Category Archives: Wordpress tips

GDPR seeks to protect people's information, and indie authors will have to change what they do to comply with it.

GDPR for indie authors

Have you heard of GDPR (that’s General Data Protection Regulation to its friends)? Don’t worry if you haven’t, it’s an EU regulation about how companies handle personal information. But as an indie author, you might have to take some steps to comply with too. There are plenty of confusing guides out there about GDPR, so I thought it might be handy to compile the stuff that’s relevant to indie authors in one place. So, if you’re an indie author, here’s what you need to know about GDPR.

Disclaimer: I’m not a lawyer, so please don’t take this as legal advice. I’ve just done a bunch of reading so you don’t have to.

Double disclaimer: the specific guidelines around GDPR are constantly changing, so I’ll update this post as and when I learn anything new.

Now, with that out of the way, let’s begin.

What is GDPR?

It’s the EU’s new data privacy law designed to make sure companies handle your personal data carefully, store it securely, and don’t abuse it (i.e. they don’t use it to send you mountains of spam or sell it on to other people). GDPR is a good thing. It just means we might have to make a few changes to how we do things.

When does GDPR come into force?

25th May 2018.

Why do I have to comply with GDPR?

Anyone who processes personal data needs to comply with this regulation.

Wait, doesn’t GDPR just apply to people in the EU?

It applies to anyone who holds data about people in the EU. If that’s not you, you can ignore GDPR but, if you’ve got readers in the EU, you’ll have to comply with the regulations.

How do I comply with GDPR?

It looks like there are a variety of ways to comply with the regulation, but it seems to me like the best bet is to get consent.

In the context of GDPR, consent means you presented the user with a clear option to agree to the use of their data.

It isn’t enough to assume consent in small print (you know the kind: “by clicking submit you agree to receiving my email newsletter, daily pictures of my dog, and also I’ll own your soul a little bit”). You need to be able to demonstrate that the user took a specific action to agree to the use of their data. You also have to record and be able to demonstrate how this consent was provided.

So what do I need to do differently?

First of all, I’m not a lawyer, so none of this is legal advice. I’m only writing about this because I have to deal with this in my day job, and I found out some stuff I think might help out indie authors, such as:

1. Forms on your website

Do you have any forms on your website? Whether it’s contact forms, comment forms, or something else, you’ll likely be collecting people’s names, email addresses, maybe even IP addresses. That’s right, WordPress not only collects commenter’s IP addresses, it stores them too. If that seems unnecessary to you (as it did to me), you can stop your WordPress site from storing them using this guide (as I did).

It sounds like you’ll need to change your comment form to include a checkbox and make sure the consent provided is recorded somewhere. This plugin appears to help with this; I’ve installed it myself and it seems to be working so far. If you use a spam filter, your checkbox text will have to inform users that you’ll pass their data onto the makers of that filter.

2. Your email newsletter

Naturally, you collect personal data when someone signs up to your email newsletter; if you didn’t, you wouldn’t be able to send them emails!

The most important thing you need to do is include within your signup form check boxes that a subscriber can select when you subscribe to your email mailing list. These boxes will enable them to provide you with permission to use their data to, for instance, send them emails, or use their email address to create look-alike audiences for online advertising.

It’s also a good idea to send a confirmation email after a user has clicked the subscribe button. Until they click the link in the confirmation email, they aren’t subscribed to your newsletter. This is often referred to as “double opt-in”, and it not only helps you establish consent, but it also verifies that the form was filled in by the same person whose data you now hold (unless this third party has access to their email account too, of course).

3. Growing your list

If you use third party services to build your email list, you need to make sure that they’re obtaining consent and passing the record of it to you. After all, the data is being added to your list, so it’s your responsibility.

Bookfunnel

I reached out to Bookfunnel and they told me that they plan to add a checkbox to their signup form. They’ll also timestamp that consent and pass it along to Mailchimp, giving you a record of the consent provided. This is a great start, but it doesnt allow you to obtain the granular permissions (email, online advertising, etc.) that you might require. If you’re using Bookfunnel, think carefully about what you want to do with a reader’s email address and send a follow-up email to ask for the relevant permissions.

Instafreebie

Instafreebie, on the other hand, aren’t as impressive. When I reached out to them, they didn’t seem to know what GDPR was. And their site uses the dreaded small print, assumed consent (“By clicking a button, you agree to emails etc.”).

Right now, Instafreebie is not GDPR-compliant, meaning you won’t be able to use it after 25th May. I’m waiting for further news and I’ll update this post with any updates. Fingers crossed!

Update: Instafreebie have made changes to their service in light of GDPR, but all they have done is stopped featuring giveaways that require a mandatory opt-in to your newsletter. That isn’t good enough, and my previous statement stands: Instafreebie isn’t GDPR compliant.

4. Selling ebooks on your site

This is something I’m afraid I have no experience with. However, if you’re selling ebooks directly from your website, you’ll need to be collecting personal data in order to send them their purchases. That means you’ll need a clear method to obtain and record your customers’ permission to collect their data and process it. So if you’re planning on adding them to your newsletter after they make a purchase, make sure you can prove they agreed to that!

5. A privacy policy

If you don’t have one, get one. It doesn’t have to be fancy. It’s just a document explaining what data you request, what you use it for, and how users can ask you to stop using it. You can take inspiration from mine, if you like, or Slack has a rather good one (although it’s probably more in-depth than you’d need!)

6. Cookies

You also need express and clear consent that a visitor to your website has provided opt-in consent to your use of cookies (this includes cookies used by Google Analytics). How you obtain that consent will vary depending on how your website is built, but I noticed the ICO (which is in charge of enforcing GDPR) is using this solution. I figured if it’s good enough for them, it’s good enough for us, right?

7. Google Analytics

If you have Google Analytics installed on your website, you’ll know it can tell you all sorts of useful things such as how many people visited your site, what part of the world they’re in, and even what kind of device they were using.

Google has introduced a new tool that allows you to set a period of time after which data is deleted. This allows you to control how long to retain that information. There’s no hard and fast rule as to how long you should retain it; GDPR only says you shouldn’t keep it for longer than is reasonable. So, you know, how long is a piece of string?

And, while Google Analytics doesn’t truck in personal data, it does use visitors IP addresses to figure out what part of the world they’re in. That IP address could be used to identify your visitors, so you’ll need to anonymise IP addresses.

I won’t lie, this is a bit of a tricky one. If you’re using a plugin to integrate Google Analytics into your site, there’s probably an option to you can simply select. Otherwise, you’ll need to change the Google Analytics code you’ve used for your site. This is somewhat beyond my technical skills; if this makes sense to you, you’re a smarter cookie than I am!

8. Asking for consent again

This was brought to my attention by the Self-Publishing Formula podcast which, bizarrely, is telling authors that they’ll be fined for asking their email subscribers to confirm they want to keep receiving emails. And this just isn’t true!

It’s true that two companies, Honda and Flybe, were fined for sending out emails to people asking them to confirm they wanted to receive marketing emails. But they were fined for emailing people who had already unsubscribed! Big no-no.

But, because GDPR raises the bar for consent, it’s possible that the consent you previously received doesn’t match the new requirements. Perhaps the consent box was pre-ticked, for example, or perhaps there was small print saying “by clicking submit, you agree to join my newsletter”. These used to count as consent, but not anymore.

Where you’ve been given consent that doesn’t match the new requirements set by GDPR, you must ask these subscribers to confirm they want to keep receiving your emails. It isn’t just a good idea; it’s set out very clearly on the ICO website, (an entity that enforces GDPR in the UK).

Obviously, asking your subscribers to confirm their consent will mean some people ignore you or even unsubscribe. But that’s okay; you only want to send emails to people who want to receive them, right?

As I said, I’m not a lawyer. I’ve just had to read a lot about GDPR as part of my day job (I have an exciting day job). Feel free to ask any questions in the comments, or to tell me if you think I’ve got something wrong!

5 Easy Steps to Verified Authorship for a WordPress Blog

You may have noticed that some search results have a picture of the author next to the link. Ever wondered what that was? Me too. Turns out that it’s called Google Verified Authorship, it takes five minutes to set up and it can increase the number of visits by up to 400% (apparently).

So what are you waiting for? Here’s five easy steps to get your pretty face next to your links and get the people clicking on it.

1. Set up a Google+ profile.

Whether or not a presence on Google+ is worthwhile at this stage is a topic for a whole other post, but a Google+ profile is essential to this process. (For bonus points, find and add my Google+ profile!)

2. Add your website to the Contributor To section

This points your Google+ profile towards your website. This section is right at the bottom of your profile when you click “edit”.

3. Make sure your +1s are public.

The process won’t work without this step. I don’t know why.

4. Insert the following into your header.php file

This code will point your site to your Google+ profile and complete the online handshake, as it were. Find the “head” section of your header.php file and insert the following code:

link rel=”author” href=”https://plus.google.com/112830526540548509787/posts”/

The link is the link to your Google+ profile, so be sure to substitute it with your own link. Be sure to place a < at the beginning of the line and an > at the end too!

5. Use Google’s Rich Snippets Testing Tool to see if it worked

It won’t work straight away – Google will have to re-crawl your site – but this tool can tell you immediately if everything has been set up correctly.

Now make yourself a margarita, you’re all done! Was that nice and easy or what? Leave me a comment and let me know.

Three Great WordPress Tweaks

The more observant of you may have noticed that things looked a little odd over the weekend. You may even have noticed that there’s no more annoying grey line in my header image. Or that my sidebar doesn’t disappear on a mobile device. Or that my Twitter widget doesn’t show replies (when it works). I hope you have because they had me scratching my head for ages! But those problems are solved at last and, to save anyone else’s scalp from unnecessary friction, I thought I’d share the secrets.

First you need a child theme

If you make changes to the coding of your theme, chances are strong that those changes could be wiped by an update. A child theme is a mini theme that takes all the looks from the main theme but allows you to fiddle to your hearts content. But don’t be lazy. I used the One-Click Child Theme plugin because it was quick and easy. I paid for that when WordPress decided to punish me for my laziness and eat it for lunch. Do it properly.

Got a grey line above your header image?

I thought I’d messed up my image dimensions but this is actually down to a little line of code in the style.css file. Open it and find the line that reads margin: 2em auto. Change that to margin: -.2em auto and kiss that grey line goodbye!

Twenty Eleven display problems on a mobile device?

The Twenty Eleven theme adapts itself to the width of the screen and will dump your sidebar(s) underneath your pages if it detects a small screen. You can stop this misbehaving by going into the header.php file and deleting the line including the text:

meta name=”viewport” content=”width=device-width”

This will mean your website will display on a mobile device just as it does on a computer.

Want to hide replies on the Twitter widget?

Nothing to do with WordPress or themes but this one drove me a little mad! I don’t like to sees replies in a Twitter widget; it’s like listening in on a conversation and it doesn’t tell you if the tweeter is worth following. But hiding replies isn’t an option in the Twitter widget, so you need to get clever.

When creating the widget on the Twitter site, you’ll need to copy some code and paste it into a text widget. Simply edit this text by inserting &exclude_replies=true after your Twitter username. (Using mine as an example, it should look like this:

}).render().setUser(‘realjtk&exclude_replies=true’).start();

And there you have it! I hope sharing that was helpful and, if any of it didn’t make sense, feel free to ask questions.

5 Things I’ve Learnt About WordPress Sites

The more observant of you will have noticed I’ve moved. No longer do I blog on a WordPress.com site, but on my own self-hosted website powered by WordPress.org! Admittedly, the place is still a little basic. I’m rocking an oh-so-original Twenty Eleven theme. But the basics are here and I’m looking forward to making this a place you’ll want to visit. If there’s anything you’d like to see, drop a comment!

But what you see here are the results of my efforts this weekend and I’ve already learnt quite a few things. In the spirit of warning anyone following a similar path to me, I present my findings to the board:

Don’t be a hero: I decided that it would be best that I install WordPress manually, using an FTP client and all sorts. I thought it would teach me a thing or two. It did. It taught me not to be an idiot and to use the one-click option my host provided. It was called Softaculous and it managed in two minutes what I couldn’t in sixty.
Get plugged in: There’s a lot of great plugins for WordPress and getting them sooner rather than later can make your life a lot easier. Trust me. I’d recommend Jetpack for a whole host of WordPress extras, Google Analytics for WordPress for a quick and easy install of Google Analytics and Google XML Sitemaps to make your site easier for Google to index.
Find your inner child: Creating a child theme is vital if you’re going to start customising a theme, as any updates will wipe your changes. Doing this looked a little tricky so I cheated; I used a plugin that did it for me. Gotta love those plugins!
Nothing doing: Nothing found for wp-login or wp-admin? When I got that error it was my theme causing the problem. I had to use an FTP client to change the name of the theme’s folder in wp-content/themes, which forced WordPress to default back to Twenty Eleven. That fixed it, and I deleted the offending theme.
Fitting in: The Twenty Eleven theme liked to display the side bar underneath my posts. This was because of a line of code in the header file. Making a copy of “header.php” and pasting into my child theme’s folder and then deleting solves the issue.

I’m still digging around so I’ll share any more tips I discover. Any you’d like to share? Let me know!