Do you want to legally secure your WordPress site with a cookie plugin? Or you don’t know if you need a cookie plugin?

Then you’ve come to the right place!

In this article, I’ll introduce you to the 5 best cookie plugins for WordPress (new thing: CookieYes!) and tell you what types of cookie plugins exist and what you need for your website.

In addition, I have summarized an overview of the current legal situation below.

Disclaimer: This blog post is not legal advice! In the course of my work, I have dealt extensively with applicable data protection regulations and GDPR, but I am neither a lawyer nor a privacy expert. Accordingly, I cannot assume any responsibility for the completeness, timeliness and accuracy of the content I provide.

1. Borlabs cookie

Price: €39 for 1 website, €59 for 2 websites, €149 for 25 websites and €299 for 99 websites (includes 1 year of support and updates)

Cookie Borlabs is the best cookie plugin for WordPress on the market.

It offers the most options and the best overall package of plugins.

Borlabs is not a simple cookie indication plugin, but not a registration solution (also called Consent Cookie Plugin).

For example, Facebook Pixel, Google Analytics or Matomo (formerly Piwik) will only be loaded with Borlabs Cookie after the user’s explicit consent.

With Borlabs Cookie version 2, you can create different cookie groups, into which you can divide your code or scripts.

The membership request with the created cookie groups is loaded directly when a website is called.

You can change colors, display position, font, font size, logo, animation and all texts.

But that’s not all !

Borlabs Cookie also adds a (very good!) built-in content blocker to WordPress.

As a result, YouTube and Vimeo videos, Facebook posts, Google Maps and the like are only loaded after a button click. Instead of content, an image preview is displayed with a button.

With the latest version of Borlabs Cookie, I usually get over 90% follow-up in my blogs , which is really good value for money.

Borlabs Cookie has only two minor drawbacks, which should not be ignored here:

Since version 2.0, the payment model has changed from a one-time payment to an annual price. However, given the work required to support and develop a plugin, I find it entirely justified.

Also, Borlabs Cookie does not yet work with some third-party plugins, such as: B. Google Analytics by MonsterInsights or WP Google Map Plugin ,

However, a script blocker that should solve the problem exists and comes with version 2.1 of Borlabs Cookie.


  • 100% compatible with Gutenberg editor
  • Lots of customization and adjustment options
  • chic design of the Opt-In-Box
  • Two-click solution for embedded content (e.g. from YouTube, Google Maps, Instagram, Twitter or Vimeo)
  • Shortcode to block any content and make it available after click
  • Works with the most popular caching plugins
  • Opt-in statistics in the dashboard
  • Management of individual cookies and groups of cookies
  • works with multilingual websites (WPML or Polylang)
  • Very good support (also in German, because the developer is from Germany)
  • Constant development
  • Clear plug-in settings that can also be used at any time


  • No one-time price but annual
  • Not yet compatible with some scripts for Scripeinbindung, should be significantly improved with version 2.1, however
  • Information about cookies and related scripts must be stored manually in settings (there are templates for common cookies and scripts)

Buy BorLabs Cookies

2. Cookiebot

Price: Free for a domain of less than 100 pages, €9 per domain per month with less than 500 pages, €21 per domain per month with less than 5,000 pages, €37 per domain per month with more than 5,000 pages

Cookiebot is a very interesting cookie plugin based on a different concept from Borlabs Cookie.

It automatically scans your website for cookies!

It automatically divides many cookies into different categories, which can then be selected or deselected by visitors upon opt-in:

Cookiebot’s unknown cookies can be manually classified into categories:

When you visit your website, all cookies found by the cookie bot are automatically blocked and are not set until the user agrees:

In short:

With Cookiebot, you don’t have to manually paste your existing scripts into the plugin like with other cookie plugins!

But despite its innovative concept, the plugin is only in second place.

Because it shows significant weaknesses in content blocker:

First, it cannot block as much content as Borlabs Cookie. Second, Cookiebot only displays placeholder placeholder text instead of blocked content, which unfortunately cannot be customized:

Also, the bot cookie is loaded via an external, not local, script, which I personally don’t find particularly privacy-friendly.

What bothers me the most, however, is the pricing model, based on the number of subpages on a website:

For €9 per month (or €108 per year), you get 499 pages. Sounds a lot, but it’s not. This includes not only posts or pages in WordPress, but also custom post types, tags, categories, taxonomies, pagination pages, or even media pages (if you didn’t redirect the media file ).

In other words, most WordPress blogs or sites that have been around for a while are likely to fall into the next higher rate, at €21 per month (€252 per year, up to 4,999 subpages).

It’s more than 8 times more expensive per year than Borlabs Cookie.


  • easy installation
  • for websites up to 100 pages free
  • automatic cookie analysis, where all cookies from your website are collected and classified
  • all scripts and external resources can be included as they are linked, and do not need to be moved to the plugin (as is the case with Borlabs Cookie or DSGVO Pixelmate)
  • compatible with many third-party plugins, such as Google Analytics, Optinmonster, Google Analytics Dashboard for WP (GADWP), AddThis, Jetpack or AddToAny
  • Compatible with any website, not just WordPress
  • has a content blocker to block embedded content


  • requires the creation of a user account with the most parameters
  • Cookiebot requires loading an external script
  • Content Blocker does not block all external resources
  • Content Blocker only blocks cookies from external resources, but not the entire connection (i.e. IP addresses are still sent to external services).
  • Content Blocker doesn’t offer pretty placeholders

3. DGSVO Pixelmator

Price: €39 for one website, €89 for 3 websites, €199 for 10 websites, €349 for any number of websites (all prices are unique)

GDPR Pixelmator  is also a very good plugin.

It is mainly intended to integrate Google Analytics and Facebook Pixel into its own privacy-respecting website.

It’s quick and easy because you don’t have to include the full tracking code.

Google Tracking ID or Facebook Pixel ID is enough:

You can configure the plugin as both opt-out and opt-in:

Additionally, Google Tag Manager and any other scripts can be integrated:

Like Borlabs Cookie, DSGVO Pixelmate has an option to block external resources and make them available after click. So far, unfortunately, it only works for YouTube, Vimeo, Google Maps and Twitter.

An embedded Vimeo video looks like this:

Overall, DSGVO Pixelmate is a quick and easy way to integrate an opt-in into your website.

Big advantage over Borlabs Cookie and Cookiebot:

It costs €39 once and you don’t have to complete a monthly or annual subscription.

However, it fails to keep up with the functionality of Borlabs Cookie or Cookiebot, which is why it is only in third place in my ranking.


  • Choice between opt-in and opt-out
  • easy to use
  • easy integration of Google Analytics and Facebook Pixel
  • Individually customizable cookie banner appearance
  • can block external resources
  • single price, no annual or monthly subscription
  • own Facebook group where you can ask questions


  • No turnout stats
  • No blocking of the entire screen possible (e.g. with a black background)
  • No shortcode to block external resources
  • currently only supports blocking YouTube, Vimeo, Twitter and Google Maps (no other embedded content such as Instagram, Facebook posts or iframes will be blocked)
  • Appearance of non-customizable content blocker
  • Few advanced settings
  • Not very well suited for handling many external scripts or cookies (this is best for Borlabs Cookie groups of cookies)
  • No easy cookie consent reset
  • Plugin is not actively developed

4. Cookie notification for GDPR from dfactory

Price: free

Cookie Notification for GDPR is by far the most popular free cookie plugin with over 1 million downloads.

You can either use it as a simple cookie hint (to inform users about cookies) or as an opt-in.

For the opt-in, you can enter scripts in the plugin settings, which are then loaded after accepting cookies:

In addition, the cookie notice for GDPR still offers additional settings, eg. For example, for cookie banner design, tip and button text or cookie runtime:

It is particularly useful for private websites or smaller blogs that only use one or two scripts that set cookies.

Unfortunately, it does not offer advanced settings options. Even a content blocker, like other cookie plugins, is not included.

Official site


  • Totally free
  • Use as possible opt-in
  • Customizable design and position on screen
  • Gives the option to revoke cookies after


  • No support (WordPress support forum questions are generally not answered)
  • Few settings options
  • No built-in content blocker
  • Updated only at irregular intervals
  • stale design

5. CookieYes from WebToffee

The full name of the plugin is CookieYes GDPR Cookie Consent & Compliance Notice , which already indicates that the plugin covers quite a bit.

The free version of the plugin allows you to add a cookie banner to your website. The banner informs users that you use cookies. The various cookies are only placed if visitors consent to them.

However, it is not possible to set your own preferences with the plugin (at least not in the free version).

I deployed it on 2 sites to see what happens. So far, no big difficulties to configure it.

Here is a clickable comparison chart:

Types of banners

There are three types of cookie banners which treat cookies differently:

Single cookie notification

Here is a simple banner informing you that cookies are used on your website.

You can simply click on the banner without affecting the configuration of cookies.


An opt-in is the most privacy-friendly type of cookie banner.

Cookies are only installed if the user has explicitly consented.


Externally, the opt-out often differs little from an opt-in.

Nevertheless, its operation differs significantly:

Because, with opt-out cookies and associated scripts already by calling the loaded website .

By clicking on refuse the user then has the possibility of opposing the configuration of the cookie thereafter.

Is the acceptance of cookies mandatory?

The legal situation regarding the processing of cookies in France was spongy for years.

Clarity was to be adopted by the European Parliament in 2009 Directive 2009/136 / EC (Cookie Policy) in which an acceptance of cookies is required.

However, this directive was never transposed into German law, which created a legal gray area in this country.

Those who hoped that the DSGVO (General Data Protection Regulation), implemented in the European Union since May 25, 2018, would provide legal certainty in this regard have once again been disappointed.

Because strong Recital 30 of the GDPR Cookies as well as IP addresses can be personal data, their processing is also not clearly regulated.

Because as a legal basis for the use of cookies, both Article 6, lit. a GDPR (explicit consent, e.g. via a cookie plugin) as well Article 6, lit. f DSGVO (legitimate interest on the part of the site operator) are called into question.

This left the question unanswered:

Which cookies require acceptance?

However, this is no longer the case since two judgments of the European Court of Justice (ECJ) of July and October 2019, respectively.

As regards the authorization referred to in Article 2(h) and 7(a) of Directive 95/46, it must be declared before the data of the data subject is collected and disclosed by transfer. Therefore, it is up to the website operator and not the provider of the social plug-in to obtain such consent, as the processing of personal data is triggered by a visitor who calls up this website.

Which cookies are technically necessary and which are not?

Marketing and statistics cookies are not necessarily technically necessary and therefore require consent.

In addition to these cookies, there are other types of cookies which are not affected in the same way by the judgments of the ECJ. Article 5, paragraph 3 of the 2002 “privacy and electronic communications” directive:

This does not preclude technical storage or access if the sole purpose is to facilitate or facilitate the transmission of a message over an electronic communications network or, where applicable, to provide a service of the company of the information expressly requested by the subscriber or user. provide.

In other words:

  • Cookies to store cookie settings (sort of logical, right?)
  • Cookies to hide pop-ups or banners
  • Cookies to save font size or language chosen
  • Session cookies (Cookies deleted when closing the browser, for example to save a shopping cart)

But here, too, the legal situation is not entirely clear.

For simplicity :

For cookies for which you do not know whether they are technically necessary or not, obtain consent.


Here are some common questions and answers about cookie plugins and cookies in general:

What cookies are set by WordPress?

Also, if no plugins are installed or scripts added, WordPress will set cookies. These include:

For registered users:

  1. wordpress_ (hash) : In this cookie, your WordPress user data is saved during login (as a hash, i.e. encrypted)
  2. wordpress_logged_in_(hash): Cookie to identify a logged in user. Will be set after login.
  3. wp-settings-{time} – (UID) : Cookie, where the settings of the administration area and the website are stored. Contains the user ID of your WordPress user.

For unregistered users:

  1. comment_author_ {} HASH: This cookie stores the name of a commentator (as an encrypted hash).
  2. comment_author_email_ {} HASH: In this cookie, a commenter’s email address is stored (as an encrypted hash).
  3. comment_author_url_ {} HASH: In this cookie, the URL of a commentator’s website is stored (as a hash, i.e. encrypted).
  4. wordpress_test_cookie: Cookie that WordPress uses to check if cookies can be set in the browser.

The first three comment cookies are only set when someone submits the comments to the Save my name, email and website checkbox in this browser until I comment again.

The length of cookies can be determined using the auth_cookie_expiration hook to be adapted. Please read the Developer section of for more information.

Do I need consent for Google Analytics to activate IP anonymization?

Yes, even then, permission is required.

How do I know which cookies are used by my website?

The simplest tool to find out which cookies are used by your site: Webbkoll .

It’s in German, of course, but it does the job!

Along with other information about HTTPS, HTTP headers, etc., it also shows you a list of first-party cookies (from your own domain) and third-party cookies (from third-party domains).

When will the ePrivacy regulation be implemented?

The ePrivacy Regulation, which aims to make the inclusion of cookies mandatory across Europe, will not come until 2020 at the earliest, and probably even in 2021 or 2022.

However, following the two judgments of the ECJ, the regulation will no longer change the legal situation.

Can I include a cookie in WordPress without a plugin?

Yes, it is possible with Cookiebot.

The cookie consent service can instead of the WordPress plugin also manually with JavaScript.

J’espère que vous avez apprécié la lecture de cet article de blog.

Si vous souhaitez mettre en œuvre des actions marketing, cliquez ici.

This post is also available in: French