WordPress plugins for legally compliant website (GDPR update)

WordPress plugins for legally compliant website (GDPR update)

Last update on: March 11, 2021

Business founders and the self-employed with their own website usually have a limited budget and therefore no money to give away. In order to make your website legally secure and data protection compliant or, from May 25, 2018, also GDPR-compliant and thus avoid warnings, you should therefore consider the following WordPress plugins for every WordPress installation.

Disclaimer: As always, all information in this article has been researched to the best of my knowledge and is based on my personal experiences. This article and any other content on this website does not constitute legal advice and cannot replace the advice of a lawyer.

It should also be mentioned that it is unfortunately not sufficient to install and activate the following WordPress plugins and to put the topic of data protection and DSGVO to the files. With the extensions and the additional links in this article, you will definitely make your website a good deal more secure against warnings.

Update from April 23, 2018: The plugin mix has been supplemented with WordPress extensions that should help you to comply with the GDPR guidelines, which will be mandatory for all website operators who process personal data from May 25, 2018.

Plugins for legally compliant websites

GDPR for GDPR support

WordPress Plugin GDPR – The optimal GDPR support

GDPR plugins are currently springing up like mushrooms. From my point of view, the GDPR plugin provides the best support when it comes to implementing the new data protection guidelines on your own website. It provides features that meet many GDPR requirements, such as B. the obligation to provide evidence of consent, the possibility of data portability and deletion of a user, definition of a process in the event of data breaches and much more. I also find the “Telemetry Tracker” feature very interesting. This can be used to identify third-party plugins that forward data to external servers.

As an alternative to the GDPR plugin, you should also keep an eye on The GDPR Framework plugin. The built-in setup wizard, which accompanies you through the configuration process, and the detailed documentation are very promising. Unfortunately there is no German translation for both plugins yet.

Cookie Notice

Cookies Notice - Mandatory for users of Google ToolsCookies notice

Whether and in what form visitors to a website must be informed about the use of cookies is not clearly regulated – not even by the GDPR. In any case, it is certain that Google has made the cookie notice mandatory for users of certain Google offers. To be on the safe side, you can use the dFactory Cookie Notice plugin. However, only if you are not using the GDPR plugin mentioned above, because this extension can also be used to implement a cookie notice.

Shariff wrapper for social media

Shariff Wrapper - Privacy compliant social media buttonsShariff Wrapper – Privacy compliant social media buttons

What’s the use of great “Social Floating Bars” and stylish “Social Media” plugins for a website owner if they send information to Facebook and Co. as soon as the website loads, thereby violating German data protection. As far as I know, one of the few “social plugins” that complies with German data protection and GDPR guidelines is the Shariff Wrapper from the computer magazine c’t.

And if you want it to be a social floating bar, you can check out the Fuse Social Floating Sidebar plugin. It seems that no data is forwarded with this plugin either.

Statify for statistics and analysis

Statify - privacy-compliant alternative to Google AnalyticsStatify – privacy-compliant alternative to Google Analytics

I would definitely describe myself as an analytics freak. And although I’m actually a fan of Google Analytics, I have to admit that the effort required to use the Google tool in compliance with data protection regulations is not insignificant. The website operators must indicate the use of Google Analytics and a browser plug-in for an opt-out, anonymize the IP address of the visitor, conclude a contract for order data processing (ADV) with Google and now also take additional precautions to meet the GDPR requirements fulfill.

All this is spared with the WordPress plugin Statify. This is a real alternative to Google Analytics, Piwik and Co., especially for site operators who “only” want to know where the visitors come from and which pages were viewed how often. This plugin also works with caching plugins such as Cachify and in the WordPress Multisite Vicinity.

Another more privacy-friendly alternative to the Google tool is WP Statistics. Here, however, the corresponding option should be activated in order to anonymize the IP address.


GDPR compliant newsletter integration with the WordPress plugin newsletterGDPR compliant newsletter integration with the WordPress plugin newsletter

I have already pointed out the problems that exist when using the newsletter of a US provider such as MailChimp in the article MailChimp newsletter and data protection. A GDPR-compliant alternative is the use of newsletter providers such as MailPoet, Newsletter or Email Subscribers & Newsletters, because, provided the settings are correct, the subscribers’ data is stored on their own server and not passed on to third parties.

It is still unclear whether the use of these newsletter plugins requires a contract for order data processing (ADV) with the provider or not. The developers of MailPoet at least claim to be working on an ADV contract. In the support forum, however, I asked the question why you actually need such a contract and whether MailPoet does not process data after all, even if the option “Send e-mails via your own site” has been selected? In my opinion, an ADV contract with the hosting provider should be sufficient, especially if you send the newsletter via your own WordPress site. As soon as there is news on this topic, I will report about it here.

Update from 05/25/2018: As you can see, I am doing the update on the GDPR deadline and there is still no feedback from MailPoet as to whether an ADV contract is required or not. At least it looks like you don’t need an ADV contract with the “Newsletter” plugin.

In addition, there are also German newsletter providers such as Newsletter2Go and CleverReach, who also provide WordPress plugins. Although I have not yet used these services, I assume that they have also guaranteed data protection-compliant newsletter integration. Unfortunately, I cannot say whether this will still be the case with the entry into force of the GDPR.

Autoptimize for removing emojis and google fonts

Performance increase through Autoptimize WordPress pluginPerformance increase through Autoptimize WordPress plugin

Thanks to the GDPR, you can now find the Autoptimize plugin not only in various lists of the best performance plugins, but also more and more in data protection lists like this one. The plugin owes its nomination for this plugin mix to two settings with which both the emojis, which are questionable from a GDPR point of view, and the Google fonts can be removed. If you want to continue using Google Fonts, you can also integrate them in compliance with the GDPR. The main reason to install this plugin should still be to optimize the loading times of your website.

Plugins for legally compliant online shops

WooCommerce German Market

WooCommerce German Market - Premium plugin for legal certaintyWooCommerce German Market – Premium plugin for legal certainty

The Plugin German Market from MarketPress supplements the popular WooCommerce Plugin, so that you can operate your online shop legally in German-speaking countries. It helps you protect yourself from warnings by providing ready-made templates for legal texts that have been checked by a lawyer, e.g. B. Cancellation policy, methods of payment, terms and conditions, etc. MarketPress points out, however, that these sample texts should only be used after careful examination and adaptation to the specific business model. The price, tax and shipping information is displayed with this plugin in accordance with the statutory provisions.

WooCommerce Germanized

WooCommerce Germanized - free data protection plugin for online shopsWooCommerce Germanized – free data protection plugin for online shops

An equivalent alternative to German Market is Vendidero’s WooCommerce Germanized extension. In contrast to German Market, Germanized relies on the freemium model and offers a free version of the plugin via wordpress.org. Also worth mentioning is the cooperation with Trusted Shops, which offers an easy way of integrating the dealer organization into your own website. The plugin automatically creates the necessary legal pages without content. With WooCommerce Germanized Pro you get a sample text generator for terms and conditions and cancellation policy. Furthermore, the PRO version also offers PDF invoices, premium support and much more.

WooCommerce EU VAT Compliance

WooCommerce EU VAT Compliance - Adjustment of sales tax to buyer's countryWooCommerce EU VAT Compliance – Adjust VAT to buyer’s country

Since 01/01/2015 apply to companies that electronic services to individuals provide in the EU, changes the sales tax regulation. With the WooCommerce EU VAT Compliance plugin, you can specify the prices in your online shop including the correct sales tax (sales tax in the country where the buyer is located).

This function is also included in the “German Market” and “WooCommerce Germanized” plugins mentioned above. However, if you opt for an e-commerce solution without these extensions, you can use this free plugin to meet the new sales tax regulations.

Are there any other plugins?

Can you think of any other plugins that increase the legal security of a website? Or do you have any questions about the plugins mentioned? Then just leave a comment below.


Customize, extend, reprogram WordPress plugin ✅ Previous post Customize, extend, reprogram WordPress plugin ✅
Next post Overview: Important WordPress Plugins | TipCenter