

Disable Emojis on WordPress.org

Avatars

All avatars in WordPress are loaded via Gravatar by default. It’s a service to link email addresses to avatars (and some other features). Basically, if you have a Gravatar account, you can add your email address(es) there and define an avatar for it, which will then be displayed magically everywhere you’re using this email address (if Gravatar is supported). While this sounds like a cool idea – and it certainly is from this perspective – it leads to sending your email address (in hashed form) to Gravatar from every website you’ve added it. Thus, Gravatar knows exactly, which websites you’ve visited. Gravatar is also a service from Automattic and as already declared with the Akismet plugin problem, they don’t really care for privacy laws outside of the US. Thus, sending such information – which are definitely personal – is problematic without consent from the user. But WordPress does it automatically, for every registered user and even for everyone commenting one of your posts.

There are two solutions for it.

Disable avatars

You can disable using avatars completely. To do so, go to Settings > Discussion > Avatars > Avatar Display and disable the checkbox of the option “Show Avatars”. This will disable any avatar logic and thus won’t send any data to Gravatar.

Avatar Privacy

You can use the plugin Avatar Privacy to enhance privacy for avatar usage. It comes with the following features:

Load Gravatar images only after explicit consent by the user
Cache Gravatar images to load them locally after the first request
Don’t leak hashed email addresses in Gravatar URLs
Adds an option to upload avatars locally

In practice, you can install Avatar Privacy and are good to go, while still using the avatar functionality from WordPress.

Avatar Privacy on WordPress.org

Disable comment IP address storage

WordPress stores the IP address of anyone commenting in your site indefinitely. While it may be arguably to collect it for a short time, e.g. to check it for known spam IP addresses, storing it indefinitely is generally prohibited. Thus, you should disable it.

You can either use a plugin for it, called “Remove IP” (don’t be afraid regarding its latest update date, it’s just so small it doesn’t need an update):

Remove IP on WordPress.org

Or, you can use a code snippet and add it to your site via MU plugin in /wp-content/mu-plugins:

<?php
\add_filter( 'pre_comment_user_ip', '__return_empty_string' );
Code language: PHP (php)

Delete stored IP addresses

If you already have comments on your site, you should delete already stored IP addresses now. There’s also a plugin for this, called “GDPR Tools: comment ip removement”:

GDPR Tools: comment ip removement on WordPress.org

Comment spam

Since Akismet should be uninstalled immediately, you may suffer from comment spam. To solve this issue, the Pluginkollektiv is maintaining a free and privacy-friendly plugin called “Antispam Bee” to fight comment spam.

Antispam Bee on WordPress.org

Block embeds

Adding embeds to your site always means that you’re loading external resources. This has not only performance implications, but also generates problems regarding privacy. If you can’t or don’t want to do without it, use the plugin “Embed Privacy”. It adds an overlay over the embed and only loads the latter if a user explicitly enables it.

Embed Privacy on WordPress.org

Disable REST API

WordPress comes with a REST API builtin and also needs it for internal functionality. However, it can also be used to easily extract data from your site, e.g. the names of all users. The plugin “Disable REST API” allows you to manage API access per user role and also for unregistered users to prevent such data leaks.

Disable REST API on WordPress.org

Analysis

Tracking is usually never privacy-friendly. Thus, maybe it’s the best to don’t track your users at all. Especially with well-known tools like Google Analytics. They collect so many data that it’s even hard to define which. Aside of self-hosting options like Matomo, probably an even more privacy-friendly plugin is an option. While Statify collects only page visits and thus never even need a consent, Koko Analytics can be configured the same way (or it tracks users with a cookie or fingerprinting, which may need a consent again).

Statify on WordPress.org

Koko Analytics on WordPress.org

Using a newsletter itself is fine, if doing right. And it’s often done on a WordPress site, that’s why it’s part of this guide. You definitely need to have a so called double opt-in mechanism. That means, that if a user registers to your newsletter, you need to send an email to the given email address, where the user has to click on a link to verify that the register process was indeed desired. Only after this confirmation, you’re allowed to send emails.

Additionally, while it may look friendly to call your newsletter subscribers by their actual name, never make such input fields required. They are not mandatory to send a newsletter at all. It’s fine to make them optional for an improved user experience, but it should be up to them whether they want to give you their name.

Keep also in mind that the vast majority of newsletter providers use tracking links in their emails that are being sent to your subscribers to check whether and how they engaged with your newsletter. Make sure to use this functionality compliant with the privacy laws applicable to you, if you do use them.

WooCommerce

When using WooCommerce on your site, make sure to check the settings. Some of them are definitely neither desired, nor have any benefit for you – but for Automattic, the company mainly maintaining WooCommerce.

Some of these settings can be found in:

WooCommerce > Settings > Advanced > WooCommerce.com > Usage Tracking > Enable tracking
WooCommerce > Settings > Advanced > Features > Order Attribution
WooCommerce > Settings > Advanced > Features > Remote Logging

This list is not necessarily complete. Additionally, each update can add new options, and sometimes even change existing options and (re-)enable them. So make sure to check the WooCommerce settings on a regular basis.

Privacy policy

Last, but definitely not least, your site likely needs a privacy policy, since any data is always collected/processed (that’s how the networks and the internet work). You can get one by a lawyer, use an online generator or my plugin “Impressum Plus”, which does most of the work automatically to generate a privacy policy, which is tailored to your site.

More about Impressum Plus

You can also find out more in my dedicated post regarding privacy policy in WordPress.

Conclusion

If you want to start your site with WordPress, there’s definitely something to do when you want to have a privacy-friendly website. Luckily, nothing of it is magic and even possible without any technical knowledge. I hope, this list can guide you through the work.