Does WP Ghost help make my WordPress site GDPR compliant?

WP Ghost is GDPR compliant in its own data handling, but it doesn't add GDPR features to your website like cookie consent banners. Use a dedicated GDPR plugin for that.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and hooks. No core files modified. No visitor data written to files or sent externally except Events Log when enabled.

How To

WP Ghost GDPR Compliance

Q: Does WP Ghost collect data about my website visitors?

No. WP Ghost does not track or send visitor data to external servers. All security features operate locally. The Events Log (Premium) sends security event data only when explicitly enabled.

Q: Can I use WP Ghost without sharing any data?

Yes. Install the free version and skip activation. The plugin works fully without connecting to external servers. No email, username, or event data is shared.

Q: How can I request deletion of my data?

Contact WP Ghost support for account data deletion. Events Log data auto-deletes after 30 days. For payment data, contact Paddle directly.

Table of Contents

What Data WP Ghost Collects
Events Log Data (Premium)
Who Has Access to Your Data
Your Choices and Control
Frequently Asked Questions
Related Tutorials

WP Ghost is GDPR compliant and collects minimal personal data. The plugin itself does not send visitor data to external servers. Data collection only occurs when you activate a premium license (email and username for account management) or enable the Events Log feature (security event data stored on WP Ghost cloud servers for 30 days). All payment processing is handled by Paddle. WP Ghost does not store credit card or billing information. For the full legal policy, see the WP Ghost Privacy Policy.

What Data WP Ghost Collects

Free version (no activation): No personal data is collected or sent to external servers. The plugin operates entirely on your WordPress server. No connection to WP Ghost cloud services is made.

Premium version (activated with token): When you activate WP Ghost Premium, the plugin connects to the WP Ghost Dashboard using your email address and username. This data is needed for license verification and account management. No visitor data from your website is collected.

Payment data: All payments are processed by Paddle.com. WP Ghost does not store, process, or have access to credit card numbers, billing addresses, or transaction details.

Events Log Data (Premium)

If you enable the Events Log feature in WP Ghost Premium, the plugin sends security event data to WP Ghost’s cloud servers for monitoring. This data includes IP addresses, action names, post IDs and types, usernames, and names of posts, plugins, and attachments.

This data is stored securely on WP Ghost cloud servers and is automatically deleted after 30 days. The Events Log is opt-in: it only collects data when you explicitly enable it.

The Events Log is optional. If you don’t enable the Events Log feature, no security event data is sent to WP Ghost servers. The free version never sends event data regardless of settings.

WP Ghost shares personal information only with:

Paddle.com – Payment gateway, processes transactions only.
Professional advisers – Lawyers and accountants when required for business operations.
Regulators or government authorities – Only when required by law.

Personal information is stored on WP Ghost cloud servers with encryption, username/password authentication, and restricted access controls.

Your Choices and Control

Skip activation: If you don’t want to share any data with the WP Ghost Dashboard, skip the activation step when you install the plugin. The free version works without any external connection.

Disable Events Log: Turn off the Events Log feature at any time to stop security event data from being sent to cloud servers. Existing data is automatically deleted after 30 days.

Marketing communications: You can opt out of promotional emails at any time using the unsubscribe link in the email. Operational emails about purchases, account status, and critical updates may still be sent.

Cookies: The WP Ghost website uses cookies for site functionality, performance monitoring, and analytics. Third-party services may also use cookies. You can manage cookie preferences through your browser settings.

Frequently Asked Questions

Does WP Ghost collect data about my website visitors?

No. WP Ghost does not track, collect, or send your website visitors’ personal data to any external server. All security features (path changes, firewall, brute force) operate locally on your WordPress server. The only exception is the Events Log (Premium), which sends security event data (like blocked IP addresses) to WP Ghost cloud servers when you explicitly enable it.

Can I use WP Ghost without sharing any data?

Yes. Install the free version from WordPress.org and skip the activation step. The plugin works fully without connecting to the WP Ghost Dashboard. No email, username, or event data is shared. Premium features require activation with your email for license verification.

How can I request deletion of my data?

Contact WP Ghost support to request deletion of your account data. Events Log data is automatically deleted after 30 days. For payment-related data, contact Paddle directly as they handle all billing information.

WP Ghost itself is GDPR compliant in how it handles data, but it doesn’t add GDPR compliance features to your website (like cookie consent banners or data request forms). For website GDPR compliance, you need a dedicated GDPR plugin. WP Ghost doesn’t interfere with GDPR plugins and is compatible with them.

For the complete legal policy, see the WP Ghost Privacy Policy.

Privacy and account management:

Cancel Your Subscription – Stop data collection by canceling your premium subscription.
Update Payment Details – Paddle handles all payment data.
Payment Refund – Refund policy and process.
Disconnect a Website – Remove a site from your account.