WordPress Cookies

Virtually all web applications utilize cookies to improve how we interact with a website by storing data on the users’ browser. If you are looking for a way to manage WordPress cookies on your site, then you have stumbled on the right post.

In this article, you will learn what cookies are all about, and the types of cookies used by websites. We will then walk our way up to how to manage cookies in WordPress.

Since the WordPress core is a stateless application, handling cookies can get a bit tricky especially if you are not a WordPress developer.

However, it is not as complicated as some think it is. Having a basic knowledge of PHP will be a plus, but a beginner should also be able to follow along.

What are Cookies?

A cookie is a small piece of data that is stored in a user’s web browser when the user visits a site. Cookies contain information regarding user activities, which is generally used to enhance user experience.

Also, the data stored by cookies can be used to log users in automatically after previously logging into the site.

At some point, you may have come across a popup window when you first visit a website, notifying you that the site uses cookies. In addition, you will be prompted to accept the use of cookies on your browser as seen in the image below.

The WordPress cookie notice may vary depending on the websites’ theme or functions the site performs. However, regardless of the format, they all refer to the same cookie we explained above.

Below are some of the common uses of cookies:

Cookies store and manage user’s login information so you don’t have to login each time you visit the website.
It temporarily stores session information during a user’s visit which is tailored towards improving the user’s experience.
Ecommerce stores use cookies to remember cart items during a user’s visit.
Cookies also store a user’s IP address. This can be used to personalize content based on the user’s location.

Types of Cookies

Primarily, cookies are of three types; session cookies, persistent cookies and third-party cookies.

Session Cookies

These types of cookies are used by websites to temporarily store data on the users browser. The data stored are used to enhance the users experience while they are on the site.

However, as soon as (or a couple of seconds after) the users exits their browser, the cookie information is automatically deleted. Hence, they are also called temporary cookies.

A typical example can be seen in an ecommerce website, session cookies are used to remember the items on your cart as you navigate the website. Without cookies, you could never checkout as your cart will be emptied each time you navigate to the checkout page.

Persistent Cookies

These cookies, also referred to as ‘permanent cookies’, store data for a long time on the user’s browser.

For example, when you tick the ‘remember me’ box before logging into a website, a persistent cookie is set on your browser.

The cookie in turn is used to remember your details and automatically log you into the website the next time you visit the site.

Persistent cookies have an expiring date which varies depending on the site owner and the function of the cookie. However, once the expiry date reaches, all the cookie data will be cleared from the users browser.

Third-party Cookies

This type of cookies, also regarded as tracking cookies are installed by third-party packages such as plugins, themes, advertising networks, etc. They are used to track and collect user data based on the activities the user performs on their browser.

For example, Facebook may install a third-party cookie in a website you are visiting. The cookie is then used to monitor your activities while you are browsing that particular website.

The data gathered will in turn be used by Facebook to serve personalized adverts on your Facebook news feed.

Are you one of those asking if WordPress uses cookies? Well, like all web applications, WordPress uses cookies to store user information on the browser.

WordPress cookies are of two types – users cookie and commenters cookie. However, third-party packages such as advertising networks, plugins and themes may also use their custom cookie to store user data on the browser.

Users Cookie

In WordPress, users cookies are used to store the user data for a period after they login to a website.

A typical example is when you login to your dashboard. The users cookie is used by WordPress admin to automatically login users, and keep them logged in for the duration it lasts.

By default, users cookie is valid for 15 days after which you will be required to login again. Also, when you first login, the cookie sets three variables;

wordpress_[hash] stores the users’ login details, exclusive to the wp-admin dashboard. The data stored is used to automatically redirect the user to the admin dashboard.
wordpress_logged_in_[hash] which tells the WordPress site that you are logged in and specifies the permissions the current user has on the website.
WordPress-settings-{time}-[UID] which contains custom settings relating to the logged in user. The UID is the unique identifier (ID) of the user on the database.

[hash] is a piece of a randomly generated string that is used to securely save user data. For example, when you type your password in the login screen, the hashing algorithm converts it to a random string before storing it on your browser.

That way, it will be difficult for an attacker to retrieve your plain-text password.

Commenters Cookie

WordPress sets commenters cookies after a user comments on your WordPress site. The data stored is used to remember the users details so they wouldn’t have to retype their details each time they want to comment on your website.

By default, commenters cookie expires after 347 days. Below are the details stored by the comment cookie.

comment_author_[hash] remembers the name of the user.
comment_author_email_[hash] used to retrieve the email address of the user.
comment_author_url_[hash] saves the user’s website after they comment.

Although cookies are very important, there are laws governing the use of cookies on a website. The EU Cookie Law under the GDPR (General Data Protection Regulation), legally requires website owners to notify users in European Countries that their site uses cookies to store important details.

How to Clear Cookies on your Browser

Although cookies have an expiry date, you may consider clearing them after some time because they conflict with caches and may slow down the loading speed for that website.

If you want to clear WordPress cookies on your browser or you just want to see all the cookie data that has been saved on your browser, then follow the steps below. We will be illustrating how to do this using Google Chrome;

Firstly, go to settings on your browser.

In settings, click on Privacy and security. Then select the cookies and other site data tab.

Next, scroll down and click on the see all cookies and site data tab.

It will display all the site cookies that have been saved on your browser.

Note: you can use the search field to show cookies for a particular site by entering the web address on the search bar. It will display all the cookies for the website.

However, if you want to clear all browser cookies, then click on the Remove All button as shown below.

Cookies can also be blocked for websites if you go to the main cookie setting page and select Block all cookies. This is useful if you do not want your browsing activities to be tracked.

However, you might come across an error response “cookies are blocked or not supported by your browser. you must enable cookies to use WordPress” when you manually block cookies on your browser.

How to Manage Cookies in WordPress

By default, WordPress cookies can perform 3 basic operations, set, get, and delete. For this example, we will set a cookie that stores the user timestamp and use the details to greet the user when they visit the site again.

We will be working with the current theme’s function.php file. The file can be accessed from the WordPress admin located under Appearance > Theme editor. That would work just fine for these steps.

However, we will be editing the functions.php file via an FTP client in this guide.

Following this approach makes it easy for us to revert our site if anything goes wrong. Also, ensure you backup your site before editing any file.

To locate the functions.php file on FTP, simply connect your website to an FTP client. Here’s a detailed guide on how to use FTP.

Once you are logged in, you will find your remote site files on the right side.

Now, double click on the directory containing your site files (usually the public_html folder)

In the directory, double click on the wp-content folder.

Next, double click on the themes directory.

After that, double click on your current theme’s folder.

When you find the functions.php file, double click on it to download a copy for safe keeping. We can restore this if anything goes wrong.

Now, right click on the functions.php file and then select view/edit.

With our theme’s function.php file open, let’s proceed to set a cookie.

Setting Cookies in WordPress

Setting a cookie is achieved using the setcookie() function. This function takes in some parameters.

Name of the Cookie (required)
Value of the Cookie (required)
Expiration Date (optional)
Path (optional)
Domain (optional)
Secure (optional)
HttpOnly (optional)

Now let’s set up the cookie that stores the user’s timestamp. On the functions.php file, copy and paste the code snippet below.
function timestamp_cookie() { $user_visit_time = date('F j, Y g:i a');setcookie('fx_visit_time', $user_visit_time, 30 * DAY_IN_SECONDS);} add_action('init', 'timestamp_cookie');
timestamp_cookie() is the function name, you can use whichever name you want.

$user_visit_time is a variable we use to capture the current date the user opened the website.

$fx_visit_time is the name of the cookie we want to set.

Meanwhile, the add_action() function is used to initialize the timestamp_cookie() function we created.

The DAY_IN_SECONDS argument is a constant in WordPress that contains the numerical value of a day in seconds. Performing the 30 * DAY_IN_SECONDS operation sets the cookie to expire after 30 days.

After pasting the code above, save the file. Then visit your website and check your browser cookie settings. You should see a cookie named fx_visit_time saved on your browser’s privacy settings.

Getting Cookies in WordPress

After setting a cookie, the next step would be to ‘get’ the cookie value and use it on the website. You can easily get the cookie using the $_COOKIE[] variable and the name you assigned to the cookie.

Replace the code you pasted initially with the one below. This code set’s the cookie on a first visit, and then on a subsequent visit, greets the user based on the cookie value.
function timestamp_cookie2() { $user_visit_time = date('F j, Y g:i a');// Check if the cookie is already setif(isset($_COOKIE['fx_visit_time'])) {// Do this if the cookie is set function welcome_user() {// retrieve the cookie information $user_last_visit = $_COOKIE['fx_visit_time'];$string .= 'Great to have you back. A lot has been updated since '. $user_last_visit .', when you last visited.'; return $string;} } else { // Set cookie with current timestampsetcookie('fx_visit_time', $visit_time, 30 * DAY_IN_SECONDS);}// Add a shortcode to greet returning usersadd_shortcode('greet_user', 'welcome_user');} add_action('init', 'timestamp_cookie');
Firstly, we check if a cookie has been set, if it exists, then we use the information stored on the cookie to greet the user using the $_COOKIE[] variable. Otherwise, we set the cookie for that user.

After that, we use the add_shortcode() function to create a shortcode for greeting visitors on our site. To use the shortcode, simply place [greet_user] code on the page you wish to display cookie information.

Save the file and visit your website, you should get a notification of the last time you visited the site.

Deleting Cookies in WordPress

If you ever want to delete a cookie in WordPress, simply use the unset() function. Copy and paste the code snippet below.
unset($_COOKIE['fx_visit_time']);
Ensure you replace fx_visit_time with the name of the cookie you want to delete.

How to Add Cookie Popup in WordPress Using Plugin

Since it is now required in the EU that site owners obtain Cookie consent from users, we will be showing you how to set it up.

For this, we will be using the GDPR Cookie Consent Banner plugin available on the WordPress plugin directory.

Firstly, download and install the WordPress cookies consent plugin from your WordPress admin dashboard. See this guide to learn how to install a plugin in WordPress.

After installing the plugin, go to Settings > Cookie Consent, to configure the plugin.

You can simply use the default settings because it works just fine. However, you can further customize the plugin to suit your website.

After configuring the General page, click on Save Changes. Then select the Content tab and edit accordingly.

Now, enter your custom cookie title and message in the heading text and notification text boxes respectively.

Next, select your cookie page (or privacy policy) as the default more info page, then click on Save Changes.

You may also click on the Styles tab to edit the appearance of the cookie popup. And then set the position you want the popup to appear.

After configuring the WordPress cookies plugin, click on the Save changes button to fully activate the plugin.

At this point, go on to visit the website. The cookie details should popup in the area you specified.

Conclusion – WordPress Cookies

In this article, we explained cookies and how they are used on WordPress sites. Also, we provided a detailed guide on how to set, get, and delete cookies in WordPress.

Handling cookies on your WordPress site should no longer be difficult for you.

Of course, if you have further questions, do let us know in the comments below.