Wordfence and GDPR – General Data Protection Regulation

Defiant, the company behind Wordfence, has updated its terms of use, privacy policies and software, as well as made available a data processing agreement to meet GDPR compliance. Customers must review and agree to updated terms in order to continue using our products and services. We also provide a data processing agreement if you qualify as a data controller under the GDPR.

The General Data Protection Regulation (GDPR) is a set of rules that provide data subjects with more control over their personal data. GDPR defines a data subject as anyone within the borders of the EU at the time of processing their personal data. It includes regulations on how EU data can be exported outside of the EU. It is changing the way organizations approach data privacy and the handling of personal information.

Agreement to new Terms and Privacy Policies

To continue using Defiant products and services including the Wordfence plugin, all customers must review and agree to the updated terms and privacy policies. The Wordfence interface will remain disabled until these terms are agreed to. These changes reflect our commitment to follow data protection best practices and regulations.

Data Processing Agreement

Defiant provides a data processing agreement to help customers meet their data privacy and protection obligations that are part of the General Data Protection Regulation (GDPR). Defiant has pre-signed the agreement and it is available to all Defiant customers that are processing personal data and operate in the European Economic Area (EEA) or are otherwise subject to the territorial scope of the GDPR. To learn more about privacy and data protection rules of the EEA click here.

To comply with EU General Data Protection Regulation (“GDPR”), our EU customers must sign our Data Processing Agreement (“DPA”) and the Standard Contractual Clauses to establish the respective responsibilities between the Defiant customer (as the data controller) and Defiant itself (as the data processor). If the GDPR applies to you please download, sign, and email both the DPA and the Standard Contractual Clauses to privacy@defiant.com. Both the DPA and Standard Contractual Clauses are available in one document below. Note you must sign in two places.

Defiant Data Processing Agreement and Standard Contractual Clauses can be downloaded here: https://www.wordfence.com/gdpr/dpa.pdf

Remember to sign in two places and email it to privacy@defiant.com.

Cookies set by the Wordfence plugin

To help you understand which cookies the Wordfence plugin sets, when installed on your WordPress site, we have provided the guide below. Wordfence currently sets three cookies and we explain what each cookie does, who will have the cookie set, and why the cookie helps secure your site.

wfwaf-authcookie-(hash)

What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.

Who gets this cookie: This is only set for users that are able to log into WordPress.

How this cookie helps: This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

wf_loginalerted_(hash)

What it does: This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.

Who gets this cookie: This is only set for administrators.

How this cookie helps: This cookie helps site owners know whether there has been an admin login from a new device or location.

wfCBLBypass

What it does: Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.

Who gets this cookie: When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.

How this cookie helps: This cookie gives site owners a way to allow certain users from blocked countries, even though their country has been blocked.