WordPress sites and EU Cookie Law – are you compliant?

Disclaimer: I’m not a legal expert and this is just some thoughts on the matter that I hope will be useful, it’s not intended as legal advice.

UPDATE: skip to the bottom of this post for the latest!

There’s a good summary of what the EU Cookie Law is and means here.1

As the article suggests, the first step is to work out what cookies your WordPress site is using. WordPress itself uses cookies. Here is the information about what cookies WordPress uses. There’s a good discussion of the WordPress cookie situation here – it looks like the ‘comment cookie’ is the only one up for debate in terms of requiring opt-in.

There may also be cookies issued by 3rd parties such as plugin providers and other software or services used within the site such as commenting/analytics services.

Once you know which cookies your site uses, it’s probably a good idea to include a cookie policy alongside your site’s other legal statements 2 – some or all of which are already required by law.

Look at this example of a well-constructed and clear privacy policy for reference.

It’ll be interesting to see how the EU WordPress community responds to the legislation: it’s likely that a best practice will emerge over the coming months if the law looks like it’s actually anywhere near enforceable anyway.

I know that’s not a 100% comprehensive answer, but hopefully it’s useful as a reference. Please do sound off in the comments with any thoughts, advice or resources – thanks!

UPDATE: Apparently just having a cookie policy isn’t enough: users must explicitly consent to receive cookies. Here at Pragmatic, we’re going to go with the policy route and see what happens.

UPDATE 2: This is the best bit of advice I’ve seen – it’s a plugin that points out that the DMCS (the department that oversees this issue) doesn’t have a pop-up, just a policy (and their policy is here). So, until they introduce a pop-up, then I’d say you’re safe with a policy only, but again this is not authoritative, just a discussion of the situation.

UPDATE 3: This Google Chrome add-on looks like a really useful way to analyse the cookies running on your site and generate info for your cookie policy.

UPDATE 4: The law was amended just before it came into force to allow ‘implied consent’ – read this Guardian article for more. My current take on this all is that it’s probably (a) necessary to have a good cookie policy as part of your overall privacy policy, (b) good to understand what cookies your site is using and (c) not to implement an annoying and intrusive pop-up/consent box. However, if you or your clients really feel the need to have one, this looks like the best WordPress cookie consent plugin around.

UPDATE 5: As of January 2013, it seems you no longer need to ask explicit consent. But, we do recommend a cookie policy with cookie audit to ensure compliance.

If you would like further training and support with your WordPress website, get in touch!


  1. It’s a commercial site but offers a clear explanation.

  2. Terms and Conditions, Privacy Policy, Disclaimer

Get new blog posts by email!

  • Image credit
  • This field is for validation purposes and should be left unchanged.

12 responses to “WordPress sites and EU Cookie Law – are you compliant?

  1. I’m currently attempting to build a catalog(ue) of cookies that WordPress sites deliver. There’s both a website ( http://www.cookie-cat.co.uk ) and a WordPress plugin, also called cookie-cat. The output from the plugin will only be as good as the data we can give it.
    So, if you know something about cookies please visit the site and let us know.

  2. A really useful article thanks, with some informative links. Very helpful in helping me advise our WordPress web design clients on the options for complying with the new cookie law.

  3. Does anyone know anything about wordpress.com? Is not possibile to install plugin and the platform did nothing until now…

    1. Hi Paolo – that’s a great question. You’re right that you can’t install plugins on normal WordPress.com sites. I’d open a ticket with the WordPress.com team – they should have an answer for you.

      Thanks for writing!

Leave a Reply

Your email address will not be published. Required fields are marked *