WordPress.org

Forums

User accounts on custom hosted blog (16 posts)

  1. Hoeloe
    Member
    Posted 8 months ago #

    Hello,

    I'm trying to set up a blog on my own hosting, and have discovered that the blog appears to use it's own user accounts, which are stored on my server. I actively would prefer not to use this feature (as it is perfectly possible that I will want to add accounts to the site in the future, since this is only a small portion of the site), and would like people to be able to post directly from their WordPress account, rather than having to make a separate one for my site specifically.

    Another reason I have an issue with this is because of the Data Protection Act. Storing personal data (including e-mail addresses) requires that I register, and to do so costs money on a yearly basis. I would prefer not to have to register for a system that I don't particularly want, and is definitely not necessary. Is there a way to get around this, or do I just have to bear it (or use a different blog system)?

  2. Self-hosted WordPress blogs, like yours, are entirely self-contained, so an account from one has no access to another.

    When you say "would like people to be able to post directly from their WordPress account," what are they posting? Comments, blog posts?

  3. Hoeloe
    Member
    Posted 8 months ago #

    I'm aware of that, but I don't want it to be. It would be comments only, not blog posts, but fundamentally the principle would be the same for both.

  4. Is there any particular reason for why you want registration for comments? It's not necessary.

    If you're worried about spam, there are tons of other options out there, including Akismet (which comes with WordPress).

  5. Hoeloe
    Member
    Posted 8 months ago #

    It's not about spam, but as I mentioned, it's about data protection. If I store user data, even just an e-mail address from a guest comment, I can be liable for up to £500,000 in damages if that data is leaked from my server, and that's if I pay an upfront declaration fee. By keeping all user information on WordPress' servers rather than mine, and storing only a user ID and the comments themselves, I absolve myself of this responsibility.

  6. Right, what I'm saying is you don't *need* to store user data. :)

    At Settings -> General in your blog's Dashboard, uncheck "Anyone can register."

    At Settings -> Discussion in your blog's Dashboard, uncheck "Users must be registered and logged in to comment."

    I am not a lawyer, but email addresses submitted voluntarily via a comment form or contact form which do not result in the creating of an account appear to be exempt from that. Otherwise, there would be a lot of bloggers in trouble, and I don't foresee Automattic (makers of WordPress.com) or Google (makers of Blogger) standing for that. :)

  7. Also, at Settings -> Discussion you can uncheck "Comment author must fill out name and e-mail."

  8. Hoeloe
    Member
    Posted 8 months ago #

    Whether it's stored as an account or not, an e-mail address stored on the server is still user data, even if it's just stored in the record of the comment. I couldn't find such an option when I looked last, but I will have a look again and see what I can find.

  9. Start by looking at where I said they were. ;)

  10. Hoeloe
    Member
    Posted 8 months ago #

    Still problematic. The fields are still there, even if they're not mandatory, meaning that if someone fills them in, I have to store their data.

  11. Right, you're still storing data submitted voluntarily without creating an account or tying it to any identifiable information.

    I recommend reading through the entire law, not just a summary somewhere. It's been around since 1998, and I highly doubt it applies to what you're describing, otherwise anyone with a comment or contact form has been in violation for 16 years.

    In particular, this section defines the data being protected, and there is no mention of email addresses or names as protected: http://www.legislation.gov.uk/ukpga/1998/29/section/2

  12. Hoeloe
    Member
    Posted 8 months ago #

    Sensitive data is defined in that law as being any data that can lead to the unique identification of a person. This includes an e-mail address. The fact of the matter is that yes, there ARE a lot of violations, much like copyright. There is not the time or resource to pick up everyone's personal blogs unless there is a serious violation, which will almost never happen in such small communities.

    However, I am intending to use this blog as a business, not as an individual, so I have to abide by the law in order to maintain professional standing.

    For now, I am disabling comments on my blog, and will look over the law in more detail and examine exactly what needs to be done when my deadlines are not so tight.

  13. Sensitive data is defined in that law as being any data that can lead to the unique identification of a person.

    No, it's defined as:

    Sensitive personal data.

    In this Act “sensitive personal data” means personal data consisting of information as to—
    (a)the racial or ethnic origin of the data subject,
    (b)his political opinions,
    (c)his religious beliefs or other beliefs of a similar nature,
    (d)whether he is a member of a trade union (within the meaning of the M1Trade Union and Labour Relations (Consolidation) Act 1992),
    (e)his physical or mental health or condition,
    (f)his sexual life,
    (g)the commission or alleged commission by him of any offence, or
    (h)any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

    From where I linked to before http://www.legislation.gov.uk/ukpga/1998/29/section/2

    That's kind of why I recommended reading through the whole law, not a summary. ;)

  14. Hoeloe
    Member
    Posted 8 months ago #

    That is only sensitive personal data. There are separate rules for that, but the data protection act also applies to non-sensitive personal data which, from that same site you sent:

    “personal data” means data which relate to a living individual who can be identified—
    (a)from those data, or
    (b)from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

    The data protection act applies to any kind of personal data, but has extra restrictions on sensitive personal data.

  15. It'll be interesting to see how debatable that is, I'd love to see anyone identify me from just one of my email addresses. :)

    Thanks for sharing!

  16. Hoeloe
    Member
    Posted 8 months ago #

    Oh it's incredibly debatable, which is one reason why people don't tend to bother with it unless there's a major leak, but I'm trying to cover all my bases in the event something does go wrong.

    The interesting thing is that an e-mail is, in some ways, a better identifier of a person than their name, simply because it is guaranteed to be unique to the person, while a name isn't, though locating someone physically using just an e-mail address may be challenging. It is possible to do so by searching through other user accounts held by that address though.

Reply

You must log in to post.

About this Topic