GDPR & CCPA
 bikegremlin                
                
                    ModeratorOG
bikegremlin                
                
                    ModeratorOG                 
            
                
                                    
                                  in WordPress             
                    Yes, @Ympker  I'm thinking of you.  
It seems to be getting less and less avoidable. What's the best way to implement it - preferably for free.
I found this - "CeokieYes" plugin.
Seems to be working OK, without slowing the sites down.
But I'm interested to hear any better ideas and recommendations.
BikeGremlin I/O
Mostly WordPress ™
Thanked by (1)Ympker
             
                             
                            
Comments
For Cookies I can recommend https://www.cookiebot.com/en/ (has WordPress plugin) and https://consentmanager.net (has WordPress plugin, too). Both automatically scan all your cookies and sort them automatically in categories (necessary, commercial, analytics)..
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
I saw the CookieBot (didn't find the Consentmanager). They both seem to charge for over X pageviews (or over Y website pages).
Looking for some free solutions for non-commercial websites.
BikeGremlin I/O
Mostly WordPress ™
Usually I never had problems with these limits. Cookiebot does not count views/visits afaik. Only pages/sites. Consentmanager has 5000 visits/mo, but I usually recommend my clients to get legal texts from IT-Recht Kanzlei which partners with consentmanager. You get free upgrade to 40.000 visits/mo that way
About Consentmanager plugin: https://wordpress.org/plugins/consent-manager/
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Neither of those limits is enough for my use case (100 pages, or 5000 page-views per month, or even 40.000 p-w for that matter).
CookieYes scanned the website for any cookies, let me sort them by the categories, and let the visitors choose which ones they will accept - with an option to later edit their choice (my current privacy policy page as an example).
Unless I got it wrong, if I don't add any more services/cookies, that list should do the job - even without using the plugin's server for anything (it's set and configured on the website, the service must be contacted only in case of any cookie adding/removal, if I want it sorted out "automatically").
Most of the solutions I came across require at least 50 euros per year per one website - most cost a lot more. It's a ripoff (on top of the fact I consider GDPR to be nonsense). But I can't change the policies (much like the, in my country still obligatory, driving with headlights on in bright daylight). Just trying to accommodate the bureaucrats with the lowest possible expenses from my end.
EDIT:
This looks interesting - at first glance at least, because one license covers "unlimited subdomains."
https://www.cookiepro.com/pricing/plan-comparison/
Their WP integration:
https://www.cookiepro.com/integrations/wordpress/
BikeGremlin I/O
Mostly WordPress ™
Thanks for mentioning these alternatives. I will make sure to check them out, however I will likely stick with the two I have mentioned. Just to chime in on CookieYes. On their page they also mention a limit of 100 pages and 5000 cookie-consent protocols (so probably 5000 ppl/visitors clicking "accept/decline" this/that). This seems a bit similar to Cookiebot but perhaps a bit "better" in the sense that only ppl are counted that click (get saved) via the Cookie consent banner?
https://www.cookieyes.com/de/#plans
Another option would be to get a paid Codecanyon plugin as they come with lifetime upadtes (6 months support) and this one (which is the bestseller) is one license per domain. So with 39$ you are set for one domain: https://codecanyon.net/item/ultimate-gdpr-compliance-toolkit-for-wordpress/21704224
Still, always a bit hesitant with Codecanyon products..
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
The CookieYes has some limits inadequate for my use. But it is my understanding they apply only when the website uses their infrastructure. If I "disconnect it," the plugin still works, letting the visitors accept, decline and edit their cookie choice.
I just lose the option of automatically editing the cookie list if I change stuff on a website.
Could be wrong. With those limits, I'll probably know the answer very soon.
BikeGremlin I/O
Mostly WordPress ™
Ah, fair enough. Better check with their support/sales perhaps?
Oh, and I totally forgot about Complianz ( https://wordpress.org/plugins/complianz-gdpr/ ). Their free plan (not listed on website afaik; see difference in free and premium features on wordpress description) is also very powerful!
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
LOL - just looking at Complianz now (and testing it on staging).
Looks promising, plus it offers an "export/import" option which should save me some time.
BikeGremlin I/O
Mostly WordPress ™
Found this - needs further looking into:
https://www.termsfeed.com/cookie-consent/
BikeGremlin I/O
Mostly WordPress ™
I created my own plugin and limited the clients choice to accept or reject. Everything else too much of a hassle since my website doesn't really require cookies except for remembering the login but this feature is simply not available if cookies are denied.
Not sure if it's of interest, anyway I know that local web agencies choose
I'd say that virtually every web agency here is using one of these two
First time I see complianz.io, I'll ask for feedback :-)
Insane, just use technical cookies and you be good.
Don't include external code and assets.
That fucking industry that came over night, shit.
I wish I had the same idea.
Free NAT KVM | Free NAT LXC
Complianz scans the existing website cookies for free (for now).
CookieYes scans "up to 100 pages" (or something like that) for cookies for free, per one website.
Apart from that, external service is not needed - if you know exactly which cookies the website uses.
Of all the tested plugins, CookieYes allows a nice interface for visitors to configure which cookies they want to allow.
It also offers a shortcode, so you can add the cookie management option to a WordPress pabe (Privacy / Cookie policy pages look like a good fit for that) - so that visitors can later re-configure their cookie choice, if they like doing that using the website.
The prices charged are nonsense, a ripoff. ).
 ).
The whole GDPR is a nonsense and a needless hassle IMO, but I don't see it as being reverted any time soon (we still need to drive with the headlights on even in broad daylight
BikeGremlin I/O
Mostly WordPress ™
So I've asked around and, long story short:
Linking here - related to the CookieYes plugin... it's beautiful, isn't it?
(a vulnerability not being addressed)
https://www.pluginvulnerabilities.com/2021/09/24/five-of-the-100-most-popular-wordpress-plugins-are-insecurely-using-the-extract-function/
BikeGremlin I/O
Mostly WordPress ™
I just ate 5 cookies, will I have to report myself now? I did it without consent.
https://clients.mrvm.net
Since you'll have to provide yourself with the option to change your mind at a later time, I'd use this and accept in retrospect or make use of the necessary function to remove already existing cookies.
Oh, I promise you, all cookies have been removed

https://clients.mrvm.net
enters in incognito mode please give your consent again Also, enjoy your free refill of cookies.
 Also, enjoy your free refill of cookies.
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Seems to have been fixed (according to them):
https://wordpress.org/plugins/cookie-law-info/#developers
BikeGremlin I/O
Mostly WordPress ™
As expected...
German Court Rules Websites Embedding Google Fonts Violates GDPR
(thehackernews .com link)
BikeGremlin I/O
Mostly WordPress ™
Yeah, heard about it. Rip
As a web designer, this is really annoying tbh.
Using WordPress, I actually have two plugins to get Google Fonts removed.
For one OMGF ( https://de.wordpress.org/plugins/host-webfonts-local/ ), which scans my site for fonts used, downloads them locally and replaces registered Google Fonts that would be otherwhise loading from online.
Secondly, https://wordpress.org/plugins/remove-google-fonts-references/ . This one is no longer available but it removed all google fonts references from the site, since with OMGF (free version), my site would still make connections to google servers. If anyone is interested in the second plugin, I still have it on my server and could share it with you (if needed).
It's on Koofr for a week now (Virustotal Scan attached): https://k00.fr/h76hjgj3 | password: 245515
After that, pm me to get the plugin (if needed). @vyas suggested that Auto-Optimize also does the trick.
Since Autooptimize is being frequently updated, it might be better to use that one.
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Like I’ve always said, wanna live with GDPR? Don”t use the Interwebs.
https://clients.mrvm.net
Autopmtimize plug-in also does that
Remove google fonts that is
For no plug-in option
https://wordpress.ezoic.com/how-to-remove-google-fonts-from-your-wordpress-site/
VPS reviews | | MicroLXC | English is my nth language.
Thanks for the headsup! Will have a look Would be a more up-to-date and reliable solution.
 Would be a more up-to-date and reliable solution.
Does Autooptimize also download your Google Fonts to local and then exchanges remote Google Fonts references to local, or does it just remove connections/references to Google fonts (so I would still need OMGF to download the fonts to local and exchange references?).
I would probably prefer a plugin option, because meddling with functions.php is annoying as it gets overwritten when the theme updates (afaik). I am not a fan of child themes either (which would probably prevent just that), but I'll give Auto-Optimize try. Thanks!
Another option would be to take the code you'd put in functions.php and then, instead, launch it as a mini-plugin through Code Snippets Pro to have it always active.
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Not to my knowledge. You may be better off uploading the google fonts locally if you do need them. I could have presented a case for a child theme and then tinkering with functions.php but I am sure there is a Law of Diminishing Marginal Utility into play.
VPS reviews | | MicroLXC | English is my nth language.
Oops seems like edit was too late since I also commented on functions.php :P
Anyway, yeah OMGF basically does just that for me. Download the fonts my website is using locally. Very happy with it so far. Manual upload would ofc also work.
Ympker's Shared/Reseller Hosting Comparison Chart, Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
There's many mirrors being gdpr compliant, why use Google then? It's been just selecting a different option in drop-down for me and I exchanged the Google link.