How to Configure your WordPress Privacy Settings | Elegant Themes Blog

The privacy policy is one of the most underappreciated parts of your WordPress website, even though nearly every visitor has to click a button to agree to it. Because of that, having a solid privacy policy is one of the most important things you can do for your site. From providing legal protections (both domestic and international) to being an SEO ranking factor, your WordPress privacy policy should be top-notch, clear, and up-to-date. We have some tools and resources that can help you with this, as well as some tips and advice about what to include in your WordPress privacy policy to begin with.

What is a Privacy Policy?

A privacy policy tells users what you’re doing with their data. You must disclose any information you gather to your website visitors. (Whether that’s an email address, first name, location, whatever.) And then you have to tell them what you plan to do with that information. Even if it’s as innocuous and benign as sending a birthday discount via email. The General Data Protection Regulation (GDPR) is legislation passed by the European Union that even requires visitors to opt in before any data is collected at all (plus much more), no matter the reason.

If you use Google Analytics, Facebook Like buttons, run ads on your site or any number of other standard practices for 95% of websites out there, a privacy policy is 100% necessary.

Even if they don’t read it (and most won’t), your visitors and you are still bound by it. Not having one opens you up to legal troubles. Not the least of which is thousands of dollars in fines. Beginning in 2020, legislation called the California Consumer Privacy Act (CCPA) is even more strict than GDPR in terms of both requirements and penalty, so tightening up your legalese should be at the top of your to-do list if you haven’t tidied it up in a while.

Ideally, you’d enlist the help of a lawyer to help you draft your privacy policy. However, that’s not a practical option for the vast majority of site owners. Knowing this, a lot of online services have sprung up to help. Not all of them are created equal, however. Don’t trust just any generator you find in a Google search. We want to give you an idea of what you should look for in a privacy policy. That way, you know that no matter where you get your privacy policy, it has you covered.

How to Create a Privacy Policy Using WordPress

Luckily, WordPress developers saw the impact not having a privacy policy could have on website owners. Current versions of WordPress now include a Privacy item under Settings in the admin dashboard. It, and we, will walk you through the process of creating your own privacy policy in your own WordPress backend.

Once inside the Settings (1) – Privacy (2) area, you may get a message like (3) above even if you have a privacy policy on your site. This is because the privacy policy selection is blank (4). And that’s okay. If you’ve never used this feature before, there’s no reason it would know you have a privacy policy already set. However, if you do not, WordPress will create one for you just by pressing the Create (5) button.

The banner at the top of the post (6) is a rundown of what is in the post itself. You can click it to read it in detail, or you may simply scroll through the pre-generated text to make sure it’s what your site actually does. For the most part, WordPress privacy policies are similar because the way that most sites use data is similar. If you need a quick-and-easy privacy policy, just go through the blocks in the post and remove the Suggested Text (7) label and press Publish (8). Doing so will create an all-new post on your site with the URL /privacy-policy (as determined by the title of the created page.)

Once WordPress has created your boilerplate privacy policy, you may want to go through the information again and make sure that you include any clauses specific to your site that may not be included in the automatic one.

What Should Your Privacy Policy Include?

These points may or may not be everything you need to consider for a well-rounded privacy policy. Think of them only as the basics that the document should include. (You can also read up on critical clauses if you’re so inclined.)

These are the standard issues that make up most privacy policies. Ideally, visitors would take a look at your policy and decide if they’re comfortable using your services. More realistically, it covers you legally because the majority of people click agree without even glancing at it. In case someone ever comes back with a dispute about how you used their information or data, you have a document indicating that they opted in for that usage.

A big part of these disclosures involves cookies. Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS). In any case, websites use cookies to track what you do within them. For example, cookies enable you to stay logged in even if you leave the website (although there are limitations). According to the European Union’s Cookie Law and ePrivacy Regulation, sites need to inform visitors about their use of cookies and provide an option to disable them.

What Do You Do with User Data?

Here’s the real kicker: what you do with the data is just as important to disclose as that you collect it. Why? Data is big business. It’s really the business. Billions of dollars flow through the data industry each year. Many, many, man sites sell or share their user data. Others, more ethically, use the collected data to personalize content and ads and other, similar applications.

Regardless of how your WordPress site uses the, your privacy policy must disclose it. While some users may consent to share personal data, they might not be happy with how you decide to use it and decide to not opt in. Or request that you remove their data from your collection after the fact.

One use of using a user’s data is us. If your Elegant Themes yearly subscription is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update. We have the date on which you became a member, your name, and your email address. We use that to personalize our service to you.

In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to.

How to Create a Custom Privacy Policy

If you’re a major business dealing in sensitive data, having a unique-to-you privacy policy is the way to go. We mentioned above that utilizing a lawyer is a good option. After all, this is a legal document that you and your business will be bound to. However, that’s unrealistic for most website owners.

That’s why various services have sprung up over the years to generate boilerplate (but customizable) privacy policies for your websites. We’re going to touch on a few of them so that you can know that you’re in the right hands in letting your visitors know that they are, too.

1. Termageddon

Knowing fully how ridiculous their name is and leaning into it, Termageddon is a top-notch service that generates automatically updating privacy policies. Any time new laws are passed that affect privacy data, Termageddon updates your embedded policy to reflect them. So when CCPA went into effect, Termageddon updated from just GDPR regulations. Setting it up is as simple as answering questions about your business or website. Then you paste an embed code into the page where it will live. You can override any updates or changes, and you can edit the policy manually, too. If you handle a lot of user data, then this is $10 a month well spent.

Additionally, Termageddon handles more than just WordPress websites, meaning that you can use them to set up a privacy policy for your Shopify store, Facebook apps, mobile apps, and more. So if you use external integrations with your site, Termageddon has you covered on all fronts.

Price: $10 per month/ $99 per year | More information

2. TermsFeed

TermsFeed enables you to generate basic privacy policies in minutes. You can easily customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email. The turnaround is pretty quick. That way, you can paste it into your website and have it live for your visitors immediately. The platform also offers you the option of updating your policies automatically as laws change.

Plus, if you want more personalized customization, you can download various templates for terms of service and so on that you can edit and fill out on your own. Like Termageddon above, TermsFeed is not just for WordPress sites, and their privacy policies integrate into everything from iOS apps, SaaS platforms, and desktop applications that need permissions to run locally on your clients’ machines.

Price: Free and paid plans available | More Information

3. FireBase

While it’s designed mostly for mobile apps, FireBase is a great privacy generator. Especially when you want something fast, easy, and customized (to an extent) for very specific services. It’s easy to implement and set up. It is a more simplistic privacy policy; however, that doesn’t mean it is useless or even bad. The policies generated show what you do with cookies and how you use various services. We like these because they are written in plainer language that your users will be able to understand. They may not be able to parse more complex legalese that comes in other generators. If you want a quick, easy, and understandable privacy policy generator, this is it.

A big highlight for FireBase users is the option to determine what kind of app type you’re making a privacy policy for. Many WordPress plugins operate on these same models, meaning that a free plugin could tweak the generated privacy policy to its needs. Or a freemium app could, too. While it generates a generic policy, that level of simplicity makes it so that you can go in and make it exactly what you need for your site or product.

Price: free | More information

How to Add Your New WordPress Privacy Policy

If you use any of the above generators, and not the built-in one, you’re going to need to put it on your site. Otherwise it does you no good. But that’s incredibly easy. First, go to Pages (1) – Add New (2), and then title the new WordPress page (not post!) Privacy or Privacy Policy (3).

Then it’s a simple matter of pasting in either the WordPress privacy policy text or the embed code. For this example, we generated a privacy policy for WordPress using a generator and then pasted it into a Classic Block in the WP block editor. We could have have easily been a Custom HTML Block or even just normal a series of normal Text Blocks, had we just pressed CTRL/CMD – V.

When you press Publish, you just have one more step (and this applies to any and all versions of privacy policies): making it accessible to your users. Putting links to the new page in your About Us section is always a good idea, but the best place is in your primary navigation menu (as well as footer menus). Adding a new WordPress menu item is painless, just go to Appearance (1) – Menus (2) and locate the menu you want to edit. Then select the Privacy Policy page (3) that you jut created, set it as a sub item to a related menu choice (4) and click Save Menu (5).

Let us reiterate that last part: click Save Menu when you’re finished. Missing that step is one of the most-forgotten things about WordPress. Menus do not automatically save in WP. The last thing you want to do is put in a lot of time and effort making sure that you’ve added the best privacy policy to your website that you can…and then make it inaccessible. And worse than that, thinking that you did it and only finding out much later that it wasn’t.

When you have done all that, your WordPress site’s privacy policy should be live, visible to users, and in effect protecting you and them.

Keeping an up-to-date WordPress privacy policy doesn’t mean that you have to write a legal document every so often. Thanks to WordPress developers and other platforms and services like Termageddon, you can have any number of these essential documents ready in no time. Having a front-facing privacy policy shows your users that you take protecting their data seriously. Outlining specifically how you use their data should put visitors’ minds at ease, as well as cover you legally and ethically.

What do you find the most important aspect of a privacy policy?

Article image thumbnail by Aleksandr Merg /

This content was originally published here.