Support » Plugin: iThemes Security (formerly Better WP Security) » Is your Plugin conform with the EU-GDPR?

  • Hello,
    at 2018-05-25 we get in europe the General Data Protection Regulation (GDPR).
    What is to do, that iThemes Security is conform with the GDPR?


Viewing 6 replies - 1 through 6 (of 6 total)
  • To @gerroald

    You’ve closed the discussions authoritatively on this topic: https: //

    Out, do you know that your plugin will be submitted to the General Data Protection Regulation (GDPR) we’ll get in europe from 2018-05-25?
    In this context, the law requires full access to collected data.
    The logs are part of it and must be able to be deleted on demand.
    Do you plan to put your plugin in compliance with GDPR or will the Europeans have to uninstall it to avoid the sanctions provided by law?

    @bonaldi (+ the iThemes team):

    FYI everybody handling data relating to EU citizens or serving EU customers are affected by the GDPR legislation. Not just companies residing within the the EU.

    As I read the GDPR terms iThemes and similar companies outside EU are equally affected by the terms of GDPR by having a client base within the EU – not to mention the presumed fact that a substantial part of their EU client base probably serve as data controllers/processors serving an exponential number of EU based website owners affected by this.

    If not GDPR compliant I would worry greatly about the risks of being held accountable as a data processing party and the massive penalties involved for misconduct.

    The responsibility to GDPR not limited by the physical location or origin of the software company. It’s the location of the targeted user and customer base that matters.

    For everybody’ sake I surely hope you’re onto this one guys!

    Surely the team behind iThemes security and BackupBuddy will put forward an official statement in terms of how they are about to comply with EU GDPR legislation which affects any company operating on the EU market(?)

    You need to address the fact that you facilitate tools used by data processors and controllers worldwide and the updated EU GDPR legislation affects all parties involved no matter geography as long as EU users are targeted.

    E.g. with an iThemes plugin like BackupBuddy I wonder if the iThemes online vault storage option is located outside the EU (as their company is US based I imagine this to be true) If located in the it raises an issue in regards to user consent if e.g. the data processor / controller use BB to serve EU clients.

    Assuming the website in question targets EU users and the website backups are stored outside the US the data controller/processor is obliged to make a more extensive notice available about this when asking for consent in regards to obtaining and handling user data.

    If this is the case the data controller at the very least needs to be informed that the location is outside EU or an option for EU based storage must be offered during setup where the storage option is made available.

    That is just one example. No matter what iTheme plugin this touches I feel very strongly about knowing how you as a company are actually implementing technical and procedural compliance in regards to GDPR. I do consider past events in regards to security and customer data saying this.

    I am not trying to troll here, however as Te-Punks suggests the GDPR regulation will be put into action within 2 months (May 25th 2018) and I cannot seem to find any info or GDPR statements anywhere from iThemes.

    The fines for GDPR misconduct are severe so I imagine the team is upfront and on their toes with some solid info very soon. If not I for one need to look for an alternative plugin due to the risks involved if GDPR remains addressed.


    Any personal information is stored by WordPress and that, in terms of GDPR, is being looked at in the WordPress core group.

    You can see that on the make.core blog via this tag.



    Every website in EU using iThemes Security needs to know if the plugin can be used under the new EU-law (GDPR)

    We need official respons from iThemes on this matter !!!

    //Lars, Copenhagen



    Let me start by saying I totally agree with you. But …

    According to the FAQ section in the readme.txt file:

    = Where can I get help if something goes wrong? =
    * Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.

    Free support may be available with the help of the community in the support forums (Note: this is community-provided support. iThemes does not monitor the support forums).

    Note the bold section at the end of the quote.

    So if you are looking for a statement from iThemes regarding GDPR compliance of the iTSec plugin IMHO it’s probably best to contact iThemes directly.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Is your Plugin conform with the EU-GDPR?’ is closed to new replies.