Confused about cookies? Don’t worry, we’ve got you covered. We will walk you through whether WordPress uses cookies and if you need a cookie popup disclosure on your site (and how to install one, if you do). You don’t need a background in programming to get your head around what is required.
Does WordPress use cookies? Yes, your WordPress Blog / Website uses cookies. These cookies are used to track user sessions (users login/logout) and comments they make on your pages and posts. These cookies become a persistent identifier and by having a persistent identifier there are legal policies and notifications that need to be added. This is accomplished with a “Cookie Policy” page and a “Cookie Popup Notice”.
Not sure what all this means? Not sure how to implement these elements? No problem. Keep reading and we will walk you through everything you need to know about cookies WordPress uses and the legal implications.
Table of Contents
What are Cookies?
Cookies are small files that contain information about visitors to your website and are stored in the visitors web browser. This data identifies and tracks users’ login details and information about comments they leave on your blog posts.
Cookies are commonly used for:
- Tracking users login state and details
- Remember if a visitor toggled item open or closed
- Track the visitor as the browse or navigate the site
- Keep information during a shopping session
- Manage a Users Shopping cart
- Provide a personalized experience
- Provide data to improve the user experience
- Collect data to analyze how the site is used.
How to View Cookies in your browser
For cookies to work they must be enabled in your browser. It is very possible to disable the use of cookies. If you disable cookies then the web is not as good of an experience.
What Cookies does WordPress use?
WordPress uses or sets two types of cookies:
- User Cookies – Tracks session
- Comment Cookies – Remembers any commenter details.
User (Session) Cookies
These cookies store authentication data and are limited to the /wp-admin/ screen. After you are logged in a “wordpress_logged_in[hash] cookie is set. By default, these cookies are saved for 15 days. All the personal information is stored as hashed or encrypted data.
If you do not have visitors that actively log into your website then the session cookies are hardly used. They would only be used by administrators making updates to the site.
Comment Cookies
These cookies are set when a visitor comments on a post. Here are the three cookies that are set:
- comment_author_[hash]
- comment_author_email_[hash]
- Comment_author_url_[hash]
These cookies are helpful in that the visitor does not have to type in their information each time they want to leave a comment. Commenter cookies expire just under a year after they are set.
3rd Party Plugin Cookies
In addition to the two core WordPress cookies, plugins and other third parties can set cookies, often these can be needed to remember toggle settings, search history, analytics tracking, advertising or eCommerce functionality.
The important takeaway is that just because WP only uses two “core” cookies, it does not mean that your site is only using two cookies. It can be tough to know all the cookies your website is setting, which is why having a cookie policy is an important legal document and page to have.
If you are interested in learning more about WordPress cookies, check out the official WP Cookie Support page https://wordpress.org/support/article/cookies/
Cookies and Legal Concerns
In May of 2011, the European Union (EU) passed a directive that gave individuals the right to refuse the use of cookies. So technically there is no “EU Cookie Law”, it is just what everyone refers to is as so we are going to call it the same thing.
The directive is pretty detailed and is outside the scope of this article, so we will not go into full detail other than, you WordPress site uses cookies, your WordPress Plugins can set cookies and you need to let your visitors know which cookies or tracking information are being used when they visit your website.
To be in compliance you need to two elements to your website:
- Cookie Policy
- Cookie Policy Popup
WordPress Cookie Policy
The easiest way to create a policy is to create a new page in your WordPress site then visit a cookie policy generator and add the content to your site. A cookie policy generator is either free or paid.
If you are looking for additional options check out our post about cookie policy generator services with reviews and top picks.
In general, and remember this is not legal advice, but if you are a business or make money on the web you will want a paid or full-featured policy.
Free Cookie Policies
Free Policies pretty much cover the bases. They do lack specific details and some clauses and explanations that can be required for sites that include analytics, remarketing, advertising and user accounts.
Often times free policies require a link back to the generator that created the policy.
Paid Cookie Policies
The paid policies will include more clauses such as the use of analytics tracking, advertising, affiliate links, user accounts, and any other more legal details that could be relevant.
Plus with paid policies, you usually do not have to include a link to them in your policy.
Free Cookie Policy Generators
Cookie Policy Generator
https://www.cookiepolicygenerator.com/
This one is very straight forward and really seems to be free. They ask about what your website does, with some easy checkboxes, then your website name, URL, County, and your email address. I then output the HTML and you have your cookie policy.
The one catch to the policy is that they include a link back to their website. Not a big tradeoff, just wanted you to know that the link is included in their policy.
When reading through the clauses they are not overly detailed or authoritative. If you are looking for a starting point or something to check the box of having a policy, this one should work for you. If you need something more detailed then a paid option will be a better match. All in all, this seems like a good Free Cookie Policy Generator
Cookie Bot Policy Generator
https://www.cookiebot.com/en/cookie-policy/
This site will give you a free test but you have to enter in an email address, they will ask you to confirm your email address and then will send you the report in 24 hours.
Paid Cookie Policy Generators
Terms Feed
https://www.termsfeed.com/cookies-policy-generator/
Here they will ask you if users can create an account, do you show ads on your website, do you use analytics.
If every paid option is selected it will cost $23.
Cookie Policy Popup Plugin
If you already have your cookie policy you can use a free popup like
Lucky WP Cookie Notice
https://theluckywp.com/product/cookie-notice-gdpr/
https://wordpress.org/plugins/luckywp-cookie-notice-gdpr/
Cookie Notice for GDPR
https://wordpress.org/plugins/cookie-notice/
Iubenda cookie solution
https://wordpress.org/plugins/iubenda-cookie-law-solution/
https://www.iubenda.com/en/cookie-solution
We now have a full post outlining the Best Free and Paid Cookie Notification Popup Plugins. You should be able to find a good solution to let new visitors know that your site uses cookies using one of these plugins.
Conclusion
Cookies help the websites remember what you have done and the choices you have made. By helping you to remember the settings and what you have done the experience is a smoother one.
Additional Resources
Additional WP Cookie Posts
- https://wordpress.org/support/article/cookies/
- https://www.wpbeginner.com/glossary/cookies/
- Best Cookie Notice Popup Plugins
Cookie Policy Generator Options
Additional Cookie Information
Steven Johnson, a WP Hosting Reviews senior editor, works from Atlanta and covers all things related to WordPress and Hosting.
He graduated from Georgia Tech in Chemical Engineering, has managed hosting companies and now builds WordPress and Joomla Websites for small to medium companies full time.
