Wordpress Cookie Consent Guide and Plugin

The enactment of the European Union’s General Data Protection Regulation (GDPR) has put much stricter data privacy laws into place. Personal data collection, processing, and sharing are all now covered under this law.

Additional legislation such as the California Consumer Privacy Act (CCPA) shows the United States’ efforts to follow in the footsteps of the European Union.

These new laws have a broad reach, so trying to make sure you comply with everything they require can be confusing — especially when it comes to WordPress cookies. You’ll need to know how these new privacy laws affect your WordPress site and what kind of WordPress cookie consent is now required.

Table of Contents

What Are WordPress Cookies?
How Does WordPress Use Cookies?
How Do WordPress Plugins Use Cookies?
What Cookies Are on My WordPress Site?
Making a GDPR/CCPA-Compliant WordPress Cookie Policy
How To Add a Cookie Consent Solution to WordPress
Wrapping Up

What Are WordPress Cookies?

Cookies are small snippets of data created by websites you visit, including those created with WordPress. They function like tiny trackers and play a crucial role in nearly everything that happens on a website.

Their jobs include remembering user login information, saving shopping cart items, and helping companies create audience-specific ads.

A website can use two types of internet cookies: essential cookies and non-essential cookies. The former gets used for the smooth functioning of a website, and the latter gets used to ensure visitors have a more personalized experience.

Essential cookies might carry information over a network or help provide a specific service requested by the user. However, they usually don’t store any specific data.
Non-essential cookies like those used to create personalized experiences on a WordPress site may keep user data. For this reason, the GDPR and CCPA cover cookies to make sure no organization is exploiting consumer data.

How Does WordPress Use Cookies?

WordPress is a content management system (CMS) used to create websites, blogs, mailing lists, and more. It powers approximately 40% of all websites currently on the internet.

The default version of WordPress generates session cookies (essential) and comment cookies (nonessential) during a visit.

If a website is powered by WordPress, session cookies are activated once a visitor logs in to the website. These session cookies allow the website to save a user’s authentication details, which include:

Username
Password
Email address
Phone number

These cookies record the personalized settings of both user and admin portions of a WordPress site.

Comment cookies get generated when a user decides to leave a comment on a WordPress-powered website. These cookies enable WordPress to store the user’s username, email address, and password so that the next time they visit, the data gets automatically filled in.

However, most WordPress admins don’t use the simple version of WordPress. Instead, they often add different plugins to their websites, bringing a wider variety of WordPress cookies into play.

These plugins get added to further enhance the user’s experience on the site. For example, companies may use a plugin to add a social media button to their website, which likely uses other cookies to function.

How Do WordPress Plugins Use Cookies?

Third-party plugins make extensive use of cookies. These plugins can include analytics, history, advertising, or e-commerce features.

For example, if your website has a related posts plugin, it might use cookies to gather data on other pages visited by the user. That data is then processed to suggest similar pages.

For further example, an analytics plugin uses cookies to save a user’s behavioral data. You can then use this behavioral data to create a more personalized experience for the user, focusing on content they have interacted with in the past and providing more relevant ads.

These plugins could be using information that the two default WordPress cookies we discussed above have saved, or they could be storing information on their own.

What Cookies Are on My WordPress Site?

The default cookies used by WordPress are session and comment cookies. The session cookies track a user’s session, and the comment cookies remember a commenter’s details.

In addition to these two default WordPress cookies, third-party plugins use additional cookies that can be toggled and you need to consider.

Common Cookies That WordPress Sites Use

Cookies vary based on the type of website you have and what plugins are integrated into your WordPress site. Some of the available plugins may use the following:

Authentication cookies: Authentication cookies are used to keep track of whether a user is actively logged in.
Cookies that store preferences: These cookies store a user’s preferences, such as account name, language, and which version of the website (mobile or desktop) they are using.
Statistics and analytics cookies: These cookies collect data on users’ interactions with sites powered by WordPress. Analytical data such as pages most visited and items most viewed are some examples. These details create a more personalized experience for users.
Cookies used for marketing or tracking: These cookies are used for tracking site traffic and targeted advertising. They track details of users on the WordPress site, including the number of visitors, the amount of times an ad is repeated on the site, and the response a particular ad has received. These cookies help companies analyze the success of an ad campaign. Trusted third-party networks usually enable these cookies.
Embedded content: Most WordPress websites integrate various third-party plugins and applications to better users’ experiences. Such third-party websites include social media platforms like Facebook, Instagram, and LinkedIn. These plugins may also contain embedded content from video service providers such as Youtube. However, the cookies enabled by such plugins come with a risk of possibly tracking a user’s online activity.
Web beacons: Web beacons have a similar purpose to cookies, but they function differently. They are generally clear graphic images that provide statistics to WordPress. They often go hand-in-hand with cookies, but if cookies are disabled, the web beacon can still be active, even though it won’t be fully functional.

What Cookies Is Your WordPress Site Using?

Cookies get stored in a user’s browser. The quickest way of checking the kind of cookies your website is using is to use our website cookie scanner.

Use Termly To Scan Your WordPress Site for Cookies

Use our Cookie Consent Manager to scan your website and let us detect and categorize most of your WordPress site’s cookies.

Step 1: Enter your website URL into the scanner below

Step 2: We’ll scan your site and categorize the majority of your cookies

Step 3: We’ll generate your cookie policy & customizable cookie banner

Our cookie consent tool can handle all your cookie needs on your WordPress site. Along with scanning and categorizing your cookies, we can:

Automatically block non-essential cookies that users have not consented to
Log and track your users’ cookie consent settings and keep records for you
Produce a multi-language cookie banner for you that’s dynamic based on your users’ location
Schedule scans to run every week, month, or three months

Check Your WordPress Cookies Using Your Web Browser

Alternatively, you can check what cookies your WordPress site uses by using your web browser as we show you below.

Checking Cookies in Chrome

Step #1: If your computer is operating on Windows, you have to right-click on the window of your website. On an Apple OS, you can either use the two-finger click or the control+click function.

checking cookies in chrome - step 1

Step #2: An option menu will pop up after you right click. The last option on the list will be an “Inspect” option. Selecting it will open the Chrome developer console in another section of the window.

checking cookies in chrome - step 2

Step #3: You’ll see a few different tabs at the top of the developer console. Select the “Application” tab. If the tab isn’t visible, you might have to extend the list by clicking on the “>>” option.

checking cookies in chrome - step 3.1

checking cookies in chrome - step 3.2

Step #4: Once you click the “Application” button, a sidebar will appear on the left. Click the “Cookies” option which will be a sub-option under the “Storage” section.

checking cookies in chrome - step 4

Step #5: After clicking “Cookies,” you will see a few columns of information that will show whether your website’s cookies are secure or if there are any active third-party cookies. In the “Session” tab, you can see where those cookies are being stored and whether they are session cookies or persistent cookies.

checking cookies in chrome - step 5

Checking Cookies in Firefox

Step #1: On a Windows PC, navigate to your website and right-click on the browser window. On an Apple OS, you can either use the two-finger click or the control+click feature.

checking cookies in firefox - step 1

Step #2: An option menu will appear after you right click. Select the “Inspect” option.

checking cookies in firefox - step 2

Step #3: A new section will open in your browser window. Select the “Storage” option from the menu bar. Once you click “Storage,” a list of options will appear. Choose “Cookies” from this menu.

checking cookies in firefox - step 3

Step #4: After clicking “Cookies,” you’ll see a few columns of information that show whether your website’s cookies are secure or if there are any active third-party cookies. In the “Path” column, you can see where those cookies are being stored. You can also see which of them are session cookies or persistent cookies by checking the “Expires/Max-Age” tab.

checking cookies in firefox - step 4

Article 12 of the GDPR requires website owners to inform users of any data collection and processing. A privacy policy gives users information about how your website collects, shares, and treats consumer data. For example, if your WordPress website uses cookies, it needs to be highlighted in your WordPress privacy policy.

A cookie policy for your WordPress site is a document specific to cookies. It outlines cookie usage and how users can control their cookie preferences.

Your dedicated cookie policy should be linked within the cookies notice section of your privacy policy, in a navigation menu, and from your cookie notification. Some of the general details to be included in this cookie policy section are:

The types of cookies that are activated whenever the user visits the website
How long it takes for the cookies to expire
The purpose and function of each cookie
Where the data stored by these cookies is sent
Information on how to reject WordPress cookies
How a user can change their personal preferences regarding these cookies

You can use our cookie policy generator to make this process a lot easier on you.

There are three ways you can integrate a compliant WordPress cookie popup into your website.

WordPress Cookie Consent Plugin

Another solution for adding a WordPress Cookie bar is to use a WordPress cookie plugin. These plugins allow you to generate WordPress cookie banners in more accessible and effective ways.

For example, our WordPress cookie consent plugin helps you comply with data privacy laws and regulations like the GDPR, CCPA, ePrivacy Directive (EU Cookie Law), and PECR while creating a custom WordPress cookie consent banner.

cookie solutions wordpress

You can customize the settings to get a live WordPress cookie consent banner and a compliant WordPress cookie policy on your site. After generating your cookie policy, it is automatically updated after every scan. That allows you to notify your website’s users about all the different cookies you use and get their consent for using them without harming user experience or site aesthetics.

Managed WordPress Cookie Solution (Recommended)

A dedicated cookie consent management platform such as our Cookie Consent Manager can ensure your WordPress cookies are fully compliant with data privacy protection laws.

Our cookie solution can handle all the cookie compliance requirements for your WordPress site. It can:

Scan and categorize your cookies
Block non-essential cookies that users have not consented to
Track your users’ cookie consent settings and log the records for you
Produce a comprehensive cookie banner for you
Schedule cookie compliance scans to run every week, month, or three months

Cookie managers like ours also allow for an automatic WordPress cookie restricting function to make the finishing steps of setting up your website and staying in compliance much easier.

DIY (Not Recommended)

The DIY method allows you to integrate a WordPress cookie consent without a plugin. To do this, you’ll need a little coding knowledge. A WordPress cookie notice can be added with a piece of CSS code directly entered into the footer of your site. This method, however, may be risky for those who aren’t proficient in coding.

An alternate approach you can use is to install a Headers and Footers plugin into your website. Once you activate the plugin, you can simply add the code into the footer. You can edit the last line of code to change the wording within your WordPress cookie bar.

Wrapping Up

The new guidelines of the GDPR and CCPA have introduced safeguards to protect the personal data of users from being exploited. All websites, including your WordPress website, are required to be in compliance with these laws.

However, with the additional WordPress cookies used by third-party plugins, it can be difficult to stay in compliance. Cookies are a crucial part of the internet, and most WordPress websites use various cookies that save the personal data of your users for different purposes.

To make sure your users’ personal data isn’t exploited — or to avoid large fines for non-compliance — you need to be aware of what cookies your WordPress site is using and how they impact your website. Plugins that use WordPress cookies can be a great addition to the user experience of your site, but they come with issues you’ll need to manage if you want to make sure your site is a safe, accommodating, and private place for all to visit.

More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Data Privacy Compliance: Everything Businesses Need To Know

GDPR for Dummies

Termly vs. Cookiebot: Comparing Features and Services

Termly vs Usercentrics: Comparing Features and Services

CCPA: California Consumer Privacy Act Explained

South Africa's Protection of Personal Information Act (POPIA) Explained

Tennessee Information Protection Act: First Look & Summary

5 Step GDPR Compliance Checklist For All Businesses

GDPR in the US: Compliance Simplified for Businesses