Support » Plugin: Limit Login Attempts Reloaded » General Data Protection Regulation

  • Resolved fknisel

    (@fknisel)


    Hello,
    do you know if your plugin is complying the rules of the General Data Protection Regulation (GDPR), which will soon come into force (https://gdpr-info.eu/).
    I’m asking this because the plugin stores the IP addresses with repeated failed login attempts. According to GDPR these are “personal data”.
    Is it possible to anonymize the IP addresses before they are saved in my database? If so, how can I configure that?
    Can you confirm me that this data will only be stored on my database and not on external servers?
    Thanks!

    • This topic was modified 1 year, 7 months ago by  fknisel.
Viewing 11 replies - 1 through 11 (of 11 total)
  • i want to know the same. any informations about that.

    ?

    Does anyone have an update to this topic? Times running up…

    Plugin Author 2by2host

    (@wpchefgadget)

    Hi guys,

    We’re going to provide this functionality next week. We’ll keep you posted.

    [ Signature deleted ]

    Plugin Author 2by2host

    (@wpchefgadget)

    Hi guys,

    We have uploaded a new version of the plugin with this feature implemented.

    [ Signature deleted ]

    Hello

    in WordPress ist mentioned, that it is updated last before 6 years.

    I think, I must mention how it works in the data privacy statement, becauce of you uses IP adresses.

    Regards

    VCR

    Hi WPChef,

    thanks a lot.

    To be GDPR compliant means to my understanding that no(!) personal data is processed by the plugin.

    This being said I am wondering how the plugin is working effectively when “all logged IPs get obfuscated”.

    Please, could you help me out in this and explain how the plugin is working when the option “GDPR compliance” is checked?

    Kind regards
    Mirko

    Plugin Author 2by2host

    (@wpchefgadget)

    Hi Mirko,

    In GDPR mode the plugin converts the incoming IP into its md5 hash which is a one-way hashing algorithm that makes an IP unrecognizable to a person. For example, the 127.0.0.1 IP becomes: f528764d624db129b32c21fbca0cb8d6. All further operations (including storage of IPs in the database) are done using the hashed IP, not the original one.

    [ Signature deleted ]

    I looked for “Limit Login Attempt” and not for “Limit Login Attempts Reloaded”. That was my misstake.

    Plugin Author 2by2host

    (@wpchefgadget)

    Hi VCR,

    No problem.

    [ Signature deleted ]

    In my opinion, it is enough to write in your pricacy policy that you collect IP, date, time and loginname of logins in the backend. So in this way you do not have to activate the GDPR mode.
    I would also mention to passing on this data for investigative purposes.

    The second thing related to GDPR is: Do you send this data also to an external server, or just save it in the current database?

    Regards, Patrick

    Plugin Author 2by2host

    (@wpchefgadget)

    Hi Patrick, thank you for your comment. We don’t send any data to an external server.

    [ Signature deleted ]

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘General Data Protection Regulation’ is closed to new replies.