Hi @trimension !
since the dsgvo does not allow the permanent storage of IP addresses, they must be deleted before the comment is saved
Yes, the permanent storing is not allowed, but you don’t need to delete the IP address immediately.
Fighting spam is necessary and therefore a legitimate interest. To respect the GDPR and fight spam, you can use plugins which delete the IP after a specific amount of days.
https://de.wordpress.org/plugins/dsgvo-tools-kommentar-ip-entfernen/
If you want to use the local spam db feature in Antispam Bee you can also delete spam comments one day before the IP address is deleted, so you can have both.
The other way to solve this would be to uncheck the local spam db feature to prevent false positives.
Hope this helps!
All the best
Torsten
Thread Starter
Jürgen
(@trimension)
Hi Thorsten,
Yes, I’m well aware of that… but it’s time-consuming and ultimately just a crutch…
The plugin does not distinguish between ‘spam’, ‘trash’ and ‘normal’ comments when deleting IPs and deletes all existing, which is probably not even necessary…
A better solution would be not to save the IP address at all for NON-Spam comments in the first place. Storing spam comments with IP addresses should not violate the GDPR as there is a continuing legitimate interest here (Blacklist)
But the problem is that I don’t have a hook that would allow me to remove the IP address after the spam checks but before saving…
The correct hook would be “preprocess_comment” but the spam checks happen later so I don’t know which IPs to delete and which not. The “pre_comment_approved” hook would be suitable here, but unfortunately it only filters the spam identifier itself… The comment data cannot be manipulated here 🙂 It should happen between the “pre_comment_approved” and the save into the db…
Hence my question, is there a way to implement this, because that would be the cleanest solution, I think 🙂
Hi @trimension
I discussed this with the team today, and we want to check how we want to proceed on the matter at our next Hackathon before WordCamp Germany. Maybe I can provide a solution then (or before, if someone has the time to try our ideas).
At the moment, it is recommended to not save the IP at all for a comment:
function wpb_remove_commentsip( $comment_author_ip ) {
return '';
}
add_filter( 'pre_comment_user_ip', 'wpb_remove_commentsip' );
If the IP column is empty, we skip the check. You shouldn’t use a local IP (127.0.0.1) or another default IP address in combination with the local spam db. This would lead to all comments being marked as spam.
Hopefully we have a better solution soon.
All the best
Torsten