How to Manage Cookies in WordPress
Love them or hate them, but cookies are an inextricable part of the digital landscape. They are responsible for much of the convenience we experience when browsing or shopping online. They can save us time. Increasingly, cookies can help websites provide a personalized user experience.
On the other hand, cookies can be intrusive to the point of being as creepy as digital files can get. They can also pose security concerns. For the company that runs the world’s foremost digital advertising giant, cookies are a tool they can leverage to put additional pressure on the competition.
Besides knowing your way around their many (mis)uses, you should also know how to manage WordPress cookies on your website.
In this article, we’ll show you:
When someone visits your website, a small text file containing some information is stored in their web browser. This file is called a cookie, and it can hold a variety of information. At the very least, a WordPress cookie should have a name and a value. Some cookies, however, store enough information about the user to enable their creators to follow the users’ online activity even when they browse off to another website.
Cookies aren’t the only type of file that can be used to track people’s online activity. Tracking pixels, small transparent images that can even be embedded in emails, are a standard tracking tool employed by marketers. Cookies differ from pixels by actually being central to decent user experience, even though they can be used in unsavory ways.
You can divide cookies into four different groups:
-
Session cookies — cookies that last as long as your browsing session, as closing the browser deletes them.
-
Persistent cookies — these will live through the closing of a browser, with their lifespan limited by the parameters you use with them.
-
Third-party cookies — the cookies served by third-party services through your website.
-
First-party cookies — the cookies served by the website you’re visiting.
You can also divide cookies by their purpose into the strictly necessary cookies, preference cookies, statistics cookies, and marketing cookies.
Because they can store quite a lot of information about users, cookies are a subject to local, national, and supranational regulations. GDPR, the EU’s General Data Protection Regulation, is an example of a law that touches on the use of cookies and the data they can gather.
Qode Themes: Top Picks
View Collection
As a core feature, WordPress relies on two types of cookies. The users’ cookies are the type of cookies that store the information that identifies you and your status as a logged-in user. This prevents you from having to log in multiple times during the same session, and it can also help with personalization.
If your website visitors don’t have to log in, your admin team will be the only ones that will receive this cookie. Because the cookie uses hashed data, you don’t have to worry about someone seeing your username and password if they got their hands on the cookie containing them.
The other type of cookie that comes with WordPress natively is the commenters’ cookie. This cookie is used to store the information the visitors need to enter before commenting. You should add an opt-in checkbox for GDPR compliance if you plan to use these cookies with EU audiences.
Your website will not be limited to using only these two types of cookies. The themes you install, the plugins you use, and the advertising and marketing services you subscribe to can also add cookies to your visitors’ browsers. You can quickly jump from using two types of cookies to using twenty just by installing a couple of plugins.
For the most part, managing cookies on your website will entail learning about the cookies your plugins and themes use and letting the visitors know that you are using plugins. Again, you should do this so that you’re compliant with the regulatory framework you and your audiences belong to.
For example, if you’re using a store WordPress theme and you’re relying on WooCommerce to power it, you should know that WooCommerce uses eight different cookies, five of which are session plugins.
As for managing your cookies, you can do three different things with them. You can set them, get the information from them, and delete them.
How to Set WordPress Cookies
The principal thing you should know about setting WordPress cookies is that you’ll do it by editing the functions.php file. This means that you’ll have to be comfortable with creating a child theme and that you should know a bit about PHP.
You set a cookie in WordPress by using the setcookie () function. The syntax would look something like this:
setcookie (parameters divided by comma)
The parameters you can use include:
-
HTTP/HTTPS – whether you send cookies via HTTP or HTTPS
-
The name of the cookie
-
The value of the cookie
-
Expiration date expressed in seconds
-
Path – the URL path necessary for sending the cookie
-
Domain – defines the domain and subdomains where the cookie is available
Only the name and the value are mandatory. The remaining parameters are optional. Here’s an example of a cookie created using the init hook to ensure that the placement occurs before the header is sent:
function tiny_cookie() {
setcookie( ‘cookie-name’, 'test', time() + 5 * 604800 );
}
add_action( 'init', 'tiny_cookie' );
With this, we’ve set a cookie that stores the value “test” on the visitor’s computer and lasts for five weeks.
How to Get Cookies
When you’re “getting” a WordPress cookie, you are retrieving its information. Setting a cookie and not retrieving its information defeats the purpose of setting the cookie in the first place.
There are a couple of things we’ll need here. We’ll first need to make sure the cookie was set, and we do that using the isset () function. We’ll use the $_COOKIE variable to narrow down on our cookie, and the echo () function to display the values.
Here’s what that would look like:
if( ! isset( $_COOKIE['cookie-name'] ) ) {
echo "The cookie: '" . "cookie-name" . "' is not set.";
} else {
echo "The cookie '" . "cookie-name" . "' is set.";
echo "Value of cookie: " . $_COOKIE['cookie-name'];
}
}
add_action( 'init', 'tiny_cookie_check' );
In case the cookie was set, you’ll be notified it was set, and you’ll see the visitor username. If the cookie wasn’t set, you’ll be informed about it.
How to Delete Cookies
When it’s time to delete the cookie, you can unset it using the unset () function, or make it expire by setting its expiry date in the past. You can use both at the same time:
function unset_tiny_cookie() {
unset( $_COOKIE['cookie-name'] );
setcookie( 'cookie-name' , 'test', - 3600 );
}
add_action( 'init', 'unset_tiny_cookie' );
With that, you’ve done all you can with WordPress cookies.
Let’s Wrap It Up!
The use of cookies today, as well as the way they are legally regulated, is a topic we will not see cool down anytime soon. But don’t let their lousy rap dismay you from using them — cookies are essential for creating a good user experience.
If you’re careful and you practice due diligence, you can administrate your website for years and always use cookies ethically. Remember that, whether you’re relying on third-party cookies or you’re setting your own, the fact that you’re doing it on your website makes you responsible for the cookies’ usage.
