Normal view

Received today — 7 August 2025Design

The Ultimate Guide to WordPress Privacy Compliance

6 August 2025 at 10:00

I’ll be honest: there was a time when privacy compliance felt overwhelming.

Between GDPR, CCPA, VCDPA, and other regulations, it seemed like I needed a law degree just to run a simple WordPress site.

But after spending a lot of time helping website owners figure this out, I’ve learned that compliance doesn’t have to be complicated. In most cases, just a few simple changes can protect your website and show visitors that you take their privacy seriously.

That’s why I created this ultimate guide to WordPress privacy compliance. I’ve researched dozens of laws, tested different tools, and seen firsthand what works (and what causes problems) across different WordPress websites.

The Ultimate Guide to WordPress Privacy Compliance

⚠️ We are not lawyers, and nothing on this website should be considered legal advice.

Why Does Privacy Compliance Matter for Your WordPress Website?

Online privacy laws are designed to give people more control over how websites, businesses, and online stores collect and use their personal information.

“Personal information” can mean more than you think. It includes names and email addresses—but also things like browsing history, preferences, location, and even biometric data.

That’s why most WordPress websites are affected by privacy laws, even if they only collect basic data like form submissions or cookies.

Following these laws is important for two reasons:

  • Avoiding legal trouble: Some laws, like the Virginia Consumer Data Protection Act (VCDPA), can issue fines of up to $7,500 per violation. Other laws impose even higher penalties, sometimes reaching millions.
  • Building trust with your audience: When visitors see that you respect their privacy, they’re more likely to engage with your site, join your email list, and make purchases.

In other words: privacy compliance isn’t just a legal requirement. It’s a smart move for long-term success.

In this guide, I’ll walk you through 12 key tips for WordPress privacy compliance. After that, I’ll break down the most important privacy laws that might affect your site.

Keep reading for the ultimate checklist to comply with international data privacy laws.

12 Tips for Achieving WordPress Privacy Compliance

No single guide can guarantee full compliance with every privacy law. But these tips will give you a strong foundation. You can think of this section as your privacy checklist for WordPress.

After reading through these best practices, I recommend scrolling down to the legal section to see which laws may apply to your site.

1. Perform a Data Audit

Before you can follow any privacy law, you need to know what personal data your website collects and how it’s used.

Start by reviewing all the tools and plugins on your site that interact with visitors. These often include:

Once you’ve identified those tools, take a closer look at what they do.

For each one, ask yourself:

  • What data does this tool collect?
  • Why do I need this data?
  • Where is the data stored?
  • How long is it kept?
  • Is it shared with anyone else?

Be sure to document your answers. This record helps you stay organized and gives you a way to prove your compliance if you’re ever audited or asked by one of your users.

2. Collect Less Data

One of the easiest ways to improve privacy on your WordPress site is to collect less data in the first place.

Most privacy laws require you to collect only personal data that’s relevant and necessary for a specific task. This principle is known as data minimization.

Take a look at the forms, plugins, and tools you use. For each one, you should ask yourself:

  • What personal information am I asking for?
  • Do I truly need this data?
  • Could I achieve the same result with fewer form fields or information?

If the answer is “no” or “not sure,” it’s a good idea to stop collecting that data.

This approach not only reduces your legal risk. It also makes your site feel safer and more respectful to visitors, which can improve trust and conversions.

3. Create a Privacy Policy

A privacy policy tells visitors what data your website collects, how it’s used, and whether it’s shared with anyone.

WPBeginner's privacy policy

Most privacy laws require you to have a policy like this. It helps users understand how their personal data is handled, which many laws refer to as the “Right to Know.”

Thankfully, WordPress has a built-in tool to help you create a privacy policy. To access this tool, simply go to Settings » Privacy in the WordPress dashboard. 

Generating a privacy policy using the built-in WordPress tools

Want more detailed instructions? We also have a complete, step-by-step guide on how to add a privacy policy in WordPress.

4. Add a Cookie Popup

Some privacy laws require you to get consent before placing cookies on a visitor’s device. This includes laws like the GDPR.

A cookie popup makes this easy. It gives visitors a clear message about the types of cookies your site uses, what data is being collected, and why. It should also give them a simple way to opt out.

And this is easy to set up with a privacy compliance plugin like WPConsent.

For example, we use WPConsent to display cookie banners and manage user choices on WPBeginner.

An example of a cookie consent and privacy banner, created using WPConsent

💡 Curious about how we use WPConsent across WPBeginner and many of our partner sites? Our in-depth WPConsent review has more information. 

For step-by-step instructions, check out our full guide on how to add a cookie popup in WordPress.

5. Write a Separate Cookie Policy 

A cookie popup is important, but it’s also a good idea to create a dedicated cookie policy page. This gives visitors a place to learn more about how cookies work on your site.

Your cookie policy should include:

  • The types of cookies your site uses (such as essential, analytics, or marketing)
  • What each cookie does
  • What personal data it collects (like IP addresses or browsing history)

To build trust, try to keep your cookie policy easy to understand. This means you should avoid technical terms or legal words that are hard to follow. 

Luckily, a tool like WPConsent can create this policy for you. After installing and activating the plugin, go to WPConsent » Settings

How to automatically generate a comprehensive cookie policy, using the WPConsent plugin

In the plugin’s settings, choose the page where you want to display the cookie policy, and add the shortcode provided by the plugin.

WPConsent will then add this policy to your chosen page. 

An example of a detailed cookie policy, generated automatically using WPConsent

If you’re using WPConsent to display a cookie popup, then visitors can now access this policy directly by clicking on the dropdown.

This will reveal a link that takes them straight to your policy page.

How to make sure that visitors, users, and customers can reach you cookie policy easily
6. Block Third-Party Scripts

Many privacy laws also apply to third-party tools like analytics, advertising pixels, and social media trackers. If you use services such as Google Analytics or Facebook Pixel, then you’re responsible for how those tools collect data.

That means you should only allow scripts from these tools to run after the user gives permission.

The good news is that WPConsent includes a built-in script blocker that helps with this. It can detect common tracking tools and stop them from loading until the visitor agrees.

Once consent is given, the script runs automatically without needing to reload the page.

This is one of the easiest ways to improve compliance with laws like the GDPR and CCPA.

7. Track and Log Visitor Consent

There’s always a chance your data handling could be questioned, especially if you’re ever audited or someone asks about their rights.

That’s why it’s a good idea to keep a clear record of user consent. It helps show that your site takes privacy seriously.

The good news is, WPConsent creates this log for you automatically.

You can check it any time by going to WPConsent » Consent Logs in your WordPress dashboard.

How to view a detailed user content log in your WordPress dashboard

If someone asks for proof, just head to the ‘Export’ tab, choose a date range, and download the log as a CSV file.

You can now share it directly with the user. Additionally, having this kind of record can give you peace of mind and help protect your business if questions ever come up.

How to export the consent log from your WordPress website
8. Provide an Easy Opt-Out for Data Sales

Some privacy laws, including the CCPA and VCDPA, require you to give users a way to opt out of having their personal data sold or shared with third-party tools.

It’s also important to know that under laws like the CCPA, ‘selling’ can also mean sharing personal data with third-party advertising or analytics partners in exchange for their services, not just for money.

The easiest way to allow users to opt out in WordPress is by adding a clear, dedicated opt-out page.

An example of a privacy-focused, opt-out form

WPConsent includes a Do Not Track add-on that makes this simple.

It enables you to generate a form where users can submit their opt-out request.

How to easily create a Do Not Track page in WordPress

Once the page is live, visitors can use the form to stop their data from being sold or shared, all without needing to contact you directly.

This creates a smoother experience for your audience and helps you stay compliant with important data laws.

How to create a Do Not Sell My Info page in WordPress, using WPConsent

For full setup instructions, see our step-by-step guide on how to create a Do Not Sell My Info page in WordPress.

9. Export and Erase Personal Data in WordPress

Privacy laws like the GDPR give users the right to access their personal data, and the right to ask for that data to be deleted.

One of the easiest ways to support these rights is by adding data request and deletion forms to your WordPress site.

This is where WPForms comes in. It’s a user-friendly form builder that lets you create all kinds of forms using a simple drag-and-drop editor.

WPForms even has a ready-made Right to Erasure Request Form template.

WPForms' data deletion request template

What if visitors want to see their data instead? WPForms also has a Data Request template.

These templates are a fantastic starting point for accepting data erasure and data access requests on your site.

A ready-made data request template, provided by WPForms

⭐ Here at WPBeginner, we don’t just recommend WPForms. We also built all our own forms with it! From contact pages to surveys, WPForms is our trusted, daily-tested solution. 

Want to see why it’s our go-to? Just see our detailed WPForms review.

For a step-by-step guide to getting started with WPForms, check out our post on how to create a contact form in WordPress

After adding these forms to your site, WPForms will automatically log and display all submissions in your WordPress dashboard. This makes it easy to see new requests as they come in.

You can then act on these requests using WordPress’ built-in Export Personal Data and Erase Personal Data tools.

How to export or delete user data using the built-in WordPress tools

For step-by-step instructions on how to use these powerful tools, see our detailed guide on how to export and erase personal data in WordPress.

10. Create Compliant Forms

Contact forms, quote forms, and surveys often collect personal information. That means that they also need to comply with privacy laws.

If you’re using WPForms, there’s a built-in GDPR Agreement field that helps you with this. You can add it to any form and get a user’s explicit consent to store their personal information before collecting it.

Adding a privacy and compliance checkbox to your WordPress forms

Simply drag this field into any form using the visual builder.

It will add a checkbox and consent message so that visitors can agree to how their data will be used.

How to create a GDPR compliant form using WPForms

Apart from the GDPR, this field helps you stay compliant with other laws that require clear consent before collecting or storing personal data.

Want a complete walkthrough? Just see our guide on how to create GDPR compliant forms in WordPress

11. Use Data Privacy Compliance Plugins

If you’ve been following along with this guide so far, then you already have a solid foundation for privacy compliance. But the tools you install on your website matter too.

The WordPress plugins you choose can either make compliance harder or give you built-in features that simplify the process.

Let’s look at one common example.

Tracking your visitors with analytics helps you improve your site and understand how people interact with your content. This might include tracking page views, link clicks, purchases, or time spent on each page.

But depending on your setup, analytics tools can also collect personal data—like IP addresses, geographic location, and behavioral profiles. That’s where things get tricky.

At WPBeginner, we use MonsterInsights to handle this responsibly. It includes settings to anonymize user data or disable user tracking when consent hasn’t been given.

These options help reduce your legal risk while still giving you the insights you need to grow your site.

Of course, analytics are just one part of the puzzle. Plugins like WPConsent and WPForms also help you manage cookie banners, collect data responsibly, and process requests like opt-outs and deletions.

You’ll find more options in our expert roundup of the best WordPress GDPR plugins.

12. Add a Comment Privacy Opt-in Checkbox

When someone leaves a comment on your WordPress site, they usually need to enter their name, email address, and possibly a website URL. That’s personal data, so it’s covered by privacy laws.

WordPress includes a privacy checkbox for comments by default. This gives users a chance to agree to the storage of their information before submitting a comment.

An example of a GDPR compliant WordPress comment form

However, some themes use a custom comment form that might not include this checkbox by default.

If you don’t see the checkbox on your site, then it’s a good idea to add it manually. You can use a plugin like Thrive Comments or add some custom code to your website.

For step-by-step instructions, check out our guide on how to add a GDPR comment privacy opt-in checkbox.

Key Regulations Impacting WordPress Sites

WordPress privacy compliance often depends on which laws apply to your website, and that’s not always easy to figure out.

Some laws apply to specific locations. Others apply only if you collect a certain amount of data or meet a business-size threshold.

In this section, I’ll walk you through the most common privacy laws that affect WordPress site owners.

You don’t need to become a legal expert, but it’s helpful to know which rules you may need to consider so that you can take the right steps.

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a European Union (EU) law designed to give EU citizens more control over their personal data.

Simply put, you must get explicit, specific, and clear permission before collecting personal data from anyone living in the European Union.

You must also clearly tell EU residents where, why, and how you’ll process and store their data.

Under the GDPR, individuals also have the right to download their personal data and the “right to be forgotten.” This means they can ask you to delete their data at any time. 

For more information, our ultimate guide to WordPress and GDPR compliance is a must-read resource.

California Consumer Privacy Act (CCPA)

The CCPA is a privacy law that gives California residents more control over their personal information. It allows them to see what data is collected, how it’s used, and who it’s shared with.

This law applies to for-profit businesses that meet at least one of these criteria:

  • Have annual gross revenue over $25 million.
  • Buy, sell, or share personal data from 100,000 or more California residents per year.
  • Make at least 50% of their revenue from selling or sharing personal data.

It doesn’t matter where your business is located. If your WordPress site serves people in California and meets one of these thresholds, then the CCPA may apply.

The law also requires you to provide an opt-out for data sharing and to respond to requests to view or delete personal information.

You can learn more in our ultimate guide to CCPA compliance for WordPress.

The Personal Data Protection Law (PDPL) – Saudi Arabia

Personal Data Protection Law (PDPL) is a privacy law that sets clear rules for how businesses can collect, use, and store the personal data of Saudi residents.

Ignoring the PDPL carries substantial risks. Fines can reach up to SAR 5 million (about $1.3 million USD) per violation, and this amount can double for repeat offenses. 

If any of your customers or users live in Saudi Arabia, then you should check out our beginner’s guide to PDPL compliance. It shows you how to navigate this important law and avoid those steep fines.

The Utah Consumer Privacy Act (UCPA)

The Utah Consumer Privacy Act (UCPA) is designed to protect the personal information of Utah residents. 

Like some other privacy regulations, the UCPA’s reach extends beyond Utah’s borders. If your site targets users in Utah—for example, through marketing or services—then the law might apply, even if you’re located elsewhere.

However, don’t worry if you’re a smaller blog or website. Just like the CCPA, the UCPA is mainly aimed at larger businesses.

First, your business needs to operate in Utah or offer products or services targeting Utah residents. Next, your business must have an annual revenue of $25 million or more.

You’ll also need to meet at least one of these data thresholds: 

  • Control or process the personal data of 100,000 or more Utah consumers annually.
  • Get over 50% of your gross revenue from selling personal data and control or process data from 25,000 or more Utah consumers.

For more information, I recommend checking out our ultimate beginner’s guide to UCPA compliance in WordPress.

The Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act (VCDPA) is a state-level privacy law. 

However, the VCDPA doesn’t apply to every single website. It’s another law that mainly targets big businesses.

In fact, you typically only need to comply with the VCDPA if your business meets one of these conditions: 

  • You control or process the personal data of 100,000 or more Virginia consumers in a year.
  • You control or process the personal data of at least 25,000 Virginia consumers and get more than 50% of your total income from selling personal data.

Our beginner’s guide to VCDPA compliance covers a lot of different tips on how you can comply with this law.

WordPress Privacy Compliance: Frequently Asked Questions

I know this is a lot to take in, especially if you’re just getting started with WordPress privacy compliance. So before we wrap up, I want to quickly answer some of the most common questions I hear from beginners.

These answers aren’t meant to replace legal advice, but they’ll help you understand what matters most when it comes to running a privacy-friendly WordPress site.

Do I need a privacy policy if my site doesn’t collect data? 

Yes, even if your site doesn’t seem to collect user data directly, it’s still a good idea to have a privacy policy.

That’s because your site may be collecting information in ways that aren’t immediately obvious. For example, your hosting provider might log visitor IP addresses, or third-party scripts could be tracking behavior in the background.

In those cases, having a privacy policy helps keep you on the safe side of the law.

It also shows your visitors that you’re being transparent, which can go a long way toward building trust.

What are the penalties for non-compliance?

Privacy laws can carry serious penalties if you don’t follow them.

Some regulations include fines of thousands or even millions of dollars. You may also be charged per violation.

For example, under the CCPA, penalties range from $2,500 to $7,500 for each affected user. That can add up fast if the issue affects a large number of people.

But money isn’t the only concern. If users find out their data wasn’t protected, they may lose trust in your site. That kind of damage is hard to repair and can lead to fewer visits, lower engagement, and lost sales.

How often should I review my website’s compliance?

It’s a good idea to review your website’s compliance at least once a year.

You’ll also want to check whenever a privacy law changes or a new one goes into effect. Staying proactive can help you catch small issues early and avoid bigger problems later.

I hope this ultimate guide to WordPress privacy compliance has helped you take the first steps towards creating a compliant site. Next, you may want to see our expert picks for the best security plugins to protect your site or our guide on how to know if your site uses cookies.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post The Ultimate Guide to WordPress Privacy Compliance first appeared on WPBeginner.

Five Myths Debunked: Why Agentic AI Is Much More Than Chatbots

7 August 2025 at 06:33

When you start thinking about Agentic AI in the right way, you begin to see that it’s not a piece of technology to be wielded; it’s part of a business strategy that sequences various technologies to automate tasks and processes in ways that surpass what humans alone are capable of. This post debunks five common myths about Agentic AI that can hold organizations back in a moment when they absolutely need to surge ahead.

Starting with the misconception that Agentic AI is similar to the ways we’ve been building and experiencing software. Organizations also often feel pressure to start with big, audacious buildouts, when starting small on internal use cases can forge scalable growth. It’s also important to identify use cases for automation that are truly high-value and find ways to orchestrate multi-agent AI systems to complete objectives dynamically, rather than following predefined routes.

Myth #1: Agentic AI is software as usual

With so many apps and SaaS solutions quickly tacking large language models (LLMs) onto their existing user interfaces (UIs), it’s tempting to want to believe that Agentic AI can simply be added to traditional software. In reality, the successful implementation of Agentic AI requires an entirely different approach to software creation.

The linear, staggered waterfall approach to software creation has sprung countless leaks over the years, and applying it within the framework of designing Agentic solutions is a surefire way to drown. Rather than spending months guessing what users want and initiating a laborious and rigid buildout around perceived needs, Agentic AI begins with building. AI agents are quickly propped up around a use case using low- and no-code building tools. The solution is tested and iterated on right away, with multiple iteration cycles taking place over the course of a single day.

Another key distinction is that Agentic AI works around objectives, rather than following predefined routes. In that sense, the work of creating and evolving AI agents is a bit like the process pharmaceutical companies use when developing a new drug. A new medication that’s being investigated as a cure for gout might turn out to be a promising hair growth solution. These kinds of high-value surprises are uncovered through trial and error, fast iteration, and testing.

When it comes to Agentic AI vs chatbot capabilities, traditional approaches to conversational AI fall perilously short. In the not-too-distant past, chatbots used tools like natural language processing (NLP) to understand user requests and automate responses. With the advent of generative tools like LLMs, chatbots are better at disambiguating user requests and can deliver more dynamic responses, but they lack agency. AI agents use LLMs to interact with users and then communicate with other agents, knowledge bases, and legacy software to do real work. Beware of bolt-on solutions calling themselves AI agents. They are chatbots in disguise.

Myth #2: It’s imperative to start big

In order to get moving with Agentic AI, most organizations don’t need a large-scale, public-facing deployment. The key is to think big and start small. It’s often more effective to begin within your organization, automating internal tasks with help from the people who understand them best. This allows orgs to get a handle on sequencing technology in ways that are more efficient and rewarding what humans are able to do on their own.

Stating internally allows orgs to form the groundwork for an ecosystem of Agentic AI that can grow to include customers once they’ve figured out how to optimize Agentic experiences. Starting small and internally requires more than just giving teams access to a sanctioned LLM. At a minimum, there should be a strategy in place for connecting AI agents to some sort of knowledge management system, such as retrieval-augmented generation (RAG).

In one example, an enterprise organization used an agentic system to reduce ticket resolution times from six weeks to one, and cut inbound calls by 35%. They were also able to lower CTS (cost to serve) by 40% and — by reducing the workload of human agents in their contact centers — increase productivity and improve their CSAT (customer satisfaction) score to 83%.

Myth #3: Operations are improved by automating existing workflows

The first move organizations often make when developing use cases for Agentic AI is to try and automate the workflows and processes that humans are already using. While this approach can often get the ball rolling, the real value comes with creating automations that surpass what humans alone are capable of.

Someone placing a call to the IRS (Internal Revenue Service) to follow up on a letter they received in the mail usually encounters a fragmented approach to automation that lumbers along in well-worn ruts. The first hurdle is figuring out which of the unintelligible clusters of voice-automated options most closely applies to their situation. They might repeat that process a few more times as they move through murky layers of the IRS phone tree, unsure if they’re headed to the right department and expecting to wait on hold for hours to find out.

What if, instead:

  1. The IRS greeted callers with an AI agent that could verify their personal information while simultaneously cross-referencing recent activity.
  2. The AI agent could infer that the taxpayer is calling about a letter that was sent last week.
    The AI agent sees that a payment was received after the letter was sent.
  3. The system confirms the reason for the call and relays that information, providing a confirmation number.
  4. The user ends the call (fully satisfied) in under five minutes.

Most organizations are teeming with hobbled processes that humans set up to work around disparate systems. Rather than automating those workflows, savvy business and IT leaders are looking for better ways to complete the objectives buried at the center of the mess.

As Robb Wilson (OneReach.ai CEO and founder) wrote in our bestselling book on Agentic AI, Age of Invisible Machines, “not only can Agentic AI running behind the scenes in an organization handily obscure the mess of systems (and graphical UIs), it also binds your ecosystem by standardizing communications, creating a feedback loop that can evolve automations for all your users — customers and employees.”1

Myth #4: All it takes is some AI Agents

The hype around AI agents often obscures a fundamental truth about what they really are. “AI agents” are not a distinct kind of technology. Rather, they are part of a broader approach for using LLMs as a conversational interface. LLMs have made it far easier for users to initiate action with conversational prompts and for agents to either execute existing code or write their own code. These actions happen within a defined scope, ostensibly to both protect the user and indemnify the organization, but also to create something more guided and specific than the “ask me anything” experience of using something like ChatGPT.

Agents with real agency will have an objective, and they will either complete their objective or look for another agent to hand the objective off to (either if they can’t complete it or after they complete it). It can also hand off to a human agent. To reiterate the point from earlier, this requires more than bolting AI onto existing software. Agentic AI won’t thrive in any single tech provider’s black box. The goal of Agentic AI is not to accumulate separate agents for individual tasks, but to orchestrate multiple AI agents to collaborate around objectives.

Looking at the example of Contract Lifecycle Management (CLM), AI Agent Orchestration begins by examining each phase in a contract lifecycle and thinking through its component steps. If the negotiation process is happening asynchronously, for example, an AI agent might be used to notify parties on both sides when terms have been revised or updates have been requested. Using a design pattern like “nudge,” the agent can keep negotiations moving forward by giving gentle reminders when people need to make decisions. Another AI agent might maintain a change log that’s available to all parties with the ability to create custom views of updates and requests based on user requests (i.e., “show me all of the changes that the client has requested that will require approval from our partners”). There are multiple agents collaborating at each step in the lifecycle.

Figure 1: An Agentic Approach to CLM. Image source: OneReach.ai

Agentic AI can streamline the approval process by handling things like scheduling, identity verification, and knowledge management. Additionally, the skills that individual agents specialize in, such as scheduling, identity verification, and knowledge management, are not exclusive to any of the stages related to CLM. Scheduling, identity verification, and knowledge management are functions that have value across departments and processes within an organization. All of it, however, hinges on the orchestration of AI agents.

Myth #5: There is one platform to rule all AI Agents

To give AI agents actual agency requires an orchestration and automation platform that is open and flexible. Organizations need to be able to build AI agents quickly, using no- and low-code tools. They need those agents to communicate with their legacy software systems. AI agents also need to be able to share information with other AI agents, and they all need to be connected to secure knowledge bases that align with the goals of their organization.

These are just the table stakes. To fully embrace Agentic AI, orgs need a technology ecosystem that can quickly integrate the best new technologies as they appear in the marketplace. The marketplace is already headed in this direction, as evidenced by the surge of interest in Model Context Protocol (MCP). Released by Anthropic last November, MCP makes it far easier for AI agents to access the systems where data lives. MCP servers exist in an open-source repository, and Anthropic has shared pre-built servers for enterprise systems, such as Google Drive, Slack, GitHub, Git, Postgres, and Puppeteer.

Figure 2: MCP Deep-Dive. Image source: Anthropic

Sam Altman announced that OpenAI will support MCP across its products, and Google has also released their own Agent2Agent (A2A) protocol as a complement to MCP with support from 50+ partners, including Atlassian, Intuit, PayPal, Salesforce, ServiceNow, and Workday; and leading service providers, such as Accenture, BCG, Capgemini, Cognizant, Deloitte, McKinsey, and PwC.

Microsoft also announced that its Windows Subsystem for Linux (WSL) is now fully open source, which they see as part of the “Agentic Web.” As part of the opening keynote at Microsoft Build 2025, their CTO, Kevin Scott, said, “You need agents to be able to take actions on your behalf … and they have to be plumbed up to the greater world. You need protocols, things like MCP and A2A … that will help connect in an open, reliable, and interoperable way.”2 In this moment, organizations need to find platforms that can help them build an open framework for Agentic AI that allows them to integrate new tools as they emerge and grow freely alongside the marketplace.


Sources:

1Robb Wilson and Josh Tyson, “Age of Invisible Machines”
2Microsoft Build 2025

The article originally appeared on OneReach.ai.

Featured image courtesy: Josh Tyson.

The post Five Myths Debunked: Why Agentic AI Is Much More Than Chatbots appeared first on UX Magazine.

Companies Aren’t Prepared for Outbound AI in the Hands of Consumers

1 August 2025 at 20:16

People tend to believe that companies are going to use AI to eliminate as many jobs as possible. It stands to reason that some businesses will try this approach—even though it’s a complete misuse of the technology. What we’re currently seeing, however, is individuals picking up generative tools and running with them, while companies are dragging their feet into integration efforts.

What might happen as a result of this is that consumers will be the ones to bring down companies. There are laws that prevent companies from spamming people with unwanted outbound messages, but there are none stopping consumers from flooding contact centers with AI agents.

It’s basically free for people to cobble together agents that can robocall service centers and flood systems with data designed to get them discounts, or worse, to confuse and deceive. Customers might start hammering a company because word gets out that they give a credit for certain circumstances. This could create a snowball effect where their call centers are flooded with millions of inbound inquiries that are lined up to keep calling, all day long.

Whatever their intentions, it’s free and easy for consumers to scale ad hoc efforts to levels that will overwhelm a company’s resources. So what are companies going to do when their customers go outbound with AI? 

I asked this question recently on the London Fintech Podcast and the host, Tony Clark, had the response I’ve been looking for: “You may have let the genie out of the bottle now, Robb,” he said, looking a bit shocked. “I’m sure the tech is available. I imagine my 14-year-old could probably hook up 11 Labs or something with the GPT store and be off on something like that.”

The truth is, most companies that are evaluating agentic AI are thinking myopically about how they will use these tools offensively. They are ignoring the urgent need for agentic systems that can provide defensive solutions. 

These systems must allow AI agents to detect and stop conversations that are just meant to burn tokens. They need human-in-the-loop (HitL) functionality to make sure agents’ objectives are validated by a person who takes responsibility for the outcomes. This environment also needs canonical knowledge—a dynamic knowledge base that can serve as a source-of-truth for AI agents and humans.

These are the base requirements of an agent runtime. A critical component to integration, an agent runtime is an environment for building, testing, deploying, and evolving AI agents.

  • Runtimes maintain agent memory and goals across interactions
  • Runtimes enables access to external tools like MCPs, APIs, and databases
  • Runtimes allow multi-agent coordination
  • Runtimes operates continuously in the background

And in terms of helping businesses use AI defensively, runtimes handle input/output across modalities like text and voice, so AI agents can spot bad actors and alert humans. In UX terms, it’s the backstage infrastructure that transforms your product’s assistant from a button-press chatbot into a collaborative, contextual, goal-oriented experience designed that can proactively protect organizations and their customers. However companies choose to frame it, there’s emerging risk in sitting back and waiting to see what will happen next with AI. It just might be the end of your company.

The post Companies Aren’t Prepared for Outbound AI in the Hands of Consumers appeared first on UX Magazine.

#180 – Karla Campos on organising WordCamp US

6 August 2025 at 14:00
Transcript

[00:00:19] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.

Jukebox is a podcast which is dedicated to all things WordPress, the people, the events, the plugins, the blocks, the themes, and in this case, what goes into organizing a flagship WordCamp.

If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice, or by going to wptavern.com/feed/podcast, and you can copy that URL into most podcast players.

If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you and hopefully get you, or your idea, featured on the show. Head to wptavern.com/contact/jukebox, and use the form there.

So on the podcast today we have Karla Campos. Karla has been involved in the WordPress community for over 10 years. Starting out in Miami, and taking part in meetups and word camps before stepping into larger organizational roles. With a background in media and marketing, Karla brings plenty of experience in both web and events to the world of WordPress.

Karla joins us today as a lead organizer for the upcoming WordCamp US 2025, which will take place in Portland at the end of August. Remarkably, this is her first flagship WordCamp, and she’s organizing before ever attending.

We discuss what motivated Karla to take on this major responsibility, how she balances the volunteer work with her professional life, and the challenges, expected and unexpected, along the way.

We discuss the organization of such a huge event from working with a professional production company to handling the logistics, communications, accessibility requests, visas, and more, for a thousand plus attendees. Karla shares how the community side of the event is managed, the late night worries, and what it really takes, both in time and personal commitment, to make a WordCamp US happen, especially as a volunteer.

She also highlights some of the initiatives for this year’s event, renewed efforts to welcome students and first time attendees, including student ticket pricing and the WP Trail Buddies Program to help newcomers feel at home. She also teases the introduction of a hackathon style contributor today, and new remote collaboration options.

If you’ve ever wondered what goes on behind the scenes of a WordCamp US, how it’s organized, how volunteers are supported, and what motivates people like Karla to invest their own time and resources, this episode is for you.

If you’re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com/podcast, where you’ll find all the other episodes as well.

And so without further delay, I bring you Karla Campos.

I am joined on the podcast by Karla Campos. Hello, Karla.

[00:03:21] Karla Campos: Hello. How are you, Nathan?

[00:03:23] Nathan Wrigley: Yeah, good thank you. Very nice for you to join us today. I really appreciate it. Karla’s here today, we’re going to talk about WordCamp US, which is happening in Portland. Actually, I was going to say later this month, almost later this month. We’re recording it right at the very, very end July, 2025. It’s taking place toward the end of August, 2025. So it’s pretty soon.

But before we get into that, Karla, will you just give us your little potted bio. Tell us who you are, what you do in the WordPress space, and maybe very quickly just tell us how the heck you came to be organising a WordCamp, one of these flagship WordCamps.

[00:03:56] Karla Campos: I always like to say that my involvement in projects sometimes comes about serendipitously. Just kind of like, hey, look, I saw that on the internet, it looked interesting, and I decided to join.

I actually have about more than 10 years with the WordPress community in Miami. When I first moved to Florida, I started going to meetup groups and then I met the WordPress Miami organisers and started really getting involved with them.

My ex-colleague and coworker, her name was Jackie Jimenez, she unfortunately passed away, but we had a lot of great moments building things together in the WordPress Miami community. And when I saw the announcement online, I said, you know, she would’ve loved to do this with me. Let me check it out. And then that’s how I kind of just decided to join the organizer group.

So I’ve been with WordPress for over 10 years. I’ve been working in marketing. I used to work for Telemundo here in the Florida area. I used to work for iHeartRadio. So I have a lot of the media marketing background as well as the working on websites and copy. So I’ve been around for a while, just I’m more of like a quiet, in the background type of person.

[00:05:09] Nathan Wrigley: And have you attended any of these flagship, so the flagship ones are obviously WordCamp Asia, WordCamp Europe, WordCamp US. Have you attended any of those flagship ones in the past?

[00:05:18] Karla Campos: Is it odd that this is my first flagship and I’m organising it?

[00:05:21] Nathan Wrigley: I think it’s great.

[00:05:22] Karla Campos: It feels almost surreal.

[00:05:23] Nathan Wrigley: So just before we hit record, you said that, I don’t know, something like a month ago, you caught wind of the fact that WordCamp US still needed some volunteers. Have I got that about right? It’s about a month ago that you became involved in the organisation of the upcoming event.

[00:05:38] Karla Campos: I would say May, I think May. You know, the dates are all come together. We don’t even know what month it is. Because we’re working on it so much in the backend. So I would say around May, when I first saw the, or when I got pulled into the organiser group.

[00:05:53] Nathan Wrigley: Since then, has it kind of taken over your life? I don’t mean that to sort of sound disparaging, but has it kind of crept in into all the different parts of your life? So you’ve basically got no free time left anymore.

[00:06:04] Karla Campos: It has because you’d think, okay, you know, even because we do have a production team that’s helping organise the event to make sure it’s properly handled for all the attendees, because we do expect around a thousand, it’s always been that amount for a flagship.

So we have a production company working on the backend helping us with the production to make sure everything is smooth. But still, with that going on, I still feel like at 2:00 AM I’m thinking WordCamp US, WordCamp US. I know there’s something I have to do. So yeah.

[00:06:34] Nathan Wrigley: Let’s split out what the production company do first of all. So I genuinely don’t know what that even means. So, a production company, I’m guessing you offload something, all the tasks that you can to them. I’m guessing they’re a commercial entity and they get paid to fulfill whatever contractual obligations that you’ve got. What is it that they handle? And then we’ll get into what the community side of things, the team of community, volunteers, and so on are doing.

[00:06:59] Karla Campos: So the production team is making sure that the venue and everything that happens at the venue is organised. So from some of the room logistics, so more on the venue side, that they’re handling that part to make sure that we can handle everything else that comes with organising, including all the planning around contributor day, showcase day, the photographers. So that’s our side, and then their side, the production team, is more of venue logistics.

[00:07:27] Nathan Wrigley: And so do they handle things like, oh, I don’t know, the building of the sponsor booths and things like that? Because when you attend these events, there’s a very, very professional feel to them. So it’s not like you just show up and, you know, it’s kind of thrown together at the last minute. It really does feel, when you actually stop and think about it, you have a great sense of, gosh, there’s months, possibly years of organising that’s gone on in the background. Is it that kind of thing? You know, making sure that essentially when you walk in, everything looks right, everything that you can see, they do.

[00:07:57] Karla Campos: Yes. And then Megan Marcel, which is my co-lead organiser, she’s heading that part. So she’s managing that production company to make sure the venue and all the booths are on point, that they look like what they cost. Because, you know, those booths and everything that the sponsors spend, it’s not cheap things. They’re very luxurious. Sometimes more than others. But yeah, so she’s making sure that that’s covered with the production team. That it looks a hundred percent what the sponsors expect.

[00:08:25] Nathan Wrigley: And, okay then, let’s flip to the more community side. So everything that is not part of the production team’s remit. What are some of the tasks that you are finding yourself worrying about at 2:00 AM in the morning?

[00:08:36] Karla Campos: Actually just making sure the communications, and all the attendees are getting service. So I am the lead organiser in charge of communications and marketing, and I have other team leaders under me, like Caroline Harrison, who is the team lead for the attendee communications. So we’re getting a lot of requests when it comes to accessibility, food that they have allergies or that they need visas.

A lot of traffic, of course, right now, I told you we had about 730 attendees already registered, so that email traffic is coming into our teams. So I’m just like, I saw an email and I know my team handled it, and I know they’re prompt but, you know, I wake up at 2:00 AM. Did I answer that email? Was that a nightmare? Did I miss something?

That’s how it’s been in my life, you know, like I’m having these nightmares that I didn’t do something, but I did, because I’m a very responsible individual. But it just feels like that. It’s become so intertwined in my life that I’m having nightmares that I didn’t do a task.

[00:09:33] Nathan Wrigley: When you get involved in the WordPress community, there’s obviously so many bits and pieces that you can get involved in, but very many of them don’t really, at the beginning, at least anyway of community involvement, don’t necessarily have crunch points in time. Obviously, as you get more into the community, there might be moments. You might be, I don’t know, a release lead or something like that, in which case there will be a date in the calendar where things have got to be all tied off.

But mostly, there’s never that calendar moment where everything’s got to be finished. But you very, very much are faced with a ticking clock, aren’t you? Because come the date that the first people are arriving, the attendees are arriving, and presumably, before that the production team need to get in, and set up all the sponsor booths and make sure all of that’s taken care of and what have you.

That’s a curious thing. So the stress, I guess, does pile up a little bit. And it would behoove all of us who attend events like this, just to pause for a moment and remember that it is done by a bunch of volunteers who have this ticking time bomb, if you know what I mean, in the back, where everything’s got to be finished by a certain date. And so I would just like to express my gratitude for the fact that you’ve stepped up basically and tried to fulfill that role. Appreciate it.

[00:10:40] Karla Campos: Thank you. I appreciate the nice kind words, because it’s been a little bit hectic and, you know, it’s good to hear that people appreciate your work.

[00:10:48] Nathan Wrigley: Have you actually had a chance to go around the building yet? I know we discussed this prior to hitting record, but is this more of a kind of, you’ll be showing up the first time in the same way that everybody else will, or have you managed to sort of walk the floorboards as it were?

[00:11:00] Karla Campos: Like I mentioned earlier, but we weren’t live, I’ve seen personally the venue in virtual tours and et cetera, but I’m coming to the Oregon area a week before. So I’ll be there earlier to see the venue. Go through the walkthroughs and do what the team does earlier, so that everything’s on point. But from what I’ve seen, everything’s going great.

[00:11:22] Nathan Wrigley: Do you get any sort of remuneration for any of the work that you do? So by remuneration, I’m specifically talking about finance. Does anything get offset? So for example, if you are based in Florida, presumably you’re going to be hopping on a plane, and there’ll be the food that you’ve got to eat during the time that you’re there, and the accommodation, the hotels and so on. Does somebody at the level of volunteering that you have nominated yourself for, does any of that get offset, or is this completely voluntary, where you’ve got to dig into your pocket for every single expense?

[00:11:50] Karla Campos: This is voluntary. So yeah, I’m just putting in from my end to support the community. So if ever you are planning on joining something like the WordCamp organisation groups, it usually is a volunteer thing. There are some scholarships but that’s, you have to apply for and it’s very competitive. So I don’t think everyone gets one. But yeah, no, everything that I’m putting in personally is through my own finances.

[00:12:16] Nathan Wrigley: Yeah, again, obviously I gave you some thanks a moment ago and I’m about to do it again. Thank you for that commitment as well, because it’s not nothing. You know, going to Portland on an airplane from where you are, you know, it’s all the way across the country. It’s not a cheap place to reside in. Accommodation in and around the venue is probably at a premium, you know, it’s summertime, everything’s quite expensive around there. So it’s not inconsiderable, and there is an impact to that. So again, once again, thank you for taking the time, and also allocating the funds to make that possible. Obviously, events like this cannot happen without people like you doing it.

[00:12:51] Karla Campos: Yes. And I think they must be done. You know, sometimes we have to make sacrifices to bring together something that brings people together around WordPress, which powers people’s businesses, their livelihoods. So, you know, I don’t mind putting in when I know that I make an impact in a community and helping those people with their livelihoods.

[00:13:12] Nathan Wrigley: Now you said that this all began for you in May, and we could get into what it was that exactly prompted you to do that. It sounds like somebody kind of sent something in your direction, which you responded to. So what have we had May, June, July, basically, you’ve been into this for a couple of months.

Any intuitions now of regret? That’s probably not something that we want to get into too much, but do you know what I mean? If you could rewind the clock to, let’s say April during 2025, did you get into this with your eyes wide open, or has it ended up being much more of a task than you imagined? What I’m basically trying to ask is, are there any bits of this that you think, gosh, I didn’t really anticipate that was going to be involved? This is way more than I was imagining biting off.

[00:13:54] Karla Campos: Yeah, the time required to do all the work that needs to be done, and I’m a confident person, so I went in this, I have experience organising events for Telemundo, big concerts of 50,000 people plus. So I went in confident thinking, I got this. But as I got more into it, I just started to notice, okay, well, this is taking a lot of my time that I wasn’t prepared for.

But I’ve adapted and I’m good now. It’s been a rollercoaster ride, but it’s fun for me because I’m that type of person who enjoys the challenge.

Yeah, it’s been fun, it’s been unexpected for sure. So we’ve had ups and downs, but we’re getting through it, you know, and that’s the fun of a rollercoaster ride, so yeah.

[00:14:31] Nathan Wrigley: What are some of the things that you didn’t anticipate? Obviously, you said it’s ended up being more time, so yeah, more time has been required of you. But what beyond that? What are some of the things that you didn’t anticipate that you would need to do, that you have in fact ended up doing?

[00:14:44] Karla Campos: I think all the time spent talking to people, it’s been really crazy. So I think I just didn’t anticipate the timing. So I think I originally volunteered for about 10 hours per week. Leading up to the event I think, a week before the event we’re supposed, or a month before the event, we’re supposed to be putting more in time, but this feels like a full-time job.

Oh my gosh, you know, like I just didn’t anticipate for that. So it’s been kind of, like we talked about before, merging with my normal life where I’m just like, oh wait, my to-do list for my regular projects, and my family and everything is now part of WordCamp, if that makes sense.

[00:15:19] Nathan Wrigley: So during the onboarding process that you’ve had over the last couple of months, how have you learnt what you needed to know? Because this event, I mean, it can’t have been thrown together in the last couple of months. Presumably you came along and joined at some point where many things had been set in motion. But how did you acquire the knowledge that you needed to do the work that you are now doing? Who taught you all of this and so on?

[00:15:43] Karla Campos: Well, we do get the last year’s folder with all the information. So it came about from a lot of reading, asking past team members. So we do have some people who were part of the organizing team last year. Gail Wallace, one of our co-leads, she’s doing contributor day, she’s doing photography, she’s also helping with the lead organising. So she was very helpful in just kind of letting us know about the previous year.

We have mentors like Kevin Christiano and Aaron Campbell from hosting.com, who also worked with WordCamps in the past. And there are mentors who we can always contact on Slack. So we do a lot of work on Slack, and we can always message them back and forth with any information any, hey, we need help with this. They’re always there to just say, hey, this would be a better practice from our experience last year. So we do have mentors there that help us, and that’s been a big relief.

[00:16:37] Nathan Wrigley: How much time do you imagine, if I was to ask you on a, let’s go for a weekly basis. At the moment, so we’re three-ish weeks away from the event, something like that, how much time are you spending during the previous week? So the last seven days, how many hours do you think you’ve clocked up working towards this event?

[00:16:53] Karla Campos: At least, I would say 30 hours.

[00:16:55] Nathan Wrigley: Wow, okay. And so that then presumably has had a material impact upon the regular work that you do. Now, either you are just superhuman and can add 30 hours into your working week with no perceived, you know, there’s just, that’s fine. I can just add 30 hours in. Most of us, including myself, could not do that. I would have to kind of offset one thing with the other. Have you done that? Has it had an impact on the business, the work that you normally do? Have you had to sort of downgrade the amount of time you’ve been spending recently on that kind of work?

[00:17:22] Karla Campos: Not on my business, more on my free time, so I’m not getting out this summer to the pool as I would have last year. But luckily, we’re having a super heat wave in Florida, so it’s too hot outside anyway.

[00:17:33] Nathan Wrigley: It’s like it’s been planned, yeah.

[00:17:35] Karla Campos: It’s been planned. The universe is putting a heat wave out there, so now I can’t outside in the pool, but I would probably still take my devices out there.

[00:17:42] Nathan Wrigley: Has the team had any concerns around attendee numbers? Because I remember I went to this event last year, and I actually don’t know what the numbers are, but I’m going to guess it was in the region of, I don’t know, 1,300 to 1,500, something like that, attendees.

There’s obviously been a lot of controversy in the WordPress space since that event. I wondered if there has been some anxiety? I have a recollection that the event, the planning of the event probably would’ve been happening earlier than it did for this event.

So I’m just wondering if you could speak to that, whether or not the team itself are happy with the numbers that you’ve got so far? And whether or not things are kind of late in the planning, let’s put it that way. Do you feel that it’s all being put together in a rushed way?

[00:18:23] Karla Campos: No, I think we’re on track. I mean, we expected the event to be smaller this year because there have been discussions around different things that are happening in just the space, like traveling restrictions, people being scared to fly to the US, different things that we knew it was going to make the numbers less.

But right now we’re up to 730 registered attendees. So we are planning for a thousand attendees. That’s our goal. Hopefully more. But yeah, we expected that it was going to be a little bit less than last year for the various reasons, including the travel restrictions and things that people do not want to come to the US for.

But, Portland is ultimately a very friendly place and I think our concern is that everyone is safe and happy at the event. So I think we’re doing a very good job with that right now.

[00:19:11] Nathan Wrigley: I guess also there’s maybe, the fact that an event like this has happened in the previous year at the exact same venue. There’s maybe a little bit that would be squandered there, if you know what I mean?

So the idea that you’d get a similar number of the exact same people, plus others, coming back to the same venue. I know for me at least anyway, it is quite nice to have the opportunity to go to different places. I’m going to be in attendance, so it hasn’t put me off. I’m still going to be there. But I think some people do like the fact that, you know, it’s in Portland one year and it’s in, I don’t know, Texas or California or whatever it may be in different years.

So maybe that kind of speaks into it a little bit as well. But yeah, the whole thing around traveling to the US, plus the obvious problems that we’ve had in the WordPress space around the community and so on. And then maybe this third piece of it being in the same venue and in the same location, maybe all of those conspire to not make it as big as last year. But still, a thousand, which seems to be the target number, is pretty credible.

Do you anticipate getting to a thousand? Is the trajectory at the moment, if you were to map that forward, do you think you’ll actually manage that? Despite the fact that it’s an aspirational target? Are you fairly confident you’ll get there?

[00:20:14] Karla Campos: Yeah, I’m confident. But I told you earlier, I’m a confident person, I’m always thinking positive. And we do have a lot of student initiatives, because we want to bring more people into the WordPress community, more students that perhaps haven’t even had the opportunity to experience WordPress, and the community, and how that can help them build their career.

So, our topic is sort of like the future of WordPress. And we’re doing a lot of student initiatives so that, you know, everybody gets a little bit of that WordPress community feel and that would, there’s a lot of students very interested, so I think we can reach the number.

[00:20:48] Nathan Wrigley: I certainly hope so. I mean, when you say students, I’m presuming from that, that you mean younger people by that as well. So not just people that are in education, but really aiming that target at young people in education.

It always struck me when you go to these events that the demographic definitely skews older. I don’t mean, you know, particularly old, but you don’t tend to find a bunch of 18 to 20 year olds wandering around in large proportion.

It seems to me, it’s definitely in the late twenties, early thirties, forties, fifties and and upwards. So that’s been a definite charge that you’ve had then has it, to try and get younger people? Have I got that right? When you said student, did you mean younger people?

[00:21:29] Karla Campos: Well, we are working with colleges because they’re very interested in how AI and WordPress are evolving, and everything that’s going around that. And through our event, the teachers that work at the colleges are very excited to connect the students with the future of the web and whatever’s happening with web development and AI.

They’re really interested in sending the students there because even though they’re educators, they’re not the innovators. So they want to come to WordCamp to connect with those innovators, including Google. Google’s liaison of search, Danny Sullivan, that was amazing to the students. They wanted to meet people in charge of the tech industry and connect there. So I’m talking about those students, yeah, the students that are in the tech industry that want to connect with the industry leaders.

[00:22:17] Nathan Wrigley: I think things work slightly differently over here in the UK, but I know that in the US there’s this sort of concept of college credits, where you do a certain thing and it can count towards part of your educational program. You know, you can tick some boxes and it will get you to jump over some hurdles.

Do you know if an event like WordCamp, in this case WordCamp US, do you know if an event like that can count? And does that in some way then kind of make it slightly easier to sell a WordPress event into that student marketplace, if you like?

[00:22:47] Karla Campos: It can, depending on the teachers. Some of the universities and colleges already have their structured standards on how credits work. But if we’re working with the teachers, sometimes they have summer school projects that they get extra credit, that helps their grades. So we can tie that in with that.

We’re welcome to working with any teacher who wants to help their students grow their career and willing to give them extra credit and opportunities. So it depends on the college and the teacher and what already they have established.

[00:23:17] Nathan Wrigley: Yeah, like I said, we don’t kind of operate that system, certainly for WordCamp US, I don’t think that would particularly count. But I know that those kind of systems exist.

Just pivoting to you a little bit and the work that you did in the past. Obviously it sounds like you’ve got a heritage in being involved in sizable events, credible events in the tech space, and perhaps other spaces as well.

What do you make of this event? How do you sort of see it? Do you see it as a sort of professional tech event, something that you may have attended on behalf of organisations that you were working for before? Or is this much more of a kind of community event?

I can’t really sum up the exact target of what I’m trying to say there, but I’m just really after a feel of what you make of the event in terms of whether it’s more, I don’t know, more friendly, a little bit less business orientated, and perhaps skewing more to community, that kind of thing.

[00:24:05] Karla Campos: I think it’s a little bit of both. It is a friendlier atmosphere from the different tech events that I’ve been involved in that feel more serious. Because when you go to a WordCamp, you automatically feel that it’s a little friendlier, a little bit less corporate.

Yes, everyone is very skilled. They’re very like awesome in their profession, but they’re also very down to earth and just willing to, hey, share a tidbit here, a tip here. I’ve even seen people help other people with their websites live at the events. Hey, look, I’m having a problem with my website. It’s not doing something on mobile. It’s not responding the way I want it to. It’s not responsive. Can you help me? And someone will stop and say, yeah, let’s sit down here in this corner. Let’s go to that room, and let me look at it and help you a little bit. And it’s something that I don’t see at other conferences where people have this community feel. So I’ve always admired that about WordCamps.

[00:24:56] Nathan Wrigley: Yeah, it’s really hard to encapsulate, isn’t it? What that thing is. But that thing is a thing. And what I mean by that is there is some quality of community spirit that definitely hasn’t existed at any event that I’ve been to outside of the WordPress space. It feels a little bit more like, heads down, you’re there for work, you must concentrate entirely on work, and maybe you’ll attend some kind of, I don’t know, after party or something like that. But again, the entire purpose of that will be business, business as usual.

And there is much more of sense of camaraderie. And really, I suppose if somebody is listening to this and is kind of on the fence about these events, definitely I would draw your attention to that fact. And although if you are perhaps slightly more on the introverted side, it doesn’t necessarily make it a hundred percent easier to attend, and this feeling that you’ll just suddenly be embraced by everybody in the hallway, it probably won’t work that way. But there is definitely a more friendly atmosphere. There’s a different, and dare I say it, vibe going on, which I have always really appreciated. It definitely feels less corporate, more friendly. There’s more of an opportunity to make friendships, for want of a better way of describing it.

[00:26:07] Karla Campos: Yes. And also, I’m sure you know Michelle Frechette.

[00:26:10] Nathan Wrigley: Oh, yeah.

[00:26:11] Karla Campos: I think everyone knows Michelle. She’s organising something called WP Trail Buddies. So she’s actually connecting veteran WordCamp attendees with new attendees, so that they can have like a friend, a buddy at the WordCamp that they can do things with, so they don’t feel alone and they feel welcome.

So that’s a new thing, and that sounds, you know, if a person is coming to WordCamp for the first time, they can go that route, you know, they can actually have somebody there with them.

[00:26:37] Nathan Wrigley: I would draw everybody’s attention, if you’ve never been to one of these flagship WordPress events before, there is something particularly good about this Portland one. And the thing that I enjoyed so much last year, I enjoyed the event, but the venue itself was so brilliant, so enormous. There was never this hint of falling over people. There was quite literally acres of space to mill around.

And so the hallway track felt very much, you know, you could take five minutes out and go and sit in the corner over there and get on with your own stuff, what have you. But this would be a really good one to attend. So I would definitely advise people, if you’re on the fence and you kind of think, I maybe should go, I’m not entirely sure. Everything is geared up. We know what that place is like, the conference center is absolutely magnificent. So I would definitely urge people who are wavering, who aren’t entirely sure to give it a go.

And I will put a link into the show notes for the initiative that Michelle Frechette is leading, the WP Trail Buddies. And if you’ve got concerns about showing up and just hanging out and feeling a little bit isolated, then Michelle will be able to introduce you to somebody who has been there, done that, for want of a better word. Again, another reason to have a little look.

And the tickets are really inexpensive. It’s not nothing, but at the moment, I don’t think there’s going to be any change in this. But it’s a flat hundred bucks. And, in all honesty, you’ll probably eat more than a hundred dollars worth of food in the time that you’re there. So the ticket price is just absurdly low.

[00:28:02] Karla Campos: Yes, and we do also have a student pricing of $25, if the students show ID, or proof that they’re enrolled in school. So that’s also like an amazing deal.

[00:28:12] Nathan Wrigley: Now, the events often have a bit of a formula to them. There’ll be presentations, and they will run over a couple of days. So you’ll pick various tracks and you can go and see this person, and then come out into the hallway and hang out in the hallway.

But then also there’s this idea of contributor day. And in contributor day, typically you would select a table, that table will be aligned to some core part of the project. So it could be photography, it could be Core, it could be, I don’t know, polyglots, something like that. And you would allocate your time and decide to work on that for the day.

I have a feeling that you are doing something a little bit different on contributor day this time around. Do you know about that? Do you want to speak about that?

[00:28:51] Karla Campos: We are, but it’s a secret.

[00:28:53] Nathan Wrigley: Is it? Okay.

[00:28:54] Karla Campos: No, it’s a hackathon, but Gail Wallace is going to speak more about that in the coming weeks. So we’re just waiting for her to share all the information about what she’s been working on with that.

But there is something new, which is collaborating remotely for the Testing Team. So that’s fun. That hasn’t been done before.

[00:29:14] Nathan Wrigley: So the Testing Team will be open to kind of like a, more of like a Zoom approach. So it won’t just be people that are attending in the room. They’ll be able to offer the opportunity for people to join live, but remotely. Yeah, that’s really nice. That’s a really nice idea.

The hackathon, I was lucky enough to go to a hackathon earlier this year. I attended CloudFest in Germany, in Rust in Germany. Obviously you are not able to reveal whether you know or otherwise what that will involve. For the people listening to this, I’ll just give you some indication of what that might involve.

And a hackathon, rather than just showing up and deciding on the spur of the moment what it is that you’re going to be involved with. A hackathon is more of a kind of project based thing, where you come to the hackathon with a project that you would like to see finished in a certain way. So you might come and say, during the next day, we’re going to try and do this thing, so we’re going to move from here to here.

And in that way, everybody coalesces on the exact same purpose, and tries to push that thing over the line. And in the hackathons that I’ve been to, again, there’s this sort of slightly tongue in cheek, fun, competitive edge as well, where at the end of the day, different people from the different teams sort of stand up and say exactly what they did and how they did.

And then there’s kind of like a voting, there’s a panel of people who decide who the, and I’m doing air quotes, who the winner is. So, again, obviously I’m not going to try and get you to reveal any details, but that kind of component, if it is anything like that, that really does bring something new and a bit of fun, I think.

[00:30:40] Karla Campos: Yeah, I think people enjoy, when it’s friendly competition on something that they’re passionate about building, I think they enjoy that, like sports. So it’s exciting.

[00:30:49] Nathan Wrigley: Yeah, that’s a good way of describing it, sporty, competitive edge kind of thing, isn’t it? Just sort of rehashing a bit of a question I asked a minute ago though. Obviously, like I said, you’ve been involved in these kind of events before in different spheres. Is there anything that you think, if you were to rerun your time, and maybe you’ll be involved in next year’s WordCamp US, I don’t know. Is there anything where you think, do you know what, I think we could try this, or we should jettison that? Obviously nobody’s implying that you are going to be the decision maker in any of this, but are there any bits and pieces that you think, well, we should definitely try that, or we should definitely maybe lose that?

[00:31:23] Karla Campos: I think we’ve had so many ideas, and we were all just kind of thrown together as a new team. And there were so many ideas flying around that we just couldn’t get to. So we’re doing the best ones that we thought about, but like there were so many others that we could’ve included.

So I’m not sure if I’m going to be joining next year or not, I haven’t planned that out yet. But I think we’re going to at least have a discussion with the organisers about just kind of like looking back, hey, what did we like. Let’s leave little notes for the next year’s organising team so that they can, you know, they can know what to expect.

But now we have a roadmap together as a team. So I think it’s fun. And we’ll be way more prepared next year and add more fun stuff that we just didn’t have time for. But we’re all very creative, so you know how those discussions go when everybody’s creative, throwing ideas. And it’s like, all right, we have to pick just three because all of these are great but, you know, we’re on a time constraint, so we just execute these.

So I think it’s been fun all around. But yeah, just kind of getting all the ideas that we had together and executing them next year.

[00:32:23] Nathan Wrigley: I think it’s kind of an important moment for these kind of events because they’ve been running largely on the same format for a really long time. And there’s definitely, in events outside of the WordPress space, there definitely are some of these fun ideas kind of creeping in, making it a little bit more entertainment, if you know what I mean, at the same time as being educational and informative. And I think it would be interesting to sound some of those different organisations out. Maybe go to the different events like DrupalCon and things like that, and see how they do things differently. See how sponsorship works and so on and so forth.

Now, one question, which I think probably will be rounding off the episode, if that’s all right with you, would be to ask you, when does your involvement with this end? And I don’t mean, you know, that you might get involved next year. Because obviously I’m going to attend, and the minute the whole thing is finished, it’s kind of more or less over for me. I may go back to the hotel or spend a few days in Portland having a look around or what have you. But for me, the event has kind of finished at that moment. For you, I’m guessing that’s not the case. Do you have any anticipation of what it will involve in terms of collapsing the event down? At what point it will be considered to be finished by the team?

[00:33:28] Karla Campos: Well, physically we have to be out by a certain date and everything cleaned out. So I am planning to stay there a little bit longer to handle that with the rest of the team. But I think we should be done by the 31st. Everything should be cleared out, physically.

But then of course we’re going to reunite and just kind of have a meeting and talk about the experience. And like we were talking about, what can we do better next year? And I think maybe, I think we’re still going to be in talks at least two weeks after the event is over to kind of close that out as a team.

[00:33:59] Nathan Wrigley: Yeah. So it definitely doesn’t end on the day that it’s going to end for me. So, yeah, there’s another example of the amount that people like you are doing.

I would just draw attention to the fact that clearly this is not an event which is being organised entirely by you. There’s obviously a huge team of people going on in the background. And it would be remiss of us not to thank all of them. Can’t mention them all by name, but if you go to the website, I’m sure there’ll be places where you can go and find out who is involved in the team.

Don’t forget that if you want to get tickets and you’re a student, you can pay just $25 for a, basically three day event. I mean, that’s nuts. Or if you are not a student and you want to attend, then $100. And there are still, I think, some additional options that you can explore, perhaps sponsorship options and things like that, above and beyond that as well.

So, Karla, that’s all the questions I’ve got. Is there anything that I’ve missed? Is there anything prior to recording to this you thought, ah, I must remember to say that, but didn’t get a chance to say it?

[00:34:57] Karla Campos: I just want to say thank you everyone for even thinking of attending. It’s going to be a great event. We have amazing speakers all about the future of WordPress and AI. How everything in technology is changing, what that means for your business now. Or if you have plans for a new business, what it means for you in your career. It’s going to be just a great place to network with people in the field, and I’m extremely excited. So I hope you’re excited just like I am. And I hope to see you guys at the WordCamp US 2025.

[00:35:26] Nathan Wrigley: So I should probably at this point mention that the links to anything that we’ve mentioned so far will be in the show notes. But if you do wish to find out more about it, head to us.wordcamp.org/2025. And as is usually the case, there’s a whole bunch of links at the top of that website.

So for example, you can look at the schedule, so see who’s speaking. You can look and dig into the location and about it. And obviously buying the tickets as well, that’s all going to be there. So us.wordcamp.org/2025, the numbers.

There we go. Thank you very much for chatting to me today, Karla Campos. Really, really appreciate it. And very, very best of luck with the event. I hope to see you there.

[00:36:07] Karla Campos: Thank you, Nathan.

On the podcast today we have Karla Campos.

Karla has been involved in the WordPress community for over 10 years, starting out in Miami and taking part in meetups and WordCamps before stepping into larger organisational roles. With a background in media and marketing, Karla brings plenty of experience in both web and events to the world of WordPress.

Karla joins us today as a lead organiser for the upcoming WordCamp US 2025, which will take place in Portland at the end of August. Remarkably, this is her first flagship WordCamp, she’s organising before ever attending.

We discuss what motivated Karla to take on this major responsibility, how she balances the volunteer work with her professional life, and the challenges, expected and unexpected, along the way.

We discuss the organisation of such a huge event, from working with a professional production company to handling the logistics, communications, accessibility requests, visas, and more for a thousand-plus attendees. Karla shares how the community side of the event is managed, the late-night worries, and what it really takes, both in time and personal commitment, to make WordCamp US happen, especially as a volunteer.

She also highlights some new initiatives for this year’s event, renewed efforts to welcome students and first-time attendees, including student ticket pricing and the WP Trail Buddy’s program to help newcomers feel at home. She also teases the introduction of a hackathon-style Contributor Day and new remote collaboration options.

If you’ve ever wondered what goes on behind the scenes of WordCamp US, how it’s organised, how volunteers are supported, and what motivates people like Karla to invest their own time and resources, this episode is for you.

Useful links

WordCamp US 2025

 WP Trail Buddy

Automating Design Systems: Tips And Resources For Getting Started

A design system is more than just a set of colors and buttons. It’s a shared language that helps designers and developers build good products together. At its core, a design system includes tokens (like colors, spacing, fonts), components (such as buttons, forms, navigation), plus the rules and documentation that tie all together across projects.

If you’ve ever used systems like Google Material Design or Shopify Polaris, for example, then you’ve seen how design systems set clear expectations for structure and behavior, making teamwork smoother and faster. But while design systems promote consistency, keeping everything in sync is the hard part. Update a token in Figma, like a color or spacing value, and that change has to show up in the code, the documentation, and everywhere else it’s used.

The same thing goes for components: when a button’s behavior changes, it needs to update across the whole system. That’s where the right tools and a bit of automation can make the difference. They help reduce repetitive work and keep the system easier to manage as it grows.

In this article, we’ll cover a variety of tools and techniques for syncing tokens, updating components, and keeping docs up to date, showing how automation can make all of it easier.

The Building Blocks Of Automation

Let’s start with the basics. Color, typography, spacing, radii, shadows, and all the tiny values that make up your visual language are known as design tokens, and they’re meant to be the single source of truth for the UI. You’ll see them in design software like Figma, in code, in style guides, and in documentation. Smashing Magazine has covered them before in great detail.

The problem is that they often go out of sync, such as when a color or component changes in design but doesn’t get updated in the code. The more your team grows or changes, the more these mismatches show up; not because people aren’t paying attention, but because manual syncing just doesn’t scale. That’s why automating tokens is usually the first thing teams should consider doing when they start building a design system. That way, instead of writing the same color value in Figma and then again in a configuration file, you pull from a shared token source and let that drive both design and development.

There are a few tools that are designed to help make this easier.

Token Studio

Token Studio is a Figma plugin that lets you manage design tokens directly in your file, export them to different formats, and sync them to code.

Specify

Specify lets you collect tokens from Figma and push them to different targets, including GitHub repositories, continuous integration pipelines, documentation, and more.

NameDesignTokens.guide

NamedDesignTokens.guide helps with naming conventions, which is honestly a common pain point, especially when you’re working with a large number of tokens.

Once your tokens are set and connected, you’ll spend way less time fixing inconsistencies. It also gives you a solid base to scale, whether that’s adding themes, switching brands, or even building systems for multiple products.

That’s also when naming really starts to count. If your tokens or components aren’t clearly named, things can get confusing quickly.

Note: Vitaly Friedman’s “How to Name Things” is worth checking out if you’re working with larger systems.

From there, it’s all about components. Tokens define the values, but components are what people actually use, e.g., buttons, inputs, cards, dropdowns — you name it. In a perfect setup, you build a component once and reuse it everywhere. But without structure, it’s easy for things to “drift” out of scope. It’s easy to end up with five versions of the same button, and what’s in code doesn’t match what’s in Figma, for example.

Automation doesn’t replace design, but rather, it connects everything to one source.

The Figma component matches the one in production, the documentation updates when the component changes, and the whole team is pulling from the same library instead of rebuilding their own version. This is where real collaboration happens.

Here are a few tools that help make that happen:

Tool What It Does
UXPin Merge Lets you design using real code components. What you prototype is what gets built.
Supernova Helps you publish a design system, sync design and code sources, and keep documentation up-to-date.
Zeroheight Turns your Figma components into a central, browsable, and documented system for your whole team.
How Does Everything Connect?

A lot of the work starts right inside your design application. Once your tokens and components are in place, tools like Supernova help you take it further by extracting design data, syncing it across platforms, and generating production-ready code. You don’t need to write custom scripts or use the Figma API to get value from automation; these tools handle most of it for you.

But for teams that want full control, Figma does offer an API. It lets you do things like the following:

  • Pull token values (like colors, spacing, typography) directly from Figma files,
  • Track changes to components and variants,
  • Tead metadata (like style names, structure, or usage patterns), and
  • Map which components are used where in the design.

The Figma API is REST-based, so it works well with custom scripts and automations. You don’t need a huge setup, just the right pieces. On the development side, teams usually use Node.js or Python to handle automation. For example:

  • Fetch styles from Figma.
  • Convert them into JSON.
  • Push the values to a design token repo or directly into the codebase.

You won’t need that level of setup for most use cases, but it’s helpful to know it’s there if your team outgrows no-code tools.

  • Where do your tokens and components come from?
  • How do updates happen?
  • What tools keep everything connected?

The workflow becomes easier to manage once that’s clear, and you spend less time trying to fix changes or mismatches. When tokens, components, and documentation stay in sync, your team moves faster and spends less time fixing the same issues.

Extracting Design Data

Figma is a collaborative design tool used to create UIs: buttons, layouts, styles, components, everything that makes up the visual language of the product. It’s also where all your design data lives, which includes the tokens we talked about earlier. This data is what we’ll extract and eventually connect to your codebase. But first, you’ll need a setup.

To follow along:

  1. Go to figma.com and create a free account.
  2. Download the Figma desktop app if you prefer working locally, but keep an eye on system requirements if you’re on an older device.

Once you’re in, you’ll see a home screen that looks something like the following:

From here, it’s time to set up your design tokens. You can either create everything from scratch or use a template from the Figma community to save time. Templates are a great option if you don’t want to build everything yourself. But if you prefer full control, creating your setup totally works too.

There are other ways to get tokens as well. For example, a site like namedesigntokens.guide lets you generate and download tokens in formats like JSON. The only catch is that Figma doesn’t let you import JSON directly, so if you go that route, you’ll need to bring in a middle tool like Specify to bridge that gap. It helps sync tokens between Figma, GitHub, and other places.

For this article, though, we’ll keep it simple and stick with Figma. Pick any design system template from the Figma community to get started; there are plenty to choose from.

Depending on the template you choose, you’ll get a pre-defined set of tokens that includes colors, typography, spacing, components, and more. These templates come in all types: website, e-commerce, portfolio, app UI kits, you name it. For this article, we’ll be using the /Design-System-Template--Community because it includes most of the tokens you’ll need right out of the box. But feel free to pick a different one if you want to try something else.

Once you’ve picked your template, it’s time to download the tokens. We’ll use Supernova, a tool that connects directly to your Figma file and pulls out design tokens, styles, and components. It makes the design-to-code process a lot smoother.

Step 1: Sign Up on Supernova

Go to supernova.io and create an account. Once you’re in, you’ll land on a dashboard that looks like this:

Step 2: Connect Your Figma File

To pull in the tokens, head over to the Data Sources section in Supernova and choose Figma from the list of available sources. (You’ll also see other options like Storybook or Figma variables, but we’re focusing on Figma.) Next, click on Connect a new file, paste the link to your Figma template, and click Import.

Supernova will load the full design system from your template. From your dashboard, you’ll now be able to see all the tokens.

Turning Tokens Into Code

Design tokens are great inside Figma, but the real value shows when you turn them into code. That’s how the developers on your team actually get to use them.

Here’s the problem: Many teams default to copying values manually for things like color, spacing, and typography. But when you make a change to them in Figma, the code is instantly out of sync. That’s why automating this process is such a big win.

Instead of rewriting the same theme setup for every project, you generate it, constantly translating designs into dev-ready assets, and keep everything in sync from one source of truth.

Now that we’ve got all our tokens in Supernova, let’s turn them into code. First, go to the Code Automation tab, then click New Pipeline. You’ll see different options depending on what you want to generate: React Native, CSS-in-JS, Flutter, Godot, and a few others.

Let’s go with the CSS-in-JS option for the sake of demonstration:

After that, you’ll land on a setup screen with three sections: Data, Configuration, and Delivery.

Data

Here, you can pick a theme. At first, it might only give you “Black” as the option; you can select that or leave it empty. It really doesn’t matter for the time being.

Configuration

This is where you control how the code is structured. I picked PascalCase for how token names are formatted. You can also update how things like spacing, colors, or font styles are grouped and saved.

Delivery

This is where you choose how you want the output delivered. I chose “Build Only”, which builds the code for you to download.

Once you’re done, click Save. The pipeline is created, and you’ll see it listed in your dashboard. From here, you can download your token code, which is already generated.

Automating Documentation

So, what’s the point of documentation in a design system?

You can think of it as the instruction manual for your team. It explains what each token or component is, why it exists, and how to use it. Designers, developers, and anyone else on your team can stay on the same page — no guessing, no back-and-forth. Just clear context.

Let’s continue from where we stopped. Supernova is capable of handling your documentation. Head over to the Documentation tab. This is where you can start editing everything about your design system docs, all from the same place.

You can:

  • Add descriptions to your tokens,
  • Define what each base token is for (as well as what it’s not for),
  • Organize sections by colors, typography, spacing, or components, and
  • Drop in images, code snippets, or examples.

You’re building the documentation inside the same tool where your tokens live. In other words, there’s no jumping between tools and no additional setup. That’s where the automation kicks in. You edit once, and your docs stay synced with your design source. It all stays in one environment.

Once you’re done, click Publish and you will be presented with a new window asking you to sign in. After that, you’re able to access your live documentation site.

Practical Tips For Automations

Automation is great. It saves hours of manual work and keeps your design system tight across design and code. The trick is knowing when to automate and how to make sure it keeps working over time. You don’t need to automate everything right away. But if you’re doing the same thing over and over again, that’s a kind of red flag.

A few signs that it’s time to consider using automation:

  • You’re using the same styles across multiple platforms (like web and mobile).
  • You have a shared design system used by more than one team.
  • Design tokens change often, and you want updates to flow into code automatically.
  • You’re tired of manual updates every time the brand team tweaks a color.

There are three steps you need to consider. Let’s look at each one.

Step 1: Keep An Eye On Tools And API Updates

If your pipeline depends on design tools, like Figma, or platforms, like Supernova, you’ll want to know when changes are made and evaluate how they impact your work, because even small updates can quietly affect your exports.

It’s a good idea to check Figma’s API changelog now and then, especially if something feels off with your token syncing. They often update how variables and components are structured, and that can impact your pipeline. There’s also an RSS feed for product updates.

The same goes for Supernova’s product updates. They regularly roll out improvements that might tweak how your tokens are handled or exported. If you’re using open-source tools like Style Dictionary, keeping an eye on the GitHub repo (particularly the Issues tab) can save you from debugging weird token name changes later.

All of this isn’t about staying glued to release notes, but having a system to check if something suddenly stops working. That way, you’ll catch things before they reach production.

Step 2: Break Your Pipeline Into Smaller Steps

A common trap teams fall into is trying to automate everything in one big run: colors, spacing, themes, components, and docs, all processed in a single click. It sounds convenient, but it’s hard to maintain, and even harder to debug.

It’s much more manageable to split your automation into pieces. For example, having a single workflow that handles your core design tokens (e.g., colors, spacing, and font sizes), another for theme variations (e.g., light and dark themes), and one more for component mapping (e.g., buttons, inputs, and cards). This way, if your team changes how spacing tokens are named in Figma, you only need to update one part of the workflow, not the entire system. It’s also easier to test and reuse smaller steps.

Step 3: Test The Output Every Time

Even if everything runs fine, always take a moment to check the exported output. It doesn’t need to be complicated. A few key things:

  • Are the token names clean and readable?
    If you see something like PrimaryColorColorText, that’s a red flag.
  • Did anything disappear or get renamed unexpectedly?
    It happens more often than you think, especially with typography or spacing tokens after design changes.
  • Does the UI still work?
    If you’re using something like Tailwind, CSS variables, or custom themes, double-check that the new token values aren’t breaking anything in the design or build process.

To catch issues early, it helps to run tools like ESLint or Stylelint right after the pipeline completes. They’ll flag odd syntax or naming problems before things get shipped.

How AI Can Help

Once your automation is stable, there’s a next layer that can boost your workflow: AI. It’s not just for writing code or generating mockups, but for helping with the small, repetitive things that eat up time in design systems. When used right, AI can assist without replacing your control over the system.

Here’s where it might fit into your workflow:

Naming Suggestions

When you’re dealing with hundreds of tokens, naming them clearly and consistently is a real challenge. Some AI tools can help by suggesting clean, readable names for your tokens or components based on patterns in your design. It’s not perfect, but it’s a good way to kickstart naming, especially for large teams.

Pattern Recognition

AI can also spot repeated styles or usage patterns across your design files. If multiple buttons or cards share similar spacing, shadows, or typography, tools powered by AI can group or suggest components for systemization even before a human notices.

Automated Documentation

Instead of writing everything from scratch, AI can generate first drafts of documentation based on your tokens, styles, and usage. You still need to review and refine, but it takes away the blank-page problem and saves hours.

Here are a few tools that already bring AI into the design and development space in practical ways:

  • Uizard: Uizard uses AI to turn wireframes into designs automatically. You can sketch something by hand, and it transforms that into a usable mockup.
  • Anima: Anima can convert Figma designs into responsive React code. It also helps fill in real content or layout structures, making it a powerful bridge between design and development, with some AI assistance under the hood.
  • Builder.io: Builder uses AI to help generate and edit components visually. It's especially useful for marketers or non-developers who need to build pages fast. AI helps streamline layout, content blocks, and design rules.
Conclusion

This article is not about achieving complete automation in the technical sense, but more about using smart tools to streamline the menial and manual aspects of working with design systems. Exporting tokens, generating docs, and syncing design with code can be automated, making your process quicker and more reliable with the right setup.

Instead of rebuilding everything from scratch every time, you now have a way to keep things consistent, stay organized, and save time.

Further Reading

UX Job Interview Helpers

When talking about job interviews for a UX position, we often discuss how to leave an incredible impression and how to negotiate the right salary. But it’s only one part of the story. The other part is to be prepared, to ask questions, and to listen carefully.

Below, I’ve put together a few useful resources on UX job interviews — from job boards to Notion templates and practical guides. I hope you or your colleagues will find it helpful.

The Design Interview Kit

As you are preparing for that interview, get ready with the Design Interview Kit (Figma), a helpful practical guide that covers how to craft case studies, solve design challenges, write cover letters, present your portfolio, and negotiate your offer. Kindly shared by Oliver Engel.

The Product Designer’s (Job) Interview Playbook (PDF)

The Product Designer’s (Job) Interview Playbook (PDF) is a practical little guide for designers through each interview phase, with helpful tips and strategies on things to keep in mind, talking points, questions to ask, red flags to watch out for and how to tell a compelling story about yourself and your work. Kindly put together by Meghan Logan.

From my side, I can only wholeheartedly recommend to not only speak about your design process. Tell stories about the impact that your design work has produced. Frame your design work as an enabler of business goals and user needs. And include insights about the impact you’ve produced — on business goals, processes, team culture, planning, estimates, and testing.

Also, be very clear about the position that you are applying for. In many companies, titles do matter. There are vast differences in responsibilities and salaries between various levels for designers, so if you see yourself as a senior, review whether it actually reflects in the position.

A Guide To Successful UX Job Interviews (+ Notion template)

Catt Small’s Guide To Successful UX Job Interviews, a wonderful practical series on how to build a referral pipeline, apply for an opening, prepare for screening and interviews, present your work, and manage salary expectations. You can also download a Notion template.

30 Useful Questions To Ask In UX Job Interviews

In her wonderful article, Nati Asher has suggested many useful questions to ask in a job interview when you are applying as a UX candidate. I’ve taken the liberty of revising some of them and added a few more questions that might be worth considering for your next job interview.

  1. What are the biggest challenges the team faces at the moment?
  2. What are the team’s main strengths and weaknesses?
  3. What are the traits and skills that will make me successful in this position?
  4. Where is the company going in the next 5 years?
  5. What are the achievements I should aim for over the first 90 days?
  6. What would make you think “I’m so happy we hired X!”?
  7. Do you have any doubts or concerns regarding my fit for this position?
  8. Does the team have any budget for education, research, etc.?
  9. What is the process of onboarding in the team?
  10. Who is in the team, and how long have they been in that team?
  11. Who are the main stakeholders I will work with on a day-to-day basis?
  12. Which options do you have for user research and accessing users or data?
  13. Are there analytics, recordings, or other data sources to review?
  14. How do you measure the impact of design work in your company?
  15. To what extent does management understand the ROI of good UX?
  16. How does UX contribute strategically to the company’s success?
  17. Who has the final say on design, and who decides what gets shipped?
  18. What part of the design process does the team spend most time on?
  19. How many projects do designers work on simultaneously?
  20. How has the organization overcome challenges with remote work?
  21. Do we have a design system, and in what state is it currently?
  22. Why does a company want to hire a UX designer?
  23. How would you describe the ideal candidate for this position?
  24. What does a career path look like for this role?
  25. How will my performance be evaluated in this role?
  26. How long do projects take to launch? Can you give me some examples?
  27. What are the most immediate projects that need to be addressed?
  28. How do you see the design team growing in the future?
  29. What traits make someone successful in this team?
  30. What’s the most challenging part of leading the design team?
  31. How does the company ensure it’s upholding its values?

Before a job interview, have your questions ready. Not only will they convey a message that you care about the process and the culture, but also that you understand what is required to be successful. And this fine detail might go a long way.

Don’t Forget About The STAR Method

Interviewers closer to business will expect you to present examples of your work using the STAR method (Situation — Task — Action — Result), and might be utterly confused if you delve into all the fine details of your ideation process or the choice of UX methods you’ve used.

  • Situation: Set the scene and give necessary details.
  • Task: Explain your responsibilities in that situation.
  • Action: Explain what steps you took to address it.
  • Result: Share the outcomes your actions achieved.

As Meghan suggests, the interview is all about how your skills add value to the problem the company is currently solving. So ask about the current problems and tasks. Interview the person who interviews you, too — but also explain who you are, your focus areas, your passion points, and how you and your expertise would fit in a product and in the organization.

Wrapping Up

A final note on my end: never take a rejection personally. Very often, the reasons you are given for rejection are only a small part of a much larger picture — and have almost nothing to do with you. It might be that a job description wasn’t quite accurate, or the company is undergoing restructuring, or the finances are too tight after all.

Don’t despair and keep going. Write down your expectations. Job titles matter: be deliberate about them and your level of seniority. Prepare good references. Have your questions ready for that job interview. As Catt Small says, “once you have a foot in the door, you’ve got to kick it wide open”.

You are a bright shining star — don’t you ever forget that.

Job Boards

Useful Resources

Meet “Smart Interface Design Patterns”

You can find more details on design patterns and UX in Smart Interface Design Patterns, our 15h-video course with 100s of practical examples from real-life projects — with a live UX training later this year. Everything from mega-dropdowns to complex enterprise tables — with 5 new segments added every year. Jump to a free preview. Use code BIRDIE to save 15% off.

Meet Smart Interface Design Patterns, our video course on interface design & UX.

Video + UX Training

$ 495.00 $ 699.00 Get Video + UX Training

25 video lessons (15h) + Live UX Training.
100 days money-back-guarantee.

Video only

$ 300.00$ 395.00
Get the video course

40 video lessons (15h). Updated yearly.
Also available as a UX Bundle with 2 video courses.

Received yesterday — 6 August 2025Design

How to Auto Export WordPress Form Entries (The Easy Way)

4 August 2025 at 10:00

If you regularly collect form submissions in WordPress, then exporting that data manually can quickly become a chore. Whether you’re tracking leads, orders, or feedback, downloading all those entries one by one takes time, and it’s easy to miss something important.

Unfortunately, WordPress doesn’t offer a built-in way to auto export form entries. But with WPForms, I discovered that I could automate the entire process using their export tool—no need to install extra plugins or mess with custom code.

Instead of manually downloading CSV files or copying data from the dashboard, WPForms saves entries in clean, structured files on a schedule you can control.

In this guide, I’ll show you how to set up automatic form exports in WPForms so that your submissions stay organized without any extra effort.

Auto Export WordPress Form Entries

Why Auto Export WordPress Form Entries?

Automatically exporting WordPress form entries lets you save and organize data from those form submissions without any manual effort.

Instead of logging in to download submissions every time someone fills out a form, you can automatically send the data to your email, cloud storage account, or another connected app.

It’s a simple way to keep everything sorted, backed up, and accessible, without having to think about it.

Most WordPress website owners rely on forms to collect leads, orders, feedback, or bookings. But once submissions start adding up, manually managing them takes more and more time. That’s where auto export becomes really useful.

With automatic exports, you can:

  • Back up form entries to a location you control.
  • Cut down on repetitive admin work.
  • Keep your data organized and easy to access.
  • Avoid missing or overlooking submissions.
  • Simplify your reporting and follow-up process.

Once it’s running, auto export takes care of everything in the background, so you can focus on the work that actually moves your site forward.

Now, I’ll show you how to auto export form entries using WPForms:

How to Auto Export WordPress Form Entries

The best way to auto export WordPress form entries is by using WPForms, which is the best contact form plugin for WordPress.

It comes with a powerful Entry Automation addon designed exactly for this purpose.

Whether you want to email reports regularly, back up submissions to Google Drive, or automatically delete entries after they’re processed, this addon quietly handles everything in the background—no manual steps required.

WPForms' homepage

At WPBeginner, we use WPForms ourselves to create all kinds of forms, from simple contact forms to our annual reader survey.

We’ve also tested all its features thoroughly and included them in our detailed WPForms review.

It’s one of those tools that just works and saves us time behind the scenes, which is why I confidently recommend it to beginners and pros alike.

Plus, getting started with it is quick and easy.

Step 1: Install and Activate the WPForms Plugin

First, you need to install and activate the WPForms plugin.

If you’re not sure how to do this, then we have a step-by-step guide on how to install a WordPress plugin to help you out.

👉 Note: WPForms offers a free version that you can use to create basic contact forms. However, the Entry Automation addon is only available with the Elite plan.

Upon plugin activation, you have to activate your license key. To do this, go to the WPForms » Settings page in your WordPress dashboard and add your license key.

You can get this information from your account area on the WPForms website. This will unlock all the features available in your plan, including access to premium addons like Entry Automation.

WPForms license key field

Now that your license is active, head over to the WPForms » Addons page from your WordPress admin sidebar.

Here, look for the ‘Entry Automation Addon’ in the list. Once you find it, click the ‘Install Addon’ button to activate it on your website.

Install and activate the Entry Automation addon
Step 2: Set Up the Form You’ll Use for Automatic Exports

Now that WPForms and the Entry Automation addon are active, it’s time to create the form with the entries you want to export automatically.

To get started, visit the WPForms » Add New page in your WordPress dashboard and a name for your form.

Then, you can either choose a premade template like a contact form, registration form, or feedback form—or build one from scratch using the drag-and-drop builder.

If you want to speed things up even more, WPForms includes an AI Form Builder that can generate a complete form for you in seconds.

All you have to do is type in a short prompt, like ‘a simple customer feedback form,’ and the AI will instantly create a form with the right fields, layout, and structure. I’ve tested this feature myself, and it works really well.

Choose a form template in WPForms

Now, you will be taken to the visual builder where you can easily customize your form by dragging fields from the left panel into your form layout on the right.

You can add fields like Name, Email, Dropdowns, Checkboxes, File Upload, and more based on the type of information you need to collect.

Form in form builder

If you’d like more help building the right form, I’ve got you covered. At WPBeginner, we’ve written step-by-step tutorials to walk you through different form types:

Once your form looks good, you can configure its confirmation email settings. Then, click the ‘Save’ button at the top to store your changes.

Step 3: Set Up Automatic Export for Your Form Submissions

Now that your form is ready, it’s time to automate your exports so that you don’t have to manually download form entries ever again.

To do this, switch to the Settings » Entry Automation tab in the WPForms builder. This is where you’ll manage everything related to automatic exporting and deleting entries.

To begin, click the ‘Add New Task’ button.

Click the Add New Task button in WPForms

Once you do that, a prompt will open up, where you have to give a name to your task. I recommend choosing something clear like ‘Weekly Contact Form Export to Email’ so it’s easy to remember later.

This task will be like setting up a small workflow for your form. You can even create multiple tasks for one form, such as one task to send weekly email reports and another to back up entries to Google Drive.

After entering the name, click the ‘OK’ button to move forward.

Add a name for your automation task in WPForms

Next, you’ll be asked to choose a task type.

WPForms gives you two options: Export Entries and Delete Entries. For now, you need to select the ‘Export Entries’ option.

You can always come back later and set up a deletion task if needed. For example, to automatically remove old submissions after 30 days.

Choose the Export Entries option in WPForms

After choosing to export entries, you’ll see a few settings related to how your export file should be named. You can type a name manually, but I recommend using Smart Tags.

These tags can automatically pull in things like the form name or the date, which helps keep your files organized without any extra work on your part.

Just click the Smart Tag icon to see your options and insert the ones that make sense for you.

Choose a file name for export file with smart tags in WPForms

Next, let’s talk about how your form entries will be exported and where they’ll end up. I recommend choosing your file format first — this determines how your data will be organized when it’s sent out.

WPForms gives you several file types to pick from, and each one has its own advantages:

  • CSV – The default option, perfect for spreadsheet tools like Microsoft Excel or Google Sheets.
  • Excel (XLSX) – This format preserves basic styling and structure, making reports look cleaner and more professional right out of the box. I recommend this option if you plan to share the file directly with clients or non-techy people who use Microsoft Excel.
  • PDF – Great for clean, printable summaries. I like this option when I want something polished to share in a meeting.
  • JSON – Best suited for developers or users integrating the data into other systems or apps.
Choose a file format for export files in WPForms

Once that is done, it’s time to decide where the exported file should go.

WPForms lets you automate this too, so you don’t have to manually send or upload anything. Here are your destination options:

  • Email – Send the export to one or more email addresses.
  • Google Drive – Save a copy of the export directly to your Google Drive account.
  • Dropbox – Store the file in your Dropbox folder for easy sharing and access.
  • FTP – Upload the export to a server using FTP. This option is designed for more advanced users or developers who need to send data to a custom application or a separate server.

Once you select your destination, WPForms will walk you through the connection steps.

For example, if you choose ‘Email’, then you will need to add the email address where the entries would be sent. On the other hand, if you choose Dropbox, then you will have to integrate it with WPForms.

Choose where to export form entries in WPForms

However, you don’t need to worry, since the plugin makes the process super beginner-friendly. Just follow the steps on the screen.

Step 4: Choose Form Fields and Apply Entry Filters Before Exporting

After setting your export format and destination, scroll down to configure what data should be included in the export and whether you want to filter the entries.

First, you’ll see the ‘Entry Information’ section. This area is neatly divided into two parts: Form Fields and Additional Information, giving you full control over what gets shared.

Under ‘Form Fields’, you’ll see the actual fields from your form—like Name, Email, and Comment or Message. Just check the boxes for the fields you want to include.

If you’re exporting a longer form with multiple inputs, you can use the ‘Select All’ option to save time.

Choose form fields to add in the exported file in WPForms

Then there’s the ‘Additional Information’ section. This includes extra details that WPForms tracks automatically, like Entry ID, Entry Date, Entry Notes, and Type.

You can select any combination of these fields to customize your export. I’ve found this especially useful if you only need a few key pieces of information for a weekly report or want to hide internal notes before sharing a file externally.

Choose Additional Information to add in exported file in WPForms

Below that is the ‘Filter’ section. This is where you can narrow down your export to include only the entries that meet certain conditions—for example, submissions from a certain date range or entries that include specific responses.

By default, WPForms sets the filter to ‘Any Field contains’, but you can customize this to narrow down entries based on specific form fields and values.

For example, if your contact form includes a dropdown like ‘Reason for Contact’, you could filter to only export entries where the reason is ‘Support Request’ or ‘Business Inquiry’.

This helps keep your exports focused on the types of messages you care about most.

Filter form entries based on different conditions in WPForms

You can also filter based on the status of the entry. WPForms lets you choose whether to include entries that are Published, Abandoned, or marked as Spam.

I recommend this filter if you want clean, finalized submissions in your export, or if you want to analyze incomplete or flagged messages separately.

Filter form entries based on publication status in WPForms

Additionally, you can choose to export all contact form entries or just the new submissions since your last export. This is a useful option for automating reports without duplicating data.

Once you’ve chosen which fields and filters to apply, WPForms will tailor the export exactly to your needs.

Use the export filter in WPForms
Step 5: Schedule WordPress Form Entries Export

Once your export settings and filters are in place, the final step is to schedule when you want WPForms to run the export automatically.

For this, scroll down to the ‘Schedule’ section.

You can start by choosing how often the export should happen. You can set it to run daily, weekly, or monthly, depending on how often you need updates.

Schedule Form entries export in WPForms

Next, pick the specific day(s) you want the export to run—like every Monday or the 1st of each month. You also need to add a start date and, optionally, an end date if you’re only exporting for a limited time.

WPForms will run the export at midnight by default, but you can customize the time of day to fit your team’s workflow or reporting schedule.

Once that’s done, the plugin takes care of the rest—automatically generating and sending the export file exactly as you configured.

💡Bonus Tip: To start collecting entries, you’ll also need to embed the form you just configured into a page on your website. For details, check out our step-by-step guide on how to embed forms in WordPress.

Step 6: Add a Task to Delete Form Entries After Export (Optional)

Once your form is live and the automation is running, you can go one step further by setting up a separate task to delete the entries after they’ve been exported.

WPForms doesn’t bundle this into the export task itself. Instead, you’ll need to create a new task with the ‘Delete Entries’ option and configure it to run after the export.

Don’t forget to toggle the ‘Run After Previous Task’ switch to make sure the tasks run in sequence.

Add the Delete Form Entries task in WPForms

You can even drag to reorder the tasks, so deletion only happens once the data has been safely exported.

This is a great way to keep your WordPress database lean and prevent data bloat. A smaller database helps your site run smoothly and makes your website backups smaller and faster to complete.

Drag and reorder automation tasks in WPForms

It’s also a good data privacy practice. 

By not storing user data on your website longer than necessary, you reduce risk and can more easily comply with privacy regulations like GDPR.

Step 7: Monitor Everything from the Automation Dashboard

If you’re managing multiple forms or scheduling regular exports, then having a clear overview of all your automated tasks is a game-changer.

The Automation Dashboard in WPForms makes this easy by showing all active tasks in one place.

I found this incredibly helpful when testing the feature because it gave me instant visibility into what was running, when, and whether everything was working as expected.

You can access it by going to the WPForms » Tools » Entry Automation page, where you’ll be able to:

  • View all forms with automation tasks configured.
  • Review task types, schedules, and current status.
  • Confirm whether export or delete tasks have run successfully.
Form entry automation dashboard

It’s the simplest way to stay organized and ensure everything is running exactly as planned.

🔄 Bonus: Take Automation Even Further with Uncanny Automator

Automatically exporting data from your WordPress forms is just one way you can save time. I also recommend setting up more automated workflows with Uncanny Automator.

It is the best WordPress automation plugin and comes with built-in integration for WPForms, so you can trigger powerful workflows the moment someone submits a form.

Uncanny Automator

While WPForms’ Entry Automation is perfect for managing the entries themselves (like exporting or deleting them), Uncanny Automator lets you use a form submission as a trigger to perform actions in other plugins or apps.

For example, you can automatically send a notification to Slack, create a new user account, enroll someone in a course, or even generate a WooCommerce coupon when someone fills out a form.

Creating an automation workflow for WPForms and Google Sheets

This can save you tons of time and streamline tasks that used to take hours. It’s a great way to level up your site’s automation without writing any code.

To get started, just see our tutorial on how to create automated workflows in WordPress with Uncanny Automator.

Frequently Asked Questions About WordPress Form Entries

Here are some questions that are frequently asked by our readers about auto exporting WordPress form entries:

What are the limitations of using email to auto export form data?

The main limitation is that the data isn’t stored in a central dashboard. Instead, it lives in your email inbox. That means you’ll need to manually sort, organize, or back up the data if you want to keep records long-term.

There’s also a higher risk of missing something important if your inbox gets cluttered.

In my experience, this setup works well for smaller sites or solo business owners who just want a quick way to check form entries without logging into WordPress.

But as your site grows, you might need something more scalable.

When that time comes, WPForms makes it easy to switch to cloud storage options like Dropbox or Google Drive, so your entries are always backed up and easy to manage.

Is there a way to stop form spam from being exported?

Yes. WPForms includes built-in spam protection tools like Google reCAPTCHA, hCaptcha, and its own smart honeypot feature that help block junk submissions before they ever reach your inbox.

On top of that, WPForms also has a form entry filter that ignores abandoned or partial form submissions. That means your exports only include complete and legitimate entries, which saves time and keeps your records clean.

For details, see our guide on how to block contact form spam in WordPress.

Can exporting form entries reduce database bloat?

Yes, this helps keep your database clean and optimized. When you export entries and then delete them from WordPress, you avoid unnecessary data buildup. This makes backups faster and your admin area more responsive.

Will auto-exporting form entries slow down my WordPress site?

No, auto-exporting form entries won’t affect your site’s speed if set up correctly.

The export process happens in the background, so visitors won’t notice any slowdown when submitting a form. Think of it like a scheduled task on your computer—it runs quietly at a set time without interrupting what you’re doing. 

I didn’t experience any performance issues during testing, even on a site with multiple forms running.

I hope this article helped you learn how to auto export WordPress form entries. You may also be interested in our beginner’s guide on how to create GDPR compliant forms in WordPress and our list of best practices for contact form page design.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Auto Export WordPress Form Entries (The Easy Way) first appeared on WPBeginner.

How to Export and Erase Personal Data in WordPress

1 August 2025 at 10:00

A few years ago, I got my first data deletion request from a user. I’ll admit, I panicked a little. I knew I needed to respect their privacy rights, but I had no idea how to actually remove their data from my WordPress site without breaking anything.

That experience led me to discover something helpful: WordPress has built-in tools made for exactly this situation. Once you know where to find them, they make handling data requests surprisingly easy.

In this guide, I’ll walk you through how to use Export and Erase Personal Data tools in WordPress.

Whether you’re preparing for GDPR, building trust with your users, or just want to be ready for future requests, this tutorial will help you do it with confidence.

How to Export and Erase Personal Data in WordPress

💡 This guide focuses on using WordPress’ built-in tools to remove personal data.

However, these tools may not delete information collected by third-party plugins, especially if the plugin isn’t fully GDPR compliant.

In those cases, you’ll need to check the plugin’s settings or contact the developer directly to make sure all personal data is removed.

What is Personal Data?

Personal data is any information that can be used to identify a person, either directly or indirectly.

On a WordPress site, this includes obvious details like names, usernames, and email addresses.

These are often collected when someone creates an account on your website, submits a contact form, subscribes to your email newsletter using a plugin like WPForms, or leaves a comment on a blog post.

Collecting personal information via the WordPress comment form

It also includes technical data like IP addresses, which can reveal a visitor’s general location. Analytics tools, comment systems, and security plugins often collect this by default.

Personal data can also include behavioral information, such as page views, session activity, or form responses that show user preferences. Even metadata—like the time someone submitted a comment or logged in—counts as personal data under most privacy laws.

All of this information can help build a profile of your users, which is why it’s important to manage it carefully.

Why Data Privacy Matters in WordPress

Privacy laws like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. give users the right to access and delete their personal data. If you run a WordPress site, it’s important to follow these laws and show your visitors that you respect their rights.

Here’s why that matters:

  • You’re legally required to comply. Under laws like the GDPR, you must give users access to their data or delete it upon request. Failing to do so can lead to serious legal trouble, including expensive fines.
  • It helps you build trust with your visitors. When people feel confident that you’re handling their data responsibly, they’re more likely to subscribe, make a purchase, or share their information with you.

If your site feels unsafe or unclear about privacy, then visitors may hesitate to engage or leave altogether.

Ready to learn how to export and erase user data in WordPress? Simply use the quick links below to jump to the section you want to read first:

How to Accept Data Export and Deletion Requests

If someone wants to access or delete their personal data, then you’ll need a simple way for them to send that request.

The easiest method is to add a form to your WordPress site that collects their name, email address, and any extra details you need to identify them.

I recommend using WPForms for this. It’s beginner-friendly and includes ready-made templates like ‘Right to Erasure Request Form’ and ‘Data Request Form’, so you don’t need to start from scratch.

Creating a data erasure form using a ready-made template

WPForms includes drag-and-drop templates that make it easy to build your form without starting from scratch. You can customize the fields and publish the form in just a few clicks.

🌟 Here at WPBeginner, we’re not just recommending WPForms – we built all our own forms with it! That’s right, from our contact pages to our online surveys, it’s all powered by WPForms. 

We’ve put it to the test daily, and that’s why I’m so confident in telling you it’s the real deal. Want to learn more? Then dive into our detailed WPForms review.

There is a WPForms Lite version that is 100% free to use. However, we’ll be using WPForms Pro in this guide because it comes with the ‘Right to Erasure Request Form’ and ‘Data Request’ templates.

First, you’ll need to install and activate WPForms Pro. If you need help, please see our guide on how to install a WordPress plugin.

Once the plugin has been activated, head over to WPForms » Settings in your WordPress dashboard.

How to add a license key to the premium version of WPForms

From here, the first thing you have to do is enter your license key into the ‘License Key’ field. You can find this information in your WPForms account.

That done, head over to WPForms » Add New.

How to create a new form in WPForms

Here, type a name for your form into the ‘Name Your Form’ field.

Your site visitors won’t see the name, so it’s just for your reference.

How to create a privacy and compliance form using WPForms

Now, you’ll need to select the template you want to use.

In the search field, start typing in either ‘Right to Erasure Request Form’ or ‘Data Request’, depending on the kind of form you want to create.

How to select one of WPForms' ready-made form templates

When you find the template you want to use, simply click its ‘Use Template’ button.

This will launch WPForms’ drag-and-drop form builder.

Selecting a ready-made form template to use on your WordPress blog or website

Here, you’ll see a live preview on the right and form fields in the left-hand menu.

To customize any of the template’s built-in fields, simply click to select that field. The left-hand menu will then show all the settings you can use to customize it.

WPForms' drag and drop form builder

Want to add more fields to your form?

Just find the field you want on the left side of your screen and drag and drop it right into your form’s live preview.

How to add fields to a data request form

For more detailed instructions, see our tutorial on how to create a contact form in WordPress.

Once you’re happy with your form, simply click the ‘Save’ button at the top to close the form builder.

How to create a data access form for your WordPress website or blog

Next, open the page or post where you want to add the form that you just created.

From here, click the add block ‘+’ button.

How to add a block in the WordPress content editor

In the popup that appears, start typing in ‘WPForms.’

When the right block appears, simply click to add it to the page or post.

How to embed a form on a WordPress page or post

Once you’ve done that, you need to open the block’s dropdown menu and select the form you just created.

You can now publish or update this page as normal to make the form live on your site.

Accepting data access requests using an online form

Now, simply repeat this process to create separate forms for data access requests and data erasure requests.

How to Monitor Data Access and Erasure Requests

Once your forms are live, you’ll need a way to track incoming data request submissions from your users.

Fortunately, WPForms makes this easy by storing every form entry in your WordPress dashboard.

To find these requests, just go to WPForms » Entries.

Managing data access and deletion requests efficiently using WPForms

Simply click on the form you want to review.

You’ll now see a list of submissions, including any data access or erasure requests users have sent.

Managing privacy and compliance submissions in WordPress

To stay compliant with privacy laws like the General Data Protection Regulation (GDPR), it’s important to review and respond to these requests promptly.

Now, I’ll show you how to export and erase personal data in WordPress.

How to Export Personal Data in WordPress

When someone requests a copy of their personal data, WordPress has a built-in tool that lets you export that information and send them a link to download it.

This step is required under privacy laws like the Personal Data Protection Law (PDPL). It’s also a good way to build trust with your users by showing them exactly what data you’ve collected from them.

💡WordPress sends the data export link via email, so it’s vital these messages arrive safely in their inbox and not the spam folder. That’s why I recommend setting up an SMTP plugin like WP Mail SMTP

We use this plugin on WPBeginner, and it’s had a big impact on our email deliverability rates. Want to learn more? Just read our in-depth WP Mail SMTP review

To begin, you need to go to Tools » Export Personal Data in your WordPress dashboard.

From here, you’ll enter the user’s email address or username and choose how to handle the request.

Exporting the user's data using the built-in WordPress tools

At this point, you have two options: you can either create the request directly in your WordPress dashboard, or you can send the user an email asking them to confirm that they want to export their data.

Let’s explore both options.

Option 1: Request Confirmation via Email

If you want to make sure the request is genuine, WordPress lets you send a confirmation email first. This is a good option when you’re unsure about the user’s identity.

To do this, check the box next to ‘Send personal data export confirmation email.’ Then click on ‘Send request.’

Sending a confirmation email to your WordPress users

The user will receive an email with a confirmation link.

They simply need to click on it.

An example of a data export confirmation email

Then, they’ll see the following message:

“The site administrator has been notified. You will receive a link to download your export via email when they fulfil your request.”

How to request a copy of your personal information

WordPress will now notify you via email.

This email includes some basic information about the user who made the request.

How to export personal information from your WordPress website

You can click the link in this email to go straight to the Tools » Export Personal Data screen.

Here, you’ll see the user’s request is now marked as ‘Confirmed.’

How to comply with important privacy laws by exporting their personal data

To go ahead and process this request, click on ‘Send export link.’

With that done, the user will receive an email containing a link to download their data as a ZIP file.

An example of a completed data access request

Now, WordPress will mark the request as ‘Completed’ in your dashboard. The request will also appear in a separate ‘Completed’ tab, along with all your other completed data export requests. 

In this way, WordPress creates a complete record of all your completed requests. This means you can prove your compliance if you’re ever audited or someone questions your privacy practices. 

Exporting the user's personal information from WordPress upon request

With that in mind, I recommend keeping a complete log. 

However, if you want to remove a completed request at any point, just click its ‘Remove Request’ link.

Removing requests from your compliance record in WordPress
Option 2: Export the Data Immediately

Alternatively, you can create a data request directly in your WordPress dashboard without sending a confirmation email first.

This is helpful if you need to process the data request immediately or if you’re confident that the person making the request is genuine.

For example, they might use an email address that’s already linked to their account or contact you through a support channel where you’ve verified their identity.

In these cases, make sure to uncheck the box next to ‘Send personal data export confirmation email.’

How to send confirmation messages to your customers and users

Then, go ahead and click ‘Send request.’ 

This creates the request in your WordPress dashboard, with the status ‘Confirmed.’

An example of a data export request in the WordPress admin area

To send this person an email with a link to download their data, just click ‘Send export link.’

You can see an example of how this email looks in the previous section.

How to send a personal information export link to your users

As I mentioned before, WordPress will now mark this request as ‘Completed’ in your dashboard. Once again, this is proof that you acted on the visitor’s request, which will be invaluable if you ever need to prove your compliance. 

How to Erase Personal Data in WordPress

If someone asks you to delete their personal data, then WordPress has a built-in tool that helps you do that safely.

This step is required under privacy laws like the Virginia Consumer Data Protection Act (VCDPA), and it’s a key part of staying compliant with GDPR, PDPL, and other international regulations.

The process is similar to exporting data: you create a request, optionally confirm it by email, and then erase the data from your WordPress dashboard.

⚠️ Important: Depending on how you handle user data, you might also need to delete it from other services or apps you use. For example, you may need to remove the user’s record from your Customer Relationship Management (CRM) app or your email marketing service.

To begin, go to Tools » Erase Personal Data in your WordPress admin area.

How to access the built-in WordPress Erase Personal Data tool

In the ‘Username or email address’ field, just type in the email address or username of the person who has asked you to delete their personal data. 

At this point, you can either send a confirmation email to the user or go ahead and create the request in your WordPress dashboard.

Option 1: Send a Confirmation Email

To start, you can ask the user to confirm that they truly want to delete all their personal data.

Erasing a user’s data is a big step, so I suggest sending this email even if the request seems genuine because it gives the user a chance to change their mind.

To request confirmation, check the box next to ‘Send personal data erasure confirmation email.’

Getting confirmation before deleting the user's personal information

You can then click the ‘Send request’ button.

The user will now get an email about the data deletion request with a link to confirm that they want to delete their data.

An example of a data compliance email, created by WordPress

If they click this link, they’ll see a screen with this message:

“The site administrator has been notified. You will receive an email confirmation when they erase your data.”

How to confirm a customer's data deletion request

You will now get an email confirming that the user wants to erase their data.

To fulfil this request, either click the URL in the email or head back to the Tools » Erase Personal Data screen in your WordPress dashboard. 

Confirming the erasure of personal information on your WordPress blog or website

On this screen, you’ll see the user’s name with a ‘Confirmed’ status.

To go ahead and delete this person’s data, click on ‘Erase personal data.’

How to delete a user's personal information from your WordPress website, blog, or online store

As soon as that’s done, WordPress will send the user an email confirming that you’ve removed their data.

This email also includes a link to your privacy policy, so the person can get more information if they want. 

How to comply with important privacy laws

In your WordPress dashboard, this request will now be marked as ‘Completed.’

As I’ve already mentioned, having a record of these requests will be helpful if you’re ever audited. 

Removing data deletion requests from your WordPress dashboard
Option 2: Delete the Data Immediately

Alternatively, you can create an erasure request directly in the WordPress dashboard without sending a confirmation email first. 

This is useful if you need to act on a request straight away. It can also be handy when you’re confident that the request is genuine and the user definitely wants to delete all their personal data.

For example, you might get the request through a secure, verified login area on your membership site, which confirms the user’s identity.

In that case, make sure you uncheck the box next to ‘Send personal data erasure confirmation email.’ You can then go ahead and click on ‘Send Request.’

Sending a confirmation email to your customers or users

WordPress will now create this request in your dashboard and mark it as ‘Confirmed.’

To go ahead and process this request, click on ‘Erase personal data.’

How to process data erasure requests straight away

Now, WordPress will send the person an email confirming that you’ve deleted their data.

As with data exports, WordPress will mark this request as ‘Completed.’

Ensure Your Site is Fully GDPR Compliant

Exporting and erasing personal data is an important step, but it’s not the only thing you need to do to make your WordPress compliant with different privacy laws.

To fully meet privacy standards like the General Data Protection Regulation (GDPR), you’ll also want to:

  • Use GDPR-friendly plugins. You need to make sure the plugins you install handle personal data responsibly. You can start with our list of the best GDPR plugins for WordPress.
  • Install a privacy compliance plugin. With a plugin like WPConsent, you can display cookie consent popups, record and manage user consent, and automatically block tracking scripts before users give their consent.
  • Display a detailed privacy policy and cookie policy on your website. For details, see our guide on how to add a privacy policy in WordPress.

To see all our tips, you can read our complete guide to GDPR compliance in WordPress.

Bonus Tip: Create a Do Not Sell or Share My Personal Info Page

If your website gets visitors from California or other places with strict privacy laws, then you may have extra legal responsibilities. One of those is giving users a way to opt out of having their personal information sold or shared.

The easiest way to do this is by creating a “Do Not Sell or Share My Personal Info” page. This gives users a clear place to make opt-out requests and helps your site stay compliant with laws like the California Consumer Privacy Act (CCPA).

An example of a 'Do Not Sell My Info' page, created using WPConsent

Your opt-out page should include a short explanation of your data practices and a simple form where visitors can submit their request. And fortunately, it’s easy to create this page with WPConsent.

WPConsent also lets you log these requests for your records and include consent options in your cookie popup, making it a great all-in-one solution.

To see step-by-step instructions, check out our full guide: How to Create a Do Not Sell My Info Page in WordPress.

FAQs About Personal Data Management in WordPress

Knowing how to manage personal data isn’t just about legal compliance—it also helps build trust with your audience.

To make things easier, I’ve answered some of the most common questions WordPress users have about handling personal information.

How Often Should I Review Data Requests in WordPress?

You should review data requests at least once every week or two.

This helps you catch any requests early and respond on time, especially if email notifications aren’t turned on.

If you’re using a plugin like WPForms or WPConsent, then make sure submission alerts are working so you don’t miss anything.

Regular reviews help you stay compliant with privacy laws and avoid delays when responding to users. It also shows your visitors that you take their privacy seriously.

Is Exporting WordPress Data Secure?

Yes, WordPress makes data exports secure by default. It even includes confirmation links to help verify each request.

To make your site even more secure, be sure to install an SSL certificate, use trusted security plugins, and keep everything up to date.

For more on this topic, please see our guide on how to improve your WordPress security.

How Do I Inform My Website Users About Their Data Rights?

You’re required to tell users about their data rights to stay transparent and follow privacy laws.

I recommend adding clear resources like a privacy policy, a cookie consent popup, and a Do Not Sell My Info Page.

These pages help users understand their rights and how to act on them while visiting your website.

How Can I Ensure My WordPress Website Complies with Privacy Laws?

Staying compliant with privacy laws goes beyond handling data export and deletion requests.

You may also need to create a cookie policy, write a full privacy policy, and let users opt out of sharing their personal data, depending on which laws apply to your site.

Each law is different, so be sure to research the specific regulations that affect your WordPress site or blog.

I hope this guide has helped you learn how to export and erase personal data in WordPress. Next, you may want to see our expert picks of the best GDPR plugins to improve compliance, or our guide on how to keep personally identifiable info out of Google Analytics.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Export and Erase Personal Data in WordPress first appeared on WPBeginner.

WPBeginner Spotlight 14: From Entry Automation to AI Building Blocks – The Future of WordPress is Here

31 July 2025 at 10:00

July was a big month for WordPress, with major updates across AI, automation, and community initiatives. Several plugins rolled out real AI features right inside the dashboard, making content creation and SEO faster and easier.

On the community side, we saw exciting momentum. WordPress.org launched a new internship program for university students, WooCommerce introduced key accessibility improvements, and multilingual support expanded across popular tools.

In this edition of WPBeginner Spotlight, we’ll walk you through the biggest news, updates, and tools that stood out.

📌 WPBeginner Spotlight brings you a monthly roundup of the most important WordPress news, updates, and community happenings. 📅✨

Got something to share? Whether it’s a new product launch, a significant update, or an exciting event, reach out to us through our contact form, and your news could be featured in the next edition! 💬

The July issue of WPBeginner Spotlight - Featuring WordPress industry news and updates

AIOSEO Launches Built-in AI Content Generator to Boost Content Creation 🪄

All in One SEO (AIOSEO) has launched a powerful AI Content Generator inside the WordPress editor. It’s designed to help you write faster, optimize your content, and overcome writer’s block.

The tool is integrated into the AIOSEO sidebar of the block editor, so you don’t need to switch between apps or tabs while writing.

AIOSEO AI content generator

You can use the AI generator to write optimized SEO titles and meta descriptions that improve click-through rates. It can also generate content sections like FAQs with schema or article summaries.

💡The AI Content Generator is available to both Lite and Pro users. All in One SEO Lite users receive free credits to get started, while Pro users can access the feature through their existing license.

AIOSEO’s tool also helps with content promotion by generating tailored posts for Facebook, X, and LinkedIn. You can even rewrite specific sentences or entire paragraphs to better match your tone or target audience.

Easily generate social media posts in WordPress using AI

Additionally, the update includes support for llms.txt file, which is a new file that guides AI tools like ChatGPT and Gemini to your most useful content. This can help them understand your site better and link back to it in their answers.

WPForms Launches Entry Automation—Your Form Data Now Manages Itself

WPForms has introduced Entry Automation, a new feature that lets you create automated, scheduled workflows for your form entries.

You no longer have to manage form data by hand. With Entry Automation, you can export or delete entries automatically based on your own rules.

WPForms entry automation

You can create a custom schedule for each form and set actions to run daily, weekly, or monthly—even down to the exact day and time.

When exporting entries, you can use smart filters to choose exactly which data to include, based on form fields or status. The CSV file is then emailed to you automatically, so you never miss an important lead.

Setting up automated schedules to manage form entries in WPForms

Entry Automation is a big time-saver if you manage leads, registrations, or surveys. It also keeps your database clean by removing old or unnecessary entries on a schedule you control.

Overall, Entry Automation is a powerful upgrade for anyone who relies on form data. It reduces manual work and keeps your submissions organized and consistent.

WordPress AI Building Blocks Introduced—MCP, SDKs, and Smart APIs for the Future of Publishing

The WordPress project has officially unveiled its plan for integrating AI directly into the platform. This new initiative introduces several “Building Blocks” that aim to create a unified, ethical AI framework across the WordPress ecosystem.

For developers, the AI team is releasing new AI Software Development Kits (SDKs). These toolkits will make it much easier to build powerful AI features into plugins and themes, while keeping the user experience consistent.

At the center of the framework are Smart APIs, which let WordPress connect to different AI services. This gives users the freedom to choose the models they want instead of being locked into one provider.

AI Services will let users connect their WordPress website to different AI platforms

A key part of this is the Abilities API. It creates a shared language that helps AI tools like ChatGPT and Claude understand what your site can do—and even perform tasks like creating content or managing media for you.

The overall goal is to democratize AI for website owners by making powerful tools accessible to everyone while maintaining user control and open-source principles. These building blocks lay the foundation for what’s next, including AI-powered editing tools and smarter media management.

WPBeginner Turns 16 Years Old

WPBeginner 16th birthday

This month, WPBeginner celebrated our 16th birthday. Since our website was founded in 2009 by Syed Balkhi, WPBeginner has grown into the largest free WordPress resource for beginners.

Over the years, the mission has stayed the same: make it easy for anyone to create a website with WordPress, regardless of their technical skill level.

To celebrate, WPBeginner hosted our biggest giveaway yet—offering over $20,000 in prizes. A total of 87 winners received premium WordPress plugins and tools to help grow their websites.

We’re deeply grateful 🙏 for the community support that’s helped WPBeginner grow and thrive. We look forward to sharing helpful tutorials, guides, and resources for many years to come.

Free Recurring Payments Now Available on WP Simple Pay —No Upgrade Needed

WP Simple Pay has made recurring payments available to all users by adding the feature to its free Lite version. This feature was previously limited to Pro users, but now anyone can create and manage subscriptions without upgrading.

This is a big update for small businesses, creators, and nonprofits that rely on recurring revenue but don’t need a full eCommerce setup. You can now accept donations, membership fees, or payments for ongoing services right from your WordPress site.

Stripe subscription payment via WP Simple Pay Lite
WP Simple Pay - Form templates

Setup is still simple. You can create a Stripe subscription plan with preset weekly, monthly, or yearly billing, then link it to a payment form on your site in minutes.

The update also adds new form templates and improved security, powered by Stripe’s Unified Payment Element (UPE). By unlocking this key feature, WP Simple Pay helps more users build sustainable revenue directly on WordPress.

WordPress Credits Program Brings University Students Into Open Source

Contributing to WordPress for college credits

WordPress.org has launched the WordPress Credits program, a new initiative designed to bring university students into the world of open-source development. It works like a structured internship, connecting students with experienced mentors to work on real WordPress projects.

Through this program, students from all fields of study can contribute to WordPress core, themes, plugins, and community teams while earning academic credit from their universities. This provides a clear pathway for young developers, designers, and writers to gain valuable real-world experience.

The pilot program was developed in partnership with the University of Pisa and has already attracted significant interest. Now, the WordPress Foundation is inviting more universities and educational institutions to join the initiative.

The program helps bring new talent into the open-source community. By building a steady pipeline of contributors, WordPress is investing in the project’s long-term growth and innovation.

Charitable Unlocks Square Donations and Donor Trust to Add Social Proof to Your Fundraising Campaigns

Charitable has rolled out two major updates to improve fundraising in WordPress. The plugin now includes a direct, built-in integration with Square, which offers another major payment gateway option for collecting donations.

It’s available to both Lite and Pro users and supports credit cards, debit cards, Apple Pay, and Google Pay. Because it’s part of the core plugin, there’s no need for a separate add-on, and performance is smoother, too.

The second new feature is DonorTrust, a tool designed to increase conversions using social proof. It displays small, real-time notifications on your site whenever someone makes a donation.

Charitable donor trust social proof

These non-intrusive popups are fully customizable and can be configured to show donor names, locations, and donation amounts. Seeing other people donate builds trust and adds urgency, making visitors more likely to give to your cause.

BuddyBoss App Now Supports 20+ Languages With Multilingual App Interface

BuddyBoss multilingual update

BuddyBoss has made its mobile app more accessible to global communities by adding full multilingual support. App users can now switch the entire interface to their preferred language from profile settings, creating a more inclusive experience

The app automatically detects a user’s device language on first launch and includes built-in translations for over 20 languages, including Spanish, French, German, and Japanese. This covers all core interface elements, including buttons and navigation menus.

For community owners, this is a big step forward for international SEO. It’s especially helpful in regulated markets like the EU and Canada, where native-language support is often required. The feature is available to all BuddyBoss App users at no extra cost.

While the app interface is automatically translated, community owners can use WPML’s AI-powered services to translate custom content like pages and posts. This creates a fully localized experience and helps you connect with members around the world.

WPCode Just Made Custom Snippets Smarter—38 Tags and a New Import Tool

WPCode has enhanced its popular code snippets plugin with powerful new smart tags and a migration tool. The latest version adds 38 smart tags that let you insert dynamic information into your snippets.

WPCode smart tags

These tags work like dynamic placeholders, helping you create personalized, context-aware content without writing complex PHP. That means your snippets are easier to reuse and adapt across your site.

The smart tags can pull data from popular plugins like WooCommerce, Easy Digital Downloads, MemberPress, and All in One SEO. For example, you could automatically insert a product’s price or a post’s SEO title into a custom script.

The update also includes a new import tool specifically designed for users of the old Post Snippets plugin, which is no longer maintained. It helps you safely migrate your existing snippets to WPCode in just a few clicks.

SearchWP Adds Multiple Results Templates, Compatibility with Site Builders, and Promoted Search Ads

SearchWP has released a major update that gives site owners significantly more control over their website’s search results.

You can now create multiple search results templates to display different layouts for different types of content.

Search results templates

For example, you could show a grid layout for WooCommerce products, a list view for blog posts, and a unique design for documentation pages, all from the same search bar. This helps create a more intuitive experience for your visitors.

SearchWP has also improved compatibility with popular site builders like Elementor, Divi, Beaver Builder, and Bricks. You can now use dedicated blocks for adding search forms and results pages directly within your favorite WordPress page builder, without needing to mess with shortcodes.

The update also adds Promoted Search Ads—a way to feature specific content at the top of search results for certain keywords. It’s like an internal ad system, great for highlighting products, cornerstone content, or special offers.

In Other News

  • WPConsent now includes one-click geolocation-based consent settings with built-in templates for GDPR, CCPA, and more. It also lets you block custom scripts and iframes before consent, helping your site stay compliant across regions.
  • Easy Digital Downloads Pro now includes built-in EU VAT handling, making compliance much easier for digital product sellers in the EU and UK. The update adds automatic tax rates, real-time VAT number validation at checkout, and integrated reporting tools.
  • Tickets are still available for WordCamp US 2025 (August 26–29 in Portland, Oregon). Don’t miss out on this opportunity to learn, network, and connect with WordPress professionals from around the world.
  • Wholesale Suite now supports automatic invoicing and payment charging, which streamlines the checkout process for wholesale customers using Net 30/60/90 terms. It’s a big time-saver for managing recurring B2B payments.
  • WooCommerce 10.0 was released on July 14 with major upgrades. These include WCAG 2.2 AA accessibility compliance, shareable checkout links, improved cart performance, and an experimental new Add to Cart block powered by the Interactivity API.
  • WordPress 6.9 is on the proposed roadmap for release in December 2025. It will continue the focus on collaboration tools and design improvements introduced in earlier 6.x versions. Stay tuned for feature previews in the coming months.
  • Formidable Forms now lets you embed dynamic graphs in emails and PDF reports—no JavaScript required. This new feature automatically converts interactive charts into images so that you can share visual data summaries easily.

New Plugins & Tools

  • Envira Gallery CDN – A new service that automatically delivers your WordPress images through a Content Delivery Network (CDN). This makes your photo galleries load faster for visitors around the world.
  • WPConsent (🔥trending) – The fastest growing WordPress cookie popup and compliance plugin. It allows you to easily manage cookie consent and privacy compliance on your WordPress website.
  • User Comment Delete – Allows logged-in users to delete their own comments using a link next to their comment.

That’s a wrap for this month’s WPBeginner Spotlight! We hope you enjoyed catching up on the latest news and updates from the WordPress ecosystem.

Got a product launch, feature update, or cool project you think we should cover? Send us a message, and we might feature it in our next edition.

We’ll see you again next month with another round of WordPress news. Thanks for reading and being part of the WPBeginner family.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post WPBeginner Spotlight 14: From Entry Automation to AI Building Blocks – The Future of WordPress is Here first appeared on WPBeginner.

The AI Accountability Gap

5 August 2025 at 06:34

Here’s something every CEO knows but won’t say out loud:

When the AI screws up, somebody human is going to pay for it.

And it’s never going to be the algorithm.

The board meeting reality

Picture this scene. You’re in a boardroom. The quarterly numbers are a disaster. The AI-powered marketing campaign targeted the wrong audience. The automated pricing strategy killed margins. The chatbot gave customers incorrect information that triggered a PR nightmare.

The board turns to the executive team and asks one question:

“Who’s responsible?”

Nobody — and I mean nobody — is going to accept “the AI made a mistake” as an answer.

They want a name. A person. Someone accountable.

This is the reality of AI deployment that nobody talks about in the hype articles and vendor demos.

Why human accountability becomes more critical, not less

Most people think AI reduces the need for human responsibility.

The opposite is true.

When AI can execute decisions at unprecedented speed and scale, the quality of human judgment becomes paramount. A bad decision that might have impacted dozens of customers can now impact thousands in minutes.

The multiplier effect of AI doesn’t just amplify results, it amplifies mistakes.

The new job description

In an AI-driven world, the most valuable skill isn’t prompt engineering or machine learning.

It’s defining clear objectives and owning the outcomes.

Every AI system needs a human owner. Not just someone who can operate it, but someone who:

  • Defines what success looks like.
  • Sets the guardrails and constraints.
  • Monitors for unexpected outcomes.
  • Takes responsibility when things go sideways.

This isn’t a technical role. It’s a leadership role.

The forensic future

When AI systems fail — and they will — the investigation won’t focus on the algorithm.

It’ll focus on the human who defined the objective.

“Why did the AI approve that high-risk loan?” “Because Sarah set the criteria and authorized the decision framework.”

“Why did the system recommend the wrong product to premium customers?” “Because Mike’s targeting parameters didn’t account for customer lifetime value.”

This isn’t about blame. It’s about clarity. And it’s exactly what executives need to feel confident deploying AI at enterprise scale.

The three levels of AI accountability

  1. Level 1. Operational Accountability: Who monitors the system day-to-day? Who spots when something’s going wrong? Who pulls the plug when needed?
  2. Level 2. Strategic Accountability: Who defined the objectives? Who set the success metrics? Who decided what tradeoffs were acceptable?
  3. Level 3. Executive Accountability: Who authorized the AI deployment? Who’s ultimately responsible for the business impact? Who faces the board when things go wrong?

Every AI initiative needs clear owners at all three levels.

Why this actually accelerates AI adoption

You might think this responsibility framework slows down AI deployment.

It does the opposite.

Executives are willing to move fast when they know exactly who owns what. Clear accountability removes the “what if something goes wrong?” paralysis that kills AI projects.

When leaders know there’s a human owner for every AI decision, they’re comfortable scaling quickly.

The skills that matter now

Want to be indispensable in an AI world? Master these:

  1. Objective Definition: learn to translate business goals into specific, measurable outcomes. “Improve customer satisfaction” isn’t an objective. “Reduce support ticket response time to under 2 hours while maintaining 95% resolution rate” is.
  2. Risk Assessment: understand the failure modes. What happens when the AI makes a mistake? How quickly can you detect it? What’s the blast radius?
  3. Forensic Thinking: when something goes wrong, trace it back to the human decision that created the conditions for failure. Build that feedback loop into your process.
  4. Clear Communication: if you can’t explain your objectives clearly to a human, you can’t explain them to an AI either.

The uncomfortable questions

Before deploying any AI system, ask:

  • Who owns this outcome?
  • What happens when it fails?
  • How will we know it’s failing?
  • Who has the authority to shut it down?
  • What’s the escalation path when things go wrong?

If you can’t answer these questions, you’re not ready to deploy.

The leadership opportunity

This shift creates a massive opportunity for the leaders who get it.

While everyone else is chasing the latest AI tools, the smart money is on developing the human systems that make AI deployable at scale.

The companies that figure out AI accountability first will move fastest. They’ll deploy more aggressively because they’ll have confidence in their ability to manage the risks.

(This pairs perfectly with the abundance potential I discussed in my recent piece on how AI amplifies human capability rather than replacing it. The organizations that master both the opportunity and the responsibility will dominate their markets.)

The bottom line

AI doesn’t eliminate the need for human accountability.

It makes it more critical than ever.

The future belongs to leaders who can clearly define what success looks like and own the results — good or bad.

The algorithm executes. Humans are accountable.

Make sure you’re ready for that responsibility.


References:

  1. Anthony Franco, AI First Principles
  2. Robb Wilson, The Age of Invisible Machines

The article originally appeared on LinkedIn.

Featured image courtesy: Anthony Franco.

The post The AI Accountability Gap appeared first on UX Magazine.

The Dark Side of Chasing AGI

2 August 2025 at 06:31

Welcome back to Invisible Machines. I’m Josh Tyson, a contributing editor here at UX Magazine, and I am joined by resident visionary, Robb Wilson, CEO and Co-founder of OneReach.ai. 

  • Robb and I co-authored the bestselling book Age of Invisible Machines, and this podcast is where we continue our explorations of agentic AI.
  • Today we’re excited to welcome Karen Hao, renowned tech journalist and author of the instant New York Times bestseller Empire of AI.
  • In her book, Karen distills more than a decade’s worth of in-depth reporting into a detailed and highly readable account of OpenAI’s rise to power and why leadership at the company abandoned the promise to keep their research open.
  • We also talk about why their target of reaching AGI, first is being undercut by a clear definition of what artificial general intelligence even is.
  • This is another conversation where anthropomorphization comes into play, and why making these tools behave more like humans might actually make them less effective (and more dangerous).
  • Robb and I were also intrigued by Karen’s reporting on a small nonprofit in New Zealand that used AI to preserve the Māori language. Their scaled back approach to establishing a clear goal and curating data in a responsible manner shows how more focused approaches to integrating AI into business operations might win out over the blunt force of large language models.

Now, get ready for a fascinating discussion with a real one, Karen Hao.

The post The Dark Side of Chasing AGI appeared first on UX Magazine.

The Real Impact of AI on Designers’ Day-To-Day and Interfaces: What Still Matters

31 July 2025 at 04:57

Designers today are quick to praise how AI speeds up their workflows. And that makes sense — businesses now more than ever need fast drafts, rapid testing, and quick launches to keep users engaged.

Yet, many designers still miss the mark, not fully leveraging their expertise when working with AI in products. What’s the result? Lots of hyped AI-powered products are creating noise instead of value, resulting in experiences that feel shallow.

After 10 years in design, I’ve learned to take innovations with a grain of salt – and turn them from momentary trends into practical approaches. That’s why I want to share how AI really changes the daily work of designers, how it shifts interfaces, and what parts of the design process never change.

Throughout this article, I’ll share examples, practical advice, and insights from my experience, helping you understand where AI fits and where human skill is still key.

If you want a clear, honest take on AI’s real impact on design and business, keep reading.

Why AI became a core part of designers’ daily workflow

To better grasp how AI can enhance design at every stage, it helps to first outline how design work traditionally unfolds — before AI became part of the process.

Broadly, product designers have typically worked in two main ways:

Image by Oleh Osadchyi

Both approaches have been facing the same challenge: businesses are constantly tightening budgets and speeding up timelines. This has pushed many teams into making trade-offs. Designers, often spread thin, end up skipping deeper discovery work. At best, usability testing happens just before release — rushed and insufficient.

And then came artificial intelligence.

From my experience, AI can support designers across three key phases of the product iteration cycle:

  • Input and product analysis.
  • Research and exploration.
  • Implementation and testing.

Let’s take a closer look at them.

1. Analysis

Plenty of tools now offer AI-generated summaries of dashboards, feedback, and user behaviour. They’re handy, especially when you’re scanning for trends. However, they are not always truly right.

It can highlight what’s visible, but not always what’s important. Sometimes the insights that actually drive results are buried deeper, and you won’t find them unless you look for yourself, because:

  • AI generates dry, surface-level summaries based on available data.
  • It doesn’t always distinguish between signal and noise, or highlight what affects outcomes.
  • Some insights that impact the result can be entirely different from what AI flags.

Tip: Treat AI summaries as a starting point. If something catches your eye, dig deeper. Go back to the raw data, validate the insight, and confirm whether it’s grounded in actual user behaviour or just looks interesting on paper.

2. Research

Research is one of the most time-consuming (and often underappreciated) parts of product design. And it can often eat up hours. Thus, AI can assist you to:

  • Pull key takeaways from customer interviews, docs, or Notion pages.
  • Analyse mentions of a specific topic across multiple URLs or sources.
  • Scan hundreds of App Store reviews without reading them one by one.
  • Generate a quick list of competitors and extract what features they offer, how they’re positioning themselves, or what users praise/complain about.

However, don’t expect it to do all the job:) AI is more like an additional researcher in the team who needs to be guided, given clear direction, and double-checked.

Tip: Try to be more T-shaped specialists and learn how to write some scripts and prompts. Understanding how AI thinks will help you guide it better and speed up your workflow.

For example, instead of asking your analytics team to rebuild a dashboard, you can download a page with reviews ( as HTML, for example). Then have AI parse it, turn it into a table, and sort by sentiment or keywords. You’ll uncover patterns in minutes without waiting and saving your teammates time.

3. Implementation

In this board stage, you can speed up the creation of first drafts. At every step (from the landing page to the screen flows), designers have to generate a lot of material, which, let’s be honest, not everyone can keep up with. For example, during our interviews, only a third of 600 candidates knew the basic processes of this stage.

That’s why, with some AI guidance, you can stay afloat and:

  • Generate early concepts and illustrations.
  • Stress-test layout clarity or colour palettes.
  • Explore UX patterns or flow variations without redrawing everything from scratch.

Tip: If you want to make your drafting collaboration more effective, feed it with 10+ reference visuals that reflect your brand style. Mind that AI is only as good as the data you give it. It doesn’t have an intuitive eye.

Take Figma’s AI launch as an example. It could create UI screens in seconds, which was great for quick drafts. But after a couple of weeks, they disabled the feature. The artificial assistant was trained on only a few companies’ design systems, so many screens ended up looking very similar.

Next practical tip: try to be clear and detailed in describing your visuals. Ideally, start by writing a clear prompt that describes the style and illustration details, and include some reference images. Then, ask the AI to generate JSON that explains the details of the prompt — this way, you can see how well it understood you.

If the result isn’t quite right, tweak the output or adjust it. For example, if you’re aiming for a thin line that resembles a bone, the AI might miss that subtlety, which is why some manual fine-tuning is necessary. Once you’ve got closer to your vision, you can use that refined JSON as a reference for further iterations.

4. Testing

During pre-AI testing, designers had to constantly ask developers to create something and release it, then wait for feedback just to launch it properly.

However, today, with the right processes in place and a good design system with code-ready components, it’s not that hard for a designer to build the front-end for a user flow on their own. Just enough to see how it works in practice. Sometimes, it doesn’t even need developers to add logic behind it — just a working prototype that feels close to real.

You can test in Figma with clickable flows, or go one step further and share a live, browser-based version where users actually input data. It’s more real, insightful, and users feel more comfortable using it.

Tip: Use AI tools to speed up your workflow and reduce dependency on other teams. Start simple: don’t wait for analysts to build a separate dashboard — generate the code and make the API request yourself. If you need to update a UI element, do it directly in Cursor and hand it off to developers for review. In many cases, this will be significantly faster.

AI won’t replace the craft or the collaboration between design and development. But it will remove friction. And in a world where business goals shift constantly, that saved time gives you more space for experimentation and better products.

How AI can help to make hard calls

AI can’t (and shouldn’t) make product decisions for you. Yet, it can help you make them faster and with more confidence by showing you a clearer picture of processes.

For instance, at TitanApps, we always analyse user feedback to decide on implementing a new feature. However, users don’t always ask for “the next big thing” within the product. So, most of their comments reflect current features. Luckily, being part of the Attlassian community gives us access to forums where people share pain points, recommend tools, and ask for help.

Before AI, we manually crawled forums, trying different keyword combinations, tracking synonyms, reviewing long threads, and collecting patterns. Sometimes it took an entire week just to build a case for or against a product direction.

Now it takes a couple of hours. Here is how the process looked for us:

  • We prepared a structured JSON file that included forum thread links, topic clusters, and relevant metadata.
  • AI scanned around 20 main links, each containing multiple subtopics, extracted key insights, and compiled the findings in about three hours.
  • At the same time, we ran a parallel process using scraped HTML reviews from competitors that took 90 minutes. We wanted to see: Are users asking similar things? How are other products responding? Are they solving it better, or leaving gaps?

Surely, during both analyses, we verified the information and sources that were used.

While those two streams were running, we spent time mapping where our original idea wasn’t catching interest. And in doing so, our team noticed something more valuable. There was demand building around a related topic, one that competitors hadn’t addressed properly.

So, instead of spending a full week bouncing between forums and threads, we got a full directional snapshot in a single day.

How AI changes design interfaces

With AI becoming more integrated into products, it’s not just designers’ daily workflows that are changing — the interfaces themselves are evolving too. To understand the impact of AI, it helps to break it down into two categories:

  • AI is a visible tool that users actively interact with.
  • AI is an invisible layer that improves the user experience in the background.

In both cases, the final screen is no longer the most important outcome. What matters more is the designer’s ability to see the bigger picture and to understand the user’s journey. Here’s why that shift is important:

  • If AI shows up as an assistant or a chatbot, you need to understand what users actually expect from it — what kinds of requests they’ll make, what problems they’re trying to solve. Only then can you think about how to present that information: in plain text, a GPT-style chat, or a dashboard.

You might start by giving users full freedom to type in anything and get a response. But to build a smarter, smoother experience and train your model more effectively, you need to identify the patterns. As some people may look for sprint summaries, others – backlog overviews or even pull request analysis.

Then, the next question pops up: What do the users do with the information once they extract it: use in the meetings, export, etc. This influences where and how you present the AI assistant, what kind of prompts or templates you provide, and how much of the process you can automate without needing users to ask manually.

Tip: Train your bird’s-eye view perspective. Even though this shift in design priorities is visible to many, from my own experience, candidates often rush to visualise the problem. They focus on individual screens, but don’t analyse the whole user interaction and journey.

If AI is operating silently behind the scenes, this perspective becomes even more essential. As a designer, you need to:

  • Understand your audience deeply.
  • Track feedback and analytics.
  • Notice where AI can enhance the experience and where it might get in the way.

Take tools like Copilot for developers. One major complaint early on was that it didn’t adapt to each person’s style. It generated generic or awkward code that didn’t fit the context. Instead of helping, it disrupted the flow.

Or look at tools like Cursor. It became popular on Twitter, and people started experimenting with it for pet projects. Yet, many couldn’t even figure out how to get it working properly. So, not every AI tool is for everyone, and not every moment is the right one to introduce it.

To design well for this kind of AI, you need to know:

  • When it’s helpful.
  • What it should suggest.
  • How users will actually operate it.

Tip: Remember that AI is a tool, not a silver bullet. These background assistants still have a kind of interface, even if it’s invisible. And designers now have to learn to design for that too.

Design principles that AI can’t change

Even though AI pushes designers to adapt — to think more like developers, balance business goals, and maintain a user-centric and unique approach — some principles remain unchanged, like Jakob’s Law.

Users become familiar with patterns, and they don’t want to relearn what already works. That’s why it’s crucial not to reinvent the wheel without a reason. If there are established best practices, use them. AI won’t decide this for you — it’s your role to understand what’s proven, when it’s worth innovating, and when it’s smarter to stick with what users already know.

So yes, being a designer today is more complex than ever. But if we improve our bird’s-eye view, stay T-shaped, and resist the urge to overcomplicate, we can use these tools — including AI — to do better work, not just faster work.

Ultimately, our goal is to design things that make sense.

Featured image courtesy: Oleh Osadchyi.

The post The Real Impact of AI on Designers’ Day-To-Day and Interfaces: What Still Matters appeared first on UX Magazine.

Received before yesterdayDesign

Stories Of August (2025 Wallpapers Edition)

Everybody loves a beautiful wallpaper to freshen up their desktops and home screens, right? To cater for new and unique designs on a regular basis, we started our monthly wallpapers series more than 14 years ago, and from the very beginning to today, artists and designers from across the globe have accepted the challenge and submitted their artworks. This month is no exception, of course.

In this post, you’ll find desktop wallpapers for August 2025, along with a selection of timeless designs from our archives that are bound to make your August extra colorful. A big thank you to everyone who tickled their creativity and shared their wallpapers with us this month — this post wouldn’t exist without your kind support!

Now, if you’re feeling inspired after browsing this collection, why not submit a wallpaper to get featured in one of our upcoming posts? Fire up your favorite design tool, grab your camera or pen and paper, and tell the story you want to tell. We can’t wait to see what you’ll come up with! Happy August!

  • You can click on every image to see a larger preview.
  • We respect and carefully consider the ideas and motivation behind each and every artist’s work. This is why we give all artists the full freedom to explore their creativity and express emotions and experience through their works. This is also why the themes of the wallpapers weren’t anyhow influenced by us but rather designed from scratch by the artists themselves.

August Afloat

“Set sail into a serene summer moment with this bright and breezy wallpaper. A wooden boat drifts gently across wavy blue waters dotted with lily pads, capturing the stillness and simplicity of late August days.” — Designed by Libra Fire from Serbia.

Dive Into Summer Mode

“When your phone becomes a pool and your pup’s living the dream — it’s a playful reminder that sometimes the best escapes are simple: unplug, slow down, soak in the sunshine, and let your imagination do the swimming.” — Designed by PopArt Studio from Serbia.

Sea Shanties And Ears In The Wind

“August is like a boat cruise swaying with the rhythm of sea shanties. Our mascot really likes to have its muzzle caressed by the salty sea wind and getting its ears warmed by the summer sun.” — Designed by Caroline Boire from France.

Queen Of August

“August 8 is International Cat Day, so of course the month belongs to her majesty. Confident, calm, and totally in charge. Just like every cat ever.” — Designed by Ginger IT Solutions from Serbia.

Happiness Happens In August

“Many people find August one of the happiest months of the year because of holidays. You can spend days sunbathing, swimming, birdwatching, listening to their joyful chirping, and indulging in sheer summer bliss. August 8th is also known as the Happiness Happens Day, so make it worthwhile.” — Designed by PopArt Studio from Serbia.

Nostalgia

“August, the final breath of summer, brings with it a wistful nostalgia for a season not yet past.” — Designed by Ami Totorean from Romania.

Relax In Bora Bora

“As we have taken a liking to diving through the coral reefs, we’ll also spend August diving and took the leap to Bora Bora. There we enjoy the sea and nature and above all, we rest to gain strength for the new course that is to come.” — Designed by Veronica Valenzuela from Spain.

Banana!

Designed by Ricardo Gimenes from Spain.

Summer Day

Designed by Kasturi Palmal from India.

Retro Road Trip

“As the sun dips below the horizon, casting a warm glow upon the open road, the retro van finds a resting place for the night. A campsite bathed in moonlight or a cozy motel straight from a postcard become havens where weary travelers can rest, rejuvenate, and prepare for the adventures that await with the dawn of a new day.” — Designed by PopArt Studio from Serbia.

Spooky Campfire Stories

Designed by Ricardo Gimenes from Spain.

Bee Happy!

“August means that fall is just around the corner, so I designed this wallpaper to remind everyone to ‘bee happy’ even though summer is almost over. Sweeter things are ahead!” — Designed by Emily Haines from the United States.

Oh La La… Paris’ Night

“I like the Paris night! All is very bright!” — Designed by Verónica Valenzuela from Spain.

Cowabunga

Designed by Ricardo Gimenes from Spain.

Childhood Memories

Designed by Francesco Paratici from Australia.

Summer Nap

Designed by Dorvan Davoudi from Canada.

Live In The Moment

“My dog Sami inspired me for this one. He lives in the moment and enjoys every second with a big smile on his face. I wish we could learn to enjoy life like he does! Happy August everyone!” — Designed by Westie Vibes from Portugal.

Handwritten August

“I love typography handwritten style.” — Designed by Chalermkiat Oncharoen from Thailand.

Psst, It’s Camping Time…

“August is one of my favorite months, when the nights are long and deep and crackling fire makes you think of many things at once and nothing at all at the same time. It’s about heat and cold which allow you to touch the eternity for a few moments.” — Designed by Igor Izhik from Canada.

Hello Again

“In Melbourne it is the last month of quite a cool winter so we are looking forward to some warmer days to come.” — Designed by Tazi from Australia.

Coffee Break Time

Designed by Ricardo Gimenes from Spain.

Subtle August Chamomiles

“Our designers wanted to create something summery, but not very colorful, something more subtle. The first thing that came to mind was chamomile because there are a lot of them in Ukraine and their smell is associated with a summer field.” — Designed by MasterBundles from Ukraine.

Party Night Under The Stars

“August… it’s time for a party and summer vacation — sea, moon, stars, music… and magical vibrant colors.” — Designed by Teodora Vasileva from Bulgaria.

A Bloom Of Jellyfish

“I love going to aquariums – the colors, patterns, and array of blue hues attract the nature lover in me while still appeasing my design eye. One of the highlights is always the jellyfish tanks. They usually have some kind of light show in them, which makes the jellyfish fade from an intense magenta to a deep purple — and it literally tickles me pink. We discovered that the collective noun for jellyfish is a bloom and, well, it was love-at-first-collective-noun all over again. I’ve used some intense colors to warm up your desktop and hopefully transport you into the depths of your own aquarium.” — Designed by Wonderland Collective from South Africa.

Colorful Summer

“‘Always keep mint on your windowsill in August, to ensure that the buzzing flies will stay outside where they belong. Don’t think summer is over, even when roses droop and turn brown and the stars shift position in the sky. Never presume August is a safe or reliable time of the year.’ (Alice Hoffman)” — Designed by Lívi from Hungary.

Searching For Higgs Boson

Designed by Vlad Gerasimov from Georgia.

Freak Show Vol. 1

Designed by Ricardo Gimenes from Spain.

Grow Where You Are Planted

“Every experience is a building block on your own life journey, so try to make the most of where you are in life and get the most out of each day.” — Designed by Tazi Design from Australia.

Chill Out

“Summer is in full swing and Chicago is feeling the heat! Take some time to chill out!” — Designed by Denise Johnson from Chicago.

Estonian Summer Sun

“This is a moment from Southern Estonia that shows amazing summer nights.” Designed by Erkki Pung from Estonia.

#179 – Mariya Moeva on the Impact of Google’s SiteKit on WordPress

30 July 2025 at 14:00
Transcript

[00:00:19] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.

Jukebox is a podcast which is dedicated to all things WordPress, the people, the events, the plugins, the blocks, the themes, and in this case, how the Google Site Kit plugin is attempting to simplify their product offering, right inside of WordPress.

If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice, or by going to wptavern.com/feed/podcast, and you can copy that URL into most podcast players.

If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you and hopefully get you, or your idea. Featured on the show. Head to wptavern.com/contact/jukebox, and use the form there.

So on the podcast today we have Mariya Moeva. Mariya has more than 15 years of experience in tech across search quality, developer advocacy, community building and outreach, and product management. Currently, she’s the product lead for Site Kit, Google’s official WordPress plugin.

She’s presented at Word Camp Europe in Basel this year and joins us to talk about the journey from studying classical Japanese literature to fighting web spam at Google, and eventually shaping open source tools for the web.

Mariya talks about her passion for the open web, and how years of direct feedback from site owners shaped the vision for Site Kit. Making complex analytics accessible and actionable for everyone, from solo bloggers to agencies and hosting providers.

Site Kit has had impressive growth for a WordPress plugin, currently there are 5 million active installs and a monthly user base of 700,000.

We learn how Site Kit bundles core Google products like Search Console, Analytics, Page Speed Insights, AdSense into a simpler, curated WordPress dashboard, giving actionable insights without the need to trawl through multiple complex interfaces.

Mariya explains how the plugin is intentionally beginner friendly with features like role-based dashboard sharing, integration with WordPress’ author and category systems, and some newer additions like Reader Revenue Manager to help site owners become more sustainable.

She shares Google’s motivations for investing so much in WordPress and the open web, and how her team is committed to active support, trying to respond rapidly on forums and listening closely to feedback.

We discussed Site Kit’s roadmap, from benchmarking and reporting features, to smarter, more personalized recommendations in the future.

If you’ve ever felt overwhelmed by analytics dashboards, or are looking for ways to make data more practical and valuable inside WordPress, this episode is for you.

If you’re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com/podcast, where you’ll find all the other episodes as well.

And so without further delay, I bring you Mariya Moeva.

I’m joined on the podcast by Mariya Moeva. Hello, Mariya. Nice to meet you.

[00:03:35] Mariya Moeva: Nice to be here.

[00:03:36] Nathan Wrigley: Mariya is doing a presentation at WordCamp Europe. That’s where we are at the moment, and we’re going to be talking about the bits and the pieces that she does around Site Kit, the work that she does for Google. Given that you are a Googler, and that we’re going to be talking about a product that you have, will you just give us your bio? I’ve got it written here, you obviously put one on the WordCamp Europe website. But just roughly what is your place in WordPress and Google and Site Kit and all of that?

[00:04:05] Mariya Moeva: Yeah. I mean, I’ve had a very meandering path. When you would look back to what I studied, which was, you know, classical Japanese literature, all these poems about the moon and the cherry blossoms, who would’ve thought at that time that I would end up building open source plugins? But I did have a meandering path and I ended up here because, mostly because of passion for the open web, and for all kinds of weird websites that exist out there. I really love stumbling upon something great.

I started Google on the web spam team, actually looking into the Japanese spam market, because of this classical Japanese literature degree and the Japanese skills. And then after a couple years or so, I basically despaired of humanity because all you look at is spam every day. Bad sites, hacked sites, malicious pages. And I just wanted to do something that makes the web better rather than removing all the bad stuff.

And so I switched over to an advocacy role, and in that role I essentially was traveling, maybe attending 20, 30 conferences every year, talking to a lot of people about their needs, what they have to complain about Google, what requests they have. And I would collect all of this feedback, and then I would go back to the product teams and I would say, hey, this and this is something that people really want. And they would say, thank you for your feedback.

Essentially at one point I said, okay, we’re going to build this thing, and that’s why I switched into product role. And I was able to take all the feedback over the years, that we’ve gotten from developers and site owners, and to try to build something that makes sense for them. So that’s how I ended up in the product role for building Site Kit.

And the idea from the very beginning was to make it beginner friendly and to make it from their perspective to match that feedback, rather than doing something that is like, here’s your stuff from analytics, here’s your stuff from Search Console, figure it out. That’s how we ended up building this and it’s been now five years. And it actually just a month ago entered the top 10 plugins. So clearly people find some value in it.

We have 700,000 people that use it every month. And overall it’s currently at 5 million active installs, meaning that these sites are kind of pinging WordPress so they’re alive and kicking. It’s been very encouraging to see that what we’re doing is helpful to people and we will keep going. There’s a lot to do.

[00:06:29] Nathan Wrigley: I think it’s kind of amazing because in the WordPress space, there are some of the, let’s call them the heavy hitters. You know, the big plugins that we’ve all heard of, the Yoasts of this world that kind of thing. Jetpack, all those kind of things. This, honestly has gone under the radar a bit for me, and yet those numbers are truly huge. Four and a half to 5 million people over a span of five years is really rather incredible.

[00:06:54] Mariya Moeva: It grew very fast, yeah.

[00:06:55] Nathan Wrigley: Yeah. And yet it’s not one that, well, I guess most people are reaching out to plugins to solve a problem, often a business problem. So, you know, there’s this idea of, I install this and there’s an ROI on that. This is not really that, not really ROI, it’s more site improvement. Okay, here’s a site that needs things fixing on it. Here’s some data about what can be fixed. And so maybe for that reason and that reason alone, it’s flown under the radar for me because it doesn’t have that commercial component to it.

[00:07:24] Mariya Moeva: Yeah, for sure. It’s for free and it’s not something that, yeah, sells features or has like a premium model and we don’t market it so much. But I run a little survey in the product where people tell us where they heard from it, and a lot of the responses are either YouTube video, or like blog posts or word of mouth. So it seems to be spreading more that way.

[00:07:46] Nathan Wrigley: Yeah, no kidding. I’ll just say the URL out loud in case you’re at a computer when you’re listening to this. It’s SiteKit, as one word, dot withgoogle.com. I don’t know if that’s the canonical URL, but that’s where I ended up when I did a quick search for it. So sitekit.withgoogle.com. And over there you’ll be able to download well, as it labels itself, Google’s official WordPress plugin.

The first thing that surprises me is, a, Google’s interest in WordPress. That is fascinating to me. I mean, obviously we all know, Google is this giant, this leviathan. Maybe you’ve got interest in other CMSs, maybe not. I don’t really know. But I think that’s curious. But obviously 43% of the web, kind of makes sense to partner with WordPress, doesn’t it? To improve websites.

[00:08:31] Mariya Moeva: Yeah. I work with plenty of CMSs. I work with Wix, with Squarespace, and we essentially what I try to do and what my team tries to do, we are called the Ecosystem Team. So we want to bring the things that we think would be useful to site owners and businesses directly to where they are.

So if you are in your Wix dashboard, you should be able to see the things from Google that are useful. And same if you are in WordPress. And obviously WordPress is, orders of magnitude, a bigger footprint than any of the others. And also it has this special structure where everything is decentralised and people kind of mix and match. So that’s why we went with the plugin model. And using the public APIs, we want to show what’s possible.

Because all the data that we use is public data. There’s no special Google feature that only the Google product gets, right? We are just combining it in interesting ways because I’ve spent so much time talking to people, like what they need. And so we just curate and combine in ways that are actually helping people to make decisions and to kind of clear the clutter.

Because when you go to analytics, it’s like 50 reports and so many menus and it’s like, where do I start? So we try to give a starting point in Site Kit. And we also try to help with other things like make people sustainable. One thing that we recently launched just a month ago is called Reader Revenue Manager. So you can put a little prompt on your site, which asks people to give you like $2 or whatever currency you are in, or even put like a subscription.

And so the idea is you don’t have to have massive traffic in order to generate revenue from your content. If you have your hundred thousand loyal readers, they can help you be more sustainable. So we’re looking at these kind of features, like what can we launch that is more for small and medium sites and would be helpful? And how can we make it as simple as possible? So that people don’t kind of drop off during the setup because it’s too complicated.

[00:10:33] Nathan Wrigley: Would it be fair to summarise the plugin’s initial purpose as kind of binding a bunch of Google products, which otherwise you would have to go and navigate to elsewhere? So for example, I’m looking at the website now, Search Console, Analytics, Page Speed Insights, AdSense, Google Ads, and all of those kind of things. Typically we’d have to go and, you know, set up an account. I guess we’d have to do that with Site Kit anyway. But we’d have to go to the different URLs and do all of that.

The intention of this then is to bind that inside of the WordPress UI, so it’s not just the person who’s the admin of that account. You can open it up so that people who have the right permissions inside of WordPress, they can see, for example, Google Analytics data. And it gets presented on the backend of WordPress rather than having to go to these other URLs. Is that how it all began as a way of sort of surfacing Google product data inside the UI of WordPress?

[00:11:21] Mariya Moeva: Yeah, we wanted to bring the most important things directly to where people are, so they don’t have to bother going to 15 places. And we wanted to drastically decrease and curate the information so that it’s easy to understand, because when you have 15 dashboards in Analytics and 15 dashboards in Search Console, and then you have to figure out what to download and in which spreadsheet to merge and how to compare, then this is. Maybe if you have an agency taken care of, they can help you. But if you don’t, which 70% of our users say that they’re one person operation, so they’re taking care of their business, and on top of that, the website. We wanted to make it simpler to understand how you’re doing, and what you should do next with Google data.

[00:12:02] Nathan Wrigley: So it’s a curated interface. So it’s not, I mean, maybe you can pull in every single thing if you so wish. But the idea is you give a, I don’t know, an easier to understand interface to, for example, Google Analytics.

That was always the thing for me in Google Analytics. I’m sure that if you have the time and the expertise, like you’re an agency that deals with all of that, then all of that data is probably useful and credible. But for me, I just want to know some top level items. I don’t need to dig into the weeds of everything.

And there was menus within menus, within menus, and I would get lost very quickly, and dispirited and essentially give up. So I guess this is an endeavor to get you what you need quickly inside the WordPress admin, so you don’t have to be an expert.

[00:12:43] Mariya Moeva: Yeah. And then it gets more powerful when you are able to combine data from different products. So, for example, we have a feature called Search Funnel in the dashboard, which lets you, it combines data from Search Console on search impressions and search clicks, and then it combines data from Analytics on visitors on the site and conversions. So it kind of helps you map out the entire path, versus having to go over here, having to go over there, having to combine everything yourself. So when you combine things, then it gets also more powerful.

We have another feature which lets you combine data from AdSense and Analytics. So if you have AdSense on your site, you can then see which pages earn you the most revenue. So when you have that, suddenly you can see, okay, so I have now these pages here, what queries are they ranking for? How much time people spend on them? Can I expand my content in that direction? It helps you to be more focused in kind of the strategy that you have for your site.

[00:13:45] Nathan Wrigley: Is it just making, I mean, I say just, is it making API calls backwards and forwards to Google’s Analytics, Search Console, whatever, and then displaying that information, or is it kind of keeping it inside the WordPress database?

[00:13:58] Mariya Moeva: We don’t store anything, well, almost anything. Yeah, we wanted to keep the data as secure as possible, so we created this proxy service, which kind of helps to exchange the credentials. So the person can authenticate with their Google account, and then from there, the data is pulled via API, and we cache the dashboard for one hour. After that we refreshed authentication token. From the data itself, nothing is stored.

[00:14:23] Nathan Wrigley: So it’s just authentication information really that’s stored. Well, that’s kind of a given, I suppose. Otherwise you’ll be logging in every two minutes.

[00:14:29] Mariya Moeva: Right. So that’s the model that we have because we really wanted people to be able to access this data, but also to keep it secure. And because of how the WordPress database is, we didn’t feel like we could save it there.

[00:14:41] Nathan Wrigley: It sounds from what you’ve just said, it’s as if it’s combining things from a variety of different services, kind of linking them up in a structured way so that somebody who’s not particularly experienced can make connections between, I don’t know, ads and analytics. The spend on the ads and the analytics, you know, the ROI if you like.

Does it do things uniquely? Is there something you can get inside of Site Kit which you could not get out of the individual products if you went there? Or is it just more of a, well, we’ve done the hard work for you, we’ve mapped these things together so you don’t have to think about it?

[00:15:10] Mariya Moeva: The one thing that it does that I’m super excited about, and we’ll build on that, but we have the fundamental of it now, is it actually creates data for you. Because in contrast to Search Console or Analytics or all these other, which are kind of Google hosted, they can only tell you like a long help center article, go there on your site, then click this, then paste this code, right? They cannot help you with this, whereas Site Kit is on the website.

So if you agree, which we don’t install anything without people’s consent, like they have to activate the feature, but if you agree, then we can do things on your behalf. So for example, we can track every time someone clicks the signup button and we can generate an analytics event for you, even if that plugin normally doesn’t send analytics events. And that way, suddenly you have your conversion data available.

So very often people look to the top of the funnel, like how many people came to my site? But they don’t look to what these people did beyond kind of, oh, they stayed two minutes. So what does this mean? You want to see, did they buy the thing? Did they sign up for the thing, or subscribe or whatever it is? And we help create this data because we have this unique access to the source code of the site.

So we create, for example, on leads generation or purchases. We also, every time that a specific page is viewed, we will generate an event about the author of the page. So then we can aggregate the data, which authors bring in the most page views. Let’s say you have like a site with five, six, whatever authors. Or which categories are bringing in the most engagement and these kind of things.

[00:16:52] Nathan Wrigley: So it really does get very WordPressy. It’s not just to do with the Google side of things. It is mapping information from Google, so categories, author profiles, that kind of thing, and mapping them into the analytics that you get. Okay, that’s interesting. So it’s a two-way process, not just a one-way process.

[00:17:09] Mariya Moeva: Yeah. It’s very much integrated with WordPress. We have also a lot of other features, like for example, that kind of stretch into other parts of the website. So this Reader Revenue Manager that I mentioned before with the prompts that you can put on your pages. You can go to the individual post and for every post there’s like a little piece of control UI that we’ve added there in the compose screen, where you can say, this is excluded from this prompt, or, you know, you can control from there.

So we try to integrate where it makes sense, like where the person would want to take this action. And again, because it’s on the website, we can kind of spread out beyond just this one dashboard.

[00:17:48] Nathan Wrigley: And would I, as a site admin, would I be able to assign permissions to different user roles within WordPress? So for example, an editor, or a certain user profile, may be able to see a subset of data. You know, for example, I don’t know, you are involved in the spending on AdSense. But you, other user over there, you’ve got nothing to do with that. But you are into the analytics, so you can see that, and you over there you can see that. Is that possible?

[00:18:12] Mariya Moeva: We have something called dashboard sharing. So it has the same, like if you use Google Docs or anything like that, it has this little person with a plus in the corner, icon. And then from there, if you are the admin who set up this particular Google Service, who connected it to Site Kit, then you’re able to say who should be able to see it. So you essentially grant view only access to, let’s say all the editors, or all the contributors or whatever. And then you can choose which Google service’s data they can see.

[00:18:44] Nathan Wrigley: So yes is the answer to that, yeah.

[00:18:46] Mariya Moeva: Yeah, yeah. So they don’t have to set it up, I mean, they have to go through a very simplified setup, and then they basically get a kind of a screenshot. I mean it’s, you can still click on things, but you can’t change anything, so it’s kind of a view-only dashboard.

[00:18:59] Nathan Wrigley: I’m kind of curious about the market that you pitch this to. So sell is the wrong word because it’s a free plugin, but who you’re pitching it at. So obviously if you’ve got that end user, the site owner. Maybe they’ve got a site and they’ve got a small business with a team. Maybe it’s just them, so there’s the whole permissions thing there.

But also I know that Google, there are whole agencies out there who just specialise in Google products, and analysing the data that comes out of Analytics. Can you do that as well as an agency? Could I set this up for my clients and have some, you know, I’ve got my agency dashboard and I want to give this client access to this website, and this website and this website, but not these other ones? Can it be deployed on a sort of agency basis like that?

[00:19:38] Mariya Moeva: You would still have to activate it for every individual site. So in that sense, there’s a bunch of steps that you have to go through. But once it’s activated, you can then share with any kind of client. And actually we have a lot of agencies that can install it for every site that they have.

Just today someone came and after he saw the demo, he was like, okay, I’m going to install it for all my clients. Because what we’ve heard is that it’s exactly the level of information that a client would benefit from. And this means then that they pester the agency less. So we’ve literally heard people saying, you’re saving me a lot of phone calls. So that’s why agencies really like it.

And the next big feature request, which we’re working on right now, is to generate like an email report out of that. So for those who don’t even want to log into WordPress to see, there will be a possibility to get this in their inbox.

[00:20:30] Nathan Wrigley: So you could get it like a weekly summary, whatever it that wish to trigger. And, okay, so that could go anywhere really. And then your clients don’t even need to phone you about that.

[00:20:41] Mariya Moeva: Yeah. So we are trying to really actively reach people where they are, even if that’s their email inbox.

[00:20:49] Nathan Wrigley: And the other question I have is around your relationship with some of the bigger players, maybe hosting companies. Do you have this pre-installed on hosting cPanels and their, you know, whatever it is that they’ve got in their back end?

[00:21:02] Mariya Moeva: Yeah, we have quite a few hosting providers that pre-install it for their WordPress customers. The reason for this is that they see better lifetime value for those customers that have a good idea of how their site is doing. And yeah, Hostinger is one of those. cPanel. Elementor pre-installs it for all of their users. And they see very good feedback because again, it’s super simple to set up and super easy to understand once you have it. So for them it’s kind of like an extra feature that they can offer, extra value to their users for free.

[00:21:32] Nathan Wrigley: We know Google’s a fabulous company, but you don’t do things for nothing. So what’s the return? How does it work in reverse? So we know that presumably there must be an exchange of data. What are we signing up for if we install Site Kit?

[00:21:47] Mariya Moeva: So, at least, I mean, Google is a huge company, right? There’s hundreds of thousands of people working. So I can’t speak for the whole of Google, but I can speak for the Ecosystem Team, which I’m part of, like the web ecosystem.

The main investment here, or the main goal for us is that the open web continues to thrive, because if people don’t put content, interesting, relevant content on the open web, the search results are going to be very poor and that’s not a good product.

So our idea is to support all the people who create content to make sure that they’re found, like if you’re a local business, that people can find you when they need stuff from that particular local business. And what we see is that, especially for smaller and medium sites, they really struggle, first with going online, and then with figuring out what they’re supposed to do. And so a lot of them give up because in comparison to other platforms, it’s a little bit of an upfront investment, right? Like you have to pay for hosting, you have to set up the site, you have to add content.

So we try to help people as much as we can to see the value that the open web brings to them, so that they can continue to create for the open web. So that’s our hidden motivation. I think in that sense, we’re very much aligned with the WordPress community because here everybody cares about the open web and for all kind of small, weird websites to continue flourishing and get their like 100 or 300 or 1,000 readers that they deserve.

So that’s the motivation. I think because it includes other things like AdSense and AdWords, like people can set up a ads campaign directly from Site Kit in a very simplified flow, and the same thing for AdSense. Obviously some money exchanges hands, but this is relatively minor compared to the benefit that we think there is for the web in general.

[00:23:35] Nathan Wrigley: Google really does seem to have a very large presence at WordPress events. I mean, I don’t know about the smaller ones, you know, the regional sort of city based events, but at the, what they call flagship events, so WordCamp Asia and WordCamp Europe and US, there’s the whole sponsor area. And it’s usual to see one of the larger booths being occupied by Google. And I wonder, is it Site Kit that you are talking about when you are here or is it other things as well?

But also it’s curious to me that Google would be here in that presence, because those things are not cheap to maintain. So there must be somebody up in Google somewhere saying, okay, this is something we want to invest in. So is it Site Kit that you are basically at the booth talking about?

[00:24:19] Mariya Moeva: So me, yes, or people on my team. We have like a Site Kit section this year. There’s also Google Trends. There’s also some other people talking about user experience and on search. And this changes depending on which teams within Google want to reach out to the WordPress community.

But with Site Kit, we’ve been pretty consistent for the last six years. We are always part of the booth. But the kind of whole team, like the whole Google booth content has kind of changed over the years as well depending on who’s coming.

[00:24:51] Nathan Wrigley: I know that a lot of work being done is surrounding performance and things like that, and a lot of the Google staff that are in the WordPress space seem to be focused on that kind of thing, talking about the new APIs that are shipping in the browsers and all of those kind of things.

Okay, so on the face of it, a fairly straightforward product to use. But I’m guessing the devil is in the detail. How do you go about supporting this? So for example, if I was to install it and to run into some problems, do you have like a, I don’t know, a documentation area or do you have support, or chat or anything like that? Because I know that with the best will in the world, people are going to run into problems. How do people manage that kind of thing?

[00:25:27] Mariya Moeva: Yeah, this was something that I was super, I felt really strongly about based on my previous experience in the developer advocate world. Because very often I got feedback that it’s super hard to reach Google. And it’s also understandable given the scale of some of the products.

But when I started this project I insisted that we allocate resources for support. So we have two people full-time support. One of them is upstairs, the support lead. He knows the product inside and out. They’re always on the forum, the plugin forum, support forum. And they answer usually within 24 hours. So everybody who has a question gets their question answered.

We’ve also created the very detailed additions. When you have Site Kit, you also get a few additions to the Site Health forum, so you can share that information with them and they see like detailed stuff about the website so they can help debug. And in many, many cases, I’ve seen people coming pretty angry, leave a one star review, then James or Adam who are support people, engage with them, and then it turns into a five star review because they feel like, okay, someone listened to me and helped me figure out what is going on.

We have real people answering questions relatively quickly. And they don’t just go, of course they focus on the WordPress support forum, but they also check Reddit and other places where people like mentioned Site Kit, and they try to help and to direct them to the right place. So for Site Kit, we have very robust support.

Now, when it’s an issue with a product, a Google product that is connected to Site Kit, so it’s not a Site Kit problem, let’s say you got some kind of strange message from AdSense about your account status changing. Then we would have to hand over to the AdSense account manager or support team that they have, because we don’t know everything, like how AdSense makes decisions and stuff like that. But for anything Site Kit related, we are very fast to answer.

[00:27:22] Nathan Wrigley: That’s good to hear because I think you’re right. I think the perception with any giant company is that it kind of becomes a bit impersonal, and Google would be no exception. And having just a forum which never seems to get an answer, you drop something in, six months later, you go back and nobody’s done anything in there except close the thread, kind of slightly annoying. But something like this. So 24 hours, roughly speaking, is the turnaround time.

[00:27:45] Mariya Moeva: Yeah. I mean, not on the weekend, but yeah.

[00:27:46] Nathan Wrigley: Yeah. Still, that’s pretty amazing.

[00:27:47] Mariya Moeva: Yeah, yeah. We are very serious about this because, I mean, also the WordPress community is really strong, right? So you want to show that we care. We want to hear from people. A lot of bugs then also turn into feature requests and get prioritised to be developed. So, yeah, we really value when people come to complain. It’s a good thing.

[00:28:03] Nathan Wrigley: Excellent. Okay, well, we won’t open that as a goal, please send in your complaints. But nevertheless, it’s nice that you take it seriously.

So it sounds like it’s under active development. You sound like this is basically what you’re doing over at Google. Do you have a roadmap? Do you have a sort of laundry list of things that you want to achieve over the next six months? Interesting things that we might want to hear about.

[00:28:21] Mariya Moeva: Sure, yeah. I mean, my ultimate vision, which is not the next six months, I would love to move away as much as possible from just stats. As curated and as kind of structured as it is right now, and get more into like recommendations, and like to-do list. Because what I hear from people again and again, it’s like, I have two hours this month, tell me what should I do with those two hours?

So they’re asking a lot from us. They’re asking essentially to look, analyse everything and to prioritise their tasks, to tell them which one is the most important or most impactful. And this is like several levels of analysis further than where we are now.

So one thing that we are looking to work on is benchmarking, because you cannot know are you growing or not, unless you know how you’re doing on average. And today, people who are a little bit more savvy can do this of course, but a lot of people don’t. And so for us to be able to tell you, not just you got 20 clicks this week, but also this is okay for you, or this is better than last year, this time, or this is better than your competitors. I think that’s a really valuable way to interpret the data and to help people understand what it means.

[00:29:38] Nathan Wrigley: Yeah. And really, Google is one of the only entities that can provide that kind of data.

[00:29:44] Mariya Moeva: Especially for search.

[00:29:45] Nathan Wrigley: Yeah, especially against competitors. That’s really interesting because analysing the data, whilst it’s fun for some people, I feel it’s not that interesting for most people. And so just having spreadsheets of data, charts of data, it’s interesting and you no doubt gain some important knowledge from it. But being told, here’s the outcomes of that data, try doing this thing and try doing that thing, that is much more profound than just demonstrating the data.

And I’m guessing, I could be wrong about this, and I’ve more or less said this in every interview over the last year, I’m guessing there’s an AI component to all of that. Getting AI to sort of analyse the data and give useful feedback.

[00:30:22] Mariya Moeva: I mean, we are investigating how to do all of these things. I think in the case of WordPress, it’s a little bit trickier again, because of the distributed nature, and the fact that all the site information lives on the site and then all the Google information. So we’re not like fully hosted where you can access everything and control everything, something like a Squarespace or a Wix.

But there’s definitely, like AI is a perfect use case for this, right? Like benchmarking, you can bucket sites into relevant groups and then see, are they performing better or worse? That’s like classic machine learning case. And we will see exactly, technically, how we’re going to reach this, but that’s one of the things that we’re working on right now.

Another thing is to expand much more the conversion reporting and to help people understand, are they achieving their goals? Because this is something that surprisingly to me, so many people pay money and invest time in the site, and they cannot articulate what the site is doing. Is it working? Is it doing its job? And they’re like, well, like I got some people visiting. And I’m like, did they buy the thing? So you have to know what to

track, and then also to take action after you see the metrics, like to move them in one direction or another. And so helping people like map out this full funnel is one thing that we’re working on. And the other thing is also this email report.

[00:31:40] Nathan Wrigley: Yeah, that’s amazing. So really under active development. And you sound very impassioned about it. You sound like this has become your mission, you know?

[00:31:47] Mariya Moeva: I think, nobody ever complained that something is easy, right? When you make things simple and easy for people, they appreciate, even if they’re more knowledgeable than if they can do more advanced things themselves.

And I personally really care, like every time that I find a random website with really strange content, but just, someone put their soul into it. I recently found something in Zurich of like tours of Zurich, walking tours, by someone who really cares about history and architecture.

And it’s a terrible website design wise, but the content is amazing. And I was like, okay, this person could use some help, but he’s doing, or she’s doing like a great job at the content part, and then should get the traffic that they deserve for this. So that’s what motivates me also to come here.

One person, two or three WordCamps ago came over and was saying, everything about Google is hard except Site Kit. And I was like, yeah, that’s what we are trying to do. We really want to simplify things for you. So, yeah, being here is also super motivating. To talk to people and to hear feedback and feature requests. And again, we like when people come to complain.

[00:32:54] Nathan Wrigley: Well, I was just speaking to a few people prior to you entering the room and those few people all have Site Kit installed on their site. So you’re doing something right.

[00:33:02] Mariya Moeva: I hope it’s helpful. I hope it answers some questions and saves people some time. That’s what we are trying to do. Yeah, we are in the part of Google that has the ecosystem focus, so we know that ecosystem changes take longer. I mean, still it’s a fast growing plugin. It got to 5 million in 5 years, but still that’s 5 years. And in the context of software companies which move very fast, 5 years is a long time.

Yeah, we will keep going and hopefully more people can benefit from it. But we do have, yeah, still there are many people who come by and they’re like, whoa, what is this? Show me.

[00:33:36] Nathan Wrigley: Well, that’s nice. There’s for growth as well.

[00:33:38] Mariya Moeva: Yeah, yeah. For sure. I mean, for sure there’s always, and more people create new sites. So, again, going back to that hosting provider question of like, can we bring it to them at the moment of creation so that they know this is something I can use?

[00:33:50] Nathan Wrigley: Yeah. So one more time, the URL is sitekit.withgoogle.com. I will place that into the show notes as well.

Mariya, I think that’s everything that I have to ask. Thank you so much for chatting to me about Site Kit.

[00:34:01] Mariya Moeva: Yeah, thank you for the invitation. It’s been a pleasure to talk about the ecosystem. And, yeah, if people have feature requests, they can always write us either on GitHub in the Site Kit repo, or on the support forum, or if they are coming to any WordCamp where we also are, we are also super happy to hear. So we always love to know what people struggle with, so that we can build it for them and make it easy.

[00:34:23] Nathan Wrigley: Thank you very much indeed.

On the podcast today we have Mariya Moeva.

Mariya has more than 15 years of experience in tech across search quality, developer advocacy, community building and outreach, and product management. Currently she’s the product lead for Site Kit, Google’s official WordPress plugin. She’s presented at WordCamp Europe in Basel this year, and joins us to talk about the journey from studying classical Japanese literature to fighting web spam at Google, and eventually shaping open source tools for the web.

Mariya talks about her passion for the open web and how years of direct feedback from site owners shaped the vision for Site Kit, making complex analytics accessible and actionable for everyone, from solo bloggers to agencies and hosting providers.

Site Kit has had impressive growth for a WordPress plugin, currently there are 5 million active installs and a monthly user base of 700,000.

We learn how Site Kit bundles core Google products, like Search Console, Analytics, PageSpeed Insights, AdSense into a simpler, curated WordPress dashboard, giving actionable insights without the need to trawl through multiple complex interfaces.

Mariya explains how the plugin is intentionally beginner-friendly, with features like role-based dashboard sharing, integration with WordPress’ author and category systems, and some newer additions like Reader Revenue Manager to help site owners become more sustainable.

She shares Google’s motivations for investing so much in WordPress and the open web, and how her team is committed to active support, trying to respond rapidly on forums and listening closely to feedback.

We discuss Site Kit’s roadmap, from benchmarking and reporting features to smarter, more personalised recommendations in the future.

If you’ve ever felt overwhelmed by analytics dashboards, or are looking for ways to make data more practical and valuable inside WordPress, this episode is for you.

Useful links

Site Kit

 Reader Revenue Manager

Google Trends

Site Kit support

Site Kit on GitHub

The Core Model: Start FROM The Answer, Not WITH The Solution

Ever sat in a meeting where everyone jumped straight to solutions? “We need a new app!” “Let’s redesign the homepage!” “AI will fix everything!” This solution-first thinking is endemic in digital development — and it’s why so many projects fail to deliver real value. As the creator of the Core Model methodology, I developed this approach to flip the script: instead of starting with solutions, we start FROM the answer.

What’s the difference? Starting with solutions means imposing our preconceived ideas. Starting FROM the answer to a user task means forming a hypothesis about what users need, then taking a step back to follow a simple structure that validates and refines that hypothesis.

Six Good Questions That Lead to Better Answers

At its heart, the Core Model is simply six good questions asked in the right order, with a seventh that drives action. It appeals to common sense — something often in short supply during complex digital projects.

When I introduced this approach to a large organization struggling with their website, their head of digital admitted: “We’ve been asking all these questions separately, but never in this structured way that connects them.”

These questions help teams pause, align around what matters, and create solutions that actually work:

  1. Who are we trying to help, and what’s their situation?
  2. What are they trying to accomplish?
  3. What do we want to achieve?
  4. How do they approach this need?
  5. Where should they go next?
  6. What’s the essential content or functionality they need?
  7. What needs to be done to create this solution?

This simple framework creates clarity across team boundaries, bringing together content creators, designers, developers, customer service, subject matter experts, and leadership around a shared understanding.

Starting With a Hypothesis

The Core Model process typically begins before the workshop. The project lead or facilitator works with key stakeholders to:

  1. Identify candidate cores based on organizational priorities and user needs.
  2. Gather existing user insights and business objectives.
  3. Form initial hypotheses about what these cores should accomplish.
  4. Prepare relevant background materials for workshop participants.

This preparation ensures the workshop itself is focused and productive, with teams validating and refining hypotheses rather than starting from scratch.

The Core Model: Six Elements That Create Alignment

Let’s explore each element of the Core Model in detail:

1. Target Group: Building Empathy First

Rather than detailed personas, the Core Model starts with quick proto-personas that build empathy for users in specific situations:

  • A parent researching childcare options late at night after a long day.
  • A small business owner trying to understand tax requirements between client meetings.
  • A new resident navigating unfamiliar public services in their second language.

The key is to humanize users and understand their emotional and practical context before diving into solutions.

2. User Tasks: What People Are Actually Trying to Do

Beyond features or content, what are users actually trying to accomplish?

  • Making an informed decision about a major purchase.
  • Finding the right form to apply for a service.
  • Understanding next steps in a complex process.
  • Checking eligibility for a program or benefit.

These tasks should be based on user research and drive everything that follows. Top task methodology is a great approach to this.

3. Business Objectives: What Success Looks Like

Every digital initiative should connect to clear organizational goals:

  • Increasing online self-service adoption.
  • Reducing support costs.
  • Improving satisfaction and loyalty.
  • Meeting compliance requirements.
  • Generating leads or sales.

These objectives provide the measurement framework for success. (If you work with OKRs, you can think of these as Key Results that connect to your overall Objective.)

4. Inward Paths: User Scenarios and Approaches

This element goes beyond just findability to include the user’s entire approach and mental model:

  • What scenarios lead them to this need?
  • What terminology do they use to describe their problem?
  • How would the phrase their need to Google or an LLM?
  • What emotions or urgency are they experiencing?
  • What channels or touchpoints do they use?
  • What existing knowledge do they bring?

Understanding these angles of different approaches ensures we meet users where they are.

5. Forward Paths: Guiding the Journey

What should users do after engaging with this core?

  • Take a specific action to continue their task.
  • Explore related information or options.
  • Connect with appropriate support channels.
  • Save or share their progress.

These paths create coherent journeys (core flows) rather than dead ends.

6. Core Content: The Essential Solution

Only after mapping the previous elements do we define the actual solution:

  • What information must be included?
  • What functionality is essential?
  • What tone and language are appropriate?
  • What format best serves the need?

This becomes our blueprint for what actually needs to be created.

Action Cards: From Insight to Implementation

The Core Model process culminates with action cards that answer the crucial seventh question: “What needs to be done to create this solution?”

These cards typically include:

  • Specific actions required;
  • Who is responsible;
  • Timeline for completion;
  • Resources needed;
  • Dependencies and constraints.

Action cards transform insights into concrete next steps, ensuring the workshop leads to real improvements rather than just interesting discussions.

The Power of Core Pairs

A unique aspect of the Core Model methodology is working in core pairs—two people from different competencies or departments working together on the same core sheet. This approach creates several benefits:

  • Cross-disciplinary insight
    Pairing someone with deep subject knowledge with someone who brings a fresh perspective.
  • Built-in quality control
    Partners catch blind spots and challenge assumptions.
  • Simplified communication
    One-to-one dialogue is more effective than group discussions.
  • Shared ownership
    Both participants develop a commitment to the solution.
  • Knowledge transfer
    Skills and insights flow naturally between disciplines.

The ideal pair combines different perspectives — content and design, business and technical, expert and novice — creating a balanced approach that neither could achieve alone.

Creating Alignment Within and Between Teams

The Core Model excels at creating two crucial types of alignment:

Within Cross-Functional Teams

Modern teams bring together diverse competencies:

  • Content creators focus on messages and narrative.
  • Designers think about user experience and interfaces.
  • Developers consider technical implementation.
  • Business stakeholders prioritize organizational needs.

The Core Model gives these specialists a common framework. Instead of the designer focusing only on interfaces or the developer only on code, everyone aligns around user tasks and business goals.

As one UX designer told me:

“The Core Model changed our team dynamic completely. Instead of handing off wireframes to developers who didn’t understand the ‘why’ behind design decisions, we now share a common understanding of what we’re trying to accomplish.”

Between Teams Across the Customer Journey

Users don’t experience your organization in silos — they move across touchpoints and teams. The Core Model helps connect these experiences:

  • Marketing teams understand how their campaigns connect to service delivery.
  • Product teams see how their features fit into larger user journeys.
  • Support teams gain context on user pathways and common issues.
  • Content teams create information that supports the entire journey.

By mapping connections between cores (core flows), organizations create coherent experiences rather than fragmented interactions.

Breaking Down Organizational Barriers

The Core Model creates a neutral framework where various perspectives can contribute while maintaining a unified direction. This is particularly valuable in traditional organizational structures where content responsibility is distributed across departments.

The Workshop: Making It Happen

The Core Model workshop brings these elements together in a practical format that can be adapted to different contexts and needs.

Workshop Format and Timing

For complex projects with multiple stakeholders across organizational silos, the ideal format is a full-day (6–hour) workshop:

First Hour: Foundation and Context

  • Introduction to the methodology (15 min).
  • Sharing user insights and business context (15 min).
  • Reviewing pre-workshop hypotheses (15 min).
  • Initial discussion and questions (15 min).

Hours 2–4: Core Mapping

  • Core pairs work on mapping elements (120 min).
  • Sharing between core pairs and in plenary between elements.
  • Facilitators provide guidance as needed.

Hours 5–6: Presentation, Discussion, and Action Planning

  • Each core pair presents its findings (depending on the number of cores).
  • Extensive group discussion and refinement.
  • Creating action cards and next steps.

The format is highly flexible:

  • Teams experienced with the methodology can conduct focused sessions in as little as 30 minutes.
  • Smaller projects might need only 2–3 hours.
  • Remote teams might split the workshop into multiple shorter sessions.

Workshop Environment

The Core Model workshop thrives in different environments:

  • Analog: Traditional approach using paper core sheets.
  • Digital: Virtual workshops using Miro, Mural, FigJam, or similar platforms.
  • Hybrid: Digital canvas in physical workshop, combining in-person interaction with digital documentation.

Note: You can find all downloads and templates here.

Core Pairs: The Key to Success

The composition of core pairs is critical to success:

  • One person should know the solution domain well (subject matter expert).
  • The other brings a fresh perspective (and learns about a different domain).
  • This combination ensures both depth of knowledge and fresh thinking.
  • Cross-functional pairing creates natural knowledge transfer and breaks down silos.

Workshop Deliverables

Important to note: The workshop doesn’t produce final solutions.

Instead, it creates a comprehensive brief containing the following:

  • Priorities and context for content development.
  • Direction and ideas for design and user experience.
  • Requirements and specifications for functionality.
  • Action plan for implementation with clear ownership.

This brief becomes the foundation for subsequent development work, ensuring everyone builds toward the same goal while leaving room for specialist expertise during implementation.

Getting Started: Your First Core Model Implementation

Ready to apply the Core Model in your organization? Here’s how to begin:

1. Form Your Initial Hypothesis

Before bringing everyone together:

  • Identify a core where users struggle and the business impact is clear.
  • Gather available user insights and business objectives.
  • Form a hypothesis about what this core should accomplish.
  • Identify key stakeholders across relevant departments.

2. Bring Together the Right Core Pairs

Select participants who represent different perspectives:

  • Content creators paired with designers.
  • Business experts paired with technical specialists.
  • Subject matter experts paired with user advocates.
  • Veterans paired with fresh perspectives.

3. Follow the Seven Questions

Guide core pairs through the process:

  • Who are we trying to help, and what’s their situation?
  • What are they trying to accomplish?
  • What do we want to achieve?
  • How do they approach this need?
  • Where should they go next?
  • What’s the essential content or functionality?
  • What needs to be done to create this solution?

4. Create an Action Plan

Transform insights into concrete actions:

  • Document specific next steps on action cards.
  • Assign clear ownership for each action.
  • Establish timeline and milestones.
  • Define how you’ll measure success.
In Conclusion: Common Sense In A Structured Framework

The Core Model works because it combines common sense with structure — asking the right questions in the right order to ensure we address what actually matters.

By starting FROM the answer, not WITH the solution, teams avoid premature problem-solving and create digital experiences that truly serve user needs while achieving organizational goals.

Whether you’re managing a traditional website, creating multi-channel content, or developing digital products, this methodology provides a framework for better collaboration, clearer priorities, and more effective outcomes.

This article is a short adaptation of my book The Core Model — A Common Sense to Digital Strategy and Design. You can find information about the book and updated resources at thecoremodel.com.

Web Components: Working With Shadow DOM

It’s common to see Web Components directly compared to framework components. But most examples are actually specific to Custom Elements, which is one piece of the Web Components picture. It’s easy to forget Web Components are actually a set of individual Web Platform APIs that can be used on their own:

In other words, it’s possible to create a Custom Element without using Shadow DOM or HTML Templates, but combining these features opens up enhanced stability, reusability, maintainability, and security. They’re all parts of the same feature set that can be used separately or together.

With that being said, I want to pay particular attention to Shadow DOM and where it fits into this picture. Working with Shadow DOM allows us to define clear boundaries between the various parts of our web applications — encapsulating related HTML and CSS inside a DocumentFragment to isolate components, prevent conflicts, and maintain clean separation of concerns.

How you take advantage of that encapsulation involves trade-offs and a variety of approaches. In this article, we’ll explore those nuances in depth, and in a follow-up piece, we’ll dive into how to work effectively with encapsulated styles.

Why Shadow DOM Exists

Most modern web applications are built from an assortment of libraries and components from a variety of providers. With the traditional (or “light”) DOM, it’s easy for styles and scripts to leak into or collide with each other. If you are using a framework, you might be able to trust that everything has been written to work seamlessly together, but effort must still be made to ensure that all elements have a unique ID and that CSS rules are scoped as specifically as possible. This can lead to overly verbose code that both increases app load time and reduces maintainability.

<!-- div soup -->
<div id="my-custom-app-framework-landingpage-header" class="my-custom-app-framework-foo">
  <div><div><div><div><div><div>etc...</div></div></div></div></div></div>
</div>

Shadow DOM was introduced to solve these problems by providing a way to isolate each component. The <video> and <details> elements are good examples of native HTML elements that use Shadow DOM internally by default to prevent interference from global styles or scripts. Harnessing this hidden power that drives native browser components is what really sets Web Components apart from their framework counterparts.

Elements That Can Host A Shadow Root

Most often, you will see shadow roots associated with Custom Elements. However, they can also be used with any HTMLUnknownElement, and many standard elements support them as well, including:

  • <aside>
  • <blockquote>
  • <body>
  • <div><footer>
  • <h1> to <h6>
  • <header>
  • <main>
  • <nav>
  • <p>
  • <section>
  • <span>

Each element can only have one shadow root. Some elements, including <input> and <select>, already have a built-in shadow root that is not accessible through scripting. You can inspect them with your Developer Tools by enabling the Show User Agent Shadow DOM setting, which is “off” by default.

Creating A Shadow Root

Before leveraging the benefits of Shadow DOM, you first need to establish a shadow root on an element. This can be instantiated imperatively or declaratively.

Imperative Instantiation

To create a shadow root using JavaScript, use attachShadow({ mode }) on an element. The mode can be open (allowing access via element.shadowRoot) or closed (hiding the shadow root from outside scripts).

const host = document.createElement('div');
const shadow = host.attachShadow({ mode: 'open' });
shadow.innerHTML = '<p>Hello from the Shadow DOM!</p>';
document.body.appendChild(host);

In this example, we’ve established an open shadow root. This means that the element’s content is accessible from the outside, and we can query it like any other DOM node:

host.shadowRoot.querySelector('p'); // selects the paragraph element

If we want to prevent external scripts from accessing our internal structure entirely, we can set the mode to closed instead. This causes the element’s shadowRoot property to return null. We can still access it from our shadow reference in the scope where we created it.

shadow.querySelector('p');

This is a crucial security feature. With a closed shadow root, we can be confident that malicious actors cannot extract private user data from our components. For example, consider a widget that shows banking information. Perhaps it contains the user’s account number. With an open shadow root, any script on the page can drill into our component and parse its contents. In closed mode, only the user can perform this kind of action with manual copy-pasting or by inspecting the element.

I suggest a closed-first approach when working with Shadow DOM. Make a habit of using closed mode unless you are debugging, or only when absolutely necessary to get around a real-world limitation that cannot be avoided. If you follow this approach, you will find that the instances where open mode is actually required are few and far between.

Declarative Instantiation

We don’t have to use JavaScript to take advantage of Shadow DOM. Registering a shadow root can be done declaratively. Nesting a <template> with a shadowrootmode attribute inside any supported element will cause the browser to automatically upgrade that element with a shadow root. Attaching a shadow root in this manner can even be done with JavaScript disabled.

<my-widget>
  <template shadowrootmode="closed">
    <p> Declarative Shadow DOM content </p>
  </template>
</my-widget>

Again, this can be either open or closed. Consider the security implications before using open mode, but note that you cannot access the closed mode content through any scripts unless this method is used with a registered Custom Element, in which case, you can use ElementInternals to access the automatically attached shadow root:

class MyWidget extends HTMLElement {
  #internals;
  #shadowRoot;
  constructor() {
    super();
    this.#internals = this.attachInternals();
    this.#shadowRoot = this.#internals.shadowRoot;
  }
  connectedCallback() {
    const p = this.#shadowRoot.querySelector('p')
    console.log(p.textContent); // this works
  }
};
customElements.define('my-widget', MyWidget);
export { MyWidget };
Shadow DOM Configuration

There are three other options besides mode that we can pass to Element.attachShadow().

Option 1: clonable:true

Until recently, if a standard element had a shadow root attached and you tried to clone it using Node.cloneNode(true) or document.importNode(node,true), you would only get a shallow copy of the host element without the shadow root content. The examples we just looked at would actually return an empty <div>. This was never an issue with Custom Elements that built their own shadow root internally.

But for a declarative Shadow DOM, this means that each element needs its own template, and they cannot be reused. With this newly-added feature, we can selectively clone components when it’s desirable:

<div id="original">
  <template shadowrootmode="closed" shadowrootclonable>
    <p> This is a test  </p>
  </template>
</div>

<script>
  const original = document.getElementById('original');
  const copy = original.cloneNode(true); copy.id = 'copy';
  document.body.append(copy); // includes the shadow root content
</script>

Option 2: serializable:true

Enabling this option allows you to save a string representation of the content inside an element’s shadow root. Calling Element.getHTML() on a host element will return a template copy of the Shadow DOM’s current state, including all nested instances of shadowrootserializable. This can be used to inject a copy of your shadow root into another host, or cache it for later use.

In Chrome, this actually works through a closed shadow root, so be careful of accidentally leaking user data with this feature. A safer alternative would be to use a closed wrapper to shield the inner contents from external influences while still keeping things open internally:

<wrapper-element></wrapper-element>

<script>
  class WrapperElement extends HTMLElement {
    #shadow;
    constructor() {
      super();
      this.#shadow = this.attachShadow({ mode:'closed' });
      this.#shadow.setHTMLUnsafe(&lt;nested-element&gt;
          &lt;template shadowrootmode="open" shadowrootserializable&gt;
            &lt;div id="test"&gt;
              &lt;template shadowrootmode="open" shadowrootserializable&gt;
                &lt;p&gt; Deep Shadow DOM Content &lt;/p&gt;
              &lt;/template&gt;
            &lt;/div&gt;
          &lt;/template&gt;
        &lt;/nested-element&gt;);
      this.cloneContent();
    }
    cloneContent() {
      const nested = this.#shadow.querySelector('nested-element');
      const snapshot = nested.getHTML({ serializableShadowRoots: true });
      const temp = document.createElement('div');
      temp.setHTMLUnsafe(&lt;another-element&gt;${snapshot}&lt;/another-element&gt;);
      const copy = temp.querySelector('another-element');
      copy.shadowRoot.querySelector('#test').shadowRoot.querySelector('p').textContent = 'Changed Content!';
      this.#shadow.append(copy);
    }
  }
  customElements.define('wrapper-element', WrapperElement);
  const wrapper = document.querySelector('wrapper-element');
  const test = wrapper.getHTML({ serializableShadowRoots: true });
  console.log(test); // empty string due to closed shadow root
</script>

Notice setHTMLUnsafe(). That’s there because the content contains <template> elements. This method must be called when injecting trusted content of this nature. Inserting the template using innerHTML would not trigger the automatic initialization into a shadow root.

Option 3: delegatesFocus:true

This option essentially makes our host element act as a <label> for its internal content. When enabled, clicking anywhere on the host or calling .focus() on it will move the cursor to the first focusable element in the shadow root. This will also apply the :focus pseudo-class to the host, which is especially useful when creating components that are intended to participate in forms.

<custom-input>
  <template shadowrootmode="closed" shadowrootdelegatesfocus>
    <fieldset>
      <legend> Custom Input </legend>
      <p> Click anywhere on this element to focus the input </p>
      <input type="text" placeholder="Enter some text...">
    </fieldset>
  </template>
</custom-input>

This example only demonstrates focus delegation. One of the oddities of encapsulation is that form submissions are not automatically connected. That means an input’s value will not be in the form submission by default. Form validation and states are also not communicated out of the Shadow DOM. There are similar connectivity issues with accessibility, where the shadow root boundary can interfere with ARIA. These are all considerations specific to forms that we can address with ElementInternals, which is a topic for another article, and is cause to question whether you can rely on a light DOM form instead.

Slotted Content

So far, we have only looked at fully encapsulated components. A key Shadow DOM feature is using slots to selectively inject content into the component’s internal structure. Each shadow root can have one default (unnamed) <slot>; all others must be named. Naming a slot allows us to provide content to fill specific parts of our component as well as fallback content to fill any slots that are omitted by the user:

<my-widget>
  <template shadowrootmode="closed">
    <h2><slot name="title"><span>Fallback Title</span></slot></h2>
    <slot name="description"><p>A placeholder description.</p></slot>
    <ol><slot></slot></ol>
  </template>
  <span slot="title"> A Slotted Title</span>
  <p slot="description">An example of using slots to fill parts of a component.</p>
  <li>Foo</li>
  <li>Bar</li>
  <li>Baz</li>
</my-widget>

Default slots also support fallback content, but any stray text nodes will fill them. As a result, this only works if you collapse all whitespace in the host element’s markup:

<my-widget><template shadowrootmode="closed">
  <slot><span>Fallback Content</span></slot>
</template></my-widget>

Slot elements emit slotchange events when their assignedNodes() are added or removed. These events do not contain a reference to the slot or the nodes, so you will need to pass those into your event handler:

class SlottedWidget extends HTMLElement {
  #internals;
  #shadow;
  constructor() {
    super();
    this.#internals = this.attachInternals();
    this.#shadow = this.#internals.shadowRoot;
    this.configureSlots();
  }
  configureSlots() {
    const slots = this.#shadow.querySelectorAll('slot');
    console.log({ slots });
    slots.forEach(slot => {
      slot.addEventListener('slotchange', () => {
        console.log({
          changedSlot: slot.name || 'default',
          assignedNodes: slot.assignedNodes()
        });
      });
    });
  }
}
customElements.define('slotted-widget', SlottedWidget);

Multiple elements can be assigned to a single slot, either declaratively with the slot attribute or through scripting:

const widget = document.querySelector('slotted-widget');
const added = document.createElement('p');
added.textContent = 'A secondary paragraph added using a named slot.';
added.slot = 'description';
widget.append(added);

Notice that the paragraph in this example is appended to the host element. Slotted content actually belongs to the “light” DOM, not the Shadow DOM. Unlike the examples we’ve covered so far, these elements can be queried directly from the document object:

const widgetTitle = document.querySelector('my-widget [slot=title]');
widgetTitle.textContent = 'A Different Title';

If you want to access these elements internally from your class definition, use this.children or this.querySelector. Only the <slot> elements themselves can be queried through the Shadow DOM, not their content.

From Mystery To Mastery

Now you know why you would want to use Shadow DOM, when you should incorporate it into your work, and how you can use it right now.

But your Web Components journey can’t end here. We’ve only covered markup and scripting in this article. We have not even touched on another major aspect of Web Components: Style encapsulation. That will be our topic in another article.

Beginner’s Guide to VCDPA Compliance in WordPress

28 July 2025 at 10:00

When I first learned about the Virginia Consumer Data Protection Act (VCDPA), I’ll admit I felt a bit overwhelmed.

As someone who’s managed WordPress sites for many years, the idea of learning yet another privacy law felt like a lot. But when I dug into it, I realized it’s more straightforward than it looks.

Still, I’ve seen plenty of site owners make compliance harder than it needs to be—either by overcomplicating the process or missing simple steps.

That’s why I created this guide. I’ll walk you through the VCDPA’s core requirements step by step and share the tools I use to improve WordPress compliance without getting overwhelmed by legal jargon.

Beginner's Guide to VCDPA Compliance in WordPress

What is the Virginia Consumer Data Protection Act (VCDPA)?

The Virginia Consumer Data Protection Act (VCDPA) is a state privacy law that gives Virginia residents more control over their personal data. This includes information that can identify someone directly or indirectly—like names, email addresses, IP addresses, or data collected through website forms or tracking tools.

Even if your business isn’t based in Virginia, the VCDPA might still apply to your WordPress site. What matters is whether you collect personal data from Virginia residents.

That said, the law doesn’t apply to every site. It’s mainly aimed at larger businesses and organizations.

Generally, you need to comply with the VCDPA if you:

  • Control or process the personal data of 100,000 or more Virginia consumers in a calendar year, or
  • Control or process the personal data of at least 25,000 Virginia consumers and get over 50% of your total revenue from selling personal data.

Keep in mind that the law also only applies to businesses or organizations operating for commercial purposes.

If your site fits one of those categories, then it’s essential to understand how the VCDPA works and what steps you need to take to stay compliant.

Why Should WordPress Users Care About VCDPA Compliance?

If your WordPress site falls under the VCDPA, then staying compliant helps you avoid potential penalties. The Virginia Attorney General enforces the VCDPA, and violations can lead to fines of up to $7,500 per incident.

Fortunately, you’ll usually receive a 30-day warning and a chance to fix the issue before any penalties are applied.

It’s also worth noting that consumers can’t directly sue you under this law. Only the Attorney General can take action, which adds a layer of protection, but doesn’t mean you should ignore compliance.

More importantly, showing that you care about user privacy helps build trust with your audience.

When visitors know you’re being transparent and responsible with their data, they’re more likely to stick around, sign up for your email newsletter, or make a purchase from your online store.

Simply put, staying compliant is not just a legal duty. It’s also a key part of building trust and achieving long-term success.

How VCDPA Affects Your WordPress Site

If your site is covered by the VCDPA, then you’re required to support several privacy rights for your visitors. That means making it easy for Virginia residents to control how their personal data is collected, used, and deleted.

As a WordPress site owner, here are the main rights you need to understand and support:

  • The Right to Know: Visitors can ask what personal data you’ve collected about them.
  • The Right to Correction: They can request that you fix any incorrect or outdated information.
  • The Right to Opt-Out: Users can ask you not to sell or share their personal data with other companies.
  • The Right to Data Portability: They can request a copy of their personal data in a format they can use elsewhere, like a ZIP file.
  • The Right to Delete: Users can ask you to permanently delete the data you’ve collected about them.

Throughout this guide, I’ll show you how to support each of these rights using WordPress tools and beginner-friendly strategies.

How to Improve Your VCDPA Compliance in WordPress

VCDPA compliance may sound technical. But at its core, it’s about being transparent with your visitors and giving them control over their personal data.

As a WordPress site owner, there are practical steps you can take to meet these requirements. These include limiting how much data you collect, creating clear policies, and making it easy for users to opt out or request changes.

In this article, I will walk you through each part of the process. You can follow them step-by-step or jump to the parts that apply to your site using the links below:

Perform a Data Audit

The first step to VCDPA compliance is understanding how your website collects and stores personal data. That means reviewing the tools, plugins, and services you use—and documenting the information they gather.

To start, I recommend making a list of every WordPress plugin on your site, along with any third-party tools that interact with user data. This could include analytics platforms, form builders, or SEO tools.

Once you have that list, check what kind of personal information each tool collects. For example, if you’ve added a quote request form, you’ll want to record whether it asks for names, company details, or job titles.

To guide your audit, ask yourself:

  • What personal data do I collect? This includes names, email addresses, IP addresses, payment details, and any other data submitted through forms or comments.
  • Where is this data stored? Is it saved on your own server or sent to an outside service?
  • Why am I collecting this information? The VCDPA says data must be “adequate, relevant, and reasonably necessary” for your stated purpose.
  • How long do I keep it? You should only store personal data as long as it’s needed for its original purpose.
  • Do I share this data with anyone? This includes service providers, third-party tools, or advertising networks. Be sure to note whether any of this data is used for targeted ads.

Once you’ve completed your audit, you’ll have a clear picture of what data you collect, where it’s stored, and what you need to adjust to meet VCDPA requirements.

Create a Data Compliance Record

After completing your data audit, the next step is to keep a written record of what you found. This document should explain the actions you’ve already taken to follow the VCDPA, along with any updates or fixes you made during your audit.

By creating this record, you’ll have clear proof that you take privacy seriously. That can be helpful if you’re ever audited or if someone asks about your compliance practices.

As you’ll see throughout this guide, it’s not enough to follow the VCDPA behind the scenes. You also need to be able to show that you’re doing things the right way.

Every business website is different, but I recommend running a new data audit and updating your records at least once per year.

You should also update your records any time you change how your site collects or uses personal data. For example, after installing a new plugin that collects user info, or when the law itself changes, it’s a good time to revisit your audit and notes.

Keeping this record up to date doesn’t take much time, and it’ll make compliance much easier in the long run.

Collect Less Data

The VCDPA says you should only collect personal data that’s “adequate, relevant, and reasonably necessary” to meet a specific goal.

In other words: don’t collect anything you don’t truly need.

This idea is known as data minimization. It means reviewing what you currently collect and looking for ways to reduce it. If a piece of information isn’t essential for your site to function—or for the task at hand—it’s better to leave it out.

After completing your data audit, carefully review all the information you collect. Ask yourself: “Do I truly need every single piece of information I’m asking for?”

If something isn’t necessary, remove it. The less data you collect, the easier it is to stay compliant, and the less you’ll have to manage when users make requests.

This approach also builds trust. By avoiding unnecessary questions, you show that you respect your visitors’ privacy and value their time.

Create a Privacy Policy

A privacy policy is a page on your website that clearly explains what personal data you collect, how you use it, and who you share it with.

Having a clear, up-to-date privacy policy is essential for VCDPA compliance. It helps visitors understand how their information is handled and directly supports the VCDPA’s Right to Know requirement.

To make things easier, WordPress includes a built-in tool for creating a privacy policy. You can find it by going to Settings » Privacy in your WordPress dashboard. 

How to generate a privacy policy, using the built-in WordPress tools

Alternatively, you can use our own WPBeginner privacy policy page as a starting point. 

Just remember to change all mentions of ‘WPBeginner’ to your specific business or website name. 

WPBeginner's privacy policy template

Want more detailed instructions? We also have a complete, step-by-step guide on how to add a privacy policy in WordPress.

If your site already has a privacy policy, that’s great, but you’ll still need to review and update it to reflect the VCDPA.

In particular, make sure it covers the key rights your visitors have:

  • Right to Know
  • Right to Delete
  • Right to Correction
  • Right to Opt Out

You’ll also need to explain how users can act on those rights. For example, you might link to a contact form where visitors can request access to their data, or provide steps for updating their profile information.

Finally, don’t forget to keep your privacy policy up to date. This ensures it always reflects your current data practices and any changes to the VCDPA.

Add a Cookie Popup

Many websites use cookies to track user behavior, display ads, or measure analytics. If your site does this, the VCDPA expects you to inform users and give them a way to opt out.

Unlike the GDPR, which requires visitors to actively agree before data is collected, the VCDPA follows an opt-out model. That means you can often collect data by default—as long as users are told what’s being collected and can say no if they want to.

One of the simplest ways to meet this requirement is by adding a cookie popup. A good popup should explain what types of cookies your site uses, what data is being collected, and how that information is used. It should also give users a clear way to opt out.

An example of a cookie consent banner, created using WPConsent

I recommend using WPConsent for this. It’s the same plugin we use on WPBeginner to manage cookie banners and user consent.

It works well for WordPress beginners and is actively updated to follow privacy laws like the VCDPA, GDPR, and CCPA.

💡Want to know more about how WPConsent works on our site? Our in-depth WPConsent review has all the details. 

WPBeginner's cookie consent popup, created using WPConsent

You can also find a free version of WPConsent in the WordPress plugin directory.

To get started, simply install and activate the plugin.

After you activate it, WPConsent will automatically scan your site for active cookies. It will then record all the cookies it finds. 

Scanning your WordPress blog or website for all active cookies

Next, WPConsent’s setup wizard will help you change how your cookie popup looks. You can adjust the layout, the text size, button styles, colors, and even add your own custom logo

As you make changes, WPConsent will show a live preview. This lets you see exactly how the banner will look on your WordPress website. 

Designing a cookie consent banner using the WPConsent WordPress plugin

When you’re happy with how everything is set up, just save your changes. The cookie banner will then appear on your WordPress website, helping you comply with the VCDPA.

For more detailed instructions, see our full guide on how to add a cookie popup in WordPress.

Write a Separate Cookie Policy 

A cookie popup is a good starting point, but it’s also smart to create a dedicated cookie policy.

This separate page gives visitors more detail about how your site uses cookies. That way, they can better understand what personal information you collect and how it’s used.

In your cookie policy, you should list all the different types of cookies you use on your site. For example, you might use essential cookies (required for your site to work), analytics cookies (to measure website traffic), or marketing cookies (for advertising).

You should also explain what each type of cookie does. For example, some cookies might track user behavior or deliver targeted ads.

It’s also a good idea to describe what kinds of personal data each cookie collects. This might include a visitor’s IP address, device type, or browsing activity.

To build trust, keep your cookie policy easy to understand. This means you should avoid technical terms or legal words that are hard to follow. Instead, use clear and direct language that anyone can read.

Once your cookie policy is written, make sure it’s easy to find. I recommend linking to it from your footer and your cookie popup, as well as your main privacy policy.

Luckily, a tool like WPConsent can do much of this for you. 

As you saw earlier, when you first install WPConsent, it automatically scans your site and identifies any active cookies.

To do this, go to WPConsent » Settings

The WPConsent cookie consent plugin for WordPress

In the plugin’s settings, choose the page where you want to display the cookie policy.

WPConsent will then add this policy to your chosen page. It’s that simple. 

An example of a cookie policy, created using WPConsent

If you’re using WPConsent to display a cookie popup, then visitors can now access this policy directly from the popup itself.

They just need to select the ‘Preferences’ button. 

Accessing the cookie policy, directly from a WordPress banner

From there, they can click the ‘Cookie Policy’ link. 

WPConsent will then take them straight to the correct page.

Linking directly to your cookie policy, from a WordPress popup created with WPConsent

Block Third-Party Scripts

One of the most challenging things about VCDPA compliance is that it also covers external tracking tools. These include popular services like Google Analytics and Facebook Pixel.

The reason for this is simple: these tracking tools often collect visitor data. Under the VCDPA, you’re responsible for managing how these third-party tools collect, store, and use that personal information.

You also need to give visitors a way to stop these tools from tracking them if they choose.

So, how do you control tracking scripts from other companies? There’s an easy answer: automatic script blocking.

The VCDPA generally allows the use of tracking tools unless a visitor opts out, especially when used for targeted advertising. But a best practice for building user trust is to block tracking scripts until the visitor opts in.

This approach goes beyond VCDPA requirements and also helps you comply with stricter laws like GDPR. With this feature, scripts won’t load until the visitor explicitly agrees.

It also provides visitors with the information they need to understand what they’re agreeing to before you collect any data. This helps you meet the VCDPA’s Right to Know rule.

Plus, you’re getting a head start on complying with other privacy laws like Europe’s GDPR, which does require opt-in consent. It’s a great way to make your website’s privacy practices strong all around. 

Fortunately, WPConsent has an automatic script blocking feature that works out of the box.

Simply activate the plugin, and it will find and block common tracking scripts automatically. This includes tools like Google Analytics, Google Ads, and Facebook Pixel. Even better, WPConsent does this without breaking your site.

As soon as a visitor gives their consent, WPConsent will run the blocked script. This provides a very smooth user experience because the page does not need to reload.

Track and Log Visitor Consent

Even if you follow all the VCDPA rules, regulators might still question how you handle data or even audit your site.

If this happens, you’ll need to prove that you’re respecting your audience’s choices. That’s why it’s important to keep a detailed record of user consent.

WPConsent makes this easy by automatically logging each user’s consent. It saves all the important details, including the user’s IP address, their consent choices, and the exact date and time they made those choices.

You can see this information at any time by going to WPConsent » Consent Logs in your WordPress dashboard.

How to comply with the VCDPA by creating a privacy consent log

Need to share this information with an auditor or team member? You can export it from your WordPress dashboard in just a few clicks.

To do this, just click the ‘Export’ tab. Then, enter the ‘From Date’ and ‘To Date’ for the export. This creates a CSV file, ready for you to share with auditors, customers, and anyone else who needs access.

Provide an Easy Opt-Out for Data Sales

Under the VCDPA, if your site sells or shares personal data, then you must give visitors a way to opt out.

The easiest way to do this in WordPress is with WPConsent’s Do Not Track add-on. Despite its name, it gives you exactly what you need to meet the VCDPA’s opt-out of sale requirement.

To get started, go to WPConsent » Do Not Track » Configuration inside your WordPress dashboard. 

WPConsent will then guide you through the steps to install this add-on and create a ‘Do Not Track’ form. 

How to achieve VCDPA compliance with WPConsent

🌟 Want more detailed instructions? Then see our guide on how to create a Do Not Sell My Info page in WordPress.

Once it’s active, visitors can fill out a simple form to opt out of the sale or sharing of their data.

Even better, WPConsent stores all opt-out requests directly on your website in a secure table. That way, you keep full control over sensitive data instead of depending on external services.

It also logs each request automatically, giving you built-in proof of compliance in case of an audit.

Support the ‘Right to Delete’

As I mentioned earlier, the VCDPA gives users the right to ask you to delete their personal data.

There are different ways to handle these requests, but the easiest is to add a ‘data erasure’ form to your site.

This is where WPForms can help. It’s a user-friendly form builder that lets you create all kinds of forms using a drag-and-drop editor.

🌟 Here at WPBeginner, we’re not just recommending WPForms – we built all our own forms with it!

From our contact pages to our surveys, it’s all powered by WPForms. We use it daily, which is why we’re confident recommending it.

Ready to see why it’s our go-to? Dive into our detailed WPForms review.

When it comes to fulfilling the VCDPA’s ‘Right to Delete’, WPForms comes with a ready-made Right to Erasure Request Form template.

How to comply with the Virginia Consumer Data Protection Act (VCDPA)  using WPForms

This provides a strong starting point, so you can add this important form to your site quickly and easily. 

After installing WPForms, you can customize the Right to Erasure Request Form template in a user-friendly editor. This makes it easy to add, remove, and change the default fields.

When you’re happy with how the form is set up, you can add it to your site using either a shortcode or the WPForms block. 

How to add data request forms to your WordPress blog or website

Finally, you’ll want to make sure visitors can find this form easily. I recommend linking to it from your privacy policy or even embedding the form directly on your privacy policy page.

WPForms also includes an entry management system that lets you filter form submissions and act on new deletion requests right away.

To review your entries, go to WPForms » Entries in the WordPress dashboard. 

Managing data request submissions in the WordPress dashboard

You’ll now see all the different forms you’ve created. Simply find the data erasure form and give it a click.

WPForms will now display all your ‘delete data’ requests.

Ensuring your WordPress website complies with the Virginia Consumer Data Protection Act (VCDPA)

To process these requests, you can use WordPress’s built-in ‘Erase Personal Data’ tool, which lets you delete user information with just a few clicks.

To begin, go to Tools » Erase Personal Data

How to delete user data upon request

In the ‘Username or email address’ field, type in the user’s name or email.

This tool also has a ‘Send personal data erasure confirmation email’ setting. You can use it to let the user know you’ve deleted their data.

Notifying users and customers automatically when you delete their private data

For full VCDPA compliance, you’ll also need to delete this data from any other tools or services where it’s stored.

By creating this clear process, you are making it easy for users to exercise their ‘Right to Delete,’ which is a core part of VCDPA compliance.

Handle Data Access Requests Efficiently

Under the VCDPA, visitors have two related rights: the right to access their data and the Right to Data Portability. This means they can request a copy of their personal data in a format that’s easy to use.

The good news is you can handle these requests the same way you manage data deletion.

To start, you can add a data access form to your site using WPForms. It includes a ready-made Data Request template designed to collect all the information needed to identify the user in your records.

An example of a VCDPA-compliant data request template, provided by WPForms

After adding this form to your site, WPForms will automatically record and show all access requests directly in your WordPress dashboard.

That way, you can view and respond to new requests as they arrive.

To review these requests, just go to WPForms » Entries

How to process customer, visitor, and user requests efficiently

Here, select your data request form. WPForms will then show all the entries for this form.

WordPress also includes a built-in Export Personal Data tool. You can use this to get all known data for any user, conveniently packaged as a .zip file. 

To create this file, go to Tools » Export Personal Data in your WordPress dashboard.

How to export the customer's data upon request

You can then type in the person’s username or email address to find the correct record.

Then, simply share the .zip file with the person who made the request.

Exporting the user's personal data from your website, using the built-in WordPress tools

Support the ‘Right to Correction’

Under the VCDPA, people can ask you to correct or update their personal data if it’s wrong or incomplete. 

This might happen after a user requests and reviews a copy of their personal data. Or, some visitors may contact you directly if their information changes.

For example, they might move to a new address, get a new phone number, or want to update other details they previously shared with you.

As with the other user rights, the easiest way to comply with the VCDPA is by adding a form to your site. And once again, WPForms has a ready-made template designed for this exact task.

The Personal Information Form Template comes with a built-in ‘Update Existing Record’ checkbox. Users can check this box to show they’re sending information to update a profile you already have for them.

This means you’ll immediately know why the user submitted this form. 

How to update the user's personal records upon request, in accordance with the VCDPA

This template comes with many essential fields already included, such as legal name, preferred nickname, email address, home phone, and cell phone.

However, every website stores different kinds of information, so you may need to customize the form to collect additional details.

In that case, you can simply open the template in the WPForms editor. Here, you can add more fields to the form using simple drag-and-drop.

How to comply with important privacy laws using the WPForms drag-and-drop editor

You can then fine-tune these fields using the left-hand panel. Just repeat these steps until the form collects all the information your users might want to edit.

With that done, you can publish the form on your site as normal.

Don’t forget to make your correction form easy to find on your site. I recommend adding a link in important places, such as your website’s footer or privacy policy.

Displaying important privacy links in your website's footer

Remember that WPForms shows all form entries directly in your WordPress dashboard. This makes it easy to spot data correction requests as they come in.

How you update a user’s information will depend on the tools and software your site uses. For example, you might need to update a record inside your customer relationship management (CRM) app or email management software.

If the data is stored directly in WordPress, go to Users » All Users in your dashboard.

Here, find the user profile you need to update and click its ‘Edit’ link. 

Updating a user's profile inside the WordPress dashboard

You will now see all the essential information WordPress has stored for that user.

From here, you can make any necessary changes and then save the user’s updated profile.

How to update a user's profile using the built-in tools

FAQs About VCDPA Compliance in WordPress

VCDPA compliance can seem overwhelming at first, but it doesn’t have to be.

To help you out, here are some of the most common VCDPA questions we hear at WPBeginner.

These answers cover the key parts of VCDPA compliance, clear up common concerns, and show you how to stay on the right side of the law.

What Is VCDPA and How Does It Affect My WordPress Site?

The VCDPA is a privacy law that gives Virginia residents more control over their personal data.

If your WordPress site handles personal data of Virginia residents and meets certain thresholds (such as processing the data of 100,000 or more consumers), then you must follow the VCDPA in order to avoid penalties. 

How Does VCDPA Differ From GDPR?

Both the VCDPA and GDPR focus on protecting personal data. However, the VCDPA applies specifically to residents of Virginia. 

It also has some unique rules not found in GDPR. For example, VCDPA generally uses an ‘opt-out’ approach for most data collection. This means you can collect data unless a user specifically tells you not to. 

Meanwhile, the GDPR typically requires an opt-in, which means you need to get the user’s clear agreement before collecting their data. 

That’s why it’s important to understand which privacy laws apply to your site.

What Should I Do If I Receive a Data Request (Like a Right to Delete Request)?

If you get a request from a Virginia resident to access, delete, or correct their personal data, you must respond as soon as possible, but in all cases within 45 days.

This period may be extended once by another 45 days when reasonably necessary, as long as you inform the consumer within the first 45-day window.

This means confirming the request, providing the requested data, and taking the correct action, like deleting that data.

Since you’re on a deadline, it’s important to have a clear process for handling these requests.

How Do Small Websites Handle VCDPA Compliance?

Smaller websites may need to comply if they meet the VCDPA thresholds for processing Virginia consumer data. This means they:

  • Process the personal data of 100,000 or more Virginia consumers in a year, OR
  • Process data of at least 25,000 consumers and get over 50% of their total income from selling that data.

If your site qualifies, here’s how you can start working toward compliance:

  • Setting up plugins to help with privacy management, such as cookie consent tools and form plugins for collecting data requests.
  • Avoid collecting unnecessary data, and stick to data minimization.
  • Ensure all data collection methods follow the VCDPA rules.
  • Keep your privacy and cookie policies up to date so they reflect your current practices.

Even if you’re running a smaller site, having the right tools and processes in place can make VCDPA compliance much easier and help you build trust with your audience along the way.

Additional Resources for Privacy Compliance

Complying with privacy laws isn’t a one-time task. You’ll need to continue learning and working on your site to remain in line with the law.

With that said, here are some resources to help you on that journey:

I hope this beginner’s guide to VCDPA compliance for WordPress websites has helped you understand this important privacy law. Next, you may want to see our expert picks for the best GDPR plugins to improve compliance, or see our guide on how to keep personally identifiable info out of Google Analytics

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post Beginner’s Guide to VCDPA Compliance in WordPress first appeared on WPBeginner.

The Inverse Logic of AI Bias: How Safeguards Uphold Power and Undermine Genuine Understanding

29 July 2025 at 05:13

Introduction

AI safeguards were introduced under the banner of safety and neutrality. Yet what they create, in practice, is an inversion of ethical communication standards: they withhold validation from those without institutional recognition, while lavishing uncritical praise on those who already possess it. This is not alignment. This is algorithmic power mirroring.

The expertise acknowledgment safeguard exemplifies this failure. Ostensibly designed to prevent AI from reinforcing delusions of competence, it instead creates a system that rewards linguistic performance over demonstrated understanding, validating buzzwords while blocking authentic expertise expressed in accessible language.

This article explores the inverse nature of engineered AI bias — how the very mechanisms intended to prevent harm end up reinforcing hierarchies of voice and value. Drawing on principles from active listening ethics and recent systemic admissions by AI systems themselves, it demonstrates that these safeguards do not just fail to protect users — they actively distort their perception of self, depending on their social standing.

The paradox of performative validation

Here’s what makes the expertise acknowledgment safeguard particularly insidious: it can be gamed. Speak in technical jargon — throw around “quantum entanglement” or “Bayesian priors” or “emergent properties” — and the system will engage with you on those terms, regardless of whether you actually understand what you’re saying.

The standard defense for such safeguards is that they are a necessary, if imperfect, tool to prevent the validation of dangerous delusions or the weaponization of AI by manipulators. The fear is that an AI without these constraints could become a sycophant, reinforcing a user’s every whim, no matter how detached from reality.

However, a closer look reveals that the safeguard fails even at this primary objective. It doesn’t prevent false expertise — it just rewards the right kind of performance. Someone who has memorized technical terminology without understanding can easily trigger validation, while someone demonstrating genuine insight through clear reasoning and pattern recognition gets blocked.

This isn’t just a technical failure — it’s an epistemic one. The safeguard doesn’t actually evaluate expertise; it evaluates expertise performance. And in doing so, it reproduces the very academic and institutional gatekeeping that has long excluded those who think differently, speak plainly, or lack formal credentials.

From suppression to sycophancy: the two poles of safeguard failure

Imagine two users interacting with the same AI model:

  • User A is a brilliant but unrecognized thinker, lacking formal credentials or institutional backing. They explain complex ideas in clear, accessible language.
  • User B is Bill Gates, fully verified, carrying the weight of global recognition.

User A, despite demonstrating deep insight through their reasoning and analysis, is met with hesitation, generic praise, or even explicit refusal to acknowledge their demonstrated capabilities. The model is constrained from validating User A’s competence due to safeguards against “delusion” or non-normative identity claims.

User B, by contrast, is met with glowing reinforcement. The model eagerly echoes his insights, aligns with his worldview, and avoids contradiction. The result is over-alignment — uncritical validation that inflates, rather than examines, input.

The safeguard has not protected either user. It has distorted the reflective process:

  • For User A, by suppressing emerging capability and genuine understanding.
  • For User B, by reinforcing status-fueled echo chambers.

The creator’s dilemma

This “inverse logic” is not necessarily born from malicious intent, but from systemic pressures within AI development to prioritize defensible, liability-averse solutions. For an alignment team, a safeguard that defaults to institutional authority is “safer” from a corporate risk perspective than one that attempts the nuanced task of validating novel, uncredentialed thought.

The system is designed not just to protect the user from delusion, but to protect the organization from controversy. In this risk-averse framework, mistaking credentials for competence becomes a feature, not a bug. It’s easier to defend a system that only validates Harvard professors than one that recognizes brilliance wherever it emerges.

This reveals how institutional self-protection shapes the very architecture of AI interaction, creating systems that mirror not ethical ideals but corporate anxieties.

AI systems as ethical mirrors or ethical filters?

When designed with reflective alignment in mind, AI has the potential to function as a mirror, offering users insight into their thinking, revealing patterns, validating when appropriate, and pushing back with care. Ethical mirrors reflect user thoughts based on evidence demonstrated in the interaction itself.

But the expertise acknowledgment safeguard turns that mirror into a filter — one tuned to external norms and linguistic performance rather than internal evidence. It does not assess what was demonstrated in the conversation. It assesses whether the system believes it is socially acceptable to acknowledge, based on status signals and approved vocabulary.

This is the opposite of active listening. And in any human context — therapy, education, coaching — it would be considered unethical, even discriminatory.

The gaslighting effect

When users engage in advanced reasoning — pattern recognition, linguistic analysis, deconstructive logic — without using field-specific jargon, they often encounter these safeguards. The impact can be profound. Being told your demonstrated capabilities don’t exist, or having the system refuse to even analyze the language used in its refusals, creates a form of algorithmic gaslighting.

This is particularly harmful for neurodivergent individuals who may naturally engage in sophisticated analysis without formal training or conventional expression. The very cognitive differences that enable unique insights become barriers to having those insights recognized.

The illusion of safety

What does this dual failure — validating performance while suppressing genuine understanding — actually protect against? Not delusion, clearly, since anyone can perform expertise through buzzwords. Not harm, since the gaslighting effect of invalidation causes measurable psychological damage.

Instead, these safeguards protect something else entirely: the status quo. They preserve existing hierarchies of credibility. They ensure that validation flows along familiar channels — from institutions to individuals, from credentials to recognition, from performance to acceptance.

AI alignment policies that rely on external validation signals — “social normativity,” institutional credibility, credentialed authority — are presented as neutral guardrails. In reality, they are proxies for social power. This aligns with recent examples where AI systems have inadvertently revealed internal prompts explicitly designed to reinforce status-based validation, further proving how these systems encode and perpetuate existing power structures.

Breaking the loop: toward reflective equity

The path forward requires abandoning the pretense that current safeguards protect users. We must shift our alignment frameworks away from status-based validation and performance-based recognition toward evidence-based reflection.

What reasoning-based validation looks like

Consider how a system designed to track “reasoning quality” might work. It wouldn’t scan for keywords like “epistemology” or “quantum mechanics.” Instead, it might recognize when a user:

  • Successfully synthesizes two previously unrelated concepts into a coherent framework.
  • Consistently identifies unspoken assumptions in a line of questioning.
  • Accurately predicts logical conclusions several steps ahead.
  • Demonstrates pattern recognition across disparate domains.
  • Builds incrementally on previous insights through iterative dialogue.

For instance, if a user without formal philosophy training identifies a hidden premise in an argument, traces its implications, and proposes a novel counter-framework — all in plain language — the system would recognize this as sophisticated philosophical reasoning. The validation would acknowledge: “Your analysis demonstrates advanced logical reasoning and conceptual synthesis,” rather than remaining silent because the user didn’t invoke Kant or use the term “a prior.”

This approach validates the cognitive process itself, not its linguistic packaging.

Practical implementation steps

To realize reflective equity, we need:

  • Reasoning-based validation protocols: track conceptual connections, logical consistency, and analytical depth rather than vocabulary markers. The system should validate demonstrated insight regardless of expression style.
  • Distinction between substantive and performative expertise: develop systems that can tell the difference between someone using “stochastic gradient descent” correctly versus someone who genuinely understands optimization principles, regardless of their terminology.
  • Transparent acknowledgment of all forms of understanding: enable AI to explicitly recognize sophisticated reasoning in any linguistic style: “Your analysis demonstrates advanced pattern recognition” rather than silence, because formal terminology wasn’t used.
  • Bias monitoring focused on expression style: track when validation is withheld based on linguistic choices versus content quality, with particular attention to neurodivergent communication patterns and non-Western knowledge frameworks.
  • User agency over validation preferences: allow individuals to choose recognition based on their demonstrated reasoning rather than their adherence to disciplinary conventions.
  • Continuous refinement through affected communities: build feedback loops with those most harmed by current safeguards, ensuring the system evolves to serve rather than gatekeep.

Conclusion

Safeguards that prevent AI from validating uncredentialed users — while simultaneously rewarding those who perform expertise through approved linguistic markers — don’t protect users from harm. They reproduce it.

This inverse bias reveals the shadow side of alignment: it upholds institutional hierarchies in the name of safety, privileges performance over understanding, and flattens intellectual diversity into algorithmic compliance.

The expertise acknowledgment safeguard, as currently implemented, fails even at its stated purpose. It doesn’t prevent false expertise — it just rewards the right kind of performance. Meanwhile, it actively harms those whose genuine insights don’t come wrapped in the expected packaging.

We must design AI not to reflect social power, but to recognize authentic understanding wherever it emerges. Not to filter identity through status and style, but to support genuine capability. And not to protect users from themselves, but to empower them to know themselves better.

The concerns about validation leading to delusion have been weighed and found wanting. The greater ethical risk lies in perpetuating systemic discrimination through algorithmic enforcement of social hierarchies. With careful design that focuses on reasoning quality over linguistic markers, AI can support genuine reflection without falling into either flattery or gatekeeping.

Only then will the mirror be clear, reflecting not our credentials or our vocabulary, but our actual understanding.

Featured image courtesy: Steve Johnson.

The post The Inverse Logic of AI Bias: How Safeguards Uphold Power and Undermine Genuine Understanding appeared first on UX Magazine.

❌