Posted on

How to Create GDPR Compliant Forms in WordPress

Do you want to create GDPR-compliant forms in WordPress?

European Union’s new GDPR law requires explicit user consent to store personal information so that users can have more personal control over their data stored on websites.

In this article, we will show you how to easily create GDPR-compliant forms in WordPress.

How to Create GDPR compliant forms in WordPress

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) law that became effective on May 25th, 2018. This new law aims to give EU citizens control over their personal data and change how companies and businesses handle data privacy around the world.

For more details, see our ultimate guide to WordPress and GDPR compliance which will answer all your GDPR-related questions in plain English.

A typical WordPress site may collect users’ personal information in a number of ways. One of which is by adding forms to the site. Most forms collect personal information, and you may want to make sure that your WordPress forms comply with GDPR.

What is Required to Make a Form GDPR Compliant

In order to make your WordPress forms GDPR compliant, you will need to add the following features:

  • Ask users to give explicit consent for storing and using their personal information.
  • Allow users to request access to their own personal information stored on your website.
  • Allow users to request the deletion of their data from your website.

Having said that, let’s take a look at how to easily create GDPR-compliant WordPress forms. You can click the links below to jump ahead to any section:

How to Make a GDPR Compliant Form in WordPress

We recommend using WPForms to make GDPR-compliant WordPress forms. It is the best contact form plugin for WordPress and has built-in GDPR enhancement features.

For instance, you get a 1-click GDPR Agreement field for your forms, GDPR-compliant data retention best practices, easy entry management system to quickly find, export, or delete user data upon request.

First, you need to install and activate the WPForms plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

For this tutorial, we’ll use the WPForms Pro version because it includes the disable user cookies and user details options. However, you can also use the WPForms Lite version to create a GDPR-compliant form.

Upon activation, you need to visit WPForms » Settings page and enter your license key. You can find the license key in the WPForms account area.

Entering the WPForms license key

Next, you’ll need to scroll down to the GDPR section.

There, you need to check the box next to the GDPR Enhancements option.

Enable GDPR enhancement option

Enabling the GDPR Enhancements option will reveal two more GDPR-related settings.

The first option, ‘Disable User Cookies,’ will stop WPForms from storing user sessions. This cookie contains a random unique identifier that helps WPForms add features like related entries, form abandonment, and geolocation. Disabling it will also disable those features.

The second option, ‘Disable User Details,’ will stop WPForms from storing user IP addresses and browser information. Both of these settings are optional, and you can check them if you feel that you don’t need these features.

Don’t forget to click the ‘Save Settings’ button to store your changes.

Select Form Template and Add GDRP Agreement Field

WPForms is now ready to create GDPR-compliant forms in WordPress. You can now go to WPForms » Add New page to create a new form.

You will be asked to enter a title for your form and select a template. These templates are ready-made forms that you can use as a starting point. In this tutorial, we’ll use the ‘Simple Contact Form’ template.

Add a new form

This will launch the WPForms builder interface.

You will see your form preview in the right column, and on the left, you will see all the fields that you can add to your form.

Add the GDPR agreement field

Simply drag the ‘GDPR Agreement’ field and add it to your form.

You will now see it appear at the bottom of your form. If you click on it, more options will appear in the settings panel on the left.

Edit the GDPR agreement

You can change the title of the form field and agreement text, and then use the description box to add details like a link to your privacy policy or terms and conditions pages.

Note: The GDPR Agreement field is always a required field, and it cannot be pre-checked to comply with the GDPR law. You can only add one GDPR agreement field to each form.

Next, you can go to the Settings » Confirmations tab in the form builder. Here, you’ll get different options to select when a user submits a form. For instance, you can show a message, a page, or to redirect users to another URL.

Edit form confirmation settings

Once you are satisfied with the form, don’t forget to store your changes.

Adding GDPR Compliant Form to WordPress

WPForms allows you to easily add forms anywhere on your website.

You can simply click the ‘Embed’ button at the top of the form builder to get started.

Click the embed button

Next, a popup will open, which will ask you to create a new page or select an existing page.

We’ll use the ‘Create New Page’ option for this tutorial.

Embed a form in page

After that, you’ll need to enter a name for your page.

Once that’s done, simply click the ‘Let’s Go’ button.

Enter the name of the page

Your form will now appear in the WordPress content editor.

Another way to add forms to any page or post is using the WPForms block. Simply add the block to your content and select your form from the dropdown menu.

Add a WPForms block in wordpress

You can now save or publish your post or page.

Simply visit your website to see your GDPR-ready WordPress form in action.

GDPR form preview

Managing Data Access and Deletion Requirements with WPForms

One of the requirements for GDPR compliance is to give users access and allow them to request the deletion of their data.

To do that, you can create a ‘Data access/delete form’ and add it to your privacy policy page. Users who wish to access their stored data or want it to be deleted can use that form to send you a request.

WPForms has an excellent entry management system that allows you to quickly find any data submitted via your forms.

You can access all form entries by visiting WPForms » Entries page from your WordPress dashboard and selecting the form you wish to view.

View form entries in WPForms

WPForms will show you all entries submitted using that form. You can search for a form entry by entering a name, email address, IP address, or keyword.

From here, you can simply click the ‘Delete All’ option at the top to remove form entries.

Delete form entries

You can also delete individual entries or click the view button to see all data stored for that entry.

Disabling User Details for Specific Forms

With WPForms, you get full control over which forms can store user data. You can disable user details to be stored for each individual form.

First, you’ll need to go to WPForms » Settings from your WordPress dashboard and scroll down to the ‘GDPR’ section.

Here, ensure that the ‘Disable User Details’ option is unchecked.

Disable user details is unchecked

Don’t forget to click the ‘Save Settings’ button when you’re done.

After that, you can change each form’s settings in the form builder.

All you have to do is head to Settings » General in the form builder. Next, click the ‘Advanced’ section to expand it. From here, simply click the toggle for the ‘Disable storing user details (IP address and user agent)’ option.

Disable storing user details-settings

This will prevent extra user information from being stored for individual forms.

We hope this article helped you learn how to easily create GDPR-compliant forms in WordPress. You may also want to see our article on how to track user engagement in WordPress using Google Analytics and the ultimate WordPress SEO guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Create GDPR Compliant Forms in WordPress first appeared on WPBeginner.

Posted on

How to Host Local Fonts in WordPress for a Faster Website

Do you want to add third-party fonts to your website without slowing down your website speed?

Custom fonts improve the typography and user experience of your website, but they take longer to load. The good news is that you can host your fonts locally to ensure your website is always fast.

In this article, we’ll show you how to host local fonts in WordPress.

How to Host Local Fonts in WordPress for a Faster Website

Why Host Fonts Locally in WordPress?

While typography and custom fonts can improve the overall website aesthetics, they do have a negative impact on your WordPress performance. For example, if you are using a custom font from Google fonts, then they’re loaded from third-party services which will slow down your website.

Luckily, there is a way to use custom fonts without slowing down your site. A new Webfonts API was introduced in WordPress 6.0. This allows you to host fonts locally so they load faster.

Another reason to host Google Fonts locally is to stay GDPR compliant. That’s an important legal consideration if you have website visitors from the European Union.

When someone visits a website that uses Google Fonts, their IP address is logged by Google when the fonts are loaded. Because this is done without their permission, the EU now considers that a breach of privacy regulations, and you may be liable for damages.

That being said, let’s take a look at how to host local fonts in WordPress for a faster website. We’ll cover two methods, and the first method is recommended for most users.

Method 1: Hosting Local Fonts in WordPress With a Plugin

The first thing you need to do is install and activate the OMGF (Optimize My Google Fonts) plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

OMGF is one of the best WordPress typography plugins. It offers a beginner-friendly way to improve performance and GDPR compliance by hosting Google Fonts locally.

Upon activation, you need to visit Settings » Optimize Google Fonts to configure the plugin. You should be looking at the ‘Optimize Fonts’ tab.

Notice the statement under the ‘Optimize Google Fonts’ heading that you just need to use the default settings to automatically replace your Google Fonts with locally hosted copies.

OMGF Settings

That means that as you scroll down the settings page, all you need to do is make sure that the ‘Font-Display Option’ has the default setting of ‘Swap (recommended)’ selected.

All you need to do now is click the ‘Save & Optimize’ button at the bottom of the page.

Click the Save & Optimize Button

You’ll see a message at the top of the screen that says ‘Optimization completed successfully.’

Congratulations! Your Google Fonts are now hosted locally. Your website will load faster and you have reduced the risk of European lawsuits.

Method 2: Hosting Local Fonts in WordPress Manually

You can also host fonts locally without using a plugin by using the @font-face method from our guide on how to add custom fonts in WordPress. While this method requires more work, it allows you to use any font that you like on your website.

You need to download the fonts you wish to use in a web format. There are many places to find great free web fonts, such as Google Fonts, Typekit, FontSquirrel, and more.

Downloading a Google Font

If you do not have the web format for your font, then you can convert it using the FontSquirrel Webfont generator.

Now you need to store the fonts on your WordPress hosting server. You can upload the files using FTP or using your host’s cPanel File Manager.

You should create a new folder called ‘fonts’ in the directory of your theme or child theme and upload it there.

Upload the Fonts to Your Website

Once you have uploaded the font, you need to load the font in your theme’s stylesheet using custom CSS. You can add the code directly to your theme’s style.css file, or by using the Additional CSS section of the theme customizer.

You can do that using CSS3 @font-face rule like this:

@font-face {
    font-family: Arvo;
    src: url(https://example.com/wp-content/themes/twentytwentyone/fonts/Arvo-Regular.ttf);
    font-weight: normal;
}

Don’t forget to replace the font family and URL with your own.

After that, you can use that font anywhere in your theme’s stylesheet or the Additional CSS section of the theme customizer. The CSS you use will depend on your theme and where you wish to use the local font. Here’s an example from our demo website:

h1 {
font-family: Arvo, Arial, sans-serif;
}

As you can see, our heading is now using the locally hosted Arvo font.

Adding Custom CSS With the Theme Customizer

We hope this tutorial helped you learn how to host local fonts in WordPress for a faster website. You may also want to learn how to increase your blog traffic, or check out our list of must have WordPress plugins to grow your site.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Host Local Fonts in WordPress for a Faster Website first appeared on WPBeginner.

Posted on

How to Know if Your WordPress Website Uses Cookies

Do you want to know if your WordPress website uses cookies?

Cookies are tiny files used by websites to store temporary information in users’ browsers. Many countries have different cookie laws that require website owners to disclose which cookies they use and what information they track and store.

In this article, we will explain how to find out if your WordPress website uses cookies and how you can manage those cookies to comply with local laws.

How to see which cookies are set by your WordPress website

What are Cookies?

Cookies are small files containing data sent by a website to store in a user’s browser. Cookies play a significant role on the web and are widely used to improve user experience.

WordPress uses two types of cookies out of the box.

First, there are session cookies. These cookies are used to login and are set for all logged-in users on a WordPress website.

Then, there are comment cookies. These cookies are set when users leave a comment on your WordPress blog. Their purpose is to store user’s name, email address, and URL information so that they don’t have to re-enter it the next time they comment on your website.

Apart from WordPress, third-party plugins and tools may also set cookies for your WordPress website.

What are Cookie Laws?

Cookies are a powerful tool that can be used to track a lot of information about users. Considering the privacy risks, many countries and regions have enacted laws that set compliance guidelines for website owners.

For instance, European Union has GDPR Law and ePrivacy Directive. Similarly, countries like Canada, UK, Japan, and many more have laws that require website owners to get user consent and disclose the information they collect, store, and track about users.

That’s the reason why you see cookie popups on many different websites. These banners allow website owners to comply with GDPR, cookie laws, and other privacy laws in different countries.

How to See Which Cookies Are Stored by a WordPress Website

All modern web browsers make it easy to view the cookies set by any website you visit.

Google Chrome

In Google Chrome, first, you need to visit your WordPress website. After that, click on the Padlock or Not Secure icon in the browser’s address bar. This will open a menu where you need to click on ‘Cookies’.

Viewing stored cookies in Google Chrome

This will bring up the cookies popup where you will see all the cookies set by that particular website in your browser.

Cookies stored by a WordPress website

You can also view these cookies by using the Inspect tool. Simply visit your website and left-click anywhere to select the Inspect tool.

This will split your browser window and you’ll see the developer console panel. From here you need to switch to the ‘Application’ tab.

Viewing cookies using developer tools

Next, you need to click on the Cookies menu from the left column and you’ll be able to see all the cookies stored on your site. More importantly, you’ll be able to see the data stored by the cookie under the ‘Value’ column.

Mozilla Firefox

In Firefox, you need to visit the website you want to check and then right-click anywhere to select the ‘Inspect Element’ tool.

This will split the browser window and you’ll see the developer console panel. From here, you need to switch to the ‘Storage’ tab and click on ‘Cookies’ to view all the cookies.

Viewing cookies set by WordPress using Firefox

Plugins That Allow You to Turn Off Cookies

Now when reviewing cookies set by your WordPress website, you may notice that there are some cookies set by different WordPress plugins you are using.

As a website owner, you may not want to use these cookies to comply with cookie laws in different countries and limit your liabilities.

However, not all WordPress plugins come with easy ways to turn off cookies and make your website compliant. Following are some of the plugins that allow you to easily turn off cookies without breaking plugin functionality.

1. MonsterInsights

MonsterInsights is the best Google Analytics plugin on the market. It allows you to properly install Google Analytics and setup EU compliance addon.

First, you need to install and activate the MonsterInsights plugin. For more help, see our article on how to install Google Analytics in WordPress.

Once you have set up the plugin, go to Insights » Addons page and install EU Compliance addon.

EU Compliance addon for MonsterInsights

The addon works out of the box, and there are no settings for you to configure. You can see it’s enabled by visiting Insights » Settings page and switching to the Engagement tab.

EU Compliance addon status

The addon will now automatically anonymizes IP addresses, disable the Demographics and Interests Reports, turn off user and author tracking, and more. It also integrates with Cookie Notice and CookieBot plugins automatically.

2. WPForms

WPForms is the best WordPress contact form plugin on the market. It allows you to easily create GDPR compliant forms for your WordPress website.

First, you need to install and activate the WPForms plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit WPForms » Settings page and switch to the General tab.

WPForms settings

From here you need to scroll down to the GDPR section and check the box next to GDPR enhancements option.

WPForms GDPR settings

Checking the option will expand it and you’ll see the option to disable user cookies and user details for all forms.

WPForms also allows you to make individual forms GDPR compliant. For more details, see our article on how to create GDPR compliant forms in WordPress.

3. OptinMonster

OptinMonster is the best lead generation software on the market. It helps you create GDPR compliant optin forms and lead campaigns for your website.

It allows you to easily add a Privacy Policy with a customizable checkbox. Users can then only submit the form once they’ve checked the box. It also allows you to enable double optin for your forms.

Adding privacy policy checkbox to OptinMonster campaigns

Plus, OptinMonster lets you target visitors based on their location. That way, you can make sure you’re showing GDPR-compliant optins to customers in EU countries. OptinMonster only creates cookies to improve user experience on your website and these cookies can only be utilized for on-site tracking.

4. Smash Balloon

Smash Balloon is the best social media plugin for WordPress websites. It allows you to create social media feeds that are compliant with cookie and GDPR laws.

Smash Balloon GDPR compliance

The plugin detects if you have a cookie notification plugin enabled and then holds any cookies until user give cookie consent.

More Ways to Comply with Cookie Laws for WordPress Websites

It is the responsibility of a website owner to comply with cookie laws in different regions. Here are some basic steps to make your website more compliant.

1. Add a Privacy Policy Page

A privacy policy page is legally required to comply with privacy and cookie laws in different regions. See our guide on how to easily add a privacy policy page to your WordPress website.

2. Install a Cookie Notification Plugin

Cookie notification plugins show a notification on your website that it uses cookies and seek consent from the users.

Cookie Notice and CookieBot are two of the most popular cookie notification plugins that are compatible with many other popular WordPress plugins.

For more options, see our list of the best WordPress GDPR plugins to improve compliance.

3. Keep an Eye on Plugins and Tools that Use Cookies

Check your website cookies to make sure that you can connect each cookie to a installed plugin and tool on your website. When installing new WordPress plugins or third-party tools, make sure to check if they have options to make them GDPR and cookie law compliant.

We hope this article helped you learn how to check if your WordPress website uses cookies and ways to make your website compliant with cookie laws.

You may also want to see our WordPress security guide to make sure that any data that you collect on your website is properly secured.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Know if Your WordPress Website Uses Cookies appeared first on WPBeginner.