Skip to main content
WordPress made easy with the drag & drop Total WordPress Theme!Learn More

How to Make Your WordPress Site EU Cookie Law Compliant

April 23, 2018
How to Make Your WordPress Site EU Cookie Law Compliant

By using cookies you can significantly improve user experience on your site. However, installing tracking cookies without express user consent constitutes a breach of the ePrivacy Directive 2002/58/EC (EU Cookie Law), and can result in a number of issues for European sites. This is why ensuring you make your WordPress site EU Cookie Law compliant is so important.

In this article, we’ll delve deeper into cookies, the EU Cookie Law and what it all means for your website. We’ll also discuss how easy WordPress integrations can help take the hassle and guesswork out of compliance. Let’s dive in!

What Are Cookies?

First let’s cover what exactly cookies are. When it comes to websites “cookies” are not the traditional gooey goodness you’re used to – instead they’re information files stored in the browser that contain data specific to a website visitor. They contain information relevant to your experience using a website. For example, cookies might retain a user’s search history, remember login details, or make product recommendations based on previous purchases.

How Are Cookies Used in WordPress?

With WordPress cookies are mostly used to login you into a website. Currently WordPress stores a cookie upon login to verify/store your authentication (for the backend/admin panel), another cookies to indicate that your specific user account is logged in and a few other cookies to personalize how the admin panel (or even the main website) interface appears to you. Cookies are also stored when users leave a comment.

Depending on the plugins installed or third party services being used there could be more cookies scattered around your website. For example, if you’ve added a push notifications plugin or if you’re using Google Adsense that’s at least a couple more cookies on your website that you should be aware of.

How This Applies to You

Based on the info above it’s pretty safe to assume that everyone using WordPress is also using cookies. The important part here is to disclose to your readers that you’re using them. Currently in the USA, informing visitors of your use of cookies and their purpose in your privacy policy is enough (though there are state level laws that may require more detailed information). But for European based sites (and websites targeting the European market) the rules are a bit stricter.

What Is the EU Cookie Law?

Since cookies may acquire private user information (for instance if they are used for tracking) the EU Cookie Law was formulated to ensure that these details can only be acquired with a user’s consent. Although there are certain kinds of cookies that are exempt from the law, in most cases you’ll need to do the following if you use them on your site:

  • Let your users know cookies are in use
  • Tell your users what the cookies are being used for
  • Give users the option to opt in or out of being tracked by cookies

And you’ll need to do this before visitors begin using your website. Failing to comply with the EU Cookie Law could result in incurring a fine, not to mention losing the trust of your users (which can be devastating if you use your website for business).

Before you start panicking, you should know it isn’t too difficult to make your WordPress site EU Cookie Law compliant. In fact, it’s pretty easy.

How to Make Your WordPress Site EU Cookie Law Compliant

There are three steps you’ll need to follow in order to make your WordPress site EU Cookie Law compliant. We’ll walk through each one in turn. Along the way, we’ll also cover how the Iubenda Cookie Solution plugin can help with the process.

Cookie compliance can be broken down into 3 main steps: a privacy/cookie policy, visible notice on your website and user consent. If you’re a developer you can likely create a simple cookie popup yourself, but for most folks a plugin makes this so much easier.

LuckyWP Cookie Notice Plugin

One option is to simply create your own privacy policy then add a cookie notice to your site with a free plugin, like the Lucky WP Cookie Notice. It’s a simple and quick way to add a basic notice to your site.

Cookie Consent by Securiti

Or you could use the Cookie Consent by Securiti to create a more advanced custom banner for your site. The plugin is quick and easy to use, offering plenty of options for text, branding, colors and placement and is compliance with GDPR, CCPA and many other web privacy regulations. Plus with the built-in free Securiti scan you can be sure that all cookies on your site are properly identified and disclosed for users to opt in or out of. And the plugin collects required consent records and makes maintenance easy thanks to real-time privacy policy updates as new cookies are registered.

iubenda Cookie Solution plugin

Another option is to use a policy generator & cookie notice such as the Iubenda Cookie Solution. With this plugin you can easily link to your cookie policy from a prominent banner on your site. Once a user is directed to the policy, they can read through instructions about how to manage their cookie preferences, and give or deny permission for their use. You have the option to link to your own previously-created cookie policy, or easily create a new one with Iubenda’s privacy and cookie policy generator. What’s more, this plugin automatically blocks cookies prior to obtaining user consent.

Any one of these plugins is a step in the right direction to make your WordPress site EU Cookie Law compliant.

Step 1: Have a Cookie Policy In Place

Iubenda WordPress Plugin

Your policy document (or “extended notice”) should comprehensively detail your site’s use of cookies. In order to be compliant with the law, this document should include each of the following points.

  • A statement clearly informing users that cookies are in use on your website
  • An explanation of what cookies are
  • An explanation of what kinds of cookies are in use (by you and/or third parties)
  • A clear overview of how and why you (and/or third parties) are using cookies
  • And an explanation of how users can opt-out of having cookies placed on their device(s)

Creating a cookie policy to address these points is necessary. WordPress just so happens to make this pretty easy. Just use the built-in Privacy Policy template under Settings > Privacy. Simply edit the template to include information (and cookies) related to your site.

Alternatively, you can use a service such as Iubenda to generate your policy. For this you will first need to create an account, select a pan (don’t worry – they offer a free lite plan) and then follow a few simple steps to generate your policy. Once your policy is set up, you will receive a code. Be sure to keep that code handy, as you’ll need it to add your privacy policy to your WordPress site.

Step 2: Place a Consent Banner on Your Site

With your privacy policy ready, you’ll now need to add a consent banner (or brief notice) to your website. This should be prominently displayed so it’s the first information a user sees when they visit your site. The important information to include here is a notice that your site does use cookies as well as a link to your policy.

LuckyWP Cookie Notice Bar

If you’ve created your own privacy policy page you can use any basic cookie notice plugin to add a simple statement (with links) on your homepage. One good option is the LuckyWP Cookie Notice. This plugin includes easy options to add a cookie use disclaimer, Accept/Reject buttons, read more link (to point to your privacy policy), expiration of acceptance and the ability to include added scripts on the page after a user has consented.

If you’ve used Iubenda, you’ll need to use their free Cookie Solution plugin to add your cookie policy and a consent banner to your site. After you install and activate the plugin a new tab should appear in your dashboard labeled Iubenda. You will need to enter your Iubenda code from step 1 in order to add the cookie policy and banner to your site.

Link to Your iubenda Policy

You’ll also have the option to configure a number of settings for your cookie banner. You can select whether you want it to appear in your header or footer, and even automatically block certain scripts.

Configure Iubenda Cookie Banner Settings

Once you’ve made your selection, click on Save Changes.

iubenda Cookie Solution

Your banner, and the policy it links to, will now be displayed on your site!

Step 3: Allow Users to Give Consent

As we touched on earlier, when you make your WordPress site EU Cookie Law compliant you’ll need to give users the opportunity to accept or decline the use of cookies. If a user does not actively give their consent, you’ll need to block all scripts that install cookies. This should be triggered if a visitor rejects cookies, or simply fails to choose the “I accept” option.

Fortunately, most cookie consent/notice plugins offer this feature and the Iubenda Cookie Solution plugin is no different. It will automatically detect and block scripts associated with cookies (including scripts from Google, Facebook, YouTube, etc) as well as enable you to manually block additional resources as you see fit.


User privacy is one of the biggest we security issues so far in 2018. As such, it’s more important than ever to ensure that your cookie policy and notifications are watertight. Fortunately plugins like LuckyWP Cookie Notice and Iubenda can make this task much easier for WordPress.

Do you have any questions about EU Cookie Law compliance? Or how to make your WordPress site EU Cookie Law compliant? Let us know in the comment section below!

Article by WordCandy guest author
Subscribe to the Newsletter

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.



    Does it affect website loading speed?

    • Kyla

      It’s a possibility since the Iubenda plugin has to connect to a third party site, but you would have to run tests to be sure. You can checkout our WordPress GDPR Compliance guide which goes over key steps, including cookie notices to find links to similar plugins to compare to Iubenda’s plugin.

  2. liza Stirling

    The problem I am having is that any plug in requires a geographical address as part of my cookie policy and I don’t want to put my home address. Is there any way around this please?

    • Kyla

      Get a PO Box or join a shared workspace/business center. It’s a good way to provide a legitimate address and receive mail without telling everyone your home GPS coordinates.

  3. Toby

    Helpful tips for WordPress cookie notice, thank you

  4. Informatika

    Are there any exemptions or exceptions to the EU Cookie Law that website owners should be aware of?

    • Kyla

      Good question! The only exception I know of is that you can store strictly necessary cookies before asking for consent, but even if they are essential all cookies should still be disclosed with a notice. Hope that makes sense!

Leave a Reply

Your email address will not be published. Required fields are marked *

Learn how your comment data is processed by viewing our privacy policy here.