Does WordPress Use Cookies?

Cookies are an unavoidable part of browsing the web. These tiny snippets of plain text code are installed on browsers with the aim of creating a better user experience and improving some aspects of a website’s performance. The WordPress source code includes some default cookies, and numerous plugins also offer ways to manage cookies and keep them compliant with the European Union’s new General Data Protection Regulation, or GDPR.

What Are Cookies?

When you log onto a site you’ve visited before and your login credentials are already loaded, or you return to an eCommerce shopping cart to find your chosen items stored there along with suggestions for others you might like, you have encountered cookies. These small bits of code are installed on a user’s browser, not their personal one, during a visit to a website in order to “remember,” information, such as email addresses, login information, and personal data and behaviors. Because that information is readily available the next time a user visits the site or logs in, it helps the site load faster and provides a smoother experience for the user.

Cookies can be set either by the site itself or by third parties that provide content via the site, such as advertisements or embedded video content. They can exist as “session cookies,” that expire once the user exits the site, or as “persistent cookies,” that remain on a user’s web browser for a set period of time – as short as a few hours, or as long as a year or more.

Cookies can also improve the speed and performance of a website by remembering and autofilling information on contact and comment forms, and by streamlining the checkout process on eCommerce sites.

How Does WordPress Use Cookies?

Because cookies are so widely used to improve site performance and user experience, WordPress has two different ways to add and manage them on any WordPress site: from the WordPress source code itself, and with a growing number of plugins that create cookies and keep them compliant with the provisions of the GDPR.

By default, the WordPress source code is designed to generate cookies for two reasons: to save users’ login credentials for future visits, and to store identifying information when users leave comments. These two cookie functions are built into the source code, so they are a part of every WordPress site, although both of them may not be activated. For example, the commenting function is disabled on some sites, so as a result, that particular cookie isn’t needed. The default WordPress cookies can help the site load faster and make it easier for returning website visitors to log in.

Different kinds of WordPress sites might also need other kinds of cookies for optimal performance. eCommerce sites need cookies to manage shopping carts, wish lists, and buyer preferences. Advertisers need other kinds of cookies to remember buyer behaviors and track which campaigns are performing best. Even analytics software such as Google Analytics can rely on cookies to provide statistical information about a web user’s location, browsing behavior, and more. For those and other site-specific functions, a number of WordPress plugins, both free and premium, can set their own cookies, with customizable settings to establish things like the cookie’s expiration period and the kind of personal data it tracks.

WordPress users with coding experience can also create custom cookies and set them directly into their site’s functions.php file. In this way, users can establish all the cookie’s values, including its expiration and triggering behaviors, such as when a site visitor clicks on a button or fills out a field or a form.

Managing Cookies on WordPress Sites

Cookies can carry out a number of essential functions, but many users find them intrusive and want to disable them. Browsers like Chrome and Firefox offer options under Privacy settings for showing what kinds of cookies have been set and for clearing them from the browsing history – or for refusing to accept cookies at all. When selecting this option, users are warned that getting rid of cookies can affect how a site performs and that not all of its features may be available. That can also mean that since data isn’t being saved, users must enter their required information every time they visit the site. Still, for users concerned about online privacy, disabling cookies can be a way to protect sensitive data.

WordPress Cookies Must Be GDPR Compliant

In response to those concerns and some very public incidents of data breaches involving large companies with lots of stored customer information, the European Union has implemented the General Data Protection Regulation to protect the online data of every EU citizen. But because websites can be accessed by anyone, from anywhere, the GDPR has a global reach, and it affects every WordPress site.

With stiff penalties for noncompliance, this data protection regulation requires every site to get users’ explicit consent for acquiring, storing, and using personal information, such as names, electronic and physical addresses, financial and health data, locations, and more. This requirement directly affects obvious ways of collecting information, such as contact and subscription forms or during eCommerce transactions, but it also pertains to cookies – and WordPress sites need to take extra steps to make their cookies GDPR compliant.

The most direct way for any site to achieve WordPress GDPR compliance is to add a positive opt-in, such as a checkbox, that asks for users’ explicit consent to use any personal information they supply and to include a clear privacy policy in a prominent place on the site.  But cookies work differently – they remain passively in the background on a user’s web browser and users may not even be aware that they exist, or what kind of information they’re collecting. That kind of data collection also falls under the provisions of the GDPR, so now site runners must inform visitors directly about their cookie policy and get their explicit consent before placing cookies on their browsers.

To make it easier for WordPress sites to use cookies and still be GPDR compliant, a number of new WordPress cookies plugins are available for creating cookie policy notifications and consent forms. Available both from the WordPress plugin directory and from third-party developers, plugins such as Cookie Consent, EU Cookie Law, and Cookie Notice for GDPR, can be installed on any WordPress site to give users more control over the site’s use of cookies and stay in line with the new regulations on data privacy.

Cookies make WordPress sites run faster and help to provide a positive user experience. With its default cookies built right into the source code and plugins for site-specific needs, WordPress has the tools for making cookies work for your site – and for your visitors.

To learn more about our WordPress products or web hosting packages, check out our WordPress hosting guide or talk to one of our Bluehost representatives today.

Build the Website of Your Dreams with Bluehost

Get Started
Machielle Thomas
Machielle Thomas | Content Manager
Machielle Thomas writes and curates web and email content for marketing professionals, small business owners, bloggers, and more.

Leave a comment

Your email address will not be published. Required fields are marked*