How to make your WordPress website GDPR Cookie compliant

Overview

The following HowTo guide covers the steps required to make a WordPress website GDPR cookie compliant, or at least go some way to addressing the issue.

GDPR is the EU General Data Protection Regulation framework and is somewhat complex, so I’ll say for the moment go and google it but  I liked both of the following sites https://eugdpr.org and https://smartblogger.com/gdpr

This post will look at how you can tell if your website is serving cookies.

How to tell if the site is compliant.

What you can do to make your WordPress website GDPR cookie compliant.

When you know things like how long your cookies last, what purpose they serve, and, where the data they generate is being sent, you can write an informed cookie or privacy polic.

Step by step instructions

How to tell if your site is your site using Cookies.

1; Start by opening a Browser. In this case, we’re using Firefox but Google Chrome and Safari (and others) also have options to look at cookies.

2; Next, browse to the site that you want to inspect. In the image below there is an icon that looks like a shield with a diagonal line through it next to the green padlock icon. If you hover over it with the mouse it’ll show a text block describing what has been identified. In this case, it was telling me “Tracking Content Detected”, so we know straight away that the site is presenting cookies. It could also have told me “Tracking Attempts Blocked”, but I allow them for this site.

There are a number of ways to show cookies but the simplest and quickest way (for Firefox) is to rightclick anywhere on the page and select “Inspect Element”.

You can get to the same place by leftclicking on the three bars to the top right of the browser and selecting “Web Developer>Web Console”.

Once the web console is open, select “Storage” and click the dropdown arrow next to “Cookies”. Then, choose a domain to see the cookies associated with it.

The “Domain” is where the cookies are allowed to be sent. This is useful information for writing a privacy policy because it allows you to find out which countries, the data is sent to. You can also see the expiry time which is handy for writing cookie policies.

Viewing cookies in the Firefox browser
Viewing Cookies in Firefox

There is also a lot of other information within the cookie itself such as usernames and other ID information which have implications for GDPR. In any case at this point we know that the website is setting cookies, so how do we tell if it’s compliant.

How to tell if a website is GDPR cookie compliant.

3; To tell if the site is compliant with GDPR as far as cookies are concerned, it’s possible to have it scanned by a number of sources. I used cookiebot.com and they have a free plan for small sites. Add your website details to their website checking tool and then click the “Check My Website” button.

The Cookiebot website checker
The Cookiebot website checker

4; Add your email address and choose whether or not to have the offer sent and/or to sign up for the newsletter, then click on the “Test My Website” button.

The Cookiebot GDPR/ePR cookie compliance test page
The Cookiebot compliance test page

5; They’ll send a confirmation link to the email address you used. If you confirm the email, they will offer a cookiebot trial for free, but you can just wait for the test to complete at this point.

Cookiebot mail confirmation screen
Cookiebot mail confirmation screen

6; Ouch! Well, at least now we can be sure we’re not compliant. The email shows that we’re not asking for prior consent for “necessary cookies” e-privacy regulations (ePR) and we’re not asking for prior consent for personal data (GDPR) cookies, but at least the data is being sent to ‘adequate countries’, in this case, the USA.

The Cookiebot email and scan report
Cookiebot email and scan report

From the Cookie Scan Report, we also know that the server location is in the UK.

Most of the cookies are for statistical analysis with just one being used for marketing. We can also tell that all the cookies are generated for google analytics and that two are session cookies. Two last for a day and one lasts for two years. The report also tells us which cookies have not had prior consent, which is all of them in this case.

How to make your WordPress website GDPR cookie compliant.

7; Fortunately, it is possible to install a plugin to make your WordPress website GDPR cookie compliant, at least to some degree. You should definitely check the disclaimer that comes with each plugin that will say something along the lines of, ‘Every site is different and uses cookies in different ways and for different reasons, some for e-commerce, some for login id, some for analytics blah-di-blah and it’s impossible to cater for all scenarios you should take legal advice regarding your particular circumstances, oh and don’t forget there will also be some manual work required in making your site compliant’

Most of the plugins at least perform the basic functions of requesting the required prior consent and blocking cookies until the consent has been agreed upon. They also log and save the consent so that it can be used as evidence in case it’s needed at some point.

Since we’ve had a scan done by Cookiebot and were suitably impressed by the results we’re going to install their WordPress plugin which has good reviews, over 30,000 installs and is compatible with our version of WordPress.

Select Plugins>Add New and use the Keyword search to look for ‘cookiebot’, you may prefer to use another plugin, in that case, shorten the search to ‘cookie’ or use another term like ‘GDPR’. Once you have found the one you want, click the ‘Install Now. button.

Installing the Cookiebot GDPR cookie consent notice
Installing the Cookiebot GDPR cookie consent notice.

8; Activate the plugin from the ‘Installed Plugins’ page.

Activating the Cookiebot GDPR cookie consent plugin
Activating the plugin

9; Select Cookiebot>Settings.

Selecting the Cookiebot settings page
Go to Cookiebot settings

10; Click on sign up for free at Cookiebot.com to get a Cookiebot ID.

Link to Cookiebot signup in WordPress
Go to sign up for a Cookiebot ID

11; Create the Cookiebot account.

The Cookiebot create account page
Creat a Cookiebot account

12; Click next and Cookiebot will send an email so you can confirm the email. Click on the “Click Here” link to complete the registration process.

Completing the Cookiebot registration process
Complete the registration process

13; Log in to the account as the last step to complete the registration.

Logging in to your Cookiebot account
Log in to the cookiebot account

Configuring the Cookiebot Plugin

14; Click the link to “configure Cookiebot”

Configure Cookiebot link
Prepare to configure Cookiebot

15; Add in the Domain Name in the “Domains” tab and select your preferred language in the “Content” tab and then click Save. You can change the text you wish to show on your site in the “Content” tab and select your preferred settings for how the banner appears in the “Dialogue” tab.

Adding your domain in the Cookiebot manager
Adding the domain to Cookiebot
Setting the language in the Cookiebot manager
Setting the language

16; Click the lower “Preview” icon to see the cookie declaration.

GDPR Cookie declaration page generated by Cookiebot
The Cookiebot generated cookie declaration

17; Click the upper “Preview” button to see a preview of the consent dialogue. You can change the default selected boxes under the “Dialogue” tab

Cookie GDPR consent dialogue generated by Cookiebot
The Cookiebot generated consent dialogue

18; From the “Your Scripts” tab, change the Cookie Blocking Mode to Auto and save.

Setting the cookie blocking mode in the Cookiebot manager
Setting the Cookiebot cookie blocking mode.

19; Go back to the WordPress admin Dashboard to complete the Cookiebot settings.

Paste in the Cookiebot ID, choose the default language. Do take note that we also set the language in the Cookiebot administration tool in step 15. Set “Cookie Blocking Mode” to auto. Choose whether or not to auto-upgrade and hide the popup in the WordPress admin panel and click save changes.

Cookiebot configurations in the WordPpress dashboard.
Configuring the Cookiebot configurations in the WordPress dashboard.

20; Now browse to Cookiebot>Prior Consent and select enable for the GA Google Analytics Plugin.

Setting the cookie prior consent in the WordPress dashboard for Cookiebot (with the GA Google Analytics plugin)
Select the Cookiebot prior consent in the WordPress dashboard, with the GA Google Analytics plugin

21; Visiting the site will now produce a slide down cookie consent notification. Clicking on “Show Details” will open a further drop-down box showing the “Cookie Declaration”. In the expanded dropdown, there are a series of clickable buttons that explain what cookies we are serving, so at this point, our site should be compliant and we can try testing again.

Cookiebot cookie declaration slide down presented before user accepts cookies
Cookie Declaration shown as part of the slide down cookie consent form.
Email from Cookiebot confirming website is GDPR and ePR cookie compliant.
Email confirming compliance

22; So that completes making the website at least cookie compliant. To add the cookie declaration as a web page you can copy the script from the Cookiebot management page “Your Scripts” tab to a new WordPress page. You can see the location of the script in the graphic below.

Location of cookie declaration script in the Cookiebot manager
Location of the Cookiebot script for the cookie declaration

23; From the WordPress dashboard, select Pages and click the “Add New” button.

Left-click the three dots near the top right of the page and then select Code Editor. The page will change to allow typing or pasting in HTML code and you should see the option to “Exit Code Editor to the top right of the page.

Type in a title and then paste the cookie declaration script into the next paragraph and click publish. The page will not be visible since there will be no links to it from anywhere else on the site.

Adding the Cookiebot cookie declaration as a page in WordPress
Adding the Cookiebot cookie declaration as a page in WordPress

24; Add a link to the page. For techiedoodah.com we added it to a menu that already had an Affiliate Disclaimer and a Privacy Policy. Select “Appearance>Menus” from the dashboard, choose the menu to edit, and click the “Add to Menu” button, and then click one of the “Save Menu” buttons

Adding a link to the new Cookie Declaration page in the WordPress Dashboard.
Adding a link to the new Cookie Declaration page in the WordPress Dashboard.

That brings us to the end of this post and we’ve now got a site which is GDPR compliant for cookies, allows visitors to choose their own multilevel cookie settings, and change their preferences. The consent is stored i the cloud by Cookiebot and can be used for proof of evidence if it’s ever requested.

To cut a long story short, the summary

Summarising the above, if your website uses cookies and processes data of EU citizens, then you’ll need to be GDPR and ePR cookie compliant. To make a WordPress website cookie compliant you can install a plugin. We chose the Cookiebot plugin because it handles all the requirements, including creating the cookie banner, getting prior consent (without having to code), and writing the cookie declaration automatically. It also handles the storage of consent to the cloud which can be used as evidence, if the evidence is ever required.

Best of all, depending on which plugin you use for google analytics, and if you’re a personal blogger with a website smaller than 100 pages, it’s free. What could be better than that?

If you’re a network engineer and you could use an IPv4 subnet calculator check out the free techiedoodah IPv4 excel subnet calculator spreadsheet and if you get a lot of time hands on rackside and need a tray to put your laptop on, let us know what you think of the Portable Rack Mount Laptop Tray and sign up if you want one. Type with two hands instead of one, be more comfortable, improve your productivity and get out of the server room sooner, (or wherever the rack happens to be).

Techiedoodah blogs are created in the hope that they can help others by giving reallife examples. If this has been useful to you please feel free to leave a comment. If you’re reading this post on the home page, you won’t be able to post comments here, so follow this link to the blog, and then scroll to the comments section at the bottom of the page.

Comments below for the article “How to make your WordPress website GDPR Cookie compliant”.

Leave a Reply

Your email address will not be published. Required fields are marked *