Privacy For WordPress in 3 Steps

I like to consider myself a pretty privacy-aware guy. I have tape over my webcam, I never share my real birthday unless it’s absolutely necessary, and I use tracker-blockers in my browsers.

That’s how I noticed my website was sending people’s data to third-parties through tracking scripts and cookies. From the default Jetpack share buttons to the Yoast SEO Google Analytics plugin, my favorite website features were spying on my visitors!

I’m sorry about that. I apologize, and it ends now.

How can we make WordPress respect people’s privacy?

This is the story of how I made it work. All it really took was a little time and creativity.

And if I can do it, you can too. Here’s how.

Three Steps:

  1. Remove Trackers
  2. Remove Cookies
  3. Encrypt Your Connections

Success = 0 Trackers + 0 Cookies

Through trial, error, and a ton of internet searching, I’ve managed to fix my websites such that they don’t use any trackers don’t place any cookies. I’m far from being an expert, so if you have any other criteria for a privacy-respecting website, please let me know!

What are Trackers and Cookies?

If you’re not sure what trackers and cookies are, or why you should care about them, please have a look at this post.

How Do You See Them?

Depending on your browser, you can install add-ons that will show you what trackers are on any website you visit and block them for you:

I use uBlock Origin for Firefox, but there’s a version for Google Chrome too.

The Ghostery addon works for pretty much everything else, from Edge to Safari, to smartphone browsers.

So that’s how we can see what’s collecting people’s data – how do we get it off our website?

Step 1: Remove Trackers

Disable Jetpack Stats

Once activated, Jetpack tracks your visitors by default. You can disable this by either going directly to

%yourdomain%/wp-admin/admin.php?page=jetpack_modules

or by opening your Jetpack Debug settings. There, you’ll be able to disable the Site Stats module.

Jetpack Site Stats Disabled

Disable Jetpack sharing buttons

I know – sharing is caring, and sharing buttons are nice. The problem is that each is connected to its respective social network, so everyone who reads your blog post is getting spied on by Facebook, Twitter, LinkedIn, and the rest.

Go into your Jetpack Settings, open the Sharing tab, and turn off the switch next to Add sharing buttons to your posts.

Jetpack Sharing Buttons Setting

Install WP DoNotTrack

A WordPress installation is a complex system of plugins, a theme, content, and custom code. This complexity makes it difficult to keep track of every part of the system.

Thankfully, Frank Goosens (futtta) created the WP DoNotTrack plugin to prevent other plugins from installing 3rd-party tracking code into your site.

I recommend the Disable tracking for all my visitors and SuperClean settings.

WP-DoNotTrack Settings

 

Step 2: Remove Cookies

Cookies can be tricky, because not all of them are bad, and different areas have different laws on how they may be used. In the EU, it’s illegal to allow your site to save cookies without asking for the visitor’s consent.

If you use cookies legitimately, there are lots of plugins that help you comply with EU law. But here’s how to eliminate cookies altogether.

Remove Embedded Content

This was, psychologically and aesthetically, the hardest thing for me to do. One of my favorite parts of the web is being able to embed content from one website to stream on another. Unfortunately, just one embedded YouTube video saves 8 cookies without consent.

Cookies from YouTube

So I now make thumbnails and link out to the content source, usually with a short bit of text indicating where the link leads to (e.g. see the video on YouTube or Follow me on Twitter).

Disable comments

This one is a shame, because I like my blog posts to start a conversation. However, WordPress sets five cookies when someone posts a comment, and they persist for longer than a week.

Go into your WordPress Settings > Discussion. There, uncheck the option Allow people to post comments on new articles.

Disable Comments

If you’ve already written posts though, this setting will have to be changed retroactively. Go to All Posts and select all posts at once. Then, under Bulk Actions, select Edit and press Apply.

Bulk Edit Posts

Then next to Comments, select Do not allow and press the Update button.

Do Not Allow Comments

Check for plugins that leave cookies

Even with care and attention to cleaning up your site’s cookies, there may still be a plugin or two that saves cookies. There’s no easy way to diagnose this but to either disable all plugins and re-activate them one-by-one, or deactivate each plugin one-by-one.

There’s a painful amount of cache clearing and refreshing involved with this, but your site visitors will appreciate it.

Step 3: Encrypt Your Connection

And finally, encryption! If you look at your browser’s address bar now, you should see https://brianpagan.net.

https Secure Connection

The s means the connection between your computer and the one where my website lives in encrypted. So if someone would try to eavesdrop, they would hear only noise.

This usually costs money, but organizations like Let’s Encrypt provide this service for free. They provide instructions on how to install it on your site, but some web hosting companies, like Vimexx (the one I use) come with Let’s Encrypt already installed.

So Let’s Respect People’s Privacy

Platforms like WordPress, and their various plugins, make it easy for us to set up full-featured, beautiful websites and online communities. And since we’re empowered to build these things for other people, it’s our responsibility to make sure we’re not peddling people’s privacy for a nice Twitter feed or a set of pretty share buttons.

Let’s be responsible and respect our website visitors’ privacy.

If you’d like to share any thoughts or insight on this, please message me on Twitter or get in touch with me right here.

Thank you!

BONUS: Privacy-Friendly Alternatives

I understand that it’s not easy to give up nice features and functionality for the sake of other people’s privacy!

Luckily, there are some great privacy-friendly alternatives to the most common web tools. These plugins don’t use cookies, and they don’t send any of your visitors’ data to third parties.

Oh, and all of them are free.

Google Analytics Alternative: Statify

The Statify WordPress plugin tracks page views and referrers for your website.

MailChimp Alternative: Email Subscribers & Newsletters

The plugin Email Subscribers allows your to maintain subscriber lists and send, or schedule, HTML newsletters.

Typeform Alternative: Ninja Forms

The Ninja Forms plugin lets you create forms and keeps a record of all submissions. Not only does it provide an insane amount of features, the UI is also sublime to use.

Combine Ninja Forms with Popup Maker, and you’ll never think about Typeform again.

Browsers & Add-Ons for Safer Surfing

If you’re a bit more paranoid (like I am), you can surf the web with Epic Privacy Browser, Brave (also for mobile) or Tor Browser.

If you love Safari on your iDevice, try Better by Indie.

 

Cover image by Kylie_Jaxxon

Comments are closed.