200+ WordPress Plugins Checked for GDPR Compliance (+Plugin Recommendations)

[Last update: 12/06/2018] Which WordPress plugins process personal data and which don’t? And what solutions or alternatives are there to use them in a GDPR compliant manner? With this list I intend to answer these questions.

What’s more, at the beginning of this post you’ll find a list of useful plugins, which can help you make your WordPress blog or website GDPR compliant.

Want more tips, tutorials and resources? Join my free Facebook group GDPR for Bloggers & Online Entrepreneurs!

I am updating this list on a regular basis and I am continuously adding new plugins and solutions to using them. Help and additions to this list are most welcome! If you find outdated information or errors, let me know!

Disclaimer: I am not a attorney or privacy expert, just a guy trying to make sense of things. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so I insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.

Useful plugins

The following plugins can help you make your WordPress blog or website compliant to the GDPR (and of course are GDPR compliant themselves).

  • Autoptimize (removes Google Fonts and Emojis)
  • Borlabs Cookie (awesome plugin to integrate an opt-in for cookies, e. g. for Google Analytics, AdSense, Facebook Pixel or Piwik. What’s more, it offers an option to automatically block content from YouTube, Vimeo, Google Maps, and other iframe content and load it after clicking – highly recommended!)
  • Clearfy (deactivates WordPress functions to enhance privacy, security and performance, e. g. emojis, embeds, Rest API, Gravatars – only recommended for advanced users!)
  • Disable Embeds von LittleBizzy (deactivates embeds, through which personal data may be processes by YouTube, Twitter etc.)
  • Disable Emojis (removes a fallback script to remove emojis in older browsers, which is loaded via an external CDN)
  • Extra Privacy for Elementor (adds a two-click solution for Google Maps and Videos to the Elementor Page Builder)
  • Google Analytics Opt-Out (integrates an opt-out for Google Analytics in your website)
  • Really Simple SSL (helps migrating a WordPress websites from http to https)
  • Remove Comment IPs (IP adresses of commentators are deleted after 60 days)
  • Remove Google Fonts References (removes Google Fonts from source code)
  • Remove IP (prevents IP addresses of commentators from being stored in the WordPress database )
  • smart User Slug Hider (replaces user names in URLs automatically with 16 digit codes)
Note: Some things, like removing IP addresses, embeds or emojis can be done by adding code snippets to the functions.php (in your child theme) as well.

Legend (please read beforehand!)

OrangePlugin processes personal data and there is no solution yet to use it in a GDPR compliant manner.
YellowPlugin processes personal data, but is GDPR compliant with changes (e. g. mention in privacy policy, changes to the plugin settings, use of an opt-in or opt-out, existence of a data processing agreement etc.)
GreenPlugin doesn’t process any personal data and is therefore GDPR compliant.
GreyGDPR compliance is yet unclear.

1. Social plugins

PluginDetails
AddThisStores personal data of user on third-party servers (Source)
AddToAnyStores personal data of user on third-party servers (Source). According to FAQ it doesn’t, accept for third party vendors who store IP addresses and set cookies for security reasons.
Arqam Social CounterPlugin doesn’t process any personal data. Follower counts are acquired in the backend and cached for a set time.
Better Click to TweetPlugin doesn’t process any personal data. It just displays simple links to Twitter.
Easy Social Share Buttons for WordPressAccording to developer it is GDPR-c0mpliant, since personal data is only transmitted to social networks after clicking on a sharing button. However, from time to time share counts are acquired by the Facebook Social Graph in the frontend through which personal data may be processed on Facebook servers. GDPR compliance remains unclear.
Fuse Social Floating SidebarPlugin doesn’t process any personal data and doesn’t open any connections to social networks before clicking. However, it (unnecessarily) loads FontAwesome externally via MaxCDN.
Instagram FeedAccording to support, plugin doesn’t process any personal data. However, it is possible that IP addresses and other client data is stored through Instagram’s CDN.
jQuery Pin It Button for ImagesThrough Pinterest Save Button personal data is stored on third-party servers. (Source)
Lightweight Social IconsPlugin doesn’t process any personal data. It just displays simple icons with links to social networks.
MashShareAccording to developer it is GDPR-c0mpliant, since personal data is only transmitted to social networks after clicking on a sharing button. However, from time to time share counts are acquired by the Facebook Social Graph in the frontend through which personal data may be processed on Facebook servers. GDPR compliance remains unclear.
Meks Smart Social WidgetPlugin doesn’t process any personal data. It just displays simple icons with links to social networks.
MonarchStores personal data of user on third-party servers (connects to Facebook before sharing button is clicked). Stores IP addresses for reports.
NextScripts: Social Networks Auto-PosterAccording to support, plugin doesn’t process any personal data.
Open Graph for Facebook, Google+ and Twitter Card TagsAccording to support, plugin doesn’t process any personal data.
PixelYourSiteThrough Facebook Pixel personal data is stored on Facebook servers. Use may not be legally possible without opt-in or at least opt-out.
Share Icons Share ButtonsStores personal data of user on third-party servers (connects to social networks in the background and before sharing buttons are clicked).
ShareThisStores personal data of user on third-party servers (Source)
Shariff WrapperPlugin itself doesn’t process any personal data. Doesn’t connect to social networks before sharing buttons are clicked. Therefore it is GDPR compliant.
Social Count PlusPlugin itself doesn’t process any personal data. Follower counts are only acquired in the backend (cached one day). Doesn’t connect to social networks before buttons are clicked. Therefore it is GDPR compliant.
Social Login von OneAllFor several reasons to be seen as questionable. Firstly, the plugin connects to the OneAll CDN (setting a cookie which could be used for tracking purposes). Secondly, after clicking a connection is established to social networks, where a self-created app requests access to e-mail address and other personal data from commentators.
Social Login von miniOrangeBefore clicking a login button, no personal data is processed by the plugin. However, after clicking a connection is established to social networks, where a self-created app requests access to e-mail address and other personal data from commentators.
Social LockerAdds the original sharing buttons from Twitter, Facebook or Google+ through which personal data is processed on third-party servers in the background.
Social WarfareAccording to developer it is GDPR-c0mpliant, since personal data is only transmitted to social networks after clicking on a sharing button. However, from time to time share counts are acquired by the Facebook Social Graph in the frontend through which personal data may be processed on Facebook servers. GDPR compliance remains unclear.
WP TastyPersonal data is processed on third-party servers by the integrated Pinterest Hover Button.

Solution: Deactivate Hover Button via functions.php.

WpDevArt Facebook commentsThrough the Facebook Comments Plugin personal data is processed on third-party servers. (Source)

2. Security plugins

PluginDetails
All In One WP Security & FirewallAccording to support, no personal data is processed by the plugin.

However, through several features IP addresses are logged, e.g. through 404 Detection, Login Lockdown or Auto Block of SPAM Comment IPs. What’s more, the IP addresses of registered users is stored.

Possbile solution: Deactivating options above and/or process personal data on grounds of legitimate interest.

BBQ (Block Bad Queries)According to my own research, only operates on server level (e. g. by integrating 6G Firewall in .htaccess). No personal data is stored in WordPress database or third-party servers.
Google Captcha (reCAPTCHA) by BestWebSoftProcesses personal data on third-party servers in the background. Requires opt-in (according to Google’s EU user consent policy).
iThemes SecurityWhen Local Brute Force Protection, 404 Detection, Banned Users as well as White List and Black List are activated, IP addresses are stored in WordPress database (or alternatively in a log file).

What’s more, when Network Brute Force Detection is activated, IP addresses are sent to iThemes’ servers to check against their spammer database.

Solution: Unfortunately, IP logging can’t be deactivated and IPs can’t be anonymized. IPs can only be prevented from being logged by deactivated said functions (or leaving blank said field) and/or processing these IP addresses on grounds of legitimate interest.

Empty logs: With the current version (6.9.2) logs can only be emptied by manually deleting log files or database entries.

Limit Login AttemptsStores IP addresses for the purpose of brute force protection in WordPress database.

Possible solution: Processing these IP addresses on grounds of legitimate interest.

Limit Login Attempts ReloadedStores IP addresses for the purpose of brute force protection in WordPress database.

Solution: In plugin options tick the checkbox GDPR compliance, so that IP addresses are obfuscated through MD5 hashes.

Login LockDownStores IP addresses for the purpose of brute force protection in WordPress database.

Possible solution: Processing these IP addresses on grounds of legitimate interest.

NinjaFirewallStores IP addresses in firewall log.

Lösung: Lassen sich in den Firewall-Optionen anonymisieren. (Source)

SpyderSpankerStores IP addresses for the purpose of blocking bots and crawlers. This can’t be deactivated.

Possible solution: Processing these IP addresses on grounds of legitimate interest.

Sucuri SecurityAccording to their Privacy Policy and Terms, Sucuri don’t store personal data of visitors (only your e-mail address and anonymous data about your website upon activating the API key).
Wordfence SecurityIP addresses are processed on WordFence’s servers for the purpose of protection from brute force attacks, DDoS attacks or comment spam.

Possible solution: WordFence is a data processor. This firstly requires you to sign their Data Processing Agreement as well as their Standard Contractual Clauses and accept their new terms of use. Processing of IP addresses by WordFence may be possible on grounds of legitimate interest.

WP Limit Login Attempts Stores IP addresses for the purpose of brute force protection in WordPress database.

Possible solution: Processing these IP addresses on grounds of legitimate interest.

3. Anti spam plugins

PluginDetails
AkismetAkismet sends all data from comment forms (name, e-mail, comment) as well as the user’s IP address to third-party servers in the USA.

Solution: Using Akismet Privacy Policy you can display a text below your comment form to inform them about how their comments are processed.

Anti-Spam-BeeAntispam Bee is GDPR compliant with default setting.

If you take privacy very seriously, you may deactivate the following two features in the plugin options (according to Simon from Pluginkollektiv this is not necessary).

  • Allow comments only in certain language (the first three words of the comment are sent to Google Translate)
  • Block or allow comments from specific countries (the IPs of commentators are sent to the service IP2Country, but the last digits are trimmed)
WPBruiserAccording to support, IP addresses are stored for the purpose of protection from brute force attacks in the WordPress database.

Possible solution: Processing these IP addresses on grounds of legitimate interest.

WP-SpamShieldPlugin sets first-party cookies. According to FAQ no personal data is processed on third-party servers.

Possible solution: Setting first-party cookies on grounds of legitimate interest.

4. Stats plugins

PluginDetails
Count per DayStores IP addresses of visitors in WordPress database. These can be anonymized in the plugin options (the last digits are trimmed).
FeedStatsStores IP addresses of visitors in WordPress database. This can’t be deactivated.
Google Analytics Dashboard for WP (GADWP) Uses Google Analytics, through which personal data is stored on third-party servers.

Solution:

  • Activate IP anonymization (can be found in plugin settings)
  • Passage in privacy policy
  • Opt-out
  • Data processing agreeement with Google
  • Set data retention to 14 months
Google Analytics for WordPress by MonsterInsightsUses Google Analytics, through which personal data is stored on third-party servers.

Solution:

  • Activate IP anonymization (can be found in plugin settings)
  • Passage in privacy policy
  • Opt-out
  • Data processing agreeement with Google
  • Set data retention to 14 months
StatifyDoes not any process personal data (not even IPs) and is therefore GDPR compliant.
WP StatisticsStores IP addresses of visitors in WordPress database. These can be anonymized in plugin options.

5. Contact forms

PluginDetails
Contact Form 7Submitted personal data is only sent to you via e-mail, i. e. processed by your e-mail server. Plugin doesn’t store data anywhere else (according to my own research).
Contact Form by WPFormsSubmitted personal data is sent to you via e-mail, i. e. processed by your e-mail server. Additionally, it is stored in your WordPress database.

A detailed guide about achieving GDPR compliance with Contact Form by WPForms can be found here.

Gravity FormsSubmitted personal data is sent to you via e-mail, i. e. processed by your e-mail server. Additionally, it is stored in your WordPress database.

Storage in the database can be prevented by using the plugin Wider Gravity Forms Stop Entries or adding code to your functions.php. Gravity Forms has published a detailed guide about Gravity Forms and GDPR compliance.

Ninja FormsSubmitted personal data is sent to you via e-mail, i. e. processed by your e-mail server. Additionally, it is stored in your WordPress database.

Ninja Forms offers a guide on GDRPR compliance.

Super Forms – Drag & Drop Form BuilderSubmitted personal data is sent to you via e-mail, i. e. processed by your e-mail server. Additionally, it is stored in your WordPress database.

Depending on the plugin settings, data may be stored in the WordPress database or on third-party servers.

6. Comment plugins

PluginDetails
Replyable (ehemals Postmatic)Plugin stores e-mail addresses in the WordPress database. Offers no double opt-in?
Subscribe to Comments ReloadedPlugin stores e-mail addresses in the WordPress database. You can subscribe to comments via double opt-in. Developers can’t guarantee that their plugin is GDPR compliant.
Subscribe2Plugin stores e-mail addresses in the WordPress database. Offers no double opt-in?
Disqus Comment SystemBy submitting a comment all data entered by users as well as their IPs are processed on Disqus’ servers (and shared with third parties).
wpDiscuzBy submitting a comment all data entered by users is stored in the WordPress database.

7. Membership plugins

PluginDetails
BuddyPressPlugin stores personal data in WordPress database. Extensions may also process personal data on third-party servers.
DigimemberPersonal data is stored in the WordPress database and, depending on plugin settings, sent to Digistore24’s servers.

Attention: In version 2 passwords of members stored in the WordPress database are not encrypted.

OptimizePressPlugin stores personal data in WordPress database. Extensions may also process personal data on third-party servers (e. g. payment processors).
Simple:PressPlugin stores personal data in WordPress database. Extensions (e. g. Gravatar or ShareThis) may also process personal data on third-party servers.
Ultimate MemberPlugin stores personal data in WordPress database. Extensions may also process personal data on third-party servers (e. g. Mailchimp or Social Login).

Several changes have been made to comply with GDPR (integration with WordPress data exporter, consent checkbox, recorded timestamp of user confirmation to terms & condition upon registration etc.).

8. Performance plugins

PluginDetails
a3 Lazy LoadAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
AutoptimizeAccording to my own research and according to the developer, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Cache EnablerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (only runs in the backend).

Attention: If a KeyCDN is used, personal data may be processed through that.

CachifyAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Crazy LazyAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Fast Velocity MinifyAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Optimize Database after Deleting RevisionsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (only runs in the backend).
SG OptimizerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
W3 Total CacheAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.

Attention: If a CDN is used, personal data may be processed through that.

WP Fastest CacheAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP-OptimizeAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (only runs in the backend).
WP Rocket According to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP Super CacheAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP-SweepAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (only runs in the backend).

9. SEO plugins

PluginDetails
404 RedirectionAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
All 404 Redirect to HomepageAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
All in One SEO PackAccording to developer, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Breadcrumb NavXTAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Broken Link CheckerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Change Permalink HelperAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Contextual Related PostsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
FV Top Level CategoriesAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Google XML SitemapsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
RedirectionIP addresses are are saved in redirect and 404 logs. This can be deactivated in plugin options.
Simple 301 RedirectsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Title and Nofollow For LinksAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Table of Contents PlusAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Yet Another Related Posts PluginAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Yoast SEOAccording to developer, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
XML Sitemap & Google News feedsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
wpSEOAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.

10. Media plugins

PluginDetails
Compress JPEG & PNG imagesImages are optimized on third-party servers, which can be problematic, if these images depict identifiable persons.
Enable Media ReplaceAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
EWWW Image OptimizerPlugin doesn’t process any personal data, since images are optimized on your own server.

Attention: If cloud optimization is activated, images are optimized on third-party servers, which can be problematic, if these images depict identifiable persons.

EWWW Image Optimizer CloudImages are optimized on third-party servers, which can be problematic, if these images depict identifiable persons.
Force Regenerate ThumbnailsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Kraken.io Image OptimizerImages are optimized on third-party servers, which can be problematic, if these images depict identifiable persons.
ImsanityAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Media CleanerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Media File RenamerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
NextGEN GalleryDoesn’t process personal data in itself. However, it seems to load Google Fonts (pretty much unnecessarily), which can’t be deactivated in plugin options.

Solution: Remove Google Fonts manually from code (no other solution available at the moment).

Photo Gallery by 10webDoesn’t process personal data as long as firstly comments are deactivated (if activated, IPs and e-mails are stored) and secondly you disallow the plugin to collect data upon installing (just click Skip when prompted)
Resize Image After UploadAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Regenerate ThumbnailsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
ShortPixel Image OptimizerImages are optimized on third-party servers, which can be problematic, if these images depict identifiable persons.
Smush Image Compression and OptimizationImages are optimized on third-party servers, which can be problematic, if these images depict identifiable persons. However, according to developer these images are immediately deleted after optimization.
WordPress File UploadConnects to the external sources code.jquery.com as well as cdnjs.cloudflare.com (Source).

With version 4.5.0 some features were added to obtain consent to process personal data of users uploading files.

WP Retina 2xAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.

11. Appearance plugins

PluginDetails
404pageAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Beaver BuilderAccording to my own research and according to support, the plugin in itself doesn’t process any personal data and doesn’t load any external resources.

However, be careful when using modules like Video, Map or Social Buttons. Personal data may be processed in the background when using them.

Better Font AwesomeUses jsDelivr CDN to load FontAwesome icons. Can’t be loaded locally.

Possible solution: Using CDN on grounds of legitimate interest.

Collapse-O-MaticAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Content Aware SidebarsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Contextual Related PostsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Custom SidebarsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Elementor Page BuilderIn itself no personal data is stored by Elementor Page Builder and no external resources are loaded.

However, if using the elements “Google Maps” or “Videos” personal data is transmitted to third-party servers in the background.

Solution: Installing the plugin Extra Privacy for Elementor, with the help of which Videos and Google Maps are blocked and are only available on click.

Genesis Columns AdvancedAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
List Category PostsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Max Mega MenuAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
MaxButtonAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Page Builder by SiteOriginAccording to my own research, the plugin in itself doesn’t process any personal data and doesn’t load any external resources.

However, if using the element “Videos” personal data may transmitted to third-party servers in the background (e. g. Vimeo or YouTube). There is solution to that yet (except for doing without said element).

The use of some premium addons may also require adjustments on your end to use them in a GDPR compliant way, e. g. Contact Form, Web Font Selector, Ajax Comments or Social Widgets.

Popup BuilderAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Posts in PageAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Q2W3 Fixed WidgetAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Responsive Lightbox & GalleryAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
ShortcoderPlugin in itself doesn’t process any personal data. Please keep in mind that personal data may be processed through scripts or other external resources that are integrated into your website through shortcodes (such as YouTube videos, Google AdSense, etc.).
WordPress Popular PostsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WPBakery Page Builder (ehemals Visual Composer)According to my own research, the plugin in itself doesn’t process any personal data and doesn’t load any external resources.

However, if using the elements “Google Maps”, “Flickr Widget”, “Videoplayer” as well as social media buttons, personal data may transmitted to third-party servers in the background. There is solution to that yet (except for doing without said elements).

Yet Another Related Posts Plugin (YARPP)According to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP-PageNaviAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.

12. WooCommerce

PluginDetails
Disable WooCommerce ReviewsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WooCommercePersonal data, e. g. addresses, contact information or payment information of customers are stored in the WordPress database and may be sent to payment processors (e. g. PayPal) or (depending on what add-ons are installed) to other third parties.

Automattic, the developer of WooCommerce, offers a help page and many posts on GDPR on the official WooCommerce blog.

WooCommerce Advanced Bulk EditAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WooCommerce CSV ImporterAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WooCommerce Product Archive CustomiserAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WooCommerce Tab ManagerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.

13. Misc

PluginDetails
Advanced Access ManagerAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Advanced AdsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.

Attention: Make sure you use the ads you integrate via the plugin in compliance with GDPR as well.

Advanced Custom Fields (ACF)According to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Advanced ExcerptAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
amr shortcode any widgetAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
ASA 2 ProThe plugin itself doesn’t process any personal data. However, it uses Amazon servers to display product images from Amazon (which store IP addresses and client data of site visitors).

Solution: Use the Local Images feature which was introduced in version 1.9 and allows you to cache product images from Amazon locally.

BackWPupIf you use BackWPup back up your site to your own server, no personal data is processed since it stays in one place (keep in mind that backups may increase data retention time, though).

If you use the plugin to backup your site to another server or cloud service (Google Drive, Dropbox etc.), make sure to have a data processing agreement with that provider and inform users about where backups are kept and for how long.

More information about BackWPup and the GDPR can be found in their docs.

BackUpWordPressIf you use BackUPWordPress back up your site to your own server, no personal data is processed since it stays in one place (keep in mind that backups may increase data retention time, though).

If you use the plugin to backup your site to another server or cloud service (Google Drive, Dropbox etc.), make sure to have a data processing agreement with that provider and inform users about where backups are kept and for how long.

Better Search ReplaceAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Black Studio TinyMCE WidgetAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
CSS & JavaScript Toolbox According to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Disable EmailsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Download MonitorStores IP, if in plugin settings Logging > IP Address Logging is set to Store full IP address.

Solution: Switch to Store no IP address or Store anonymized IP address.

Duplicate PostAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
DuplicatorAccording to my own research, the plugin itself doesn’t process any personal data. Therefore it is GDPR compliant.

However, make sure to have data processing agreements with both hosting companies when migrating from on to another and be transparent about it.

Easy Code ManagerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Envato MarketAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Email Address EncoderAccording to support, the plugin is GDPR compliant.
Featured Image Admin ThumbAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
FeedWordPressAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Head, Footer and Post InjectionsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (active in backend only).
HTML Editor Syntax HighlighterAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (active in backend only).
Insert Headers and FootersAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
JetpackSeveral features of Jetpack are problematic in terms of GDPR, e. g.:

A detailed documentation of all features and which personal data of both site owners and visitors is processed by them, can be found in the Jetpack Privacy Center.

Solution: Deactivate problematic modules.

Lana Downloads ManagerIP addresses of users who download files are stored in the WordPress database. According to support, an option will be introduced until May 25 to deactivate this.
Loco TranslateAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
OneSignalOneSignal processes personal data on third-party servers (e. g. IP addresses and Device IDs). Several changes with regard to GDPR have been implemented. GDPR compliance remains unknown.
PDF EmbedderAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Pretty LinksPlugin stores IP address of users who clicked on a cloaked link in the WordPress database. This can be prevented by disabling click stats.
PrintfriendlyProcesses personal data of users on third-party server (plugin shows ads in the free version).
Public Post PreviewAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Quick Featured ImagesAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Reveal IDsAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Reviewer WordPress PluginAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Search & ReplaceAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
TablePressAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
tinyCoffeeDoesn’t process personal data before clicking on a donation button (redirects to PayPal).

Mentioning the plugin and the way it works in your privacy policy may still be a good idea.

TinyMCE AdvancedAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant (active in backend only).
The Events CalendarPersonal data is processed by Google, if Google Maps are activated for events. This can be disabled in the plugin settings.

What’s more, personal data may be processed when using add-ons.

The developer is currently working on GDPR compliance.

ThirstyAffiliatesPlugin stores IP addresses of users who clicked on a cloaked link in the WordPress database. This can’t be deactivated.
UpdraftPlusIf you use UpdraftPlus back up your site to your own server, no personal data is processed since it stays in one place (keep in mind that backups may increase data retention time, though).

If you use the plugin to backup your site to another server or cloud service (Google Drive, Dropbox etc.), make sure to have a data processing agreement with that provider and inform users about where backups are kept and for how long.

More about how UpdraftPlus processes personal data can be found in their Data protection and privacy centre.

User Role EditorAccording to support, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Widget LogicAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WordPress ImporterAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP Job ManagerPlugin may process personal data on third-party servers. Developer is working on a solution.
WPMLAccording to my own research as well as the developers of WMPL, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP Recipe MakerAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP Ultimate Post GridAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
WP Ultimate RecipeAccording to my own research, this plugin doesn’t process any personal data. Therefore it is GDPR compliant.
Yet Another Stars RatingDoesn’t process personal data unless the option Do you want to save ip address? is set to NO (this is the default setting).

*Affiliate link

18 thoughts on “200+ WordPress Plugins Checked for GDPR Compliance (+Plugin Recommendations)

  1. Amazing list! Thank you very much for putting in all the hard work to create and maintain it. Much appreciated.

Leave a Comment