Posted 1 year ago #
Hi there,
This is what has been requested from me:
Could you send me info regarding the security employed in the WordPress functionality in handling the privacy of personal data and content in general"
Can someone point me in the write direction? She wants a lawyer to have a look at it.
If this is not something that is out there or even realistic, what should I tell her?
Any help would be highly appreciated.
Thanks,
James
Posted 1 year ago #
Hi there,
Thanks for the email address but what should I do with it?
Thanks,
James
ask your questions there
Posted 1 year ago #
Hi,
I tried but the email address doesn't work. I tried twice.
hmm...guess it's been killed
don't know what to tell you
I doubt wordpress - or any software - will guarantee anything given that users have control over passwords, plugins installed, etc.most hacks are from crappy passwords on shared servers
Posted 1 year ago #
I sent her the privacy policy and her reply is:
Hi James, WordPress’s privacy statement doesn’t say whether they will hold the identifiable personal data, and where such data will be stored and the security measure on them. Anywhere we can find out their policy in manipulating (or will they be involved in the use/access to) personal identifiable data entered through the Comments Posting functionality?
any ideas?
Oh to have a non b@ll aching client!!
here is what wordpress.com says
http://en.support.wordpress.com/security/
Is this for a self-hosted site or a wordpress.com site?
Posted 1 year ago #
It's for a self hosted site. Using the WordPress platform.
Essentially she wants legal assurances that WordPress (or anybody for that )don't keep any of the information such as email addresses etc...
That sort of thing.
WordPress.org don't keep any personal data on self-hosted sites. They simply distribute the WordPress software.
Posted 1 year ago #
Thanks for that. Is there anywhere you can point me which confirms this information?
good lord! .org distributes software only
you download it - you install it
wordpress has nothing to do with it after that
does your client think there some super-secret code in wordpress to harvest info? don't you think this would have been screamed about from code savvy users by now? after all, wordpress has been out for years now.
you won't find any info on this - well...because it's ridiculous
Posted 1 year ago #
Ha well put. I'll let the client know. Thanks a bunch
Posted 1 year ago #
wordpress has nothing to do with it after that
Not entirely true.
Self-hosted WordPress does "phone home" to WordPress.org, via api.wordpress.org. But this communication transmits information only about the installation environment*, and nothing (as far as I know) about site visitors/users.
Also, if the site uses the Akismet plugin, some potentially personally identifiable user data are transmitted to the Akismet service (user IP, email address, etc. - typical comment data).
* WordPress transmits to api.wordpress.org information such as: installation IP address, server environment (PHP/MySQL versions), WordPress version, installed/active Plugins, installed/active Themes, etc.
Self-hosted WordPress does "phone home" to WordPress.org, via api.wordpress.org
I considered that but it doesn't have anything to do with personal identifiable data obtained via logins or commenting. Plus, if you're really determined, you can switch phone home off, yes? Akismet, like any other 3rd party service, has to be assessed separately.
This topic has been closed to new replies.
