data

Privacy, General Data Protection Regulation (GDPR) information for WordPress bloggers.

May 25, 2018 by Simon

This is a short post with General Privacy, Data Protection Regulation (GDPR) information for WordPress bloggers.

Note: This is not legal advice, just late minute information on current opinions and facts around GDPR.

fyi: Read my guide on the awesome UpCloud VM hosts (get $25 free credit by signing up here).

Facebook, Google, Whatsapp and Instagram are facing lawsuits for failing to comply with GDPR, Europe’s sweeping new data protection law.

Facebook, Google, Whatsapp and Instagram are facing lawsuits for failing to comply with GDPR, Europe’s sweeping new data protection law https://t.co/o7FyX0fspI
— CNN (@CNN) May 25, 2018

It is GPRD Compliance Eve and there are loads of last-minute GDPR activity.

Official European Commission resources on GRDP

What are your new #dataprotection rights? What is the right to be forgotten?
Our official website provides you with more information → https://t.co/h0rqJaHqJt #GDPR pic.twitter.com/VLhWzOUzR6
— European Commission ?? (@EU_Commission) May 25, 2018

Some US News sites are blocking Europeans

GDPR: US news sites blocked to EU users over data protection rules https://t.co/G0g5U0eqM1
— BBC Technology (@BBCTech) May 25, 2018

Legal Teams are up late

shout out to the legal teams pushing their GDPR-driven privacy policy updates out at the last minute pic.twitter.com/afSAT2egyf
— Patrick Donahue (@prdonahue) May 25, 2018

First Lawsuits are filed

Under #GDPR, Schrems files legal cases worth €7bn against Facebook https://t.co/eQtbptLl09
— Irish Times Business (@IrishTimesBiz) May 25, 2018

Should you panic?

No.

If you want a good summary for GDPR for bloggers – does it apply to you and how to comply then read this.

Also, Wikipedia has a good article.

wpbeginner.com has an Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know

Read wpbeginners.com’s summary of what GDPR is?

The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.

Are there fines?

Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.

First, there will be warnings, then reprimands then Suspension then Fines and more.

Does GDPR apply to my WordPress site?

The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).
If your website has visitors from European Union countries, then this law applies to you.
But don’t panic, this isn’t the end of the world.
While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.

But warning are issued before fines are given.

What can you do?

Check your web server hosts GDPR Compliance (my blog host is Vultr, their GDPR compliance summary on their blog, Vultr data processing guide). Read my guide on setting up a server on Vultr here.
Know your mail servers GDPR status – I use GSuite (e.g Google GDPR Reference Center, Whitepaper and Resource Center).
Ubuntu GDPR Auditing and compliance information (e.g Purging old data, use strong passwords, be accountable, perform audits (with Lynis, Qualsys and Zap), running virus scanners, use secure protocols and security (like TLS 1.3)).
Securing and protecting users private data (e.g using SPF, DKIM and DMARC on your mail server).
Review the Google AdSense Compiance Information (If you are using AdSense )
Read WordPress Core GDPR v4.9.6 changes
Search each of your WordPress plugins and see what you need to be aware of in relation to GDPR.
Review Mailchimp GDPR data.
Cookie Consent (I use GDPR Cookie Consent Plugin).
etc.

But the takeaway is, don’t create a website (then be lazy) and abuse users private data or be lazy with security.

My blog hosts (Vultr) GDPR information

I instaled a GDPR Cookie Concent WordPress Plugin

I used the WP-CLI plugin install GDPR Cookie plugin for the command line. View the developer site here.

# Visited the WP Plugin page and got the URL for the latest plugin version
# https://wordpress.org/plugins/cookie-law-info/
# Connect to my server via SSH
cd /www-root
cd wp-content/plugins/
wget https://downloads.wordpress.org/plugin/cookie-law-info.1.5.5.zip
unzip cookie-law-info.1.5.5.zip
unzip -r cookie-law-info.1.5.5.zip
rm -R cookie-law-info.1.5.5.zip

I then activated the plugin and configured it.

Cookie bot alos have a great page on GDRP here.

I edited the following Privacy/GDRP placeholder files.

cd /www-root
# Made a reject cookies placeholder
sudo nano rejectcookies.html

# Made a privacy placeholder
sudo nano privacy.html

I should have skipped creating a privacy.htm page as WordPress v4.9.6 has a Privacy Page Generator. Nice

Goto tour sites Dashboard, click Settings then Privacy. Create a new page, fill in the blanks and publish it.

I read MailChimp GDPR Advice as I had a few lists wih private data

General Data Protection Regulation FAQs: http://eepurl.com/dufEZb
About MailChimp, the EU/Swiss Privacy Shield, and the GDPR: http://eepurl.com/c567FL

More to come. Lets get back to those GDPR emails

Trying to delete #GDPR emails like… pic.twitter.com/eZpqSS2OVF
— H3roes&Vi1lains (@H3roesVi1lains) May 25, 2018

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.1 Cookie Bot GDPR Link

v1.0 Initial post

Moving an Ubuntu 16.04 VM on Vultr from one data centre to another via snapshots

April 17, 2018 by Simon

This guide will show how you can move an Ubuntu VM server domain between Vultr data centres via snapshots.

I have a number of guides on moving away from CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Sometimes you need to move a sever between locations and/or upgrade the server (to have more memory t install WordPress).

Moving an existing Vultr server

If you don’t have an Ubuntu server click here (follow this guide).

Login to Vultr and specify a source server, click Snapshots and click Take Snapshot.

Wait for the snapshot to finish (It may take 1 hour).

Great, the snapshot is done.

Now I can create a new server (in a different data centre).

Deploy New Instance

Choose a location (Australia is at capacity, so I’ll deploy to Silicon Valley then move again in a few weeks), choose the snapshot to restore, choose a plan, I enabled IPV6/Auto Backups and Private Networking.

TIP: The password for the server will be the same as the source server so write it down.

Click Deploy Now

After a few minutes, you can see the new servers IP address, you can log in to your domain name provider (in my case Namecheap) and update the target IPV4 and IPV6 address.

You can find IPV4 and IPV6 addresses by opening your server, clicking settings then IPxV4 or IPV6.

You will need to update Vultr DNS settings (login to Vultr, Click Servers, Click DNS then edit your existing Domain DNS entry). Add you’re new serves IP addresses.

Update: I added an IPV6/AAAA record too.

Wait for DNS Replication

Goto https://www.whatsmydns.net/ and check the global DNS propagation for your new domain’s server.

If you are happy that the server has been migrated (snapshot restored) and that the domain DNS is pointing to your new server you can delete the old server in the Vultr server list.

Post-Migrate Actions

Setup Daily backups.
Review firewall settings (guide here).
Optional: Install MySQL
Optional: Install PHP
Optional: Install PHP Pooled Connections
Optional: Install WordPress
Optional: Install WordPress CDN
Optional: Configure Cloudflare
etc

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.1 Vultr Link

v1.0 Initial post

Add email alias to an existing GSuite email account

January 14, 2018 by Simon

This short post will show you how (and why) you should add email aliases to email accounts for previously added domains.

Here are my two posts related to setting up a new suite account and adding a second domain to an existing GSuite account. I used to have my own C Panel domain but moved all servers to self-managed servers first on Digital Ocean then AWS then Vultr. Vultr is now my preferred hosts as they are affordable and have server locations in Australia.

Click Users

I tried to add an email alias to existing 2x domains in Google Suite (the help did not align with the screens I was seeing in my admin consoles), there was no email alias section)??

Official Google Help: https://support.google.com/domains/answer/6304345?hl=en-AU

Snip:

Every user in a G Suite account has a primary address for signing in to their account and receiving mail. If a user wants another email address, you can create an email alias for them.

Why use an alias?  If [email protected] wants a sales address to post to the company website, you can create the alias [email protected]. Mail sent to either address then appears in Ann's Gmail inbox.

You can add up to 30 email aliases for each user. Users continue to sign in to their G Suite account with their primary address, not an email alias.

I fired up the G Suite support

I wanted to add the following email aliases of “[email protected]”, “[email protected]” and “[email protected]” to an existing email on 2 domains to support security disclosures (post soon (nope Troy Hunt beat me, read his post on security disclosure here)).

While I was waiting for the support chat I figured out the email alias thing, it turned out I needed to click the “Account” header on the user screen (I did not realise “account word was clickable).

Solution: How to add Aliases

You need to click the account heading (It’s a link apparently).

When the Ajax content loads you can scroll down to alias section.

Tip: There is no “Apply” or “OK” button when adding aliases so just press enter.

Now if you want to be able to send as the new alias you need to add the aliases in Gmail.

Now you can send via this email alias in GMail or via CLI via the primary account 🙂

sendemail -f [email protected] -t [email protected] -u "Test email via alias" -s smtp.gmail.com:587 -o tls=yes -xu [email protected] -xp YourPa$$w0rdH3r3 -m "Test email via alias"

Read my blog post on sending email from the command line via G Suite.

Donate and make this blog better

Ask a question or recommend an article

Revision History
v1.1 Added Troy Hunt “Data Breach Disclosures” link

v1.0 Working Copy.

Hope this helps someone.

PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database

November 1, 2017 by Simon

Sanitising user input is a golden rule with web developing (see https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet ), here is my code snippet to sanitise and parameterise MySQL queries in PHP 7.0.

First, watch and follow @jawache (Asim Hussein) demo how common hacks happen and why you should update and patch software often, sanitise user data and set up a firewall.

I have blogged before on how to set up a Vultr server and configure it, How to secure Ubuntu in the Cloud, How to run an Ubuntu System Audit and Beyond SSL with Content Security Policy, Public Key Pinning etc but a 100% secure server is impossible as zero-day exploits and flaws (e.g WPA WiFi) reminds us how limited technology lifespans can be. Yes, you can setup firewalls on Ubuntu and WordPress but you are only one exploit away from being hacked.Below is my code snippet (in PHP) to sanitise incoming data, query a MySQL database with object-oriented calls in PHP 7.0 and return data in variables. I have set up a firewall to block access to MySQL and non-essential ports (use https://www.shodan.io/ to test your server’s ports). I was using older deprecated PHP 5 era database calls and I researched newer calls available in PHP 7.0.

When you log in to an Ubuntu server and it says the following you should update

89 packages can be updated.
35 updates are security updates.

Also update software, node, npm etc

This code outputs too much information but will help you setup and get data on your servers (as long as you replace your database, table and field names).

<?php
echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . "<br /><br />";
date_default_timezone_set('Australia/Sydney');

$dbhost = '127.0.0.1';
$dbusername = 'themysqlaccount';
$dbpassword = 'themysqlpassword';
$dbname = 'thedatabasename';
$con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname);

//Debug stuff
//echo var_dump($con);
//printf(" - Error: %s.\n", $stmt->error);

if($con->connect_errno > 0){
    printf(" - Error: %s.\n", $stmt->error);
    die("Error: Unable to connect to MySQL (E001)");
} else {
 echo "Charset set to utf8<br />";
 mysqli_set_charset($con,"utf8");
}

if (!$con) {
    echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
} else {
    echo "Database Connection OK<br />";

    echo "&nbsp; Success: A proper connection to MySQL was made! The my_db database is great." . PHP_EOL . "<br />";
    echo "&nbsp; &nbsp;- Host information: " . mysqli_get_host_info($con) . PHP_EOL . "<br />";
    echo "&nbsp; &nbsp;- Server Info: '" . mysqli_get_server_info($con) . "'<br />";
    echo "&nbsp; &nbsp;- Server Protocol Info : ". mysqli_get_proto_info($con) . "<br />";
    echo "&nbsp; &nbsp;- Server Version: " . mysqli_get_server_version($con) . "<br />";
    //echo " - Server Connection Stats: " . print_r(mysqli_get_connection_stats($con)) . "<br />";
    echo "&nbsp; &nbsp;- Client Version: " . mysqli_get_client_version($con) . "<br />";
    echo "&nbsp; &nbsp;- Client Info: '" . mysqli_get_client_info() . "'<br />";

echo "Ready to Query the database '$dbname'.<br />";

// Input Var's that are parameterized/bound into the query statement
// I pre fill three vaiables with known fields in my users table
// Goot article in manual sanitization of strings in PHP http://php.net/manual/en/filter.filters.sanitize.php
    $in_username = mysqli_real_escape_string($con, 'FearTec');
    $in_f_guid = mysqli_real_escape_string($con, '5161a571-4a51-468d-9e96-6a5db5d35b1c');
    $in_mobile = mysqli_real_escape_string($con,'0456629533');

// Output Var's that the query fills after querying the database
// These variables will be filled with data from the current returned row
    $out_id = "";
    $out_f_guid = "";
    $out_username = "";
    $out_mobile = "";

echo "1. About to query the database: '$dbname'<br />";
$stmt = mysqli_stmt_init($con);
if (mysqli_stmt_prepare($stmt,"SELECT id, username, guid, user_mobile FROM thedatabasename WHERE username = ? AND guid = ? AND user_mobile = ?")) {

        echo "2. Query Returned<br />";

        /*
            Type specification chars
            Character   Description
            i   corresponding variable has type integer
            d   corresponding variable has type double
            s   corresponding variable has type string
            b   corresponding variable is a blob and will be sent in packets
        */
        mysqli_stmt_bind_param($stmt, 'sss', $in_username, $in_guid, $in_mobile);

        mysqli_stmt_execute($stmt);

        mysqli_stmt_bind_result($stmt, $out_id, $out_username, $out_guid, $out_mobile);

        mysqli_stmt_fetch($stmt);

        // Do something with the 1st returned row        
        echo " - Row: ID: $out_id, GUID: $out_guid, USR: $out_username, MOB: $out_mobile";//
        // Do we have more rows to process
        while($stmt->fetch()) { 
                // Deal with other rows
                echo " - Row: ID: $out_id, GUID: $out_f_guid, USR: $out_username, MOB: $out_mobile<br />";
        }
        mysqli_stmt_close($stmt);
        
        echo "c<br />";
    }
     else {
        echo "3. Error Querying<br/>";
        printf(" - Error: %s.\n", $stmt->error);
    }

}    

?>

Returned Data

Last modified: November 01 2017 16:43:01.
Charset set to utf8
Database Connection OK
  Success: A proper connection to MySQL was made! The my_db database is great. 
   - Host information: 127.0.0.1 via TCP/IP 
   - Server Info: '5.7.19-0ubuntu0.16.04.1'
   - Server Protocol Info : 10
   - Server Version: 50719
   - Client Version: 50012
   - Client Info: 'mysqlnd 5.0.12-dev - 20150407 - $Id: b5######################## $'
Ready to Query the database 'thedatabasename'.
1. About to query the database: 'thedatabasename'
2. Query Returned
- Row: ID: 1, GUID: 0000000-0000-0000-0000-000000000001, USR: Bob, MOB: 1234567890
- Row: ID: 2, GUID: 0000000-0000-0000-0000-000000000002, USR: Joe, MOB: 1234567891
- Row: ID: 3, GUID: 0000000-0000-0000-0000-000000000003, USR: Jane, MOB: 1234567892

Variable Bind Parameter Types

When you bind an incoming variable you can inform MySQL what the data type is expected to be.

mysqli_stmt_bind_param: Type specification chars
Character   Description
i   corresponding variable has type integer
d   corresponding variable has type double
s   corresponding variable has type string
b   corresponding variable is a blob and will be sent in packets

Debug Options

Errors Enabled: Turn on PHP Debug Errors On

Turning on errors on production servers is bad but on on development.

First, find php.ini files

locate php.ini
/php.ini.bak
/.c9/metadata/workspace/etc/php/7.0/fpm/php.ini
/etc/php/7.0/apache2/php.ini
/etc/php/7.0/cli/php.ini
/etc/php/7.0/fpm/php.ini
/etc/php/7.0/phpdbg/php.ini
/usr/lib/php/7.0/php.ini-development
/usr/lib/php/7.0/php.ini-production
/usr/lib/php/7.0/php.ini-production.cli

Edit your appropriate PHP file

sudo nano /etc/php/7.0/fpm/php.ini

And turn on Error reporting.

Restart PHP and NGINX

sudo /etc/init.d/php7.0-fpm restart
sudo /etc/init.d/nginx restart

If you need to view your active php.ini file or see php configuration settings, add this to a .php file on your web server and view it’s contents.

<?php
phpinfo()
?>

It is amazing how clear errors can be

Dump Connection Vars: PHP mysqli_connect: var_dump($con)

echo var_dump($con);

Output:

  public 'affected_rows' => int 0
  public 'client_info' => string 'mysqlnd 5.0.12-dev - 20150407 - $Id: b5###############################3 $' (length=79)
  public 'client_version' => int 50012
  public 'connect_errno' => int 0
  public 'connect_error' => null
  public 'errno' => int 0
  public 'error' => string '' (length=0)
  public 'error_list' => 
    array (size=0)
      empty
  public 'field_count' => int 0
  public 'host_info' => string '127.0.0.1 via TCP/IP' (length=20)
  public 'info' => null
  public 'insert_id' => int 0
  public 'server_info' => string '5.7.19-0ubuntu0.16.04.1' (length=23)
  public 'server_version' => int 50719
  public 'stat' => string 'Uptime: 1828089  Threads: 1  Questions: 15702  Slow queries: 0  Opens: 1529  Flush tables: 1  Open tables: 1461  Queries per second avg: 0.008' (length=142)
  public 'sqlstate' => string '00000' (length=5)
  public 'protocol_version' => int 10
  public 'thread_id' => int 7367
  public 'warning_count' => int 0

Show Environment Vars: mysqli_get_host_info, mysqli_get_proto_info, mysqli_get_server_version, mysqli_get_client_version and mysqli_get_client_info.

echo "&nbsp; Success: Database connection OK." . PHP_EOL . "<br />";
echo "&nbsp; &nbsp;- Host information: " . mysqli_get_host_info($con) . PHP_EOL . "<br />";
echo "&nbsp; &nbsp;- Server Info: '" . mysqli_get_server_info($con) . "'<br />";
echo "&nbsp; &nbsp;- Server Protocol Info : ". mysqli_get_proto_info($con) . "<br />";
echo "&nbsp; &nbsp;- Server Version: " . mysqli_get_server_version($con) . "<br />";
//echo " - Server Connection Stats: " . print_r(mysqli_get_connection_stats($con)) . "<br />";
echo "&nbsp; &nbsp;- Client Version: " . mysqli_get_client_version($con) . "<br />";
echo "&nbsp; &nbsp;- Client Info: '" . mysqli_get_client_info() . "'<br />";

Output:

  Success: Database connection OK. 
   - Host information: 127.0.0.1 via TCP/IP 
   - Server Info: '5.7.19-0ubuntu0.16.04.1'
   - Server Protocol Info : 10
   - Server Version: 50719
   - Client Version: 50012
   - Client Info: 'mysqlnd 5.0.12-dev - 20150407 - $Id: b5######################################## $'

Show errors in failed if statements: mysqli_stmt_prepare else

printf(" - Error: %s.\n", $stmt->error);

Output:

Error: Table 'thedatabasename.invalidtablename' doesn't exist.

Debugging is your friend.

More to come..

Donate and make this blog better

Ask a question or recommend an article

V 1.0 initial post

Short (Article):

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

"If you're not still learning, you're already dying."
- Ryan Holiday - Ego is the Enemy

Follow me on Twitter: @FearbySoftware

View All Posts.

data

Moving an Ubuntu 16.04 VM on Vultr from one data centre to another via snapshots

Add email alias to an existing GSuite email account

PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database

Popular

Security

Code

Tech

Wordpress

General

data

Footer

Popular

Security

Code

Tech

Wordpress

General