How to make your WordPress blog GDPR compliant with a plugin

It took me several days to make my self hosted blog, which runs on the CMS based on WordPress, GDPR compliant. I’m sure, that I’m not the only one, who had to go through this and I’ve decided to write this article to help you and save you some time! And maybe headaches 🙂

In this article I will not detail what GDPR exactly is, for this, there is enough documentation out there, click on this link where you can read more about the huge topic of GDPR. We will more look at what you have to do (plugin wise), to make your blog GDPR compliant. Just keep in mind that this article is not any form of legal advise and that I do not cover how to make your privacy statement! The plugin that I will recommend, offers an option to generate a privacy statement in its paid version. For my use, the free options are sufficient and I made my own privacy statement.
As far to my understanding and please do comment in case I missed out on something, to make your WordPress based blog GDPR compliant, you need to offer users the option to opt in to use any form of tracking, or not. You cannot simply offer them a popup that says that this site uses cookies, and then press OK to continue. This would mean that you didn’t give the user any choice at all to opt out from any form of tracking. You will see that a A LOT of websites do that, and this is not the correct form to do it. Neither is it correct to request the user to deactivate cookies in their browser if they don’t want to be tracked. Your blog shouldn’t place any tracking cookies on their computer in the first place, only after they consented!

Neither is it sufficient to just have a privacy policy where you advise users that if they don’t like tracking cookies that they just have to delete them manually on their own. By the way, you also need to have a privacy policy. We will also get to that a bit later.

Disclosure: Some of the links below are affiliate links, meaning, at no additional cost to you, I will earn a commission if you click through and make a purchase. Read my affiliate disclosure here.

At first I tried several plugins and none of them worked… except one!

I tried several plugins under a search with the keyword GDPR in the add plugins section of WordPress. To my disappointment, none of them worked properly, except one. (Which one that is, I will mention further below.) There is a way to test that. You can apply that same test on the other plugins available, maybe some or most of these will work for you…

GDPR Plugins

What I did is, in Firefox, I would load my website after installing the GDPR plugins and see if my website would install by default any tracking cookies and for all plugins I tried, except one, they all installed tracking cookies without the consent of the user. By cookies I do mean tracking cookies which is different to functional cookies which is necessary for the site to run. So, these scripts let both of these types of cookies through. For various plugins I tried to figure out what could be wrong, I tried also various of their tutorials, and yet I still didn’t get satisfactory results. Some of these plugins have a really nice graphical interface and look cute on your blog. You would even be tempted to think since some of these plugins look so cute, they should be the right one… That professional look. Test first.

It could be that some of my other scripts/plugins conflicted with the plugins I installed, I don’t know why all of these plugins didn’t work. I mean that these plugins did show a popup on my blog, they did work graphically in the front end, but didn’t stop any tracking, even if the user opted out! I figured that out by making the test in my browser. And this is how you can test that too.

How to check if your GDPR Plugin is doing what it is supposed to do

This is how you test if your GDPR plugin is working properly. Try to install one from the add plugins page and afterwards do the test below.

1. Open a browser, for this example we will use Firefox.

2. Go to Preferences.

Go to Preferences

3. Go to Manage Data – click on it and a popup will open, then delete all cookies and click on save changes.

Go to Privacy and Security
Go to Manage Data
Delete all cookies and click on save

4. Then go back to your browser and load your blog on which you have installed a GDPR plugin. We will use in this example my blog
When I load my blog, the GDPR plugin gives the user the option between Functional only, All cookies and the Read more option which is the cookie policy. Now let’s go check which cookies have already been pre-loaded.

Loading my blog

5. So now when I go to Manage Cookies and Site Data I see that my website is listed and that it has installed 3 cookies on the computer. These are only functional cookies strictly necessary for the website to function and not tracking cookies. Let’s click on the blogs option to have All cookies in the browser and see what it then installs. Now you can see that there are more cookies such as youtube, sharethis and doubleclick. It depends also what you have running on your blog for scripts and third party scripts, so the amount of cookies will depend on that and their settings too.

First cookies when I load my blog
All cookies accepted

6. Now, let’s do another test. We delete all cookies again and load/refresh the blog and then click on functional only and see which cookies it installs. This is what I get.

Functional cookies only

If you want more details about cookies, you can also view the installed cookies in the chrome or brave browser. Go to Settings » then scroll down and click on advanced » then click on Content settings (or Site settings) » click on Cookies » click on See all cookies and site data and then this is what I see about my functional cookies.

cookies as seen in chrome and brave

Which GDPR plugin script to use?

I had the best results with the complianz plugin (Affiliate link). Not only did it make my website GDPR compliant (excluding the privacy statement which I made myself, so keep in mind that you need that too – if you use the paid version, this plugin will make you a privacy statement), but I also managed to fix other issues I had such as making my blog work with SSL encryption. I set up SSL per click at my webhoster and complianz SSL script did the rest! I was so happy that my blog was finally encrypted via “Let’s Encrypt Authority X3”.

The complianz script will also generate a cookie policy (in the free version) and has many more options such as export personal data and erase personal data. That’s handy in case you get such a request someday from a user. I made my own privacy statement.

The plugin has a straight forward and easy to use installer wizard.

I opted for the free version which covers all my needs currently as I just run a simple blog on which I occasionally publish my articles. If you have a bigger website, or you just don’t want to make your own privacy statement or have some commercial offers and want to be on the safe side, you can also go for the premium version which has more options including things like data-leak report, processing agreement, legal documents drafted by an IT law firm for your privacy statement etc.

Leave a Reply

Your email address will not be published. Required fields are marked *