Found a bug, translation issues & privacy concerns

  • mirkoschubert

    (@mirkoschubert)


    2 years, 11 months ago

    Hi, first of all I found a bug in the current version of Limit Login Attempts Reloaded (2.22.0). If you go to the preferences of the plugin and change the number of lockouts in the email section, the entry never gets saved and falls back to the old value.

    I also noticed that part of the preferences aren’t translated to English. I am German, but my WordPress Installation is in English (US). Strangely the preferences of the plugin are a mix of English and German.

    Last of all I have to comment on the IP obfuscation removal in 2.21.0 and possible GDPR compliance issues:

    You’re right, IP logging for security reasons would be a legitimate interest in accordance with Art. 6 (1)f GDPR. Funnily enough you use the statement “By proceeding you […] give your consent…” in your default GDPR message in the plugin, which would be Art. 6 (1)a GDPR. 😀

    But a legitimate interest still requires the owner of the website to provide information, which processing reason will apply, which data will be processed, where the data will be processed and who processes it. Your GDPR message wouldn’t be enough, so usually there would be an entry in the privacy statement with this information and a link to the statement in your GDPR message.

    You also forget that not only administrators should see these informations. If a website has a login area in the frontend, your GDPR message is not shown to the user at all, but all members have to see this information at least in the registration form. This is a lot of work for the owner of the website.

    It would be even harder if someone uses your cloud service. In this case you are definitely not GDPR compliant and accountable for this!

    First of all you don’t have an adequate privacy policy since you don’t provide any information of the above (see Art. 12 & 13 GDPR). In addition to that you have to provide a data processing agreement (DPA) for your users (see Art. 28 GDPR). And since you store and process personal data outside the European Union it would be even harder, because the “privacy shield” isn’t legally accepted in the EU anymore.

    In conclusion: Obfuscating any personal data will be the easiest option 😉

    I used your plugin (without the cloud) gladly for myself and my customers. But your decisions about the GDPR functionality makes me wonder if I still should use it in any WordPress installation.

  • The topic ‘Found a bug, translation issues & privacy concerns’ is closed to new replies.

Tags