Changes that Affect Theme Authors in WordPress 4.9.6

Update 5/18: Added note about privacy policy management on multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site installs.
Update 5/17: Added details about themes passing the fields argument to comment_form().

In WordPress 4.9.6, several tools were introduced to help sites meet the requirements of the new European Union’s new GDPR (General Data Protection Regulation) laws. This post will detail what theme authors need to know about compatibility with the new features.

Theme authors should test their themes to confirm that there are no design conflicts between the new features and their themes detailed below.

Privacy Policy Pages

WordPress 4.9.6 introduced the ability to easily select a page as a privacy policy for a site in the Settings > Privacy section of the adminadmin (and super admin) area (#43435). For new sites, a privacy policy template page will automatically be created in draft status (#43491).

To easily link to the selected page in plugins and themes, three template tags have been added (#43850):

  • get_privacy_policy_url() – Retrieves the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org to the privacy policy page.
  • the_privacy_policy_link() – Displays the privacy policy link with formatting, when applicable.
  • get_the_privacy_policy_link() – Returns the privacy policy link with formatting, when applicable.

Note: On multisite installs, only super admins are allowed to manage privacy policies. If one policy is desired for the entire multisite, the `privacy_policy_url` filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. can be used to accomplish this. See #43919.

Example

The following example will display the privacy policy link surrounded by a <div>.

if ( function_exists( 'the_privacy_policy_link' ) ) {
        the_privacy_policy_link( '<div>', '</div>');
}

Commenter Cookie Opt-Ins

When a logged out user comments on a post, they are asked for their name, email, and website. This information is stored locally in the commenter’s browser for two purposes:

  1. When they leave another comment on the site, their name, email, and website will be pre-populated into the respective fields.
  2. If their comment is held for moderation, they can return to that post and remove the comment before it is approved.

The information stored in this cookie is for convenience and is not essential. Therefore, the user needs to be given the choice to opt in or opt out of the storage of this data.

For this reason, a checkbox has been added to the comment form that allows commenters to opt-in to storing this data in the cookie. This checkbox will be unchecked by default, as opt-in is an action the user must explicitly approve.

The new checkbox field is automatically added to comment forms displayed using the comment_form() function inside a p.comment-form-cookies-consent element.

While most themes will not require any action, it is recommended that you double check that the new input and label does not require CSSCSS Cascading Style Sheets. adjustments in custom themes.

For more information on this change, check out #43436 on TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress.,

Themes Overriding Comment Forms

By default, WordPress automatically displays the new checkbox field discussed above. However, if a theme is passing the fields argument to the comment_form() function, the field will not display and needs to be added to the list of fields.

Example

The following example will only display the email field above the comment message field in the comments form.

comment_form(
	array(
		'fields' => array(
			'email' => 'field markup',
		),
	)
);

After updating, the new comment opt-in field will need to be added.

comment_form(
	array(
		'fields' => array(
			'email' => 'field markup',
			'cookies' => 'opt-in field markup',
		),
	)
);

The default markup for the field can be found in wp-includes/comment-template.php.

A second option for fixing this would be to utilize the comment_form_default_fields filter instead. Using this filter, default comment fields can be added or removed without having to pass the fields argument to the function.

Bundled Themes

All 8 currently supported bundled themes (Twenty Ten-Twenty Seventeen) have been updated to support these changes. Site footers will display a link to the site’s privacy policy when one has been selected (#43715), and the commenter cookie opt-in field has been styled.

Child themes built on top of bundled themes should be checked to see if any adjustments are necessary for the privacy policy link in the footer.