How to make your WordPress blog GDPR compliant with a plugin
July 9, 2019
It took me several days to make my self hosted blog, which runs on the CMS based on WordPress, GDPR compliant. I’m sure, that I’m not the only one, who had to go through this and I’ve decided to write this article to help you and save you some time! And maybe headaches 🙂
In this article I will not detail what GDPR exactly is, for this, there is enough documentation out there, click on this link where you can read more about the huge topic of GDPR. We will more look at what you have to do (plugin wise), to make your blog GDPR compliant. Just keep in mind that this article is not any form of legal advise and that I do not cover how to make your privacy statement! The plugin that I will recommend, offers an option to generate a privacy statement in its paid version. For my use, the free options are sufficient and I made my own privacy statement.
Disclosure: Some of the links below are affiliate links, meaning, at no additional cost to you, I will earn a commission if you click through and make a purchase. Read my affiliate disclosure here.
At first I tried several plugins and none of them worked… except one!
I tried several plugins under a search with the keyword GDPR in the add plugins section of WordPress. To my disappointment, none of them worked properly, except one. (Which one that is, I will mention further below.) There is a way to test that. You can apply that same test on the other plugins available, maybe some or most of these will work for you…
What I did is, in Firefox, I would load my website after installing the GDPR plugins and see if my website would install by default any tracking cookies and for all plugins I tried, except one, they all installed tracking cookies without the consent of the user. By cookies I do mean tracking cookies which is different to functional cookies which is necessary for the site to run. So, these scripts let both of these types of cookies through. For various plugins I tried to figure out what could be wrong, I tried also various of their tutorials, and yet I still didn’t get satisfactory results. Some of these plugins have a really nice graphical interface and look cute on your blog. You would even be tempted to think since some of these plugins look so cute, they should be the right one… That professional look. Test first.
It could be that some of my other scripts/plugins conflicted with the plugins I installed, I don’t know why all of these plugins didn’t work. I mean that these plugins did show a popup on my blog, they did work graphically in the front end, but didn’t stop any tracking, even if the user opted out! I figured that out by making the test in my browser. And this is how you can test that too.
How to check if your GDPR Plugin is doing what it is supposed to do
This is how you test if your GDPR plugin is working properly. Try to install one from the add plugins page and afterwards do the test below.
1. Open a browser, for this example we will use Firefox.
2. Go to Preferences.
3. Go to Manage Data – click on it and a popup will open, then delete all cookies and click on save changes.
4. Then go back to your browser and load your blog on which you have installed a GDPR plugin. We will use in this example my blog www.siloi.net
5. So now when I go to Manage Cookies and Site Data I see that my website www.siloi.net is listed and that it has installed 3 cookies on the computer. These are only functional cookies strictly necessary for the website to function and not tracking cookies. Let’s click on the blogs option to have All cookies in the browser and see what it then installs. Now you can see that there are more cookies such as youtube, sharethis and doubleclick. It depends also what you have running on your blog for scripts and third party scripts, so the amount of cookies will depend on that and their settings too.
6. Now, let’s do another test. We delete all cookies again and load/refresh the blog and then click on functional only and see which cookies it installs. This is what I get.
If you want more details about cookies, you can also view the installed cookies in the chrome or brave browser. Go to Settings » then scroll down and click on advanced » then click on Content settings (or Site settings) » click on Cookies » click on See all cookies and site data and then this is what I see about my functional cookies.
Which GDPR plugin script to use?
I had the best results with the complianz plugin (Affiliate link). Not only did it make my website GDPR compliant (excluding the privacy statement which I made myself, so keep in mind that you need that too – if you use the paid version, this plugin will make you a privacy statement), but I also managed to fix other issues I had such as making my blog work with SSL encryption. I set up SSL per click at my webhoster and complianz SSL script did the rest! I was so happy that my blog was finally encrypted via “Let’s Encrypt Authority X3”.
The plugin has a straight forward and easy to use installer wizard.
I opted for the free version which covers all my needs currently as I just run a simple blog on which I occasionally publish my articles. If you have a bigger website, or you just don’t want to make your own privacy statement or have some commercial offers and want to be on the safe side, you can also go for the premium version which has more options including things like data-leak report, processing agreement, legal documents drafted by an IT law firm for your privacy statement etc.