Skip to content

Add privacy policy content registration#869

Open
masteradhoc wants to merge 2 commits intoWordPress:masterfrom
masteradhoc:868-privacy-policy-content
Open

Add privacy policy content registration#869
masteradhoc wants to merge 2 commits intoWordPress:masterfrom
masteradhoc:868-privacy-policy-content

Conversation

@masteradhoc
Copy link
Copy Markdown
Collaborator

@masteradhoc masteradhoc commented Apr 5, 2026

What?

Fixes #868

Adds suggested privacy policy content for the Two Factor plugin via the WordPress Privacy Policy Guide (wp_add_privacy_policy_content).

Why?

WordPress provides a built-in mechanism for plugins to contribute suggested text to a site's privacy policy page. The Two Factor plugin stores personal data (TOTP secret keys, backup codes, enabled provider settings) but has never registered suggested privacy policy text, leaving site administrators without guidance on what to disclose.

How?

  • Registers an admin_init action that calls a new static method Two_Factor_Core::add_privacy_policy_content().
  • The method calls wp_add_privacy_policy_content() with a suggested block of text covering:
    • What data is stored (TOTP secret key, backup codes, email address usage, enabled providers list)
    • Who data is shared with (no one)
    • How long data is retained (for the lifetime of the user account)
    • What rights users have over their data (export and erasure)

Testing Instructions

  1. Activate the Two Factor plugin on a WordPress site.
  2. In the WordPress admin, go to Settings → Privacy.
  3. Click Check for guide suggestions (or create/open a privacy policy page).
  4. Confirm that a "Two Factor" section appears in the Privacy Policy Guide with the suggested text covering the four data categories above.
  5. Confirm that the suggested text can be copied into the policy page.
  6. Deactivate the plugin and confirm the section no longer appears in the guide.

Screenshots or screencast

image

Changelog Entry

Added - Register suggested privacy policy content via wp_add_privacy_policy_content so site administrators are guided on disclosing Two Factor authentication data.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 5, 2026
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: masteradhoc <masteradhoc@git.wordpress.org>
Co-authored-by: jeffpaul <jeffpaul@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@masteradhoc masteradhoc added this to the 0.17.0 milestone Apr 5, 2026
@masteradhoc masteradhoc self-assigned this Apr 7, 2026
@masteradhoc masteradhoc requested a review from jeffpaul April 8, 2026 17:48
jeffpaul
jeffpaul reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jeffpaul jeffpaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functional approach and rationale sounds fine to me, will defer to others on technical review of implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffpaul jeffpaul jeffpaul left review comments

@georgestephanis georgestephanis Awaiting requested review from georgestephanis

@kasparsd kasparsd Awaiting requested review from kasparsd

Assignees

@masteradhoc masteradhoc

Labels

None yet

Projects

None yet

Milestone

0.17.0

Development

Successfully merging this pull request may close these issues.

Add privacy policy content suggestion via wp_add_privacy_policy_content()

2 participants

@masteradhoc @jeffpaul