Learn WordPress 
Cookies are small data files that are stored on your computer through browsers. Cookies save your identity and information and your browser uses them to bring a better search experience.
Companies that are working within the European Union territory are required to follow the GDPR rule and notify users that the website they are visiting uses cookies.
The question that comes to mind is, does WordPress site use cookies? In this article, we would like to discuss cookies in WordPress and ways to comply with GDPR using simple plugins.
Does WordPress Uses Cookies?
WordPress uses cookies for user authentication. Cookies make the website run smoothly and bring better user-experience. Those who have signed up on the website are required to use cookies to login. In addition, cookies are used when a user posts a comment as well.
Cookies are used to remember the user’s credentials. Such as username and email. Also, links and call to actions users have clicked on will be stored in cookies. In addition, cookies are used if your website is an online store.
Advertisements also use cookies. This explains why you always see ads related to your search history.
In some cases, websites aren’t required to ask permission to save cookies, they only notify them. For example, in online store websites when the user adds a product to his/her shopping cart it gets stored in the cookies and used to load the website faster.
Therefore, websites that use cookies to decrease the loading time won’t ask for your permission to save cookies, they just notify you.
User Cookies in WordPress
WordPress uses cookies for two of its many features. The first feature is when a user login to the website. After signing up on the website, WordPress uses the [hash] cookie to store the user’s authentication (username and password).
Once you are logged in, WordPress uses cookies to log your login. When a user tries to log in to WordPress, cookies automatically check the entered credential with the saved credential. If they are matched, the user will be granted access.
If the login cookies are expired for the administrator page, you will have to re-login to save the cookies once again.
Cookies in Comment
Cookies are also used in the comment section. By using cookies in the comment section, users are no longer required to enter their username or email. Cookies used in the comment section are:
comment_author_{HASH}, comment_author_email_{HASH} and comment_author_url_{HASH}
Google Analytics
When you configure Google Analytics on your website, extra cookies will be installed and added to the website. Google Analytics allows you to anonymously save IP addresses with the MonsterInsight plugin.
The first cookie that Google Analytics uses is _ga-. This cookie is used to store the user’s IP.
_gat- is the second cookie that stores the requests.
Plugins and Themes in WordPress
WordPress has many plugins and themes that use cookies. Cookies are used in sign-ups, authentication, login, posting comments, and purchases. Plugins and themes usually ask users for consent to save cookies.
There are two methods to verify users and save data.
Explicit Consent: In this method, cookies won’t be created until users consent and allow plugins or themes to create cookies. If users don’t allow cookies to be created, the themes and plugins will provide limited functionality to that user.
Implied Consent: In this method, the website doesn’t require the user to consent. They will automatically create cookies and will only notify you that they are using cookies. If users don’t want the website to use cookies, they can either exit the website or disable them.
Other Cookies in WordPress
There are many tools and extensions you can use to identify the cookies used on your website. Attacat Cookie Audit Tool is a great tool you can use to identify cookies on a website.
GDPR in WordPress
As mentioned above, companies that operate within the European Union territory are required to follow the GDPR law.
What is GDPR?
GDPR is short for General Data Protection Regulation. GDPR is defined to give EU citizens control over their personal permission on the internet.
Based on this law, companies in the EU must follow a certain set of rules and they are required to follow the GDPR law and notify users whenever they update their terms & services through email. European companies that don’t follow this law will be fined.
GDPR Plugin for WordPress
WordPress GDPR Pro is a WordPress plugin that adds GDPR compliance and the right to be forgotten to your website. This plugin has many features and follows the GDPR law.
Cookie Popup is the first feature of this plugin. By using this feature you can notify users of used cookies and ask for their consent. In the settings, you can customize the button and enable or disable the “Enable Decline Button”.
Privacy Policy is another feature of this plugin. By enabling this option, users are automatically directed to the privacy policy page. By enabling the Require logged in users to accept privacy policy users must log in to their accounts and accept the privacy policy. If this option is not enabled, all users will automatically be given permission.
Forget Me is another feature offered by this plugin. By enabling it a form is created which allows users to delete all the stored information on the website. Then, a notification will be sent to the webmaster.
Control EU Traffic allows you to display the popup only for EU citizens or you can completely block the website for EU citizens. In addition, you have the option to edit the EU countries (add or remove some countries) or redirect them to another page.
Data Rectification allows users to change their stored data or update them.
Data Breach is a great feature offered in this plugin. If the website is hacked the users will be notified that their information may be in danger.
Following GDPR in Google Analytics
MonsterInsights is a WordPress plugin for Google Analytics. By using this plugin you can view the overview of Google Analytics. In addition, you can see live activities.
This plugin also monitors clicks on links or ads and most importantly, configures Google Analytics with GDPR law.
GDPR In Contact Us
In WordPress, if you are using contact us form and saving the information, you have to notify the users. However, you are required to ask for users’ consent if you are going to use their information for marketing purposes.
In this form, you must disable cookies, IP monitorings, and user-agents.
To insert a contact us form based on the GDPR law you need to clearly tell users that it is created based on the GDPR law.
Adding Delete Me Feature
By clicking on the Delete Me feature you allow users to delete their profile in WordPress. Once the process is finished they will receive a message. Keep in mind, when a user deletes its account all of the posts, links, and comments will get deleted as well.
You can limit this feature to a certain user role.
Enable Cookies for Different Browsers
By default, cookies are enabled on browsers. To enable cookies or configure them, follow the steps below.
Google Chrome
You can enable cookies in Google Chrome by following the steps below:
- Open Google Chrome
- From top right corner click on More
- Click on Setting then go to Advanced
- Click on Site Setting underneath Privacy and Security
- You can allow certain websites to store cookies.
Mozilla Firefox
To enable cookies in Firefox, follow the steps below:
- Open Mozilla Firefox
- Go to Settings
- Click on Content Blocking
- Change settings to Standard, Strict or Custom