WordPress Session Eraser

GDPR-compliance thanks to WordPress Session Eraser

According to the principles of GDPR, you are urged to store as little data as possible. We are glad to support you in this! Our special hosting tool ‘WordPress Session Eraser’ enables you to schedule the timings after which the WordPress Sessions of your users shall be deleted automatically – with just a few clicks.

A session in WordPress is basically a kind of personal access card which the signed-in user on your website attains for the duration of the login – similar to the procedure when visiting a Parliament or an official building. There, for the duration of your stay, you will receive a card which contains pieces of information such as:

  • name
  • address
  • level of access authorization (e.g. restrictions to certain areas etc.)
  • duration of visit

A WP session actually does not differ much from this. Equivalent to the illustrative Parliament example, your user’s session data comprise the following details:

  • user name
  • IP address
  • user level (admin, editor, author etc.)
  • duration of session validity
  • In addition, the session is assigned to a hash to make every session unique. (A user can be logged in via multiple devices.)

If a user logs out actively or the validity period of the session expires, the session is deleted – at least this would be the normal case. Some themes and plugins (e.g. certain shop or member themes) prevent the deletion of these sessions from the database and thus store user data for a longer period than actually required or allowed.

This is when our WordPress Session Eraser steps in

The WordPress Session Eraser deletes the WordPress sessions of all your users from the database according to a time interval set by you. You can schedule these intervals in your BOX settings on our dashboard and configure them individually for every single BOX.

WordPress Session Eraser Settings

The interval scale is always absolute. This means: If you set the interval for ‘8 hours’, the sessions will be deleted at following fixed times:

  • 00:00 (12 a.m.)
  • 08:00 (8 a.m.)
  • 16:00 (4 p.m.)

By automatically deleting unnecessarily stored session data you implement the fundamental GDPR principle of data minimization. Using the WordPress Session Eraser, you are therefore getting one step closer towards GDPR compliance.