Do WordPress websites use cookies?

I was asked a question today about whether or not WordPress websites need cookies so I did some digging to find out whether or not cookie notices are required on every website, and this is what I found out:

All WordPress websites use cookies.

Why is this important?  Well, in 2011 the European Union introduced a piece of privacy legislation (now known as the ‘cookie law’ which said that all websites owned in the EU or targeted towards EU citizens are now expected to give site visitors the ability to refuse the use of cookies that reduce their online privacy.  Generally this is done by putting a notification pop up box on the website which the visitor has to click in order to accept the use of cookies. Sometimes it will simply say that by continuing to use the site the visitor’s permission is assumed.

What is a cookie?

Cookies are little data files which store information in peoples’ web browsers. Some websites contain hundreds of them.

There are two different types of cookie: session and persistent.

Session cookies

These are only used for the duration of the browser session. They’re needed for website functionality (such as user authentication and ones used to enable playback of multimedia) but they don’t track user activity. They disappear when the browser window is closed.

All WordPress websites use these but you don’t need a cookie notification if you only use session cookies.

Persistent cookies

Persistent cookies are the ones that track user behaviour, even after the user has closed the browser window. The most common type of software that uses persistent cookies is analytics tracking and advertising tracking.

Persistent cookies are the ones that require a notification in order to comply with EU law.

So although it’s possible to build a WordPress site using only session cookies, in practice it very rarely happens.

If your site uses persistent cookies then you need a way of getting user consent and a privacy policy for them to reference (easily done with a plugin, though you will have to write your own privacy policy – or use something like iubenda to generate one for you).

And what happens if you don’t comply?  Well if you get found out, you’ll get fined, though in practice this rarely happens. But don’t quote me on that – you’ve been warned so the risk is your own!


  1. Claire on January 25, 2018 at 7:14 pm

    I’ve got a wordpress site and never even thought about the type of cookies! Will have to do some digging – thanks for the tip

  2. Sharon Sinclair-Williams on January 26, 2018 at 3:36 pm

    This is a really useful post, Jackie. I love WordPress { I have 3 WP sites} but its such a learning curve keeping up with everything. I find your Facebook group very useful.

    • Jackie Latham on January 26, 2018 at 3:46 pm

      Thanks Sharon. I love my group too – I’ve learned a huge amount since I started it, mostly from other members but also because the questions make me go away and find stuff out.
      If anyone reading this would like to join it’s called ‘WordPress Help North East’.