Did you know that WordPress uses cookies?

WordPress doesn’t need any introduction. Being the platform for nearly half of the websites in the world, this content management system (CMS) is a well-known name on the internet verse. Cookies are a major part of any website, and WordPress is no exception. They help power the features on the website and ensure the user experience is up to par. However, using cookies without understanding what they do and proper management might cause some trouble. 

In this article, we look at how WordPress uses cookies and how you can manage them to comply with privacy laws like GDPR and CCPA.

What are WordPress cookies?

Cookies are small files that websites save on users’ computers or mobile devices that contain information about their visit. They make it easier for websites to remember things like user names or the items they have put in online shopping carts. Cookies also help websites optimize user experience, e.g., by remembering which pages users have visited or the setting they have saved. It is also used to display targeted advertisements across other websites.

Read more about internet cookies.

WordPress, like any other CMS, uses cookies to facilitate its features, such as authentication and comments. For example, WordPress uses cookies to determine whether or not you are logged in or not. Without these cookies, you can’t log in or users can post comments on your WordPress site.

What cookies does WordPress use?

WordPress uses two categories of cookies: user cookies and commenter cookies.

Users cookie

These are cookies used mainly for authentication purposes.

  • WordPress_[hash]: This cookie is used to store your authentication details upon login and is limited to the admin area.
  • wordpress_logged_in_[hash]: This cookie enables the interface to recognize you as a logged-in user and determine which account and preferences to use for various features.
  • wp-settings-{time}-[UID]: This cookie facilitates customizing your view of the admin interface and the main site interface. The number UID is the individual user ID from the user database table. 

Commenters cookie

When visitors leave comments on your blog, WordPress stores a cookie on their computer. It allows them to post additional comments without re-entering their information. 

  • comment_author_{HASH}: This cookie remembers the commenter’s name
  • comment_author_email_{HASH}: This cookie remembers the commenter’s email address
  • comment_author_url_{HASH}: This cookie remembers the commenter’s website URL.

The General Data Protection Regulation (GDPR) has affected how websites can use cookies. For WordPress sites, this also means that users commenting on your blog will see a checkbox asking them if they want WordPress to remember their details. To enable this, go to Settings > Discussion > Select “Show comments cookies opt-in checkbox.”

WordPress comments cookie opt-in settings
WordPress comments cookie opt-in settings

Third-party cookies

Other than these, your WordPress website may use cookies set by installed themes, plugins, or other third-party services like Google Analytics, YouTube, Facebook, Hotjar, etc. Such cookies may track user activity for purposes like improving browsing experiencing or collecting analytical data. 

Are WordPress cookies secure?

WordPress users’ cookies contain hashed data, which means your data (WordPress username and password) has been transformed with a mathematical formula to make it unreadable. This “hash” data is difficult to “unhash,” making it difficult for someone to obtain your personal data by reading the cookie data. 

Like the user’s cookie, the hash in the commenter’s cookie is also impossible to unhash, and therefore, the commenter’s data is secure. 

However, the same cannot be said for cookies set by third-party services, like installed plugins or themes. Due diligence is necessary to use such cookies. 

How to manage WordPress cookies?

The EU’s General Data Protection Regulation (GDPR) had a significant impact on the use of cookies because it is a blanket law affecting all websites anywhere in the world that handle personal data from people residing in the European Union. Since WordPress is the most-used content management system (CMS), the impact of cookie laws on WordPress websites is greater than any other platform.

You can manage WordPress cookies by following the requirements of privacy regulations. The steps to achieve compliance are:

  • Check and identify cookies
  • Obtain consent for tracking and third-party cookies
  • Disclose cookie details in a cookie policy

How to check WordPress cookies? 

You can check WordPress cookies by using manual methods like checking the developer console of your browser. Another method is to check the address bar, where you will find the list of cookies set by your WordPress website.

However, these methods are time-consuming as well as limited. They will not let you know the purpose of cookies, who sets them, and for how long. All these can be, however, checked using a free cookie checker. They are faster and quicker and give you a complete report of cookies set by your WordPress website.


The cookie checker will give you an overview of cookies set by third-party cookies and those that track personal data.

How to obtain cookie consent on WordPress?

Now that you know the type of cookies set by your WordPress website, the next step is to set up a system to get consent for cookies. You can do this by adding a cookie banner to WordPress. 

The WordPress cookie banner must meet the following requirements as stated by privacy laws:

  • Has clear and concise language about why they use cookies and what accepting them will mean
  • Easily accessible and clear options for accepting and rejecting cookies
  • Separate options for obtaining consent for each cookie category
  • Block tracking and third-party cookies until users give consent to use them
  • Include an option to withdraw consent, and this option should be easily accessible, available at any time
  • Do not use deceptive design tricks such as non-obvious reject buttons or options that are too difficult to find to trick users into accepting cookies
  • Record cookie consent in a log with details of their cookie preferences as proof of consent
  • Link to privacy or cookie policy for detailed information on cookies used

You can add a cookie banner to your WordPress site with coding skills or through the use of a cookie banner generator, which will provide more convenience and efficiency.

CookieYes is a leading cookie consent solution trusted by over 1.4 million websites globally. 

CookieYes cookie banner on a WordPress website

It can be easily set up on your website using our WordPress plugin. The plugin meets these requirements, and you can get more by connecting it to our web application. Together they provide a complete cookie consent and compliance package designed specifically for WordPress, unlike any other solution. 

CookieYes WordPress plugin dashboard

Download the #1 cookie consent plugin for WordPress

Get WordPress cookies plugin


What’s more interesting is that our WordPress plugin/web app uses only a single cookie, and it doesn’t store any personally identifiable information of users. 

Watch how you can use the plugin and connect it to the web app:

Check out the plugin setup guide.

How to add a cookie policy to WordPress?

The next step after setting up the cookie consent tool is to add a cookie policy to WordPress. A cookie policy, like a privacy policy, is a legal document of a website that discloses what type of cookies it uses, why it uses these cookies, who sets them, and for how long, as well as how users can manage them, such as blocking or deleting them. 

You can either write a cookie policy from scratch or use a free cookie policy generator that is quicker and auto-updates your policy page as and when your WordPress site adds more cookies.

Watch how you can add a cookie policy to your WordPress website using CookieYes:


So, as you can see, cookies play a significant role in WordPress. As a result, it’s crucial to understand how they function and how they affect your website. While it’s not necessary to dig deep into the depths of cookies and identify every single one, it is important to understand the basics—and this article has hopefully done that for you.

What’s next?

GDPR complaince for a website is not just about cookie consent management. Read how you can make your WordPress website GDPR compliant here.

Frequently asked questions

How to delete WordPress cookies?

Users can delete WordPress cookies from their browsers by using its settings.

To delete WordPress cookies in Chrome:

  • Click on the three dots in the top right corner and click Settings.
  • Select Privacy and security and click Cookies and other site data.
  • Click See all site data and permissions.
  • Search for the WordPress website and click the dropdown to delete the cookies.
deleting cookie in chrome

For Firefox,

  • Click the menu in the top right corner and select Settings.
  • Select Privacy & Security and go to the Cookies and Site Data.
  • Click Manage Data
  • Search for the WordPress site whose cookies you want to delete. 
  • Click Remove All Shown to delete all cookies for the website.
  • To remove selected items, select an entry and click Remove Selected.
  • Click Save Changes. Click OK in the dialog box to confirm.
deleting cookies in Firefox

For Safari,

  • Click on “Safari” next to the Apple logo in the top left and select Preferences.
  • Click the Privacy tab and select Manage website data under Cookies and website data.
  • Search for the WordPress website whose cookies you want to delete.
  • Select the website from the result and select either Remove to delete the cookies.
deleting cookies in Safari

How are cookies stored in WordPress?

Cookies used on your WordPress website are stored in the users’ browsers in a local file. These cookies have IDs assigned that identify sessions or remember user preferences on your website. 

Does WordPress need cookie consent?

Yes, your WordPress website likely requires consent to use cookies. Other than the default cookies set by WordPress.org, the plugins and themes installed on the site may use cookies that track user activity. Using such cookies on your website, per GDPR and CCPA, requires explicit and informed consent from users to be used on the site.

are you an agency?

Deploy cookie banners on multiple client websites with our agency platform.

Partner with CookieYes

Up to 50% off on licenses