Introduction to Cookies in WordPress

Cookies in WordPress? Bet if you’re new to WordPress, you didn’t think it had cookies. These aren’t the type you eat, but the type that stores information. In this article, you’ll learn a bit about cookies in WordPress, and even a little on data privacy.

Cookie, short for HTTP cookie, is a small packet of information that an online server issues, when a user is visiting a website. This small packet of information is stored by the web browser in the user’s computer or other devices.

So, as a user surfing a WordPress site, you can see this when you fill out the blog comment form, and it suggests your name, email address, and website URL. You can also experience how cookies work, when your browser remembers to keep you logged into the WordPress admin area, rather than logging you out each and every time you leave.

If you’re a WordPress power-user that can live a bit dangerously, or a developer, and likes handling code, you can find out what cookies your website uses through the developer tools in your browser. There should be a setting that will list all the types of cookies your site uses. For example, you can find this out in your Chrome browser by:

1. Right-click on your page (the front end of the website) and within the drop-down, select “Inspect”. This will open up the Developer console.

2. Navigate to the Applications tab.

3. Scroll to the Storage section, and find Cookies.

4. Expand the Cookies listing

5. Select the domain that you want to see what cookies are being used.

If you didn’t think WordPress used cookies, then you’re wrong. Out-of-the-box, by default, WordPress uses cookies for authentication. Most content management systems, whether hosted by a third party, or self-hosted, use some type of cookie. Unless you’re using a static website that has no login that collects no user information, no forms to collect leads, and no 3rd party analytics tracking, you will more than likely end up on a site that has cookies.

At the very least, without added plugins or 3rd party services involved, the cookies that WordPress uses are:

User Cookies

User cookies are present when the user is logged in. If you’re not logged in, then this cookie is not in use. The cookie looks somewhat like: wordpress_logged_in[hash], if you’re using the browser developer inspect tool. The data is encrypted and stored for about 15 days.

Comment Cookies

Comment cookies are present when your visitors leave comments.

• Comment author [hash] - Name of the commentator

• Commen t_authoremail [hash] - Email address

• Comment _authorurl [hash] - Commentator’s website URL

In a way, these types of cookies are good for remembering when your visitor returns, and take a year to expire. They won’t have to re-type all three of those fields, and can focus more on leaving their feedback.

Now, while there are only a few cookies used by default in WordPress, the more themes, plugins, and third party tracking you put on top of it, the more cookies that will be used. For example, there are 8 cookies used in WooCommerce, a popular WordPress ecommerce plugin. Most of them are about user behavior while using the shopping cart.

If you’re using a Google analytics plugin, your users will see that several cookies from that platform will be present.

Not all cookies are bad, unless a hacker has hijacked a cookie and is trying to exploit the user’s browser history.

By default, WordPress uses first-party cookies that are generated by the website, and is fairly safe. The only time it would be an issue is if that site had been hacked.

However, because most WordPress users install plugins that may use cookies, they may also have third-party cookies. These are not generated within the website, but from an outside website.

For example, displaying ads on your website from Google Adsense may use several cookies. These cookies are usually for tracking purposes. The potential of one of those cookies being compromised is greater.

If you’re not sure if cookies are active and want to enable them in a WordPress site, you can do this from your browser. If you’re using the Chrome browser:

1. Go to Settings.

2. Find the Security and Privacy Section.

3. Click on Cookies and other site data.

4. Select the first option to allow all cookies, or go through the settings in that section to adjust cookies experience.

If you’re a frontend user of a site powered by WordPress, unless the site owner gives options to disable cookies, you will have to disable them from your browser. Some website owners will install cookie plugins, to allow website users to either accept all cookies, or disable the ones they want.

As for the website owner, if you want to disable cookies in WordPress for your users, you can add the following snippet in your theme’s functions.php file or plugin that acts like a functions.php file:

unset($_COOKIE['visit_time']);

You will have to alter the “visit_time” part with the name of the cookie you want to disable, so that means if there are several you need to do this with, then you’ll add a line for each cookie.

If you’d like to handle code, and learn more about setting, getting and deleting WordPress cookies, WPBeginner has an in-depth tutorial.

With data privacy laws like the General Data Protection Regulation, in the European Union, and other places, website owners are being required to have a privacy policy, to be transparent about what kind of information a website collects. They also have to include a cookie policy to inform users on what cookies the website uses, and give information on how to disable those cookies.

These laws were passed to protect users from their personal information being collected and stored. They allow the user the right to request their data to be erased from a website without question.

While data privacy laws are not in every country, or in the case of the United States, every state, WordPress website owners should start thinking of putting together a privacy policy and a cookie policy. If your website caters to a global audience, then you should have both in place. If your site doesn’t target people across the world, then being prepared ahead of time is due diligence.

The hole of data privacy and cookies is very deep. This is just an introduction to cookies in WordPress, so hopefully it will give you an understanding of the basics. Go ahead and check out what cookies your website uses. If you’re using 3rd-party traffic tracking plugins or scripts, then it might be time to start thinking of your user’s data privacy.