EXCLUSIVE DEAL 30% OFF on QODE Wishlist for WooCommerce plugin Discount code: WISHLIST30 EXCLUSIVE DEAL 30% OFF on QODE Wishlist for WooCommerce plugin Discount code: WISHLIST30 EXCLUSIVE DEAL 30% OFF on QODE Wishlist for WooCommerce plugin Discount code: WISHLIST30
EXCLUSIVE DEAL 30% OFF on QODE Wishlist for WooCommerce plugin Discount code: WISHLIST30 EXCLUSIVE DEAL 30% OFF on QODE Wishlist for WooCommerce plugin Discount code: WISHLIST30 EXCLUSIVE DEAL 30% OFF on QODE Wishlist for WooCommerce plugin Discount code: WISHLIST30

How to Make Your WordPress Website CCPA Compliant

How to Make Your WordPress Website CCPA Compliant

Due to a growing user demand to have their privacy protected and their personal data on the internet secured, the authorities worldwide have started introducing various privacy regulations. In fact, it’s already been well over five years since GDPR (the General Data Protection Regulation regarding the EU citizens’ personal data) first rolled out. And while many people are already familiar with what GDPR compliance entails, there are still those not aware of similar regulation in the USA’s largest state – the California Consumer Privacy Act (CCPA).

Generally speaking, CCPA has a similar set of rules like GDPR, though there are still some CCPA-specific things that every website owner should be aware of. For this reason, we’ve decided to gather a list of things you can do to make your WordPress CCPA compliant. But before we begin, we will explain what CCPA stands for and share some of its most important rules.

We will cover:

Qode Themes: Top Picks
Bridge New Banner

Creative Multi-Purpose WordPress Theme

Stockholm WordPress Theme

A Genuinely Multi-Concept Theme

Startit WordPress Theme

Fresh Startup Business Theme

What Is CCPA?

What Is CCPA

As we already mentioned at the beginning, CPPA is an acronym for California Consumer Protection Act. This is a new data privacy law that first emerged in January 2020 and which essentially protects US consumers in the state of California.

Now, the thing is, even if you are not running a business in California (or rather, if your business isn’t based there), the law still applies to you if you do business in California in any way (as in, if you conduct business with Californian consumers, but your business is based elsewhere). However, aside from this, your business also needs to meet one of the following conditions for the law to apply to you:

  • It generates over $25 million in annual revenue,
  • It has access to the personal data of over 50,000 consumers,
  • Earns more than half of the annual revenue by selling the personal information of its consumers.

So, in short, if you do business with, or sell your products or services to anyone in California and your business meets at least one of the above-mentioned conditions, your website has to be CCPA compliant.

Here are the rights consumers have under the CCPA law:

  • The right to be aware of the personal information your business gathers about them, including the way this information is used, shared, or sold,
  • The right to opt out of selling of their personal data,
  • The right to delete their personal information.

As for what personal information means in legal terms, it means any information that relates to or can be directly or indirectly linked to a specific consumer. This includes names, aliases, addresses, email addresses, driver’s license numbers, passport numbers, IP addresses, and similar data. In short, under the CCPA law, users are protected in the sense that they have the right to tell a business to stop selling their personal information. And if these CCPA rules can be applied to your site, you should make sure to provide a way for users to opt out of the sale of their personal data.

If your business violates the CCPA unintentionally, you could be subjected to a fine of up to $2500 per violation. For intentional violations, your fine could be up to $7500 per violation.

Now, you might be wondering – what does this mean for a small business website?

The thing is, while the CCPA does not necessarily affect the websites of smaller businesses, we still advise you to comply with the CCPA laws even if you fall into the small business category. By doing so, you will let potential customers know that your business is trustworthy and that protecting their rights is your top priority, so they will know to expect nothing short of a perfect customer experience from you.

Finally, we should note that we are only stating some of the general rules and regulations of the CCPA law. To make sure that your WordPress is CCPA compliant and to protect yourself from any potential liabilities, we advise you to consult with a lawyer.

Now that we’ve explained what CCPA stands for and we’ve also talked about some of its key points, it’s time to go through some of the necessary steps you should take to ensure that your WordPress site fits the CCPA requirements. Here’s what you need to do:

Create a Privacy Policy Page

Create a Privacy Policy Page

While a Privacy Policy page has always been important, with these new laws coming into effect (first GDPR, and now CCPA as well), having this kind of page on your WordPress site is practically a must. A Privacy Policy page is also the perfect opportunity to disclose the kind of user information you are collecting, as well as the way this information will be used (shared, sold, and so on). Here are some of the CCPA-related things you should include on your Privacy Policy page:

  • The info about the type of personal data that your WordPress site collects from its visitors, as well as where it collects it from,
  • Why the collecting (sharing or selling) of personal information is necessary,
  • Who you share this data with (i.e. a third-party service),
  • Information about consumer rights under the CCPA law,
  • Your contact info so that they can put their rights to use and/or ask you about any additional questions they may have.

To create a Privacy Policy page, you can use the premade WordPress Privacy Policy template by going to Settings >> Privacy located in your WordPress admin dashboard. Or, you can create your page from scratch by going to Pages >> Add New. In case you already have a Privacy Policy page on your site, you need to update it so that it complies with the CCPA.

For more information on the subject, you can check out our article on adding a Privacy Policy in WordPress.

Add a Do Not Sell Button

Add a Do Not Sell Button

Like we’ve previously mentioned, the CCPA gives the ability to users to object to the selling of their data to third-party businesses. So, another great way in which you can make things easier for users is to add a Do Not Sell button to your site. By doing so, you will provide Californian users with the ability to click on this button so that they can be taken to a dedicated “Do Not Sell My Personal Information” page. Once there, these users should be able to opt out of any sales related to their data.

Creating this button is quite easy to do with the help of a suitable plugin. To learn how to do this, we recommend that you check out our article on how to add a Do Not Sell Button in WordPress.

Set Up a Cookie Consent Notice

Set Up a Cookie Consent Notice

You know those popups that appear when you enter a website, saying that website uses cookies? These are cookie consent notices – and yes, you should set one up on your WordPress site as well, since cookie identifiers are also regarded as personal data according to the CCPA law. And while you don’t necessarily need the users’ consent to have cookies implemented in their browsers, you should still provide them with the means to opt out of cookies regardless. Aside from the cookie notice, you need to let a user know what you will use cookies for, and you should also include a link that will allow them to opt out of cookies, and/or the link leading to the Do Not Sell My Personal Information page.

You can use one of the many available cookie consent tools to add this notice to your WordPress site. If you ask us, we recommend trying tools like CookieYes and Osano. Both of these options are easy to use and are highly customizable, allowing you to set up a functional cookie consent notice on your site in no time.

Provide Data Access to Users

Provide Data Access to Users

Another thing you should do according to the CCPA is to provide users with access to personal information upon their request. You can easily do this by putting up a simple form on your site. The users will be able to fill in this form and submit their data access requests. We recommend using one of the available contact form WordPress plugins for this task, such as Contact Form 7 or WPForms, to name a few.

Do not Sell Data of Children Younger Than the Age of 16

Do not Sell Data of Children Younger Than the Age of 16

The CCPA law states you mustn’t sell personal data of children aged 13 to 16 unless you have their consent to do so (for children under the age of 13, a parent or a guardian should give their verifiable consent). You can provide a separate consent box for children younger than the age of 16 in your cookie notice. Or, if you do not want to collect this data in the first place, you should state so on your Privacy Policy page, guaranteeing that all their personal data will be deleted.

Delete Personal Information Upon Request

Delete Personal Information Upon Request

Finally, according to CCPA law, you are required to delete the personal data of users upon their request. Luckily, if you’re using the latest version of WordPress, you will be able to access settings in your WordPress admin specifically made to help you manage data deletion requests of specific users. To do this, simply head to Tools >> Erase Personal Data. Once there, you will see the options that will allow you to delete personal data by entering a specific user name or email address. You also have the option to send personal data erasure confirmation emails to users.

Of course, you should also provide a simple form that will allow users to request the deletion of their personal information. You can also do so using one of the above-mentioned contact form plugins.


Regardless of your business size or the country you operate your business in, you won’t make a mistake if you decide to comply with the CCPA law. By doing so, not only will you send a clear message to users that you care about their personal data, but also that you’re up to date with the latest privacy standards, which can only make them more inclined to trust you. Just be sure to follow most, if not all of the steps we recommended above, and you’ll be well on your way to gaining credibility in your line of work.

Post your comment