18 ingenious data protection plugins to make WordPress GDPR-safe
The GDPR cannot be solved with one or more WordPress plugins.
Neither do marital problems or climate change.
WordPress plugins can, however, help you to implement one or more partial aspects of the GDPR. And save massive amounts of time making WordPress GDPR-safe.
In this article, I introduce you to 18 ingenious plugins for different setups and purposes.
Before I go into detail, a word of caution, like many things, applies to WordPress plugins.
The less, the better.
Please do not blindly install all plugins that are on the list here. And think twice about whether you need a plugin or not.
1. Borlabs Cookie
According to an ECJ ruling, the integration of an opt-in for cookies is mandatory.
That means cookies from social plugins, videos, tracking tools, etc. may only be set if the user has explicitly consented to this!
By far, the best solution to implement this in WordPress is the Borlabs Cookie plugin.
I use it here on the blog, too, and I highly recommend it!
Borlabs Cookie allows you to opt-in for various services, such as Facebook Pixel, Google Analytics, Matomo, or Google AdSense, into the website.
On the other hand, the plugin allows embedded content, e.g., For example, reload from YouTube, Vimeo, Facebook, Instagram, Google Maps, Open Street Maps, or any other service using a two-click solution. This means that connection to the service is only established after the user has agreed by clicking on the button.
You can see what it looks like in action on this demo page. For that alone, it is worth buying the plugin!
By the way, the consent rate with the plugin is terrific. In my experience, around 90% of all users agree to the use of marketing or statistics cookies.
Not bad, right?
2. GDPR Pixel Mate
With the great plugin DSGVO Pixel Mate, developed by Soul sites in cooperation with lawlike, the Facebook Pixel can be integrated into your website with an opt-out. And use with less legal risk (there is still a residual risk, see FAQ).
In addition, the plugin offers the possibility of integrating Google Analytics into your website by entering the tracking ID. Also, with opt-out and anonymized IP.
3. Disable emojis
Disable Emojis is a small but friendly plugin that can remove an emoji script from WordPress. This is loaded from external WordPress servers and is intended to ensure that emojis are also displayed in older browsers.
In my opinion, this is not too problematic under data protection law.
However, the script is unnecessary anyway. I also turned it off long before the GDPR to make WordPress faster.
So get away with it.
4. Disable Embeds (by LittleBizzy)
With the Disable Embeds plugin, the embed function integrated since WordPress 2.9 can be deactivated.
This ensures that you can post music, pictures, and videos from various services, such as YouTube, Vimeo, Facebook, SoundCloud, or Instagram, to integrate into WordPress by simply copying the URL.
This is problematic for data protection because some (but not with all) services are integrated in this way that users may be tracked.
By the way, there is already a solution for YouTube to continue using the embed function in compliance with data protection regulations, e.g., with the YouTube Lyte plugin. You can find out more about this in my article Embed YouTube videos in compliance with data protection regulations.
5. Disable Comments
Don’t want your blog articles to be commented on? Or do you get little to no comments?
Then it can make sense to deactivate the comment function in WordPress completely. This can be done quickly and easily with the Disable Comments plug-in.
This saves you the passage in the data protection declaration and the mention in the directory of processing activities. And you generally no longer have to worry about the GDPR compliance of the comment function.
If you want to allow comments again, you can deactivate the plugin at any time.
Alternatively, you can, of course, deactivate the comments yourself via WordPress. To do this, go to Settings> Discussion and deactivate the option Allow visitors to comment on new posts. Then you deactivate the comments of individual articles with collective action.
Disable Comments has the advantage that you save yourself these steps. The comment function is completely hidden under the posts (i.e., the comment Comments are closed does not appear). In addition, Disable Comments hides all comment features in the dashboard.
Clearfy is a useful plugin for everyone who wants to free WordPress from all unnecessary ballast.
It allows the deactivation of various features to improve data protection on WordPress, such as:
- Remove Google Fonts
- Remove Google Maps
- Deactivate embeds
- Remove emoji script
- Deactivate Gravatars
- Activate the comment function completely
If you have Clearfy installed, you can save yourself the need to use the three plugins Disable Emojis, Disable Embeds, and Disable Comments.
In addition, it offers some functions to make administration easier, tidy up the dashboard and make WordPress more secure.
Autoptimize is a great plugin to improve your loading time.
That’s why I use it on almost all of my websites.
But that’s not all:
It also has two functions relevant to data protection: Google Fonts and the emoji script can be removed under Settings> Autoptimize in the Extras tab.
8. GDPR patron
GDPR Patron is a well implemented all-in-one solution for better data protection in WordPress.
Of course, it doesn’t make WordPress completely GDPR-safe. This cannot be done with a single plugin.
But it solves many WordPress privacy issues in one fell swoop. Problems that would usually take you hours to install and dozens of other plugins.
It offers the following functions:
- Host Google Fonts yourself (this saves you the 7 steps of this guide).
- The local integration of externally loaded JS and CSS files (this saves you having to intervene in your theme or your plugins).
- Remove the emoji script (this saves you the Disable Emojis plugin).
- Removing Gravatar images (this saves you WP User Avatar or Avatar Privacy).
- The anonymization of IP addresses for comments (this saves you Remove IP or Remove Comment IPs).
- A two-click solution for YouTube videos (this saves you, YouTube Lyte).
Personally, what I like best is that it enables the local integration of Google Fonts.
9. Remove IP
So far, it is not entirely clear whether IP addresses (which, according to the GDPR, are also personal data) can be saved with comments or not. And if so, how long.
Did you choose not to save IP addresses?
Then you can do that with the simple Remove IP plugin. It ensures that every IP address is replaced by the standard IP 127.0.0.1.
If you only want to save IP addresses temporarily, the Remove Comment IPs plug-in is an alternative. This means that the IP addresses are automatically deleted after 60 days (and existing IP addresses after 6 hours).
10. Google Analytics Opt-Out
With the Google Analytics Opt-Out plug-in, you can insert an opt-out via shortcode (e.g., in the data protection declaration).
Alternatively, the plugin allows you to display an opt-out via a banner.
Easy, quick, and free. And compatible with Google Analytics for WordPress by MonsterInsights.
11. Antispam Bee
Anti-Spam Bee is one of the best plugins for combating comment spam.
I’ve been using it on many of my WordPress websites for years, and I recommend it unconditionally.
The plug-in does not automatically save any personal data. And it works excellent with anonymized IPs too.
If you are very strict about data protection, you could also deactivate the following settings. This is according to Simon by the plugin collective but not essential:
- Only allow comments in a certain language (only the first three words are sent to Google Translate).
- Block comments from certain countries (the commentator’s IP address is sent to the IP2Country service but is truncated by the last digits and thus anonymized).
You can find more information about Antispam Bee and data protection in the documentation on GitHub.
12. Shariff wrapper
The original share buttons from Facebook, Twitter, Google+, and Co. are problematic.
They automatically send personal data to the social networks in the background. Without users even clicking on a share button.
The popular Shariff Wrapper plug-in can help. Its share buttons only connect to social networks after the click.
They can be integrated into posts, pages, and custom post types in various places. The button design can also be customized. They are also compatible with AMP and show share counts.
And it’s free!
What more do you want?
13. Extra Privacy for Elementor
If you use the page builder Elementor, it makes sense to install the Extra plugin Privacy for Elementor by Marian Heddesheimer.
This extends the page builder with a two-click option for the elements Google Maps and Videos. This prevents data from being sent to Google and Vimeo before the user can agree.
14. Smart user slug hider
smart User Slug Hider is a simple but ingenious plugin better to protect your users’ and authors’ data.
For every user created in WordPress, a URL containing the username is created.
This means that the names of your users are publicly visible.
Smart User Slug Hider remedies this by replacing the username with 16-digit codes.
15. Really Simple SSL
First of all:
I always recommend manually switching WordPress to HTTPS.
Do you want it to be quick? Or do you currently have no time to deal with the change?
Then take Really Simple SSL.
Apart from creating the SSL certificate, it takes care of all the setup steps, such as: changing the WordPress and website address or changing all internal links.
16. Remove Google Fonts References
Google Fonts are often programmed deep into plugins and themes. And sometimes, they cannot simply be switched off in the plugin or theme options.
The Remove Google Fonts References plugin does this for you.
Just install, activate, done!
17. Security headers
With the GDPR, HTTP security headers have also gained popularity.
Although probably not required under data protection law, they can help protect your users’ surfing behavior and data.
Good recommendations as to which headers are useful and which are not the tool Webbkoll.
I recommend using the Security Headers plug-in, which offers all the important header settings.
18. WP user avatar
Turning off Gravatar images in WordPress is better for data protection.
There’s only one problem:
Your comment area will look boring without avatar images.
Help is provided by the WP User Avatar plugin, with which you can set your avatar images for yourself and your users.