Update 5/18: Added note about privacy policy management on multisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site installs.
Update 5/17: Added details about themes passing the fields
argument to comment_form()
.
In WordPress 4.9.6, several tools were introduced to help sites meet the requirements of the new European Union’s new GDPR (General Data Protection Regulation) laws. This post will detail what theme authors need to know about compatibility with the new features.
Theme authors should test their themes to confirm that there are no design conflicts between the new features and their themes detailed below.
Privacy Policy Pages
WordPress 4.9.6 introduced the ability to easily select a page as a privacy policy for a site in the Settings > Privacy section of the admin (and super admin) area (#43435). For new sites, a privacy policy template page will automatically be created in draft status (#43491).
To easily link to the selected page in plugins and themes, three template tags have been added (#43850):
get_privacy_policy_url()
– Retrieves the URL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org to the privacy policy page.
the_privacy_policy_link()
– Displays the privacy policy link with formatting, when applicable.
get_the_privacy_policy_link()
– Returns the privacy policy link with formatting, when applicable.
Note: On multisite installs, only super admins are allowed to manage privacy policies. If one policy is desired for the entire multisite, the `privacy_policy_url` filter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. can be used to accomplish this. See #43919.
Example
The following example will display the privacy policy link surrounded by a <div>
.
if ( function_exists( 'the_privacy_policy_link' ) ) {
the_privacy_policy_link( '<div>', '</div>');
}
Commenter Cookie Opt-Ins
When a logged out user comments on a post, they are asked for their name, email, and website. This information is stored locally in the commenter’s browser for two purposes:
- When they leave another comment on the site, their name, email, and website will be pre-populated into the respective fields.
- If their comment is held for moderation, they can return to that post and remove the comment before it is approved.
The information stored in this cookie is for convenience and is not essential. Therefore, the user needs to be given the choice to opt in or opt out of the storage of this data.
For this reason, a checkbox has been added to the comment form that allows commenters to opt-in to storing this data in the cookie. This checkbox will be unchecked by default, as opt-in is an action the user must explicitly approve.
The new checkbox field is automatically added to comment forms displayed using the comment_form()
function inside a p.comment-form-cookies-consent
element.
While most themes will not require any action, it is recommended that you double check that the new input and label does not require CSS Cascading Style Sheets. adjustments in custom themes.
For more information on this change, check out #43436 on Trac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress.,
Themes Overriding Comment Forms
By default, WordPress automatically displays the new checkbox field discussed above. However, if a theme is passing the fields
argument to the comment_form()
function, the field will not display and needs to be added to the list of fields.
Example
The following example will only display the email field above the comment message field in the comments form.
comment_form(
array(
'fields' => array(
'email' => 'field markup',
),
)
);
After updating, the new comment opt-in field will need to be added.
comment_form(
array(
'fields' => array(
'email' => 'field markup',
'cookies' => 'opt-in field markup',
),
)
);
The default markup for the field can be found in wp-includes/comment-template.php
.
A second option for fixing this would be to utilize the comment_form_default_fields
filter instead. Using this filter, default comment fields can be added or removed without having to pass the fields
argument to the function.
Bundled Themes
All 8 currently supported bundled themes (Twenty Ten-Twenty Seventeen) have been updated to support these changes. Site footers will display a link to the site’s privacy policy when one has been selected (#43715), and the commenter cookie opt-in field has been styled.
Child themes built on top of bundled themes should be checked to see if any adjustments are necessary for the privacy policy link in the footer.