Are you looking for the best WordPress GDPR plugins? It’s important that your website stores personal data legally, so you’ll want to check every plugin you install.
In this article, we’ll look at some of the best GDPR plugins for your site. These plugins help you to get consent and manage personal data in WordPress.
Is WordPress GDPR Compliant?
Yes, WordPress is GDPR compliant out of the box. But some plugins for WordPress aren’t GDPR compliant yet. That’s why it’s so important to check each one individually.
You need to use GDPR compliant plugins if your website gets visitors from the European Union or the United Kingdom. Their personal data is protected by law, even if you (or your website) are located somewhere else.
Under the GDPR, personal data could mean things like:
- Data the visitor types in, like their email address or phone number
- Data that could be automatically collected, like a cookie that keeps track of their IP address.
This doesn’t mean website owners can’t collect user information. But you’ll need to get explicit consent.
Now we understand a bit more about WordPress GDPR compliance, let’s move on and look at the best WordPress GDPR plugins.
The Best WordPress GDPR Plugins
We’re going to look at the best GDPR plugins for WordPress and walk through the most important features.
Some of these plugins will help you to set up your site correctly as a ‘data processor’. Others help you meet GDPR requirements by giving you control over the way data is stored.
- Instagram Feed Pro
- Shared Counts
- Cookie Notice
- Delete Me
- WP AutoTerms
- WP Activity Log
Let’s start by looking at contact form compliance.
GDPR enhancements are available in the free and paid versions of WPForms.
When you turn on the enhancements, you’ll see a new GDPR agreement field in the form builder. You can easily drag the field onto any contact form to make sure you get consent for your visitors.
This feature is available in the paid version of WPForms and the free version, WPForms Lite. Other free form builder plugins don’t have any GDPR fields at all. Get more info in our review of WPForms Lite vs Contact Form 7.
In the paid version of WPForms, you get extra GDPR features as well.
And that’s not all! In WPForms Pro, you can turn off tracking of visitor user-agent and IP addresses too.
Finally, if you want to completely remove the risk of a data breach, you can also disable form entry storage in the paid version. That way, none of your form submissions will be saved in your WordPress database.
- Make unlimited forms
- 100+ form templates
- Smart conditional logic
- Easy drag and drop builder
- Awesome survey and poll tools
- Make file upload forms
- Take payments
- Accept user submitted guest posts on the frontend
- Make conversational forms
- Integrate with email marketing and email automation services
- Works with Uncanny Automator
MonsterInsights is the best Google Analytics plugin for WordPress. It lets you easily see how your site is performing. You can also create analytics reports in the WordPress dashboard that are easy to understand.
MonsterInsights lets you easily anonymize IP addresses for Google Analytics in the free and paid version. There’s also an EU Compliance Addon that quickly disables tracking features and reports in Google Ads.
One really neat feature is that MonsterInsights automatically integrates with other WordPress GDPR plugins.
For example, it works with Cookiebot and Cookie Notice plugins that we also cover in this article. So if you have those installed, MonsterInsights will automatically for the user to give consent before it loads its analytics scripts.
- Anonymize IP addresses
- Geolocation features
- Disable remarketing and ad reporting
- Disable user ID and author tracking
- Make custom opt-out links
- Integrates with cookie plugins
- AMP compatible
- CCPA compliant
- Compatible with Google’s opt-out analytics cookie
Pricing: There’s a free version of MonsterInsights. The paid version is priced from $199/year.
Want more details before you buy? Check out our MonsterInsights review.
With OptinMonster, you can easily add double optins to your lead generation popups. Double optins ask for confirmation from the visitor so you can be sure they’ve given consent. If you prefer, you can add a GDPR consent checkbox to your optin forms instead.
Are you worried about not getting leads because of GDPR? You can use the automatic geolocation feature to only show GDPR fields to visitors from the United Kingdom and European Union. That way, people from other countries don’t have to use them.
Here’s another good thing to know about OptinMonster. If you get a data request from a customer, OptinMonster has an Audit Concierge team. They’ll help you to locate and supply the data you’ve collected.
- Privacy optin checkbox
- Double optin support
- Visitor geolocation
- Audit concierge service
See our OptinMonster review for a full list of features.
Pricing: There’s a free version of OptinMonster. Paid plans start at $14/month.
Want to display Instagram feeds in WordPress? You need the Instagram Feed Pro plugin by Smash Balloon.
Instagram Feed Pro is the best Instagram plugin for WordPress. It lets you display Instagram photos on your site, and make custom hashtag feeds.
To keep your site GDPR compliant, Instagram Feed Pro won’t load anything from the Instagram CDN until your visitor gives consent. This feature is compatible with some of the cookie plugins we covered in this article, including Complianz and Cookiebot.
- Caches and optimizes Instagram images
- Responsive layout
- Visual moderation
- Supports hashtag feeds
- Can display local images without cookie consent
Pricing: There’s a free version of Instagram Feed. Paid plans start at $98/year.
Shared Counts lets you easily add social media sharing buttons anywhere on your website. The plugin tracks the number of clicks your sharing buttons get and displays the total on your posts and pages.
Unlike many sharing plugins, Shared Counts doesn’t track your users. That’s why we think it’s an essential addition to our list of WordPress GDPR plugins.
Shared Counts also has its own caching system so it won’t slow down your site.
You can easily customize the way your sharing buttons look. The plugin is super customizable and has awesome developer documentation if you want to adapt it yourself.
- Easy social sharing buttons
- Counts shares for each site
- Multiple style options
- No cookies or tracking code
- Full documentation
The ePrivacy cookie law is strict about cookies that collect personal data or track behavior. Cookiebot is a WordPress GDPR plugin that gets consent for cookies in different categories.
Under the General Data Protection Regulation, user consent for cookies must be ‘freely given, specific, and informed’. That’s why Cookiebot lets your visitor choose if they want to turn some off while leaving others active.
The plugin also automatically scans your site to see which cookies are in use and then updates your cookie declaration.
You can whitelist essential cookies that your website needs to function. And you can also hide the cookie consent options depending on your visitor’s location.
- Cookie declaration generator
- Cookie whitelisting
- Customizable cookie bar
- CCPA compliant
- WCAG 2.0 compliant
- Do Not Track compliant
- Encrypted consent log
- Multi-domain support
- WPML ready
- Google Consent Mode ready
Pricing: Cookiebot is free for 1 website with up to 100 pages. The paid version starts at $10/month.
Cookie Notice is a GDPR cookie consent plugin that displays a cookie optin bar on your website. It makes it easy for your visitors to see more information about the cookies you use so that they can give explicit consent.
Cookie Notice also lets you control the layout and style of the buttons and links. That way, you can easily make it match the rest of your WordPress site.
- Customizable cookie notification message
- Bar or modal popup
- Option to decline cookies
- Customization of colors and layouts
- CCPA compliant
- Translation ready
8. Delete Me
The General Data Protection Regulation talks about the ‘right to be deleted’, or the ‘right to erasure’. That means that citizens of the EU and UK have a right to have all of their data wiped.
In WordPress, site owners have a tool to easily delete user data if they get a ‘right to be forgotten’ request. The Delete Me plugin expands on that by letting your users delete their own data themselves.
Delete Me adds a button to the profile page in WordPress that will delete all the data for that user. You can also add a shortcode to any page or post on your site. Users can only delete their own accounts and not someone else’s.
As the site owner, you can choose if the user can delete their WordPress comments. If you turn this off, they’ll only be able to delete posts and links.
Delete Me is handy for community sites. You can easily give people control so you’re compliant with the ‘right to erasure’. The plugin doesn’t store any info about your users.
- 1 click self-delete posts, comments, and links
- Restrict usage by role
- Multisite compatible
- Network Activation compatible
- Admin email notifications
9. WP AutoTerms
You can easily build legal pages for different purposes in the plugin. Then, you can customize them with your own custom CSS, fonts, and background colors. WP AutoTerms automatically links to all of your policies in the WordPress footer.
If you need to update a policy, the plugin can show your visitors an alert so that they can check the changes easily.
- Compliance kits for GDPR, CCPA, and more
- Automatic footer links
- Update announcement bars
- Disclose paid endorsements
- Show or hide policies for logged-in users
- Create custom legal pages
10. WP Activity Log
As a site owner, you have to make sure that personal data is secure. It’s one of the terms in the General Data Protection Regulation.
That’s why we like WP Activity Log. It helps to keep you compliant by tracking what logged-in users are accessing or editing. You can even track changes to eCommerce products, so it’s a great WordPress security plugin.
Many WordPress GDPR plugins don’t log data access. That’s why WP Activity Log can help you stay compliant. If there is a data breach, you can look through the log to see exactly what happened.
The log keeps a timestamp and records the IP address that accessed the data. This can help you easily tell whether the breach was accidental or malicious.
- Logs changes to posts, tags, comments, and more
- Tracks WooCommerce activity
- Logs all activity from logged-in users
- Optionally logs logged-out users
- Logs hack attempts
- Tracks plugin and theme updates
- Tracks database changes
Pricing: There’s a free version on WordPress.org. The paid version lets you see real-time activity and create email notifications.
11. Iubenda WordPress GDPR Plugin
Iubenda combines the GDPR and ePrivacy (cookie law) in an ‘all in one’ plugin. It lets you track consent on different parts of your website, including the comment forms underneath your blog posts.
The plugin automatically keeps records of user consent so you can easily keep track of who opted in and when. It also automatically tracks the legal policies on your website when the visitor consented.
Iubenda can record different types of consent for the same user. That means you’ll have a complete audit log of GDPR consent on your site.
The features and pricing are a little tricky to understand. On a basic level, the Pro version supports multiple sites and more complicated policies. Ultra also lets you create a terms and conditions document.
- User optins for different cookie types
- Cookie banner
- Blocks cookies before consent
- Script detection
- Consent management
- Offline consent tracking
- CCPA and CalOPPA ready
If you want to be compliant in as many countries as possible, Complianz might be a good fit for your site.
This plugin combines consent banners and compliance for many countries. Also, it can automatically detect your visitors’ location so that they see the right legal document.
Complianz also has an automatic cookie scan that can detect the other plugins on your site. You can generate your own policy with a wizard.
The plugin is ready for the GDPR framework as well as a ton of other privacy laws and policies for different countries. It supports both EU GDPR (DSVGO) and UK GDPR, giving you a lot of options in a single plugin.
- Customizable templates
- WordPress blocks
- ‘Data minimization’ compliant
- Support for PECR, CCPA, COPPA, PIPEDA, and more
- Supports Do Not Sell (DNSMPI) and Do Not Track
Pricing: The free version includes basic tools and settings. The paid version’s priced from $45/year.
And that’s it! Now you know the best GDPR WordPress plugins. Quick disclaimer: plugins alone can’t guarantee that your website is GDPR compliant. Please get legal counsel if you aren’t sure which ones to use.
Next Step: Create GDPR Compliant Forms
Great! You have all the GDPR WordPress plugins you need. Next, you’ll want to add a GDPR agreement to your forms.
WPForms makes it easy to add a GDPR agreement checkbox to any form on your website. You can easily customize the agreement wording and appearance.
And if you need to get consent for your work, check out our article on making a model release form for some ideas on how to publish your waivers online.
Ready to build your form? Get started today with the easiest WordPress form builder plugin. WPForms Pro includes GDPR features and offers a 14-day money-back guarantee.