GDPR for WordPress Developers: Announcing the (Free) Anonymization Addon

#

Like me you are probably getting ten emails a day from companies announcing changes to their privacy policy or asking you to re-confirm your email address for marketing purposes. This is all down to GDPR, the new European Union data protection regulation which, although annoying people in the short-term, will have a positive effect on individual online privacy in the long-term.

I don’t want to go into the legal weeds about the regulation, but rather give you some key information and resources to help understand it and highlight a specific area where we can help with compliance (spoiler alert – I’m not a lawyer).

What Is It?

The General Data Protection Regulation (GDPR) is a new EU law about data protection and privacy of people within the European Union. Therefore if your business is based in the United States (or elsewhere) but has EU customers, it could affect you.

The regulation introduces rules that apply to the personal data of customers you collect, store and use within your business (including websites, apps and other software). It aims to protect the digital rights of EU citizens by giving them the ability to see what companies know about them (right of access) and the power to have their details removed (right of erasure). It comes into force on May 25, 2018.

What About WordPress?

WordPress Core have put together a GDPR team to work on features to assist site owners with complying with GDPR:

The team is focusing on creating a comprehensive core policy, plugin guidelines, privacy tools and documentation.

Their roadmap outlines the proposed features, with the two biggest developments being tools to allow exports and deletion of users data from the site. These features have landed in the 4.9.6 release.

They are also focussing on how themes and plugins can integrate with core features to ensure there is whole-site coverage for personal data. WooCommerce has also been busy integrating with these core features ahead of their own version 3.4 release and have put together a post) outlining the new WordPress core features they integrate with, as well as some new functionality such as data retention periods and more granular control over data collected at checkout.

Local Development

‘Data protection by design and default’ is a big piece the of the regulation, which covers the need to encrypt data if stored remotely, such as backups stored in a cloud based provider. But what about local development? If you are running a WordPress site you are likely to have user or customer data in the database, especially if you are running an ecommerce or membership site. If you or anyone working on the site takes a copy of the database to work on the site locally, you have a duty to protect that data the same way you would with a backup.

GDPR requires some form of Pseudonymisation (meaning de-identifying personally identifiable information) of the data when it is stored to ensure personal data cannot be identified or tied to a specific person. This could usually be accomplished using encryption, but an alternative approach which would be more suited for local site development is data anonymization.

Introducing the Anonymization Addon

With that in mind, I want to introduce you to our newest addon for WP Migrate DB Pro: the Anonymization addon. You can find the plugin on the WordPress plugin repository and contribute via GitHub.

The plugin is intended to be installed on a production site and it then will anonymize all user data whenever the database is exported, pulled by another site, or pushed to another site. This ensures that the live data is never migrated to another site with real customer data. At the moment the addon is very simple with no UI, and you will need to deactivate the plugin to turn it off.

The plugin uses the awesome Faker library to anonymize user data with completely fake data but of the same type. For example, all emails are replaced with fake emails, phone numbers with fake numbers, etc. This means the exported data is completely anonymous but looks like real data to make it easier to use when developing locally, to avoid this kind of thing if it were simply encrypted:

Admin bar Howdy with encrypted username

The addon replaces data based on a simple configuration format that defines which columns in the database should be replaced and what type of data faker should replace it with. It currently replaces data in both the wp_users and wp_usermeta tables for both WordPress core data as well as WooCommerce data.

We would love to make this work for anonymizing data from other plugins and would happily accept pull requests for plugin config files. The configuration array is also extendable using the wpmdb_anonymization_config filter so you can easily add more anonymization rules:

/**
 * Anonymizes a users date of birth.
 *
 * @param array $config
 *
 * @return array
 */
function my_wpmdb_anonymization_rules( $config ) {
    $config['usermeta']['meta_value'][] = array(
        'constraint'     => array( 'meta_key' => 'dob' ),
        'fake_data_type' => 'dateTimeThisCentury',
    );

    return $config;
}

add_filter( 'wpmdb_anonymization_config', 'my_wpmdb_anonymization_rules' );

There are a couple of constants to configure the addon:

  • WPMDB_ANONYMIZATION_USER_LOGIN_WHITELIST – A comma separated string of user logins to be ignored during the anonymization process. This would typically be your admin user so you can still login as normal to the site.
  • WPMDB_ANONYMIZATION_DEFAULT_PASSWORD – A default password that will be hashed using wp_hash_password() for all users. This allows developers to be able to login as any user for testing purposes.

Are Our Plugins Compliant?

Unlike WooCommerce, our plugins WP Migrate DB Pro and WP Offload S3 don’t collect or store any personal data. When you activate your license key in the plugin your site URL is sent to our server for licensing purposes, and the media library total for WP Offload S3 installs. We also send some minimal data about the site install (plugin version, WordPress version, locale and PHP version) but this is stored anonymously.

WP Migrate DB Pro handles migrating databases from server to server which will of course contain personal data. We’ve already tackled the migration of the database for developing locally with the Anonymization addon, and when it comes to migrating databases with the personal data intact, we recommend always migrating over HTTPS – we actually make HTTPS the default protocol in our connection strings for communicating between sites.

Further Reading

If you would like to find out more about GDPR, here are some good resources in general and specifically in the WordPress space:

Wrapping Up

I hope the Anonymization addon will help users of WP Migrate DB ensure that they are safely making copies of site databases. If you do use it and have any feedback then please let us know in the comments or in the GitHub repository.

What changes are you making ahead of GDPR? Have any helpful resources I might have missed?