c4bng

Hi,

if the security plugin is very good, why should I block IPs manually? The plugin should know better than me about different digitals attacks. Or another way: If I should block and manage IPs manually, why do I need a security plugin? All the matters around a website could be solved without any plugins using php functions, java scripts and other tools..But plugins allow a quick (though not allways the best solution) without a lot of special IT-knowledge. This is the advantage of WordPress. So, I don’t understand why “the customer” should deal with all the IPs collected, it’s your job, when your plugin is used on a website. The customer receives an overview and interferes only if it comes to problems which have been indicated (again!) by wordfence.

On a few pages using wordfence in Germany I have already found the following passage about wordfence in the privacy policy: “We have disabled the live traffic view for data protection reasons”. Do you think the website owners are also bad informed about GDPR compliance? And if they need “manually view attacks in live traffic” as you say, so why have they disabled this feature then?

My statement “To be compliant with GDPR the customer should get these users’ consent first” comes from my assumption that the customer doesn’t have legimate interest in data collection, like the processor (Defiant) does (that is why I’ve signed the DPA in order YOU can process the data). And I’m pretty sure that that is the case. That is why you can’t claim it’s incorrect.

One more logical thing justifying my statement: If it’s known that all the IPs (humans, bots etc..) are to be found by worfence customer in the backend, how can the customer prove on request that he doesn’t abuse them for marketing purposes? It would be more cumbersome than having anonymized IPs from the beginning.

“If security companies could no longer store IPs in order to block attackers, they would not be able to protect you.” I have never said that YOU are not allowed to collect the IPs! Read again my postings, please.

I find it very sad that after several request, neither you nor your collegues can deliver me an answer on point 6.1. and 9.1. of you DPA. So, if I want to delete the IPs stored in the backend and you don’t react on my request, than you can’t maintain that you are GDPR compliant.

And that is exactly the point: Defiant (or “processor” according DPA) is compliant with GDPR because collecting IPs is a “legimate interest” in this case. BUT: a company who uses the plugin Wordfence (“customer” according DPA) must also be compliant with GDPR. The only problem is, the customer can’t come here with the argument “legimate interest” when seeing all the IPs in the backend, because the customer himself doesn’t need to see all the IPs to provide security for his site with your plugin. This issue becomes even more critical if you consider that not only malicious data are to find in the backend but also normal website users’ PIIs! To be compliant with GDPR the customer should get these users’ consent first since – as mentioned – there is no “legimate interest” to see these PIIs at this stage.

Look, my webhoster collects also IPs and logfiles but he gives me an opportunity to deactivate this feature, so that even if he collects the data because of the “legimate interest” I can decide wether I want to have this data and statistics or not. So, to be on a save side in terms of GDPR I can use this opportunity. From my point of view, Wordfence should offer such a feature as well. Because the customer should not be liabe for Wordfence’s collection of the data.

Besides, under the point 6.1. of DPA is written “Processor will enable Customer and/or End Users to delete Customer Data during the Term…” So, what is the exact procedure? It isn’t explained in the DPA and the Defiant hasn’t answered this my question, yet. The point 9.1. hasn’t still been cleared either.

Hi,
today I have updated the polylang to the version 2.1.1 and then noticed that the language order in the language switcher has changed in the frontend: It correlates exactly with the language order of wordpress and not with the defined order in the polylang settings.

So, the order for updating was: german / english / russian (this order is still to see in the polylang settings).

The order after updating is: english /russian / german (this is the exact order which is also in the wordpress backend).

I’ve tried to change the order in the polylang settings, but no changes are seen in the frontend. It seems, like this function doesnt work anymore.

Could somebody help with this topic?

Thank you in advance!

Best wishes

Hi,

It seems like I have the same problem with polylang.

I written to polylang concerning this matter, but they say they changed nothing for ages regarding this feature. Maybe there could be a problem with the theme. But the theme author denied it. I posted the problem in this forum some weeks ago, but nobody answered…unfortunatelly….

The strange thing is, the order in the frontend is exactly the same as defined by wordpress everywhere in the backend…but its not order I’ve defined in polylang.

If you find the solution, would be great to here from you

regards