GDPR Cookie Consent (CCPA) for WordPress
What is GDPR and why is it needed?
GDPR (General Data Protection Regulation) is a legal framework in the European Union designed to strengthen and protect the personal data of EU citizens. GDPR came into effect on May 25, 2018, replacing the previous Data Protection Directive.
The primary goal of GDPR is to ensure that all organizations processing personal data of EU citizens provide a high level of protection and security for that data. This regulation grants citizens more control over their personal data and requires companies to be clear and transparent about how they collect, process, and store that data.
Compliance with GDPR is essential for any organization or website dealing with personal data of EU citizens. Violating this regulation can result in significant fines and penalties. Therefore, it’s crucial to ensure that your website complies with GDPR requirements and safeguards the personal data of your users.
Before you start collecting or processing personal data, make sure you have a clear privacy policy and have obtained consent from data subjects when necessary. Keep in mind that GDPR applies not only to European companies but to all organizations worldwide that process data of EU citizens.
Familiarising yourself with data protection and implementing GDPR demonstrates your commitment to your users’ privacy and can enhance trust between you and your audience. When creating your article, include information about how you comply with GDPR and ensure the security of your visitors’ personal data.
Overview
The GDPR Cookie Consent (CCPA) plugin makes your website compliant with GDPR and the CCPA (California Consumer Privacy Act) regarding the use of website cookies. To name a few, you can:
- Add a cookie notification bar at the top of your website to inform users about your site’s use of cookies.
- Restrict the banner to visitors from the EU or CA or display it to all.
- Scan your website for cookies and add them to your cookie list.
- Show or block scripts of those cookies based on user consent or by using the auto-script blocker, or by manually adding scripts.
- Maintain a user consent audit log.
- Allow users to withdraw their consent.
Table of цontents
First steps
First, install and activate the plugin. From the WordPress dashboard, go to the GDPR Cookie Consent Plugin menu.
Please uninstall the basic version (if you have it installed) before installing the premium version to avoid conflicts.
Soon after, a cookie notification bar will appear at the bottom of your website.
Settings/Customisation
Go to GDPR Cookie Consent > Settings > General. You can explicitly activate the required law and customise the appearance of the cookie notification bar to match your website’s theme from the Settings tab, as shown below.
The various sections on the settings page allow you to customise different parts of the cookie consent bar. Let’s go through each of these sections in detail.
Basic settings
You can choose the type of law and manage its country-specific limitations from the general window.
The general settings include the following options:
- Activate the Cookie Bar: You can activate or deactivate the cookie bar on your website. By default, it’s in the activated state, which displays the banner at the front end of the website. Deactivate it to hide the banner from the front end of the site.
- Choose the type of law: You can select GDPR, CCPA, or both based on your website’s requirements. GDPR pertains to cookie/privacy law related to the EU territory. CCPA relates to the California Consumer Privacy Act.
- GDPR Settings:
- Show only for EU Countries allows you to display the cookie notice only to visitors from European countries.
- CCPA Settings: The Right to Opt-Out of the California Consumer Privacy Act allows users to instruct businesses not to sell their personal information to third parties. The shortcode for “DO NOT SELL” is [wt_cl i_cc pa.optout]. Set up CCPA using this option.
- Activate CCPA: Check the CCPA activation option for your website.
- Limit CCPA to California Only: Enable banner display only for visits from California; applicable to all visitors when disabled.
- Activate CCPA notification: Enabling the notification will show the banner with relevant text according to your configuration. Use this option specifically to obtain prior consent from website visitors.
- CCPA and GDPR: Our plugin adds the CCPA notification to the existing GDPR banner to make it CCPA-compatible. Since the plugin’s GDPR features, such as script blocking before consent, etc., apply to CCPA as well, it requires these features to be CCPA-compliant in California. The only difference in the California banner would be the additional consent regarding the sale of third-party data.
- More Options
- Activate the auto-hide cookie bar after the delay option and configure the time if you want to assume that the user accepts if he/she stays on the web page for a specific period.
- Activate the Automatically hide the cookie bar (Accept on Scroll) option if you want to assume that the user accepts if he/she scrolls the web page.
Other settings
Go to GDPR Cookie Consent > Settings > Other. The screenshot of the Other section is shown below.
- Activate consent logging: Set it to yes to record the consent of every user in the database. You can access the same from the consent report page.
- Reload after ‘scroll accept’ event: Choose yes to automatically reload the web page when the user scrolls, thereby accepting the consent.
- Reload after clicking the accept button: Choose yes to automatically reload the web page when the user clicks the accept button.
- Reload after clicking the reject button: Choose yes to automatically reload the web page when the user clicks the reject button.
Customising the Cookie Bar
Go to GDPR Cookie Consent > Settings > Customise Cookie Bar. The message in the cookie bar and its style can be customised from the Customise Cookie Bar section.
Here are the fields in this section:
- Enter an appropriate title for the cookie bar message in the provided field. Leave it empty if not needed.
- The Message field populates the content of the cookie banner by default. It supports basic HTML tags and other shortcodes for the accept button, reject button, and more.
- Additionally, you have the option to control the color of the cookie bar and/or the font of the message. By default, the plugin will take the active theme’s font.
- The three different styles supported for the cookie bar are Banner, Pop-up, or Widget.
- With the Banner option, you can choose whether you want to place the banner in the top or bottom bar.
- The Pop-up type will show the cookie message bar as a pop-up window instead of a banner. You can set an overlay together with the pop-up, which will block the user from browsing the website unless consent is given.
- As for the Position, you can position it to the left or right side of the website.
- The On Load option allows you to either animate the way the message appears, or make it sticky while the website loads.
- The On Hide =option allows you to either animate the way the message disappears, or make it disappear without any visual effect.
Revisit consent
Go to GDPR Cookie Consent > Settings > Customise Cookie Bar > Revisit Consent.
Below is the screenshot of the Revisit Consent section and its fields explained.
- Enabling the revisit consent will automatically display a small privacy widget in the bottom bar of your website. You can also manually insert a consent management link by adding the privacy and cookies policy using a shortcode on your website.
- You can position the consent management section to the left or right of the web page.
- Use the Left field to position the revisit consent section. Enter a value in pixels or percentage to specify the distance from the respective field to place the dialog box accordingly.
- The Title field allows you to customise the text of the privacy widget. For example, you can enter “Privacy and Cookies Policy” as the title or any other text you prefer.
Customising the buttons
Go to GDPR Cookie Consent > Settings > Customize Buttons.
Customise the buttons and links used in the cookie consent bar. Copy the shortcode of the button/link and paste it into the cookie consent bar.
- The Accept, Accept All, Reject, and Settings Button section consists of the following fields, as shown below:
- The Text field allows you to add the text to the button.
- The Text Colour field allows you to choose the text colour.
- The Show As field lets you choose whether the shortcode should appear as a button or as links. Choose Button style to set the necessary background color.
- You have the option to set an action for the button/link. The Close Header option simply closes the cookie bar upon user action, while the Open URL option opens the specified URL in a new or existing window, depending on the case.
- Select the desired button size from the drop-down menu as Very Large, Large, Medium, or Small.
- The “Read More” link opens to your Privacy and Cookies Policy page on your website.
- The additional fields for the “Read More” link, in addition to the usual options, are as follows:
- URL: Redirects users to the specified page’s URL.
- Page: Choose a page from the list of available website pages to redirect users (My Account, Checkout, Cart).
- Select Yes to open the Privacy and Cookies Policy page in a new window.
Themes
There are two main panels within the themes section: the cookie bar-design editor and the cookie message-text editor.
The Cookie Bar – Design Editor window will display the currently active cookie bar on your website. Click on the cookie text, buttons, and more in the design editor to personalize them. You can customize font size, color, weight, border, or even include custom CSS from the control panel.
Edit the content of the cookie bar from the Cookie Message – Text Editor.
Settings > Theme > Cookie Design Editor and Text Editor
After you’ve finished styling, save and publish the changes. Click on “Change Template” to explore other template options. Select “Cancel” to revert to the previous active template.
Alternatively, you can use the “Change Template” button to apply a cookie bar from one of our default templates, such as Banner, Pop-up, or Widget, in the following way:
Cookie-Law-Settings-Theme-Change-Template-Demo
Simply choose any template from the list and click the live preview button to test it on your website. If you like what you see, click on “Customize” to apply it to your design editor. Additionally, if you need further customisation, you can make the necessary changes from the design editor.
Finally, click the “Save and Publish” button to set the customized template as the current cookie bar.
Advanced settings
Go to GDPR Cookie Consent > Settings > Advanced.
The settings come with an “Advanced” section containing the following options:
- Reset all values: The “Reset Settings and Reset” button will restore the plugin to its default state, replacing all your settings.
- Cache busting: When activated, the GDPR plugin will replace cached web pages to display the page with the appropriate user consent.
- Request Cookie Scanner URL: Depending on your server limitations, restrict the number of URL addresses scanned. For example, if you encounter an “Unable to connect…retry” error during scanning, try reducing the number to “2.”
Once you are ready, click the “Update Settings” button to save your changes.
Shortcodes
The Help Guide section consists of two parts: Shortcodes and Useful Links.
Shortcodes are used to insert cookie banner elements into the pages/posts of websites. To add shortcodes to a template file, you can use the “do_shortcode” function.
Helpful Links
This section provides you with links to resources related to the GDPR Cookie Consent plugin. The screen looks like this:
Cookie Scanner
GDPR Cookie Consent allows you to add cookies automatically using a cookie scanner. GDPR Cookie Consent now uses CookieYes to provide you with an enhanced cookie scanning solution for your website.
Our cookie scanning solution enables you to:
- Discover first-party and third-party cookies used on your website.
- Identify what personal data they collect and their other purposes.
- Determine whether you need to comply with data protection laws regulating cookies, such as GDPR in the EU, ePrivacy Directive (EU Cookie Law), CCPA in California, and more.
The GDPR Cookie Consent plugin offers multiple ways to add cookies to your website.
1. Connect with CookieYes
The plugin allows you to automatically scan cookies and add them to the extension. From GDPR Cookie Consent > Cookie Scanner, click on the “Connect and scan” button.
Click on the “Connect and scan” button to connect with CookieYes.
Connect with CookieYes, our scanning solution, to get fast and accurate cookie scanning.
Existing CookieYes users can enter their username and password.
New users, however, will connect automatically with CookieYes. After successfully connecting with CookieYes, you can start the scanning process.
2. Scan your website for cookies
Click on the “Scan for website cookies” button to start the scanning process.
Subsequently, the cookie scanning process will begin. It may take several minutes to a few hours to complete scanning your website. This depends on the number of pages to scan and the speed of your website. You can even switch between your screens while scanning is in progress. Scanning can be stopped by clicking the “Stop Scanning” button.
3. Complete the scanning
Once the scanning is complete, you can view all the scanned cookies and the scanned URLs from the scanning results. The result will look as shown below:
From here, you can add the scanned cookies to the cookie list, download the cookies to a CSV file, and rescan.
4. Cookie import options
When you choose to add the scanned cookies to the list, you’ll be provided with three options, as shown below:
- Replace old ones: In the first option, you can replace all existing cookies in the list and add the newly scanned cookies.
- Merge (recommended): With the second option, the plugin checks if the scanned cookies already exist in the list and skips those that are already present. This is the recommended method for adding cookies.
- Add (not recommended): The third method allows you to add the newly scanned cookies to the existing cookies in the list. This is not recommended as it may lead to duplicate entries in the cookie list.
After selecting an option, click on the “Start importing” button.
All the scanned cookies and their related data will be added to the cookie list. The data added to the cookie list includes the cookie’s identifier, the type of cookie, the cookie category, and the cookie’s duration.
By default, the values in the cookie type field that is added will be static, all cookies will be assigned to either the unnecessary category or the necessary category, which are the two predefined categories of the plugin, and the value in the cookie sensitivity field will not be required.
All of this, of course, can be edited from the “Edit Cookie” option by clicking on the respective cookie name from the Cookie List page.
Cookie list
With the GDPR plugin, you can even manually add cookies. To do this, open GDPR Cookie Consent > Cookie List. This will take you to the Cookie List page, as shown below:
Click on the “Add New” button to manually add cookies. The steps for manually adding a cookie are explained below:
Import cookies using a CSV file
You can import cookies into the plugin using a CSV file. You can find the option to import cookies in GDPR Cookie Consent > Cookie List. Prepare the CSV in the required format, then click the “Import from CSV” button.
This will take you to the Import from file page.
From this page, upload the CSV file to the plugin and import it. All cookies and their details can be seen on the Cookie List page after the import.
The plugin also has an export function that helps you export cookies and their associated details to a CSV file. To do this, click on the “Download as CSV” button on the Cookie List page.
This is very useful if you have websites using the GDPR plugin that use similar cookies, or if you want to migrate cookies you’ve set in the plugin from a development site to a production site. All you need to do is export the cookies from one website to a CSV file and then import them into the other.
Adding cookies manually
To manually add cookies, click on the “Add New” button under GDPR Cookie Consent > Cookie List. Add the cookies and their details from the “Add New Cookie Type” page. Below are the fields on the “Add New Cookie Type” page:
Below are the fields on the “Add New Cookie Type” page:
- Cookie Title – Add the title of the cookie. This field is for identification purposes, allowing you to add the cookie’s name in a user-friendly manner.
- Cookie Description – This allows you to add a description of the cookie to explain its purpose, what it does, what data it collects, and so on.
- Cookie Category – Add the category to which the cookies belong.
- Cookie Type – This is for specifying the type of the cookie. Types include Persistent, Session, or Third Party. Persistent cookies are those that typically persist even after the browser is closed. Session cookies expire when the session ends. Third-party cookies are those installed by third-party services used on the website.
- Cookie Duration – This is the time during which the cookies will be active in the browser. The easiest way to find out the cookie duration is from the browser’s developer console.
- Cookie Sensitivity – Whether the cookies are necessary or not. Necessary cookies are those that, as the name suggests, are absolutely necessary for the website to function as intended. Users have no control to deactivate this category of cookies. Unnecessary cookies are cookies whose scripts need to be added to the plugin and can be activated/deactivated by users.
- Main Scripts/Base Scripts – This is where the scripts related to the cookies should be added. If scripts are added in the Head Scripts field, the scripts, when accepted by the user, will be displayed in the header of the website. If they are added to the Body Scripts area, the scripts will be displayed in the body.
The screenshot below shows an example of adding Google Analytics cookies to the cookie list from the “Add New Cookie Type” page:
Once all the details are added as described above, click the update button, and the cookie will be added to the cookie list.
Adding cookie categories
GDPR Cookie Consent gives users detailed control over cookies they want to allow. They can enable or disable cookies in their browser based on their category.
For this purpose, the plugin provides two predefined categories: Necessary and Unnecessary. You can add the necessary cookies used on your website to the Necessary category. Users won’t be able to deactivate cookies categorised as Necessary. So, cookies that are essential for the functioning of the website should be added to this category.
For other unnecessary cookies used by the website, you can add them to the Unnecessary category, or you can create your own categories. This allows you to create cookie categories such as analytics, statistics, advertising, etc., based on the nature of the cookies.
To create a new category for cookies, go to GDPR Cookie Consent > Cookie Categories. This will take you to the cookie categories page where you can add the category name, slug, category description, and set the priority to determine the order in which categories will be displayed at the front end.
If you enable the “Load on startup” option, scripts under the created category will be displayed without waiting for user consent on the first page visit. This option is used discreetly only if you are sure that sensitive user data is not collected through the specified scripts.
If you enable the “Default State of the Category” option, the category toggle button will be in an active state for cookie consent.
If you enable the “Sell Personal Information” option, scripts in this category will be considered as scripts collecting personal data and will be blocked if you opt out of CCPA.
The added categories will be visible to users in a popup window when the user clicks on the “Settings” button in the cookie bar. When they click on each category, users will see the description of the category added by the administrator. Then, the user can choose to enable or disable cookies from each category in the popup window.
Cookie rules generator
You can easily create and generate cookie rules from the rule generation module. The rules generator will help you create a separate cookie policy page that lists various details such as:
- About the Cookie Policy
- What cookies are?
- How we use cookies?
- What types of cookies we use?
- How can I control cookie preferences?
You can even add additional details by clicking the “Add New” button. From here, you’ll get a live preview of the cookie policy. Subsequently, you can create a new cookie rules page or update an existing one.
When creating a new cookie rules page, it can be published to make it available in your store.
Automatic cookie blocking
With the GDPR Cookie Consent plugin, you can automatically block cookie scripts displayed on your website.
The blocked scripts list the services/plugins currently supported for automatic blocking. The activated services/plugins will be blocked by default at the front end of your website before obtaining user consent and will be provided accordingly based on consent.
It is additionally categorized into sections for scripts and plugins.
The third-party services currently being automatically blocked include:
- Google Analytics
- Facebook Pixel
- Google Tag Manager
- Hotjar Analytics
- Google Publisher Tag
- YouTube Embed
- Vimeo Embed
- Google Maps
- AddThis Widget
- ShareThis Widget
- Twitter Widget
- SoundCloud Embed
- SlideShare Embed
- LinkedIn Widget
- Instagram Embed
- Pinterest Widget
- Google Adsense
- Hubspot Analytics
- Matomo Analytics
To automatically block the cookie scripts installed by these services using the GDPR Cookie Consent plugin, go to GDPR Cookie Consent > Cookie Blocking > Scripts. This will take you to the script blocking management page, as shown in the screenshot below.
To automatically block the display of website scripts, enable the toggle buttons for the selected scripts. This will block scripts from all sources rendering on the website unless the user gives their consent. If the toggle buttons are in the disabled state, scripts from sources other than the GDPR plugin will not be automatically blocked.
To automatically block scripts for plugins, go to the Cookie Blocking > Plugins section. This allows you to manage the automatic blocking of scripts for your website. The following three plugins are currently supported for automatic blocking:
- Official Facebook Pixel
- Smash Balloon Instagram Feed
- Smash Balloon Twitter Feed
- YouTube Embeds
- Monster Insights
The plugins that are marked as inactive either are not installed or are not activated on your website. The activated plugins will be blocked by default at the front end of your website before obtaining user consent and will be rendered accordingly based on consent.
If you want to deactivate the automatic script blocking for any of these plugins, you can do so by simply toggling the button against the respective plugin.
Registering user consent
You can maintain a registry of users who have given their consent using the GDPR Cookie Consent plugin. To register the consent provided by users, make sure you have enabled the “Allow Consent Logging” option under GDPR Cookie Consent > Settings > General > Other. When consent is registered, the IP addresses of users who have given their consent and the cookie categories for which they have provided consent will be recorded in the consent report page, along with the date and time of the visit and the user identifier if the user is logged in.
It is entirely up to the administrator to decide whether they want to keep a record of consent. However, when consent logging is enabled, users must be informed that their IP address will be collected for the purpose of consent logging.
All the data in the consent report can be exported to a CSV file by clicking the “Export Report” button on the consent report page.
Displaying the Cookie Bar only for EU countries
You can make the cookie consent banner visible only to visitors from the European Union. By using this feature, consent for website cookie usage will be obtained only from EU visitors.
To set up the cookie notice to display only to EU visitors, go to the Settings page under GDPR Cookie Consent. Click “Yes” for the “Display only for EU countries (GeoIP)” option and update the settings.
Privacy overview
From your dashboard, navigate to the Privacy Overview submenu. The text seen in the cookie settings popup window can be modified from here.
Specify an appropriate title to be displayed as a heading in the Privacy Overview Title field. Then, in the main content area, you can enter the content that will appear below the title. Although default content is provided, you can edit and change it to suit your needs.
The content for the Privacy Overview in the cookie settings popup will appear as shown below:
Activating the license
After you have installed and activated the GDPR Cookie Consent plugin on your website, you need to activate the plugin’s license to receive updates. To do this, go to GDPR Cookie Consent > Settings > License from your WordPress admin dashboard.
The page will appear as shown in the screenshot below:
