What’s the Deal with Cookie Consent Notices?

What’s the Deal with Cookie Consent Notices?

Surely you’ve seen them many times. They show up as banners at the top or bottom of webpages or as distracting popups. Virtually every website based in the EU is supposed to display them. What am I referring to? Cookie consent notices.

Have you ever wondered why some sites display a cookie consent notice? Do you know whether or not your site should be displaying such a notice? Maybe you know that your site probably should have a notice displayed, but you haven’t gotten around to setting one up.

In this article, I’ll help you figure out if you need to display a notice, explain what the notice should include, and show you how easy it is to add a cookie consent notice to your WordPress site.

But before we dig into the details, let’s set the stage. Why do these consent notices even exist and what is their purpose?

What Is the Cookie Law?

In May 2011, a European Union (EU) Directive was adopted by all EU member countries to protect consumer privacy online. This piece of privacy legislation requires that covered websites:

  • Let users know if they are using cookies
  • Explain what data is gathered through the use of cookies and how that data is used, and
  • Gather user consent to the use of cookies

The law is enforced by governing bodies in the EU, and therefore cannot apply unilaterally to everyone. If you live outside of the EU, have a website hosted on a server outside of the EU, and are targeting consumers anywhere other than the EU, you don’t need a cookie consent notice.

Who Does the Cookie Law Apply To?

  • Any person or organization that is physically located in the EU and has a website
  • Any website that targets EU consumers

However, there is one additional qualification. In order to be covered by The Cookie Law your website has to use cookies.

Does My Site Use Cookies?

Yes. All WordPress websites use cookies.

The WordPress core software uses cookies for user authentication and for commenting, and plugins use cookies in a wide variety of ways.

This blog has covered the topic of how WordPress uses cookies before. If you want to learn more about this topic you should read Cookies and WordPress: How to Set, Get and Delete.

Not all Cookies are Created Equal

Even if your site is based in the EU and targets EU consumers, you still might not need a cookie consent notice (but you probably do). It all depends on the type of cookies your site uses.

The Cookie Law distinguishes between two different kinds of cookies: Session cookies and persistent cookies.

  • Session cookies are the cookies that are strictly required for website functionality and don’t track user activity once the browser window is closed. Examples of session cookies include faceted search filter cookies, user authentication cookies, cookies that enable shopping cart functionality, and cookies used to enable playback of multimedia content.
  • Persistent cookies are cookies used to track user behavior even after they have moved on from your site or closed the browser window. Cookies used by analytics programs and advertising tracking cookies are the most common types of persistent cookies.

Sites that make exclusive use of session cookies do not require a cookie consent notice. However, sites that make use of any persistent cookies do require a cookie consent notice.

The cookies used by the WordPress core are session cookies. So, it’s theoretically possible to run a WordPress site that doesn’t require cookie consent.

In reality, you would be very hard-pressed to find a WordPress site that only uses session cookies.

Use any sort of analytics program, display advertisements or affiliate links, use a single sign-on authentication system, or track visitors in any other way, and your site is using almost certainly using persistent cookies.

In short, if your website is based in the EU or if you are targeting consumers in the EU, and your site uses even a single persistent cookie, you need to display a cookie consent notice.

You might be wondering to yourself: “Well, what if I don’t want to do this? Who’s going to make me?”

Good question.

Unless your site is quite popular, abuses user data in some way, or someone complains to a governing authority, there’s a good chance nothing will happen if you don’t comply. However, failure to comply can include a sizeable fine, and the cost of complying is incredibly low–at least for WordPress users.

Better safe than sorry, right?

How to Comply with The Cookie Law

To comply with the law you need to do three things:

  1. Let users know that you’re using cookies
  2. Provide a link where they can learn more about how you use the data you gather
  3. Provide a way for users to consent to the use of cookies

The most common way to do this is to display a small banner at the top or bottom of your website with a link to a detailed privacy policy and a button to consent to the use of cookies and hide the banner.

screenshot of cookie consent notice at silktide

Some websites go a bit over the top and even let you manage cookie preferences. This sort of feature is certainly not required by the law, and I would question whether it could possibly be worth the time and effort.

screenshot of over-the-top cookie consent notice at cookiepedia

There are two types of consent that websites can gather: Implied consent and explicit opt-in consent.

Explicit consent is pretty straight-forward. Users have to click a button, select a checkbox, or complete some other specific activity to opt-in to the use of cookies. When explicit consent is gathered, there’s no way for users to accidentally consent to the use of cookies.

Implied consent is a little more nebulous. For implied consent to satisfy the requirement of the law, a clear notice must be provided and the user must be made aware that a specific action will be understood as implied consent to the use of cookies. One common way that implied consent is gathered is to display a prominent cookie notice that ends with a statement like: “By continuing to use this site you agree to the use of cookies.”

The legislation applies whether a user is on a computer, smartphone, tablet, or any other device. So when you set up a cookie notice it’s important to make sure that the notice appears and functions appropriately on all devices.


As with virtually all WordPress website features, there’s a plugin for handling cookie consent notices. Actually, there are many, many, many plugins available to handle cookie consent notices.

Here are few that are particularly popular, highly-rated, or uniquely interesting to get your search for the perfect cookie consent plugin started.

  • Cookie Notice by dFactory

    cookie notice by dfactory plugin

    This plugin adds a new Cookie Notice option in the Settings menu. From that page you can craft a cookie notice message, set button text, create a Read more link, control placement of the notice, decide whether or not to gather implied consent on scroll, set color options, give users the ability refuse to accept non-functional cookies (although this option requires advanced cookie and WordPress knowledge), and more.

    This plugin is a good option for websites that want to be able to control every aspect of the cookie consent notice and want to offer advanced features, such as the ability to block non-functional cookies like analytics and advertisement tracking cookies.

  • Cookie Law Info

    This plugin adds a new Cookie Law Info item as a primary menu link in the Admin menu. The options page for the plugin is simple and self-explanatory. Place the notification bar in the header or footer and select from various animation and auto-hide behavior options. In addition, this plugin provides full control over all colors applied to the notification bar including all button colors and styles.

  • Cookie Consent

    cookie consent plugin

    Cookie Consent is added as an Admin menu item right where it should be: Settings > Cookie Consent. Be aware that on activation this plugin automatically creates a Cookie Policy page that displays a standard cookie explanation with a link to AboutCookies.org. From the settings menu you can control how the cookie notice is closed (on click or timed), decide how long to wait before re-asking a user for cookie use consent, adjust the cookie notice message, set the position of the notice, and style the appearance of the notice.

    One interesting feature offered by this plugin is the ability to select a First Page Only option which causes the notification to only be displayed on the first page the user visits. If paired with a clear implied consent message, this setting could be used to create a cookie consent notice that was as low-profile and minimally disruptive as possible.

  • Easy WordPress Cookies Popup

    easy wordpress cookies popup plugin

    You couldn’t possibly make cookie consent notices any easier than Easy WordPress Cookies Popup. So easy that it might actually be too easy.

    Activate this plugin and then go to Settings > Cookie Notification to configure plugin settings. The only settings include the ability to customize the cookie notification message and the ability to position the message at the top or bottom of the site. The notification is only displayed on the user’s first page view after reaching your site, so make sure to include a clear implied consent message.

    While this plugin is dead-simple and is unlikely to bother your users if your site makes heavy use of cookies the very lighthanded notification method implemented by this plugin may be inadequate. However, for most sites, especially those that aren’t doing anything more out-of-the-box than using Google Analytics and Adsense, this plugin is the simplest option to set up.

  • WP Cookie Banner

    This plugin’s settings page can be found by going to Settings > WP Cookie Banner. Available options include a range of preset notification banner cookie duration periods, banner display timeout options, fully customizable cookie banner CSS, and the ability to customize the banner message.

    Once the settings are applied, the notification is only displayed a single time even if the banner times out before the user has a chance to read the message. So be sure to set a banner timeout duration that is long enough for visitors to notice and read the displayed message. Also, while the default styling is really very nice, if you want to change anything you will need to be familiar with CSS since all styling settings have to be modified by manually adjusting the plugin CSS.

How the Cookie Crumbles

Websites that use persistent cookies and are based in the EU or target EU consumers should display a cookie consent notice to site visitors. Using an implied consent method to gather user consent is acceptable, and there are many good plugin options in the WordPress Plugin Directory that can be used to easily and quickly create an attractive and informative cookie consent notice.

Does your site have a cookie consent notice? How do you gather consent? Have you ever received a complaint about your use or non-use of a cookie consent notice?
Jon Penland
Jon Penland Jon manages operations for Kinsta, a managed WordPress hosting provider. When he isn't figuring out the ins-and-outs of supporting WordPress-powered businesses, he enjoys hiking and adventuring in northeast Georgia with his wife and kids.