Home Blog WordPress Management Enhancing your GDPR toolkit with the WordPress activity log

GDPR Compliance

Enhancing your GDPR toolkit with the WordPress activity log

On 25th of May 2018 the General Data Protection Regulation (GDPR) became enforceable across Europe and any business that deals with either a EU citizen or anyone who lives within the EU.

Today we’re going to explain how the WP Activity Log plugin can become a vital part of your data protection toolkit, and can help you to document the technical and security measures that healthy compliance requires.

NOTE: for all the technical details of how the plugin can be used on a GDPR compliant website and what user data is collected etc, refer to All you need to know about the WP Activity Log plugin in relation to GDPR compliance.

New responsibilities for web site administrators

When Europe’s first data protection rules were drawn up in 1995, web site administration was an obscure job for university IT departments. Now, in a world where anyone can have a business web site up and running in a day, we are all web site administrators – whether we realise it or not!

With great power, however, comes great responsibility. GDPR requires web site owners and administrators to become more attentive about the ways that their systems are set up, protected, and, unfortunately, misused.

Under GDPR, organisations collecting and processing data, whether that is the largest corporation or a one-man-band business, must ensure they create and document technical and security measures. A key aspect of this is monitoring and logging for security issues and attacks.

Tools like WP Activity Log can do this job for you.

The plugin logs the changes made by internal users to both content (including posts, pages, tags, categories, custom post types, comments, widgets, and menus), and functionality (user accounts, plugins, themes, databases, and universal settings.) If you use WooCommerce, BBPress, or Paid Membership Pro, the plugin also logs events and changes related to these services.


WP Activity Log also monitors for external threats such as hack attempts, automated vulnerability scans, brute force attacks, and new user creations outside defined working hours.

These events are logged in three categories of severity: Notice, Warning, and High. It’s easy to see how these categories span everything from harmless user actions which should nevertheless be logged all the way to active threats. You can configure email alerts for these actions; you may, for example, wish to be immediately alerted to High warnings such as a user deactivating a plugin. Here is a full list of actions which will be recorded by the plugin.

Preparing for data breaches

GDPR requires site administrators to prepare for data breaches, and to take preventive security measures to prevent them from taking place. A data breach does not just mean data which leaks to the outside; it can mean, for example, data being visible to staff members without the appropriate authorisation, or equally, the company giving excessive access to data that an employee does not explicitly require to see.

The sad truth about most data breaches is that not only are they preventable, they happen internally. Sometimes they are accidental, such as an employee using an insecure WiFi connection to access corporate data. Sometimes it is down to carelessness, for example, an intern’s login is left active after they leave the company. And sometimes, as we know, it is malicious: a disgruntled employee leaks data or disables a plugin.

In the event of a data breach, the WP Activity Log plugin will help you identify who was using the site at the exact time that a breach took place. It will also show you the IP address they were logged in from. This information will help to inform any internal investigation you do, and can also provide vital clues as to whether a breach was accidental, careless, or malicious. That WordPress activity log data will also provide the information that a regulator (such as the ICO) would require as part of their own inquiry; having that data to hand will show that you are serious about putting things right.

A WordPress Plugin for GDPR?

No plugin alone can provide you GDPR compliance. You need a collection of plugins instead and each of them will help address one aspect of your compliance journey. You can start by installing and activating the WP Activity Log plugin, which will provide you with a robust component of the security precautions you need to take as a responsible business WordPress website administrator.


2 thoughts on “Enhancing your GDPR toolkit with the WordPress activity log

  1. I’m a bit confused, can this audit the site’s plugins to see if they are GDPR compliant, it seems that many plugins may not actually be GDPR compliant, or list that they are, and how about API’s and they’re compliance?

    1. Hello Lynsey,

      No, this plugin is a WordPress activity log plugin, which means once it is installed it keeps a log of everything that is happening on your WordPress website. It does not any other plugins to confirm if they are GDPR compliant.

      There is no automated solution that checks if plugins are GDPR compliant.


Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon

The survey results are in: Find out what your WordPress security gameplan might be missing

Close

The survey results are in: Find out what your WordPress security gameplan might be missing

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2