WordPress can be extended with a variety of plugins. These small additional programs add functions for image and media management or load time optimization, for example. There are free and paid plugins, currently there are more than 54,000 plugins for WordPress available. The following overview tries to bring some order into the Plugin chaos and reflects only the personal Plugin preferences of the author again - without claim to completeness. For each plugin we have given additional hints regarding the basic data protection regulation. But even these hints can only give an orientation and therefore do not represent legal advice.
All plugins can be found in the plugin directory of Wordpress: https://wordpress.org/plugins/ - The link to the respective plugin can be found under the descriptions.
This list contains a large number of plugins, but this does not mean that you should install all of them. With each plugin you get potential vulnerabilities in your WordPress blog. Uninstall plugins you don't need. The danger that you forget plugins and they can become a security risk at some point is simply too great. Update your plugins regularly. For larger version jumps, you should test the plugins in a test environment to make sure that your WordPress installation works correctly with the updated plugins. You can find out how to install a ordPress test environmentW here.
In view of the large number of plugins, it happens again and again, of course, that the authors do not update their plugins. In the WordPress plugin directory you can quickly see when a plugin was last updated:
In the screenshot you can see the field "Last updated" on the right side. In this case the last update was four years ago. The author doesn't seem to be maintaining the plugin anymore, so it could be a security risk for your blog.
Make sure that the plugins you use receive regular updates and do not open any security holes in your blog.
For a better overview we have divided our plugin suggestions into categories. Just click on the following links and you will be taken directly to the corresponding category.
Users and search engines love fast loading pages. WordPress is not always the fastest system in the standard configuration. Too big pictures, too many stylesheets or too many plugins can paralyze a WordPress system. In this category we would like to introduce a few plugins for optimizing loading times.
Cache plug-ins store the dynamically generated pages in a buffer at runtime. If a new user calls the same page, the page is not generated dynamically as usual, but is displayed from the cache.
This cache saves the web server from having to "calculate" the pages to be displayed. The plugin comes directly from the WordPress inventor "Automattic" and is very popular in the WordPress community.
Caching plugins should not be a problem for the GDPR, as the plugins only cache data on the server. However, if you also use a CDN (Content Delivery Network), this could lead to data protection problems, as in this case user data may be stored on external servers.
Page loading times have also been a ranking criterion for Google for some time now. Fast pages are better placed in search results than slow pages. Because Google has the goal of always displaying the best pages and fast pages are also better for users than slow ones.
Since the plugin only processes files locally on the server and no user data is stored on external servers, no data protection problems should occur here.
WP Rocket adheres to the GDPR. It does not access, store or use any personal data or cookies. (Source: Manufacturer Website)
The plugin automatically adjusts the image sizes for the correct display in the browser. It scales the images to the optimal size and saves loading time, which accelerates the display of your website. You can define the maximum width and height of the images in the plugin, an editor uploads images that are too large, then these are scaled to the maximum permitted dimensions during the upload.
Imsanity also offers a function for mass processing, with which uploaded images can be scaled to free up storage space.
The plugin works locally on the server and does not store any user data outside your WordPress installation, so the plugin should be GDPR compliant.
In case of an emergency you should always be able to access current backups. Normally, the hosters keep corresponding backups of your pages, but if you install updates or plugins, you should be able to perform a manual backup of your WordPress blog. How to perform a backup is described in detail in the article "WordPress Backup".
With more than one million active installations and more than 2,600 5 star ratings, this plugin is one of the most popular WordPress backup plugins. The plugin backs up files and databases and can store the backed up data on various cloud services (Google Drive, Dropbox,...). With one click you can reinstall your backed up backups. By the possibility of making automatic backups, you make sure that you always have access to a current backup of your blog.
Detailed instructions for installing Updraft can be found here.
Because your backup may contain personal information such as names, e-mail addresses, or IP addresses, you should not back it up to external services.
The plugin "BackWPup" works similarly: https://wordpress.org/plugins/backwpup/
With this plugin you can easily secure your WordPress databases. With this backup you can for example create a test environment that contains the live status of your WordPress page. The plugin also helps you to move your blog to another server.
WP Migrate DB Pro does not collect or store any personal data and is therefore inherently GDPR compliant. If you activate your license key in the plugin, your site URL will be sent to our server for licensing purposes. We also send some minimal data about the installation of the website (plugin version, WordPress version, locale and PHP version), but these are stored anonymously.
WP Migrate DB Pro migrates databases from server to server that naturally contain personal information. The vendor offers a free anonymization addon to anonymize user data when exporting from a live database.
When migrating databases with intact personal data, the vendor always recommends migration via HTTPS. (Source: manufacturer's website)
As mentioned in the introduction, every plugin installed can contain bugs that can be exploited to attack your WordPress blog. iThemes Security offers you more than 30 ways to secure your website.
The plugin protects among other things against Brute Force attacks or 404er side attacks. Additionally you can disable access to the dashboard or force strong passwords. The plugin is highly recommended for the basic protection of your blog, after all, 30,000 WordPress blogs are hacked every day.
Since you can also perform backups with the iTheme plugin, they may contain personal information about your users. In the plugin, however, you can delete personal data, even from third-party plugins, so that this plugin complies with the basic data protection regulations.
Block Bad Queries (BBQ) is a simple, super-fast plugin that protects your website from malicious URL requests. BBQ checks all incoming traffic and blocks dangerous requests.
This is a simple and solid solution for hosting environments that cannot use a strong .htaccess firewall. BBQ does not require any configuration and can therefore also be used by non-professionals. In combination with iTheme Security BBQ secures your blog against the most frequent attacks.
This plugin does not collect any user data, so that the regulations of the GDPR are not violated.
What good is the most beautiful blog if nobody sees it? Blogs - and other websites - often fail due to search engine optimization. SEO (Search Engine Optimization) is not a rocket science, but much more a clean programming craft. However, as a blog operator you seldom want to and can intervene in the programming code, there are some plugins that support the most important optimizations.
YOAST SEO is the standard plugin for search engine optimization of your WordPress blog. The plugin exists since 2008 and is the favorite tool of millions of users. There are now more than 5 million active installations of the plugin!
The plugin improves the code of your website, internal link functions optimize the structure of your website, helpful tools support you in creating your content, the preview of your search result helps you in creating title and description tags. This feature list could be continued indefinitely. In short: Install the plugin and be better found in the search engines.
The plugin does not collect any user-related data and is therefore GDPR-compliant.
All in One SEO Pack is a good alternative to YOAST. This plugin has been continuously developed since 2007 and enjoys great popularity. With more than 50.000.000 downloads it belongs to the most important SEO plugins for WordPress.
The plugin has a variety of functions, for example:
All in One SEO Pack is 100% GDPR compatible. In particular, All in One SEO Pack does not collect any personal data that falls under the GDPR. (Source: manufacturer's website)
Internal linking is of great importance for search engine optimization, but users also benefit from meaningfully set internal links. With this plugin you define words and their link targets. The plugin then automatically links the defined terms in the article with the stored link targets. The YOAST plugin in the premium version also offers a similar function.
The plugin is a bit outdated and has not been updated for a long time. Nevertheless, we use it in our checkdomain blog and are very satisfied with the plugin.
The plugin only links local pages, (probably) no user data is collected and transferred to external servers, the plugin should be GDPR compliant.
If you don't want to use the big SEO plugins right away and prefer to install smaller plugins, we recommend "Google XML Sitemaps" for the creation of sitemaps. Sitemaps help search engines like Google or Bing to index your website better. Sitemaps contain the entire structure of your blog, so search engines can find all content better and faster.
The plugin creates the XML sitemap locally on the server, (probably) no user data is collected and transferred to external servers. This plugin should be GDPR compliant.
By default, WordPress creates a detail page for each image used in a post, on which the image is displayed again. For users (and search engines), these pages offer no added value. On the contrary: the search engines read this page despite the "thin" content, which makes the index of your blog in the search engines unnecessarily large and the search engines lose time, which they lose for indexing important content. We therefore recommend redirecting these pages. That's exactly what this plugin does, it redirects these attachment pages to the corresponding content via permanent redirection. This function is also included in the plugin "All In One SEO".
The plugin only redirects pages locally to your WordPress server, it does not need to save user data or store them on third-party servers. We assume that the plugin is harmless in terms of data protection.
WordPress Version 5 is already very well equipped with the new Gutenberg Editor in terms of design and layout and actually leaves nothing to be desired. But if you don't want to upgrade to the latest WordPress version or don't want to use the Gutenberg Editor yet, you'll have to resort to the appropriate plugins. We would like to present you a small selection of the most popular extensions in the area of design and backend.
More than one million websites have already been designed with this plugin, making it one of the most popular plugins in the design field. With this plugin you can easily create and design attractive pages, similar to a website builder you do not need any programming knowledge.
You perform the edits directly in the frontend and see the result immediately. The plugin also contains many ready-made elements such as sliders, accordions, forms and galleries.
Elementor itself is GDPR compliant. With Elementor, however, you can use videos and social media buttons, in which case you will have to check to what extent these integrations violate the GDPR. In case of doubt, you should not integrate third-party services with Elementor, but with special, privacy-compliant plug-ins.
If you want to set up sliders on your website, then this (chargeable) plugin is our recommendation. With this plugin you can integrate all imaginable animations and effects into your sliders.
The operation is very simple: you can arrange buttons, graphics and fonts via drag and drop. Due to the variety of templates you can create appealing headers and sliders in a short time. In the editor you can also directly view and customize the views for Smartphone and Tablet.
Again, the plugin is GDPR compliant in itself, but if you embed third-party services such as YouTube in your headers, you must adapt this integration according to the GDPR.
NextGEN Gallery has been the industry standard WordPress Gallery plug-in since 2007 and continues to receive more than 1.5 million new downloads per year. It is easy to use for simple photo galleries, but powerful enough for the most demanding photographers, visual artists and imaging professionals.
In the backend, NextGEN provides a complete WordPress gallery management system with the ability to batch upload photos, import metadata, add/delete/reassign/sort photos, edit thumbnails, group galleries into albums and much more.
In the frontend, the free version of NextGEN offers two main gallery styles (slide shows and thumbnails) and two album styles (compact and advanced), all equipped with a variety of options for controlling size, style, timing, transitions, controls, lightbox effects and more.
This plugin does not establish any external connections, does not store any personal data and is therefore GDPR-compliant.
How many visitors does my blog have? How do I create a contact form? How can my visitors share GDPR-compliant content on social media platforms? For all these questions there are of course the appropriate plugins, some of which we introduce to you here now.
The plugin does not send any data to third-party servers and does not use any cookies, so nothing should stand in the way of GDPR compatibility.
With more than five million active installations, Contact Form 7 is the classic contact form plugin. You can manage multiple forms and customize your forms with a simple markup.
Many visitors to your website will never return to your page. There may be several reasons for this, for example, you may have already answered all of the user's questions on your first visit. It would be nice to collect the e-mail addresses of these users anyway, in order to contact them again at a later time. This is exactly where the plugin comes in, for example, it can display exit popups that appear as soon as the user leaves your site. The plugin can be connected directly to Mailchimp (newsletter sender).
The drag and drop editor makes it quick and easy to create contact forms and user notifications. With A/B testing, you can determine the optimal version of a campaign.
Could be problematic in this case (cookies, storage of personal data). You can find out more directly on the manufacturer's website: https://optinmonster.com/gdpr/
Google Analytics is the standard in web analytics. With the Monsterinsights plugin you are able to add Google Analytics to your blog with just a few clicks.
In addition to the integration of Google Code, Monsterinsights provides clear dashboards directly in the backend of your WordPress blog. So you can quickly retrieve the most important key figures of your blog in the backend.
While no single plugin can guarantee 100% GDPR compliance in WordPress, MonsterInsights goes a long way to help business owners achieve Google Analytics GDPR compliance.
This plugin is a must to comply with the GDPR guidelines and does not itself violate this regulation.
The original share buttons automatically send information about their own visitors to the social networks.
This procedure is not GDPR-compliant. The German computer magazine c't has therefore developed "Shariff", which can be used to integrate data protection-compliant part buttons that meet the requirements of the Basic Data Protection Regulation (GDPR - Directive (EU) 2016/679). This plugin currently supports 30 services in 25 languages
This plugin is a must when using sharing functions in order to comply with the GDPR guidelines and does not itself violate this regulation.