Support » Everything else WordPress » User accounts on custom hosted blog

Viewing 15 replies - 1 through 15 (of 15 total)
  • Moderator James Huff


    Self-hosted WordPress blogs, like yours, are entirely self-contained, so an account from one has no access to another.

    When you say “would like people to be able to post directly from their WordPress account,” what are they posting? Comments, blog posts?

    I’m aware of that, but I don’t want it to be. It would be comments only, not blog posts, but fundamentally the principle would be the same for both.

    Moderator James Huff


    Is there any particular reason for why you want registration for comments? It’s not necessary.

    If you’re worried about spam, there are tons of other options out there, including Akismet (which comes with WordPress).

    It’s not about spam, but as I mentioned, it’s about data protection. If I store user data, even just an e-mail address from a guest comment, I can be liable for up to £500,000 in damages if that data is leaked from my server, and that’s if I pay an upfront declaration fee. By keeping all user information on WordPress’ servers rather than mine, and storing only a user ID and the comments themselves, I absolve myself of this responsibility.

    Moderator James Huff


    Right, what I’m saying is you don’t *need* to store user data. 🙂

    At Settings -> General in your blog’s Dashboard, uncheck “Anyone can register.”

    At Settings -> Discussion in your blog’s Dashboard, uncheck “Users must be registered and logged in to comment.”

    I am not a lawyer, but email addresses submitted voluntarily via a comment form or contact form which do not result in the creating of an account appear to be exempt from that. Otherwise, there would be a lot of bloggers in trouble, and I don’t foresee Automattic (makers of or Google (makers of Blogger) standing for that. 🙂

    Moderator James Huff


    Also, at Settings -> Discussion you can uncheck “Comment author must fill out name and e-mail.”

    Whether it’s stored as an account or not, an e-mail address stored on the server is still user data, even if it’s just stored in the record of the comment. I couldn’t find such an option when I looked last, but I will have a look again and see what I can find.

    Moderator James Huff


    Start by looking at where I said they were. 😉

    Still problematic. The fields are still there, even if they’re not mandatory, meaning that if someone fills them in, I have to store their data.

    Moderator James Huff


    Right, you’re still storing data submitted voluntarily without creating an account or tying it to any identifiable information.

    I recommend reading through the entire law, not just a summary somewhere. It’s been around since 1998, and I highly doubt it applies to what you’re describing, otherwise anyone with a comment or contact form has been in violation for 16 years.

    In particular, this section defines the data being protected, and there is no mention of email addresses or names as protected:

    Sensitive data is defined in that law as being any data that can lead to the unique identification of a person. This includes an e-mail address. The fact of the matter is that yes, there ARE a lot of violations, much like copyright. There is not the time or resource to pick up everyone’s personal blogs unless there is a serious violation, which will almost never happen in such small communities.

    However, I am intending to use this blog as a business, not as an individual, so I have to abide by the law in order to maintain professional standing.

    For now, I am disabling comments on my blog, and will look over the law in more detail and examine exactly what needs to be done when my deadlines are not so tight.

    Moderator James Huff


    Sensitive data is defined in that law as being any data that can lead to the unique identification of a person.

    No, it’s defined as:

    Sensitive personal data.

    In this Act “sensitive personal data” means personal data consisting of information as to—
    (a)the racial or ethnic origin of the data subject,
    (b)his political opinions,
    (c)his religious beliefs or other beliefs of a similar nature,
    (d)whether he is a member of a trade union (within the meaning of the M1Trade Union and Labour Relations (Consolidation) Act 1992),
    (e)his physical or mental health or condition,
    (f)his sexual life,
    (g)the commission or alleged commission by him of any offence, or
    (h)any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

    From where I linked to before

    That’s kind of why I recommended reading through the whole law, not a summary. 😉

    That is only sensitive personal data. There are separate rules for that, but the data protection act also applies to non-sensitive personal data which, from that same site you sent:

    “personal data” means data which relate to a living individual who can be identified—
    (a)from those data, or
    (b)from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

    The data protection act applies to any kind of personal data, but has extra restrictions on sensitive personal data.

    Moderator James Huff


    It’ll be interesting to see how debatable that is, I’d love to see anyone identify me from just one of my email addresses. 🙂

    Thanks for sharing!

    Oh it’s incredibly debatable, which is one reason why people don’t tend to bother with it unless there’s a major leak, but I’m trying to cover all my bases in the event something does go wrong.

    The interesting thing is that an e-mail is, in some ways, a better identifier of a person than their name, simply because it is guaranteed to be unique to the person, while a name isn’t, though locating someone physically using just an e-mail address may be challenging. It is possible to do so by searching through other user accounts held by that address though.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘User accounts on custom hosted blog’ is closed to new replies.