Want to legally secure your WordPress site with a cookie plugin? Or you don’t know if you need a wordpress cookie plugin?
Then you’ve come to the right place!
In this article, I present the 5 best cookie plugins for WordPress (new: CookieYes!) and tell you what kind of cookie plugins exist and what you need for your website.
Update: CookieYes is the best WordPress cookie plugin and why I changed my mind!
In addition, I have summarised below an overview of the current legal situation.
Disclaimer: This blog post is not legal advice! In the course of my work, I have dealt at length with the applicable data protection regulations and the RGPD, but I am neither a lawyer nor a privacy expert. Therefore, I cannot assume any responsibility for the completeness, timeliness and accuracy of the content I provide.
CookieYes GDPR Cookie Consent Plugin is the most popular cookie plugin in the market with 1.5+ million active installations on WordPress.
You can let users provide granular consent using the preference centre and automate cookie blocking, so cookies are not set until consent is given by the user.
- Customizable layout, text and colours
- Automatic scanning and cookie categorization
- Consent log and option to export as CSV
- Option to manually add cookies to the list
- Compatible with WPML & Polylang for translations
Here is the promotional video for CookieYes GDPR Cookie Consent Plugin:
Price: €39 for 1 website, €59 for 2 websites, €149 for 25 websites and €299 for 99 websites (includes 1 year of support and updates)
Cookie Borlabs is the second best cookie plugin for WordPress on the market.
It offers the most options and the best overall package of plugins.
Borlabs is not a simple cookie indication plugin, but not a registration solution (also called Consent Cookie Plugin).
For example, Facebook Pixel, Google Analytics or Matomo (formerly Piwik) will only be loaded with Borlabs Cookie after the user’s explicit consent.
With Borlabs Cookie version 2, you can create different cookie groups, into which you can divide your code or scripts.
The membership request with the created cookie groups is loaded directly when a website is called.
You can change colors, display position, font, font size, logo, animation and all texts.
But that’s not all !
Borlabs Cookie also adds a (very good!) built-in content blocker to WordPress.
As a result, YouTube and Vimeo videos, Facebook posts, Google Maps and the like are only loaded after a button click. Instead of content, an image preview is displayed with a button.
With the latest version of Borlabs Cookie, I usually get over 90% follow-up in my blogs , which is really good value for money.
Borlabs Cookie has only two minor drawbacks, which should not be ignored here:
Since version 2.0, the payment model has changed from a one-time payment to an annual price. However, given the work required to support and develop a plugin, I find it entirely justified.
Also, Borlabs Cookie does not yet work with some third-party plugins, such as: B. Google Analytics by MonsterInsights or WP Google Map Plugin ,
However, a script blocker that should solve the problem exists and comes with version 2.1 of Borlabs Cookie.
Benefits
- 100% compatible with Gutenberg editor
- Lots of customization and adjustment options
- chic design of the Opt-In-Box
- Two-click solution for embedded content (e.g. from YouTube, Google Maps, Instagram, Twitter or Vimeo)
- Shortcode to block any content and make it available after click
- Works with the most popular caching plugins
- Opt-in statistics in the dashboard
- Management of individual cookies and groups of cookies
- works with multilingual websites (WPML or Polylang)
- Very good support (also in German, because the developer is from Germany)
- Constant development
- Clear plug-in settings that can also be used at any time
Disadvantages
- No one-time price but annual
- Not yet compatible with some scripts for Scripeinbindung, should be significantly improved with version 2.1, however
- Information about cookies and related scripts must be stored manually in settings (there are templates for common cookies and scripts)
3. DGSVO Pixelmator
Price: €39 for one website, €89 for 3 websites, €199 for 10 websites, €349 for any number of websites (all prices are unique)
GDPR Pixelmator is also a very good plugin.
It is mainly intended to integrate Google Analytics and Facebook Pixel into its own privacy-respecting website.
It’s quick and easy because you don’t have to include the full tracking code.
Google Tracking ID or Facebook Pixel ID is enough:
You can configure the plugin as both opt-out and opt-in:
Additionally, Google Tag Manager and any other scripts can be integrated:
Like Borlabs Cookie, DSGVO Pixelmate has an option to block external resources and make them available after click. So far, unfortunately, it only works for YouTube, Vimeo, Google Maps and Twitter.
An embedded Vimeo video looks like this:
Overall, DSGVO Pixelmate is a quick and easy way to integrate an opt-in into your website.
Big advantage over Borlabs Cookie and Cookiebot:
It costs €39 once and you don’t have to complete a monthly or annual subscription.
However, it fails to keep up with the functionality of Borlabs Cookie or Cookiebot, which is why it is only in third place in my ranking.
Benefits
- Choice between opt-in and opt-out
- easy to use
- easy integration of Google Analytics and Facebook Pixel
- Individually customizable cookie banner appearance
- can block external resources
- single price, no annual or monthly subscription
- own Facebook group where you can ask questions
Disadvantages
- No turnout stats
- No blocking of the entire screen possible (e.g. with a black background)
- No shortcode to block external resources
- currently only supports blocking YouTube, Vimeo, Twitter and Google Maps (no other embedded content such as Instagram, Facebook posts or iframes will be blocked)
- Appearance of non-customizable content blocker
- Few advanced settings
- Not very well suited for handling many external scripts or cookies (this is best for Borlabs Cookie groups of cookies)
- No easy cookie consent reset
- Plugin is not actively developed
Price: free
Cookie Notification for GDPR is by far the most popular free cookie plugin with over 1 million downloads.
You can either use it as a simple cookie hint (to inform users about cookies) or as an opt-in.
For the opt-in, you can enter scripts in the plugin settings, which are then loaded after accepting cookies:
In addition, the cookie notice for GDPR still offers additional settings, eg. For example, for cookie banner design, tip and button text or cookie runtime:
It is particularly useful for private websites or smaller blogs that only use one or two scripts that set cookies.
Unfortunately, it does not offer advanced settings options. Even a content blocker, like other cookie plugins, is not included.
Benefits
- Totally free
- Use as possible opt-in
- Customizable design and position on screen
- Gives the option to revoke cookies after
Disadvantages
- No support (WordPress support forum questions are generally not answered)
- Few settings options
- No built-in content blocker
- Updated only at irregular intervals
- stale design
5. CookieYes from WebToffee
The full name of the plugin is CookieYes GDPR Cookie Consent & Compliance Notice , which already indicates that the plugin covers quite a bit.
The free version of the plugin allows you to add a cookie banner to your website. The banner informs users that you use cookies. The various cookies are only placed if visitors consent to them.
However, it is not possible to set your own preferences with the plugin (at least not in the free version).
I deployed it on 2 sites to see what happens. So far, no big difficulties to configure it.
Here is a clickable comparison chart:
There are three types of cookie banners which treat cookies differently:
Here is a simple banner informing you that cookies are used on your website.
You can simply click on the banner without affecting the configuration of cookies.
opt-in
An opt-in is the most privacy-friendly type of cookie banner.
Cookies are only installed if the user has explicitly consented.
Unsubscribe
Externally, the opt-out often differs little from an opt-in.
Nevertheless, its operation differs significantly:
Because, with opt-out cookies and associated scripts already by calling the loaded website .
By clicking on refuse the user then has the possibility of opposing the configuration of the cookie thereafter.
The legal situation regarding the processing of cookies in France was spongy for years.
Clarity was to be adopted by the European Parliament in 2009 Directive 2009/136 / EC (Cookie Policy) in which an acceptance of cookies is required.
However, this directive was never transposed into German law, which created a legal gray area in this country.
Those who hoped that the DSGVO (General Data Protection Regulation), implemented in the European Union since May 25, 2018, would provide legal certainty in this regard have once again been disappointed.
Because strong Recital 30 of the GDPR Cookies as well as IP addresses can be personal data, their processing is also not clearly regulated.
Because as a legal basis for the use of cookies, both Article 6, lit. a GDPR (explicit consent, e.g. via a cookie plugin) as well Article 6, lit. f DSGVO (legitimate interest on the part of the site operator) are called into question.
This left the question unanswered:
However, this is no longer the case since two judgments of the European Court of Justice (ECJ) of July and October 2019, respectively.
As regards the authorization referred to in Article 2(h) and 7(a) of Directive 95/46, it must be declared before the data of the data subject is collected and disclosed by transfer. Therefore, it is up to the website operator and not the provider of the social plug-in to obtain such consent, as the processing of personal data is triggered by a visitor who calls up this website.
Marketing and statistics cookies are not necessarily technically necessary and therefore require consent.
In addition to these cookies, there are other types of cookies which are not affected in the same way by the judgments of the ECJ. Article 5, paragraph 3 of the 2002 “privacy and electronic communications” directive:
This does not preclude technical storage or access if the sole purpose is to facilitate or facilitate the transmission of a message over an electronic communications network or, where applicable, to provide a service of the company of the information expressly requested by the subscriber or user. provide.
In other words:
- Cookies to store cookie settings (sort of logical, right?)
- Cookies to hide pop-ups or banners
- Cookies to save font size or language chosen
- Session cookies (Cookies deleted when closing the browser, for example to save a shopping cart)
But here, too, the legal situation is not entirely clear.
For simplicity :
For cookies for which you do not know whether they are technically necessary or not, obtain consent.
FAQs
Here are some common questions and answers about cookie plugins and cookies in general:
Also, if no plugins are installed or scripts added, WordPress will set cookies. These include:
For registered users:
- wordpress_ (hash) : In this cookie, your WordPress user data is saved during login (as a hash, i.e. encrypted)
- wordpress_logged_in_(hash): Cookie to identify a logged in user. Will be set after login.
- wp-settings-{time} – (UID) : Cookie, where the settings of the administration area and the website are stored. Contains the user ID of your WordPress user.
For unregistered users:
- comment_author_ {} HASH: This cookie stores the name of a commentator (as an encrypted hash).
- comment_author_email_ {} HASH: In this cookie, a commenter’s email address is stored (as an encrypted hash).
- comment_author_url_ {} HASH: In this cookie, the URL of a commentator’s website is stored (as a hash, i.e. encrypted).
- wordpress_test_cookie: Cookie that WordPress uses to check if cookies can be set in the browser.
The first three comment cookies are only set when someone submits the comments to the Save my name, email and website checkbox in this browser until I comment again.
The length of cookies can be determined using the auth_cookie_expiration hook to be adapted. Please read the Developer section of wordpress.org for more information.
Do I need consent for Google Analytics to activate IP anonymization?
Yes, even then, permission is required.
The simplest tool to find out which cookies are used by your site: Webbkoll .
It’s in German, of course, but it does the job!
Along with other information about HTTPS, HTTP headers, etc., it also shows you a list of first-party cookies (from your own domain) and third-party cookies (from third-party domains).
When will the ePrivacy regulation be implemented?
The ePrivacy Regulation, which aims to make the inclusion of cookies mandatory across Europe, will not come until 2020 at the earliest, and probably even in 2021 or 2022.
However, following the two judgments of the ECJ, the regulation will no longer change the legal situation.
Yes, it is possible with Cookiebot.
The cookie consent service can instead of the WordPress plugin also manually with JavaScript.