First of all: Due to the wide range of configuration options and plug-ins available, the following guide can only give a rough overview of the possible GDPR-relevant changes.
Problematic: Plugins that "phone home"
Many plugins send data to third parties, partly to ensure the functionality of the plugin, partly for no apparent reason. No matter what data is sent, the blog operator has to inform his visitors about this fact. Possibly it concerns personal data (IP addresses), these flow off uncontrolled and uncommunicated, then here an offence against the DSGVO is present.
Unfortunately, very few plugins document the way they handle data and which data is transmitted. Therefore, you should not use any plugins that are known to transmit data.
Many of the popular and frequently used plugins offer the possibility to make settings that prevent the transmission of personal data. With these plugins the use is possible, but must be mentioned in the privacy policy.
Of course, there are now also numerous plug-ins to facilitate compliance with the GDPR guidelines. IP addresses in comments are removed by the plugin "Remove Comment IPs". If you include Google Fonts, the plugin "Remove Google Fonts References" can help. This plugin stores the fonts locally on the server and prevents them from being called by Google. Since the DSGVO has also made SSL important for many websites, the plugin "Really Simple SSL" is available for WordPress. This plugin helps to convert to the HTTPS protocol.
Further privacy plugins can be found here:https://www.blogmojo.de/wordpress-datenschutz-plugins/