WordPress GDPR Plugins


For the record I am not a lawyer and I will not guarantee that any of the content below will help you in being GDPR compliant.

Normally I don’t pay a lot of attention to laws coming out of the European Union, because frankly I live in Canada and for the most part their laws have no day to day effect on me. That changed when I started reading about the General Data Protection Regulation (GDPR). If you are like me, odds are you probably did not spend anytime thinking that the GDPR applies to you and your website being run and operated in Canada or the United States. Unfortunately it appears that this would be incorrect and anyone that operates a website that can have a European citizen visit it now needs to comply with the GDPR.

Personally I think this law is misguided (downright stupid actually). It is a law that is really aimed at the large Internet companies that have HUGE budgets like Google, Facebook, Twitter etc, that can track users across the Internet and know what people are searching for, what they do and who they see. The only reason this law really applies to my little tiny corner of the Internet is the fact that I have a website that I placed ads on and then allows Google (in this case) to know more about you to show you better ads. The European Union has tried to disguise this law about being about the average person and their data, when really it is about trying to reign in the Google and Facebook companies of the world. Should the Google and Facebook companies and the data they collect be constrained, sure, but making me spend my own time and money to do it for them is not how to go about this. But I digress.

Note, that NONE of these plugins will automatically make your website GDPR compliant. In order to do that you will NEED to modify the code on your website, know how to prevent code from automatically running and setting cookies and how


This plugin by Trew Knowledge is my favourite GDPR plugin for a few reasons. Perhaps the best reason to like and use this plugin is for what is not directly in the plugin but the excellent knowledge base that they have about how to use the plugin and integrate it into your WordPress website. The plugin also has an active Github repository where you can browse code, look through issues and get help if you need it. The plugin has several PHP and Javascript functions that will help you in blocking cookies from being set and makes it pretty easy to set the information people need to have agree to your cookie settings. The Javascript functions come in handy if you use a caching plugin to be able to still block cookies while still being able to serve cached pages. I have had some issues with the CloudFlare Rocketscript settings and the Javascript functions not being defined if jQuery is loaded using Rocketscript, but it might mean you have to make sure the jQuery Javascript file is not served through Rocketscript.

The GDPR Framework

This plugin by Codelight has great potential and probably is more useful for WordPress users that are in the European Union. It allows you to track consent and gives people some good tools to view, export and delete their personal data, but it is missing the tools to offer cookie management and consent. Without the cookie solution it is only have a GDPR plugin. The plugin does create a nice Privacy tools page to allow visitors to manage their data. Until this plugin gets a cookie management system it feels like only half GDPR plugin.

WP GDPR Compliance

This plugin by Van Ons does offer some nice integration with popular contact form plugins like Contact Form 7 and Gravity Forms for example. It can also add a nice acceptance check box on the comments form. It takes a different approach to preventing cookies and scripts from running prior to acceptance. It allows you to enter in the Javascript you want to run and if you want to Javascript to run in the header or the footer. When people accept the script it will load it. It is a more user friendly approach to preventing scripts from automatically running before approval. Inserting ad code could be more difficult but it might be possible to prevent ads running using this method. It is certainly the most user friendly plugin but website owners will still need to have an understanding of what scripts they can control and it will certainly not fix all the scripts that might be present in other plugins and even themes. In my testing I had a problem with the Jetpack sharing buttons showing up in the footer alert and the privacy settings modal. I could not find a quick way to turn it off but something to be aware of.

This plugin by webtoffee was previously called the Cookie Law Info plugin. The plugin might have been very good for the previous cookie law but it feels a little hastily thrown together for the GDPR. Granted most of us in North America are probably all scrambling thanks to the GDPR and the fact that it applies to us, but you would think that a plugin made for the previous Cookie law in Europe would be and feel more prepared. What I do like about the plugin is the nice custom post type to add information about cookies and the ability to use a shortcode to display that information on a page. There does not seem to be a way for people to select cookie categories to allow or reject though. It is all or nothing and while I like the idea of all or nothing I think (in my reading about GDPR) that is not good enough. You need to give people the option to accept some cookies and deny others.

Categories: wordpress