If you have a WordPress website, you should be aware that WordPress uses cookies like every website on the internet. Cookies are small text files that contain information about your site visitors and their activities on your website.
If it were not for cookies, the whole browsing experience and personalization wouldn’t be there for websites. Yet, in a world where privacy regulations reign supreme, cookies can quickly turn from sweet to sour, with hefty fines looming over non-compliance.
In this article, we delve into WordPress cookies, how they are used, their potential risks, and the measures you need to take to ensure compliance. Whether you’re a seasoned webmaster or a curious newcomer, this article has got you covered.
Cookies are small text files stored on a user’s browser when they visit a website. These files contain information about the visitors and their activities on the website. Cookies serve a number of purposes, including enhancing user experience, enabling personalized content and advertisements, and tracking user behavior.
WordPress uses cookies for its functionality, such as authentication and comments. For example, WordPress cookies are used to find your login status (whether or not you are logged in). Without these cookies, users can’t log in or post comments on a WordPress website.
These cookies are stored in a hashed format to ensure security, safeguarding them against unauthorized access by external parties.
In the absence of cookies, or if they have expired or become invalid due to manual editing for any reason, WordPress will prompt users to log in again to acquire new cookies.
Also Read: Shopify Cookies: All You Need to Know
What Cookies Does WordPress Use?
The core WordPress software uses two types of cookies.
- Users cookies – Tracks users’ sessions on a website
- Commenter cookies – Remembers details of commenters on a website.
Users cookies
Users cookies are used for authenticating users who have registered an account on a WordPress website.
Here are the three users cookies set by WordPress:
- wordpress_[hash]: Upon logging in, WordPress uses the wordpress_[hash] cookie to store your authentication information. This particular cookie is limited to the Administration screen, specifically to the /wp-admin/ page.
- wordpress_logged_in_[hash]: When a visitor log in, WordPress establishes the wordpress_logged_in_[hash] cookie. This cookie serves the purpose of indicating your logged-in status and identifying your user identity for most interactions within the interface.
- wp-settings-{time}-[UID]: WordPress sets several wp-settings-{time}-[UID] cookies. The numerical value at the end represents your unique user ID from the users’ database table. These cookies are used to personalize the admin interface and influence the appearance of the main site interface.
If your website does not have active logged-in visitors, then the users cookies are hardly used.
Commenter cookies
Commenter cookies refer to the cookies that are stored on a visitor’s browser when they submit a comment on your website. These cookies are used to store information about the commenter so that they don’t have to enter the information each time they post a comment on your website.
Below are the different types of commenter cookies set by WordPress:
- comment_author_{HASH} – Stores the author name of the commenter
- comment_author_email_{HASH} – Stores the email address of the commenter
- comment_author_url_{HASH} – Stores the website URLs of the commenter
The commenter cookies are set to expire within a year.
These two are the cookies used by the core WordPress software. However, additional third-party cookies may be added to your WordPress website depending on your installed and activated plugins and themes. Also, there can be other third-party services that can add cookies, like Google Analytics, Hotjar, etc.
These cookies may be necessary to retain toggle settings, preserve search history, facilitate analytics tracking, enable advertising features, or support eCommerce functionality.
The key point to remember is that while WordPress itself uses only two types of “core” cookies, it doesn’t imply that your website is limited to using only two cookies. You need to Identify all the cookies set by your website and then provide a cookie policy with the details of the cookies used.
WordPress cookies store information in an encrypted or ‘hashed’ format, making it nearly impossible for anyone to decrypt and extract the original information.
However, it is important to note that third-party cookies on your website, which are set by the plugins you use, may not be stored in an encrypted format. If these third-party cookies contain the personal information of your visitors, there is a potential risk of someone gaining access to and extracting personal information from these cookies.
In WordPress, cookies are typically used to store temporary information or user-specific data. They are sent as part of the HTTP headers between the server and the user’s browser.
Each cookie has a name-value pair and may include additional attributes such as expiration time, path, and domain. These attributes determine the lifespan and accessibility of the cookie. WordPress provides developers with various functions and methods to manage cookies effectively.
As a website owner, you can set, get or delete cookies on your website.
How to Set Cookies in WordPress?
To set a cookie in WordPress, you must pass specific values using the setcookie() function. Let’s assume we want to store the visitor’s username as a cookie. Here’s an example code snippet that can be added to the functions.php file in your active theme’s directory:
In the above code, we define the username, set the expiration time, and use the setcookie() function to create the cookie. The COOKIEPATH and COOKIE_DOMAIN variables are set automatically by WordPress based on your site’s configuration.
As you can see, the ‘user_username’ cookie has been added to our website.
How to Get Cookies in WordPress?
When we refer to “getting cookies” in WordPress, it means retrieving the values stored in cookies that have been set on the user’s browser. WordPress uses the $_COOKIE superglobal array to access these cookies and retrieve their values.
The $_COOKIE array contains key-value pairs where the keys represent the names of the cookies, and the corresponding values are the data stored within those cookies. By accessing the $_COOKIE array, you can retrieve and use the values stored in cookies to personalize user experiences, remember user preferences, or perform other necessary tasks.
Here’s an example code snippet to get the cookie we set earlier:
In the above code, we check if the cookie named user_username exists using the isset() function. We retrieve its value and display a personalized welcome message if it exists. Otherwise, we display a message indicating that the cookie was not found.
How to Delete Cookies in WordPress?
Sometimes, you may want to remove a cookie from your WordPress site. To delete a cookie, you need to unset its value from the $_COOKIE array and set its expiration time to a past timestamp. Here’s an example code snippet:
In the above code, we use the unset() function to remove the cookie’s value from the $_COOKIE array. Then, we set the expiration time to a past timestamp (15 minutes ago) to make the cookie immediately expire.
How to Obtain Cookie Consent on WordPress?
Since cookies carry information about site visitors, many data protection laws regulate the use of cookies on websites. To use cookies, you need prior consent from your site visitors, or else you will be penalized.
Now, let’s see how to obtain consent from site visitors for using cookies to collect information from them.
To obtain cookie consent in WordPress, you need a consent management platfrom for your website. We recommend our GDPR Cookie Consent plugin as it is a native WordPress CMP that will work within the WordPress ecosystem. With this plugin, you can comply with major privacy laws like GDPR, CCPA, LGPD, etc., for cookie usage on your website.
Follow the below steps to obtain cookie consent in WordPress:
- Step 1: Install and activate the GDPR Cookie Consent plugin.
- Step 2: Go to GDPR Cookie Consent >> Settings >> General.
- Step 3: Enable the cookie bar option.
- Step 4: Select the type of cookie law.
- Step 5: Click on Update Settings to save the settings.
And that’s it, the cookie banner will be active on your WordPress website. You can customize the cookie banner, its content, buttons, and themes from the tabs next to the General tab.
Here is a preview of the cookie banner on a WordPress website.
For more information, check out our detailed guide on cookie consent banners.
Frequently Asked Questions – WordPress Cookies
Does WordPress Use Cookies?
Yes, WordPress uses cookies to enhance user experience and provide various functionalities, such as authentication and comments. For example, cookies help WordPress identify whether a user is logged in. Without WordPress cookies, users cannot log in, and site visitors cannot post comments on your WordPress website.
How Are Cookies Stored in WordPress?
Cookies used on a WordPress website are stored in the users’ web browsers as local files. Each cookie is assigned a unique ID that helps identify sessions or remember user preferences on your website.
Do WordPress Cookies Need Consent?
No, the core WordPress cookies, such as user cookies and commenter cookies, do not require prior consent from users. They come under the category of strictly necessary cookies as they are important for the website to function properly. However, non-essential cookies, such as those used for analytics, advertising, or tracking user behavior, typically require user consent.
Can I Disable Cookies on My WordPress Website?
Yes, you can disable WordPress cookies by modifying your website configuration or by using any plugins. However, disabling cookies completely may impact certain functionalities and user experiences on your website. It is important to carefully consider the consequences and inform your users about the absence of cookies. Additionally, updating your privacy policy to reflect the disabled cookies is recommended.
Are There Any Laws Regarding WordPress Cookies?
Yes, there are legal requirements and regulations regarding WordPress cookies. The General Data Protection Regulation (GDPR) and the ePrivacy Directive are two notable regulations that govern the use of cookies on websites, including those built on the WordPress platform. These regulations emphasize the need for informed user consent before using non-essential cookies that collect personal data.
Conclusion
Understanding WordPress cookies is crucial for website owners to ensure compliance with privacy laws and provide a seamless user experience. WordPress uses cookies for authentication, tracking sessions, and remembering user preferences.
The core WordPress software utilizes session cookies and commenter cookies, while additional third-party cookies may be added by plugins. WordPress stores cookies in a hashed format, ensuring security and protecting user information.
However, it’s important to be aware of legal requirements and regulations, such as the GDPR and ePrivacy Directive, which govern the use of cookies and emphasize the need for user consent, particularly for non-essential cookies.
By understanding and effectively managing WordPress cookies, website owners can enhance user experiences while maintaining compliance with privacy regulations.
