The UK Online Safety Act, which received Royal Assent in October 2023, is now being enforced through Ofcom’s codes of practice published in late 2025. If your WordPress site allows any form of user-generated content — blog comments, product reviews, community forums, or user profiles — you are classed as a ‘user-to-user service’ and have specific duties.

Core Obligations for Smaller Sites

The core obligations for smaller sites (most WordPress businesses) include: conducting a risk assessment for illegal content, implementing proportionate systems to prevent illegal content from appearing, providing a clear complaints process, and maintaining records of your safety measures. Fines for non-compliance can reach up to £18 million or 10% of global revenue.

WooCommerce and User-Generated Content

For WooCommerce stores with product reviews enabled, this means implementing review moderation — either pre-publication approval or rapid post-publication review. Automated content filtering at the hosting level can flag potentially illegal content (scam links, prohibited product promotion) before it’s visible to other users.

Your Hosting Environment and Compliance

Your hosting environment plays a role in compliance. Audit logging (who posted what, when, and from which IP) is required for responding to law enforcement requests. Content moderation tools need reliable server performance to process flagged content quickly. And your backup strategy must preserve content records even after deletion, as Ofcom may require evidence of your moderation actions.

Frequently Asked Questions

Does the UK Online Safety Act apply to my WordPress website?

The UK Online Safety Act applies to any website that allows users to generate content that other users can see — this includes blog comments, product reviews, forum posts, user profiles, and community features. If your WordPress site has any of these features enabled, you are classified as a “user-to-user service” and have specific duties under the Act. Static brochure sites, sites with comments disabled, and sites where only staff publish content are generally not in scope. WooCommerce stores with product reviews enabled, membership sites with user profiles, and any site with public commenting functionality should assess their compliance obligations.

What are the core WordPress Online Safety Act obligations for smaller sites?

Smaller in-scope sites (under 7 million monthly users) have proportionate obligations: implement and enforce terms of service that prohibit illegal content (child sexual abuse material, terrorism content, fraud, harassment), have a mechanism for users to report harmful content, remove illegal content when notified of it, and conduct a Children’s Risk Assessment if your site is likely to be accessed by under-18s. These obligations are less prescriptive than those for large platforms but are still legally enforceable. Ofcom can issue fines of up to £18 million or 10% of global revenue for non-compliance.

How does Ofcom enforce the UK Online Safety Act?

Ofcom published its codes of practice in late 2025 and began enforcement activity in early 2026. Enforcement follows a graduated approach: Ofcom issues compliance notices when it believes a service is failing its duties, operators have an opportunity to remediate, and persistent or serious failures result in financial penalties of up to £18 million or 10% of qualifying worldwide revenue. Ofcom also has powers to require internet service providers to block non-compliant services in extreme cases. For most small WordPress site operators, compliance is achievable through standard moderation policies and user reporting mechanisms without significant technical investment.

What should WordPress sites do about product reviews under the Online Safety Act?

WooCommerce product reviews are user-generated content within scope of the Online Safety Act. Required measures: a published policy stating what content is and is not permitted in reviews (prohibiting harassment, illegal content, and harmful material), a mechanism for customers to flag inappropriate reviews, and a process for reviewing and removing flagged content within a reasonable timeframe. WooCommerce’s built-in review moderation (holding reviews for approval, blacklisting specific words, blocking reviews from specific users) provides the technical infrastructure — the compliance requirement is to have and enforce a published moderation policy using these tools.

Does the UK Online Safety Act affect WordPress hosting requirements?

The Online Safety Act creates indirect hosting requirements for in-scope sites. Effective content moderation requires: reliable uptime (a site with frequent downtime cannot respond to harmful content reports promptly), audit logging of moderation actions (your hosting environment should support access and activity logging), and the technical capability to remove content quickly (adequate PHP worker allocation so admin operations complete without timeout). Additionally, the Act’s record-keeping requirements mean maintaining logs of compliance activities — your hosting provider should support data retention configurations that accommodate these records. WP Pro Host’s infrastructure provides the logging, uptime reliability, and administrative performance that compliance operations require.