14th January 2020, 1:47 pm
The password reset email include a link which contains username. For example: xxx.com/forgot-password/?somresetpass=true&somfrp_action=rp&key=xxx&login=my-username
This query string is tracked by Google Analytics. Thus, violating GDPR as username is a personal identifiable information.
Question: Any way to get rid of &login= from the password reset links?
Thanks!
Hi mate as far as I'm aware you're able to set up your analytics to ignore particular URL query strings. Just had a quick Google and this might be helpful.
Thanks for the quick reply.
Howvever, the data still reaches Analytics.
Are there any filter to modify reading/storing the query string? Something like:
add_filter('some_hook_to_make_reset_url', function (string $theUsername): string {
return DataStore::createNewRandomStringBy($theUsername);
});
add_filter('some_hook_to_read_from_reset_url', function (string $theRandomString): string {
return DataStore::getUsernameByRandomString($theRandomString);
});Okie dokie I think the best thing would be to use a different method like you're suggesting. Leave it with me š
Any news?
Or, anything I can help to make it happen?
I'll be pushing an update this weekend mate š
Version 1.1.91 now removes the username from the reset password link š
@tangrufusitineris
1:47 pm