Exporting personal data from logs
Depending on configuration during its normal operations WP Cerber can accumulate information in the website database. This information can be considered as personal data in terms of applicable privacy law (such as GDPR). All that data can be exported by a user request or deleted from within the WordPress dashboard with easy, no database tools are needed.
To start using a personal data export feature in WP Cerber, you need to enable it in the plugin settings. Go to the User Policies admin page and click the Global tab. Scroll to the Personal Data section. Click Enable data export and select what type of data from the Cerber’s logs you want to be included in the export files. You have to configure these settings before processing export requests and creating export files. Keep in mind that these export files are available to download by anyone who has a download link.
Using the WordPress Export Personal Data tool
Once the export is enabled, you can use the WordPress Export Personal Data tool which is located under the Tools / Export Personal Data menu. All personal data will be included in the export file automatically. If personal data were logged, a file will contain two non-empty sections: “Activity log” and “Traffic log”.
What data is exported
Once a request to export personal data has been added and processed by a website admin, WP Cerber finds a WordPress user with the email address provided in the request. If the user is found, all the entries in the Cerber’s log relating to the user are included in the export file. If there is no WordPress user associated with the email address in the request, no data are included in the export file.
The type and amount of data to be included in the export file are depend on the plugin’s settings. You need to configure them depending on under what law (such as GDPR in Europe or CCPA in California) personal data on your website is being processed.
Also, note that if the logging of requests is disabled in the Traffic Inspector settings, nothing from the requests log is included in an export file. As well as submitted form fields are not included if saving request fields is disabled.
The format of the data
The export file is generated and compressed to a ZIP archive by WordPress. All entries that are generated by WP Cerber have the JSON format, which is universal and can be read or/and decoded with easy. This format is used because the personal data export feature is limited by WordPress to using plain text only. In case you need to get an export file in the CSV format, you need to use the WP Cerber Export feature instead, read more below.
Recommended settings for GDPR
You need to enable all settings in the Personal Data section.
If you see the following error when you click Download Personal Data on the Tools / Export Personal Data admin page, reload the page using the F5 key on PC or Command + R keys on Mac.
An alternative way to export user-related data
Is using the Export feature on the Activity tab and Live Traffic page.
What versions of software you need
The tool described above is available since WordPress 4.9.6 and WP Cerber 8.5.8
Does WP Cerber plugin process personal data in a cloud?
The WP Cerber plugin doesn’t send to or process personal data in any cloud. We take your privacy, privacy your users and our reputation very seriously. We’re a firm believer that any personal data or sensitive technical information cannot be processed or stored on our servers.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.
Dawn ( )
Does WP Cerber log personal data, such as IP addresses in the site database for site traffic beyond WordPress user accounts?
Gregory ( )
Yes. You should also know that the vast majority of web servers log IP addresses of website visitors to server access logs. You simply cannot avoid that. Please note that technically, it is not correct to consider IP addresses as true personal data. For instance, when you use a free Wi-Fi connection at a cafe or on a plane, you use an IP address that is shared with others. Or when your friends have fun in your house using your Wi-Fi connection while your front porch security camera is translating video to the cloud. From a legal standpoint, the IP address is associated with you, but for many connections mentioned above, it’s not your personal data per se. Using dynamic IP addresses for mobile Internet connections makes the situation more complex because people and devices are on the move and IP addresses used for such connections are changing permanently. An IP address is personal data if it identifies an individual in connection with additional data, such as an email address or a user session identifier.