18 ingenious data protection plugins to make WordPress GDPR-safe

The GDPR cannot be solved with one or more WordPress plugins.

Neither do marital problems or climate change.

WordPress plugins can, however, help you to implement one or more partial aspects of the GDPR. And save massive amounts of time making WordPress GDPR-safe.

In this article, I introduce you to 18 ingenious plugins for different setups and purposes.

Before I go into detail, a word of caution, like many things, applies to WordPress plugins.

The less, the better.

Please do not blindly install all plugins that are on the list here. And think twice about whether you need a plugin or not.

1. Borlabs Cookie

According to an ECJ ruling, the integration of an opt-in for cookies is mandatory.

That means cookies from social plugins, videos, tracking tools, etc. may only be set if the user has explicitly consented to this!

By far, the best solution to implement this in WordPress is the Borlabs Cookie plugin.

I use it here on the blog, too, and I highly recommend it!

Borlabs Cookie allows you to opt-in for various services, such as Facebook Pixel, Google Analytics, Matomo, or Google AdSense, into the website.

On the other hand, the plugin allows embedded content, e.g., For example, reload from YouTube, Vimeo, Facebook, Instagram, Google Maps, Open Street Maps, or any other service using a two-click solution. This means that connection to the service is only established after the user has agreed by clicking on the button.

You can see what it looks like in action on this demo page. For that alone, it is worth buying the plugin!

By the way, the consent rate with the plugin is terrific. In my experience, around 90% of all users agree to the use of marketing or statistics cookies.

Not bad, right?

2. GDPR Pixel Mate

With the GDPR, the use of the Facebook pixel is becoming more difficult for website operators.

With the great plugin DSGVO Pixel Mate, developed by Soul sites in cooperation with lawlike, the Facebook Pixel can be integrated into your website with an opt-out. And use with less legal risk (there is still a residual risk, see FAQ).

In addition, the plugin offers the possibility of integrating Google Analytics into your website by entering the tracking ID. Also, with opt-out and anonymized IP.

3. Disable emojis

Disable Emojis is a small but friendly plugin that can remove an emoji script from WordPress. This is loaded from external WordPress servers and is intended to ensure that emojis are also displayed in older browsers.

In my opinion, this is not too problematic under data protection law.

However, the script is unnecessary anyway. I also turned it off long before the GDPR to make WordPress faster.

So get away with it.

4. Disable Embeds (by LittleBizzy)

With the Disable Embeds plugin, the embed function integrated since WordPress 2.9 can be deactivated.

This ensures that you can post music, pictures, and videos from various services, such as YouTube, Vimeo, Facebook, SoundCloud, or Instagram, to integrate into WordPress by simply copying the URL.

This is problematic for data protection because some (but not with all) services are integrated in this way that users may be tracked.

By the way, there is already a solution for YouTube to continue using the embed function in compliance with data protection regulations, e.g., with the YouTube Lyte plugin. You can find out more about this in my article Embed YouTube videos in compliance with data protection regulations.

5. Disable Comments

Don’t want your blog articles to be commented on? Or do you get little to no comments?

Then it can make sense to deactivate the comment function in WordPress completely. This can be done quickly and easily with the Disable Comments plug-in.

This saves you the passage in the data protection declaration and the mention in the directory of processing activities. And you generally no longer have to worry about the GDPR compliance of the comment function.

If you want to allow comments again, you can deactivate the plugin at any time.

Alternatively, you can, of course, deactivate the comments yourself via WordPress. To do this, go to Settings> Discussion and deactivate the option Allow visitors to comment on new posts. Then you deactivate the comments of individual articles with collective action.

Disable Comments has the advantage that you save yourself these steps. The comment function is completely hidden under the posts (i.e., the comment Comments are closed does not appear). In addition, Disable Comments hides all comment features in the dashboard.

6. Clearfy

Clearfy is a useful plugin for everyone who wants to free WordPress from all unnecessary ballast.

It allows the deactivation of various features to improve data protection on WordPress, such as:

Remove Google Fonts
Remove Google Maps
Deactivate embeds
Remove emoji script
Deactivate Gravatars
Activate the comment function completely

If you have Clearfy installed, you can save yourself the need to use the three plugins Disable Emojis, Disable Embeds, and Disable Comments.

In addition, it offers some functions to make administration easier, tidy up the dashboard and make WordPress more secure.

7. Autoptimize

Autoptimize is a great plugin to improve your loading time.

By combining and reducing the size of JavaScript and CSS files, you can save many server requests and kilobytes.

That’s why I use it on almost all of my websites.

But that’s not all:

It also has two functions relevant to data protection: Google Fonts and the emoji script can be removed under Settings> Autoptimize in the Extras tab.

8. GDPR patron

GDPR Patron is a well implemented all-in-one solution for better data protection in WordPress.

Of course, it doesn’t make WordPress completely GDPR-safe. This cannot be done with a single plugin.

But it solves many WordPress privacy issues in one fell swoop. Problems that would usually take you hours to install and dozens of other plugins.

It offers the following functions:

Host Google Fonts yourself (this saves you the 7 steps of this guide).
The local integration of externally loaded JS and CSS files (this saves you having to intervene in your theme or your plugins).
Remove the emoji script (this saves you the Disable Emojis plugin).
Removing Gravatar images (this saves you WP User Avatar or Avatar Privacy).
The anonymization of IP addresses for comments (this saves you Remove IP or Remove Comment IPs).
A two-click solution for YouTube videos (this saves you, YouTube Lyte).

Personally, what I like best is that it enables the local integration of Google Fonts.

9. Remove IP

So far, it is not entirely clear whether IP addresses (which, according to the GDPR, are also personal data) can be saved with comments or not. And if so, how long.

Did you choose not to save IP addresses?

Then you can do that with the simple Remove IP plugin. It ensures that every IP address is replaced by the standard IP 127.0.0.1.

If you only want to save IP addresses temporarily, the Remove Comment IPs plug-in is an alternative. This means that the IP addresses are automatically deleted after 60 days (and existing IP addresses after 6 hours).

10. Google Analytics Opt-Out

With the Google Analytics Opt-Out plug-in, you can insert an opt-out via shortcode (e.g., in the data protection declaration).

Alternatively, the plugin allows you to display an opt-out via a banner.

Easy, quick, and free. And compatible with Google Analytics for WordPress by MonsterInsights.

11. Antispam Bee

Anti-Spam Bee is one of the best plugins for combating comment spam.

I’ve been using it on many of my WordPress websites for years, and I recommend it unconditionally.

The plug-in does not automatically save any personal data. And it works excellent with anonymized IPs too.

If you are very strict about data protection, you could also deactivate the following settings. This is according to Simon by the plugin collective but not essential:

Only allow comments in a certain language (only the first three words are sent to Google Translate).
Block comments from certain countries (the commentator’s IP address is sent to the IP2Country service but is truncated by the last digits and thus anonymized).

You can find more information about Antispam Bee and data protection in the documentation on GitHub.

12. Shariff wrapper

The original share buttons from Facebook, Twitter, Google+, and Co. are problematic.

They automatically send personal data to the social networks in the background. Without users even clicking on a share button.

The popular Shariff Wrapper plug-in can help. Its share buttons only connect to social networks after the click.

They can be integrated into posts, pages, and custom post types in various places. The button design can also be customized. They are also compatible with AMP and show share counts.

And it’s free!

What more do you want?

13. Extra Privacy for Elementor

If you use the page builder Elementor, it makes sense to install the Extra plugin Privacy for Elementor by Marian Heddesheimer.

This extends the page builder with a two-click option for the elements Google Maps and Videos. This prevents data from being sent to Google and Vimeo before the user can agree.

14. Smart user slug hider

smart User Slug Hider is a simple but ingenious plugin better to protect your users’ and authors’ data.

The problem:

For every user created in WordPress, a URL containing the username is created.

This means that the names of your users are publicly visible.

Smart User Slug Hider remedies this by replacing the username with 16-digit codes.

15. Really Simple SSL

First of all:

I always recommend manually switching WordPress to HTTPS.

Do you want it to be quick? Or do you currently have no time to deal with the change?

Then take Really Simple SSL.

Apart from creating the SSL certificate, it takes care of all the setup steps, such as: changing the WordPress and website address or changing all internal links.