Four Ways to Add GDPR Cookie Law Consent to Your WordPress Blog

In this post, I will outline four ways to add GDPR (General Data Protection Regulation) cookie law consent to your WordPress blog.

Disclaimer: I am not a lawyer. The information in this post is for informational purposes and does not constitute legal advice in any way. I am not liable for any damages resulting from using the information in this article. Please consult a lawyer for advice on your unique situation.

The European Union’s cookie law requires that websites servicing residents of European countries obtain their consent before storing data in the form of cookies in their browsers.

If your site targets non-European visitors, you could argue that it does not need to comply. But my advice would be to comply with it anyway. You can never be sure that all your visitors are non-European without physically shutting them out, and obviously, this is not a good idea!

Freshly installed WordPress sites are cookie-free, so if you don’t install anything on your site that adds cookies, you do not need to worry about getting cookie consent. However, this is unlikely to be the case, because at the very least you will probably want to install Google Analytics, which means at least a few cookies straight off the bat.

To fully comply with the GDPR cookie law you need to provide the following:

• Notification of what cookies are stored and their purpose
• Allow unnecessary cookies to be blocked until the site visitor gives their consent
• Logging of all consents, in the event that you need to provide proof of compliance
• Allow visitors to use the website even though they have rejected the non-necessary cookies
• Allow users to change their minds later

I discovered that not all of the solutions below fully comply with GDPR. It all depends on how far you want to go, and the location of your target audience. Here in the UK, I much prefer to go as far as I can to comply.

[socialpug_tweet tweet=”Not all GDPR plugins are created equal. You may not be covered.” display_tweet=”” style=”3″]

Here are the options I looked at:

1. Plugin: GDPR Cookie Consent Banner

2. Plugin: GDPR Cookie Consent by WebToffee

3. Cookie Service in the cloud: CookieYes

4. Cookie Service in the cloud: CookieBot

1. GDPR Cookie Consent Banner

https://wordpress.org/plugins/uk-cookie-consent/

GDPR Cookie Consent Banner is a free plugin with a very straightforward setup.

Once activated you can access the settings at Settings->Cookie Consent.

You can specify where you want the cookie bar to show up (bottom, top, left, right) and you can change the colour of the bar and its buttons, so it is easy to make it fit in with your site’s styling.

You can set the bar to close on scrolling or close after a specific time, or after the ‘Okay’ button is clicked.

One feature I liked is the ability to set the regions where you want the cookie bar to show, but you do need to have the GEOIP Detect plugin to make it work.

Here is how it looked on this site:

Having looked at what it can do, I realised how much it doesn’t do. My view is that including GDPR in the name of the plugin is misleading. Installing this plugin will NOT make your site compliant, and this is not made clear on the plugin site.

The main issues with this plugin:

• There is no option to reject cookies. You can only accept and continue to the site.
• It allows cookies to be sent before the visitor has clicked the ‘Okay, thank you’ button.
• It doesn’t log consents.
• It doesn’t allow visitors to change their minds about cookie acceptance.

2. GDPR Cookie Consent by WebToffee

This plugin is very comprehensive. Once installed and set up it displays a cookie consent bar in the location you select complete with buttons. Crucially it allows the site visitor to accept or reject cookies. You can change the text that is displayed and change the colours to match your site.

Here is how it looked after I tweaked the colours:

Once your site visitor has accepted or rejected the cookie policy, you can display a clickable tab which allows users to review their consent and change it. Another plus point for GDPR compliance.

It allows you to enter a list of cookies that are used by your site and provides a shortcode that you can put into your privacy page to show users what cookies you are storing.

It won’t analyse your site for the cookies it uses; you need to enter them manually. You can get a list of cookies used on your website by accessing the developer tools of the Chrome inspector. If you prefer an automated method, you would need to upgrade to the premium version.

The premium version is $49 for one website and gives you one year of support and updates, and this is what you’ll get:

• Manage a list of cookies/categories
• Autoblock scripts – Google Analytics, FB Pixel, Google tag manager and many more
• Granular cookie opt-in settings
• Scans your website for cookies and updates the cookie list which you then display on your privacy page with a shortcode.
• Customisable cookie notice to look just like your own website’s style
• Location-based exclusion of cookie notice. Useful if you don’t want to trouble non-EU countries with your cookie policy.

It doesn’t say on the website whether it logs cookie consents, but on contacting support, I found out that it does actually store the consent data in your database. In my view, this makes it a fully GDPR compliant plugin.

Of course, logging consents locally all add to the overhead of running this plugin. To avoid clogging up your database with logs, you could use their cloud service called CookieYes instead, and I review this next.

3. CookieYes Service

The CookieYes service provides the same options as the premium plugin by the same company: GDPR Cookie Consent by WebToffee. The difference is that you do not need to install a plugin. Instead, you add a script to your website which communicates directly with the CookieYes service.

You can make all the same styling and content options that the plugin allowed you to do, but you do it on the CookieYes website instead.

Here is how it looked on this website:

When you click the settings button, there is a customisable privacy policy section where you can add your policy wording.

At the time of writing this service was completely free and apparently always will be, great news! They advertise a ‘Silver Plan’ but it was not clear from their website what this plan provides in addition to the free tier, it seems it is still under development.

When you sign up for the service, you get a script to add to the <body> section of your website. To do this, I used the Code Snippets Plugin:

https://en-gb.wordpress.org/plugins/code-snippets/

Once activated I added the following snippet, replacing [add your script here] with the script copied from the CookieYes website:

add_action( 'wp_head', function (){

echo "

 

[add your script here]

“; });

Note: it says on the site to place the script after the <body> tag but this is difficult unless you have access to the theme code, however, this solution seems to work. What they really need is a companion plugin to do this for you.

After installing the script, CookieYes will scan your site, listing out the scripts and cookies that you can then display to your customer, so there is no need to do this manually.

The significant advantage with this service is that you log the consents on their site rather than yours meaning you don’t have this extra overhead.

In my view, the CookieYes service offers everything you need to become fully GDPR compliant, and all for free.

4. CookieBot.com

CookieBot is another cookie service provider similar to CookieYes.

It has a free tier, but this is only for sites with up to one hundred pages. The price ranges from £8 per month for five hundred pages or less and goes up to £31 per month for five thousand or more.

CookieBot allows users to opt-out of non-necessary cookies such as marketing and analytics, and it also keep a log of consents.

You can display the banner in various positions on your site including a popup or overlay, and there is also a cookie declaration box which allows you to display the cookies that your site stores as a popup.

You can’t edit the look of the banner apart from the text. To my mind, it looks pretty formal and the green may clash with your website colours.

I tried it out on this website, and you can see the cookie banner at the bottom:

The service activates on your site when a script is added to your HEAD section, but to make things easier, there is a plugin you can install.

https://wordpress.org/plugins/cookiebot/

There is a simple set up in which you only need to enter the Domain Group ID given on the CookieBot website, so there is no need to use the Code Snippets plugin as you do for CookieYes.

Final Thoughts

It seems that you need to be very careful when selecting a solution for GDPR compliance. If you aim to nod your head at GDPR, and I completely understand that if you are a US site aimed at US customers, then perhaps the free GDPR Cookie Consent Banner is enough for you.

If you prefer a plugin, then the next best option is the GDPR Cookie Consent by WebToffee, this gets you part way to compliance, but you need to upgrade to the premium plugin for $49 per year for full compliance.

My personal preference is to use a cookie service. Both services I reviewed CookieBot and CookieYes allow you to be fully compliant, but you may not be comfortable with the look of the CookieBot banner. Having spent the time to make my site look the way I want I don’t want to spoil it with a clashing banner, petty I know!

So CookieYes is my prefered choice, and now I need to get cracking and put it up on my site!

I hope this article has helped you decide what to do about GDPR cookie law for your blog. Do let me know what you have gone for and why.