Cookie Law in WordPress: Implementation Guide

In this article, we are going to talk about the cookie law and how it affects websites created with WordPress. No, it’s not the most exciting topic in the world, but it’s something very important, especially if you’re based in the European Union. We will start with an introduction to the cookie law and its importance in today’s world.

What is the Cookie Law?

The cookie law is a regulation that governs the use of cookies on websites to protect the privacy and personal data of users. Cookies are small text files that websites store on the user’s device to remember their preferences, session data, and other useful information.

Importance of Compliance with the Regulation

Complying with the cookie law is crucial to avoid fines and penalties, as well as to maintain users’ trust in your website. Moreover, complying with the regulation demonstrates transparency and responsibility in the handling of personal data.

How it Affects WordPress Sites

WordPress websites also need to comply with the cookie law. And you may be wondering, how can this be done?
Fortunately, there are various tools and plugins that facilitate the configuration and compliance process with this regulation on your websites.

Types of Cookies and Their Customization

Cookies are small text files that websites use to store information on the user’s device. There are different types of cookies that serve different functions, and below, we explain the main types and how to customize them on your website.

1. Session Cookies: These cookies are automatically deleted when the user closes the browser. They are useful for storing temporary information, such as login data or the content of a shopping cart in an e-commerce site.
   Customization: You should configure session cookies to expire when the browser is closed and to store only necessary information.

2. Persistent Cookies: Unlike session cookies, persistent cookies are stored on the user’s device even after closing the browser. They are useful for remembering user preferences on future visits to the website.
   Customization: You should set a reasonable expiration time for persistent cookies and store only relevant information to enhance the user experience.

3. Technical Cookies: These cookies are necessary for the basic functioning of a website. They allow, for example, navigation between pages or access to restricted areas.
   Customization: It is not necessary to customize technical cookies as they are essential for the functioning of the website.

4. Analytics Cookies: These cookies collect information about how visitors use the website, such as pages visited, time spent, or traffic sources.
   Customization: Ensure that analytics cookies respect user privacy and comply with data protection laws. Also, customize their duration and the information they collect according to the analytical needs of your website.

5. Third-Party Cookies: These are cookies created by domains other than the one the user is visiting. For example, social media cookies or Google Analytics cookies.
   Customization: You should configure third-party cookies to be installed only after obtaining user consent. Additionally, you need to provide clear information about their use and how to manage them in the cookie policy.

How to Insert the Cookie Policy in WordPress?

Using Plugins

Below, we present the most downloaded plugins for cookies that will help you comply with the law on your WordPress site:

CookieYes: (1+ million downloads):

CookieYes is a WordPress plugin with over one million active users and a 5-star rating. Its main goal is to enable website owners to comply with GDPR, CCPA, and other privacy regulations. Additionally, the plugin offers a variety of customizable cookie consent templates, automatic scanning, and support.
Key features of CookieYes:

• Customizable cookie consent templates
• Automatic scanning and categorization of cookies
• Third-party cookie blocker
• Cookie expiration settings
• Support

Complianz GDPR/CCPA Cookie Consent: (600,000+ downloads)

Complianz is a WordPress plugin for cookie consent developed by the same company behind the popular Really Simple SSL plugin (which helps migrate WordPress sites from HTTP to HTTPS). This plugin supports GDPR, CCPA, and other cookie consent regulations. It allows visitors to apply different consent behaviors based on their location, ensuring compliance and an optimal user experience for each location.
Key features of Complianz:

• Automatic scanning and categorization of cookies
• Customizable cookie consent templates
• Granular control over cookie settings and permissions
• Support for a wide range of privacy regulations
• Integration with popular third-party services
• Completion bar in Complianz

This is, for example, the one we use on this page.

Cookie Notice & Compliance for GDPR / CCPA (1+ million downloads)

Cookie Notice & Compliance for GDPR / CCPA is a well-known cookie plugin for WordPress with an almost perfect rating of 4.9 stars out of nearly 2,900 reviews. The plugin consists of two main parts: Cookie Notice and Cookie Compliance. First, Cookie Notice is a simple banner that informs website visitors about the use of cookies on their site and allows them to give their consent in various ways. On the other hand, Cookie Compliance is a comprehensive consent management platform (CMP) that adheres to guidelines from over 100 countries and offers users detailed options to manage their privacy.

• Easy configuration of the cookie consent banner
• Customizable banner designs
• Advanced consent management features
• Supports CCPA, LGPD, PECR, and other regulations

Without Plugins

To add cookies without using plugins in WordPress, you can manually add the necessary JavaScript code to your WordPress theme, although it’s not an easy task.
Here’s a basic example of how to do it:

1. Access the WordPress administration panel.
2. Go to “Appearance” > “Theme Editor” (if enabled).
3. In the list of theme files, find the “header.php” or “footer.php” file and click on it to edit.
4. Add the following JavaScript code within the <head> tag (if editing “header.php”) or before the </body> tag (if editing “footer.php”):

<script>
  window.addEventListener('load', function () {
    var consent = localStorage.getItem('cookie_consent');
    if (!consent) {
      var message = 'This website uses cookies to enhance your experience. By continuing to browse this site, you agree to their use.';
      var button = 'Accept';
      var notice = document.createElement('div');
      notice.innerHTML = '<div style="position:fixed; bottom:0; left:0; right:0; background:#333; color:#fff; padding:10px; text-align:center; z-index:1000;">' + message + ' <button style="background:#0073aa; border:none; border-radius:3px; color:#fff; cursor:pointer; margin-left:10px; padding:5px 10px;">' + button + '</button></div>';
      document.body.appendChild(notice);
      notice.querySelector('button').addEventListener('click', function () {
        localStorage.setItem('cookie_consent', 'true');
        notice.remove();
      });
    }
  });
</script>

5. Click on “Update File” to save the changes.

This code will create a popup window at the bottom of the page informing users about the use of cookies and allowing them to accept them. When the user accepts, a value will be stored in the browser’s local storage, preventing the message from appearing again on future visits.
Please note that this is just a basic example, and you may need to customize it according to your specific needs.

When are Cookies Mandatory?

In terms of mandatory requirements, cookies themselves are not mandatory. However, privacy laws in many countries, such as the European Union through the GDPR (General Data Protection Regulation), require websites to inform visitors about the use of cookies and obtain their consent before using them. This is especially true if cookies are used to track user online activity or personalize website content.

Common Errors and How to Avoid Them in Cookie Management

Below, we present some common errors in cookie management and how you can avoid them on your website:

1. Not informing users about the use of cookies: The cookie law requires you to inform users about the use of cookies on your website. To avoid this error, add a banner or notice message on your page that clearly explains the use of cookies and how they affect the user experience. We’ve seen websites without a cookie notice too many times.
2. Not obtaining user consent before installing cookies: It is important to obtain user consent before installing any cookies on their device (except strictly necessary ones). Make sure to properly configure WordPress plugins to request user consent before installing cookies, especially third-party cookies.
3. Not providing the option to reject cookies: The cookie law requires you to offer users the possibility to reject the use of cookies. To avoid this error, include a clear option in your notice message for users to reject cookies.
4. Not updating the cookie policy: It is essential to keep the cookie policy up to date and in line with current laws. Regularly review your cookie policy to ensure it includes all necessary information and complies with current regulations.
5. Using unnecessary or invasive cookies: Excessive use of cookies or cookies that collect unnecessary personal information can negatively impact the user experience and trust in your website. Make sure to use only necessary cookies for proper functioning and analysis of your page.
6. Not blocking cookies before obtaining user consent: Ensure that you configure your website’s cookies not to be automatically installed before obtaining user consent. Use WordPress plugins that allow blocking cookies until the user accepts their use.

Conclusion

The cookie law is a regulation that we must take seriously if we want our website to be legal, transparent, and trustworthy. Fortunately, with WordPress and its plugins, complying with this law is a simple process accessible to everyone.
Once you have properly implemented the cookie law on your WordPress site, it is important to consider other aspects of your page’s security. We recommend reading our article on how to improve WordPress security for more useful tips and protection strategies.