TermsBox
PricingBlog
LoginGet Started
PricingBlogLogin
Get Started
  1. Home
  2. Blog
  3. WP Cookie Consent: A Complete Setup Guide
Tutorials

WP Cookie Consent: A Complete Setup Guide

Learn how to set up WP cookie consent on your WordPress site. Covers plugins, GDPR compliance, cookie banners, and best practices for consent management.

TermsBox Team|April 4, 202613 min read

WP cookie consent is a critical compliance requirement for any WordPress site that uses analytics, advertising, or social media cookies. If your site has visitors from the EU, UK, Brazil, or other jurisdictions with cookie consent laws, you need a mechanism that collects consent before placing non-essential cookies.

This guide walks you through setting up cookie consent on WordPress, choosing the right plugin, configuring consent categories, and meeting legal requirements. This article is educational content, not legal advice. Consult a qualified attorney for guidance specific to your situation.

Why Your WordPress Site Needs Cookie Consent

Most WordPress sites use cookies far beyond what site owners realise. A typical WordPress installation with a handful of plugins might set 15 to 30 cookies across analytics, marketing, and functionality categories. Each non-essential cookie requires consent under the GDPR (Regulation 2016/679) and the ePrivacy Directive (Directive 2002/58/EC).

The legal requirements are straightforward:

  • Prior consent is required before setting non-essential cookies (Article 5(3) of the ePrivacy Directive)
  • Consent must be freely given, specific, informed, and unambiguous (Article 4(11) of the GDPR)
  • Users must be able to withdraw consent as easily as they gave it (Article 7(3) of the GDPR)
  • You must document consent to demonstrate compliance (Article 7(1) of the GDPR)

Penalties for non-compliance are significant. GDPR fines can reach EUR 20 million or 4% of global annual turnover. National data protection authorities have issued fines specifically for cookie consent violations, including the French CNIL's EUR 150 million fine against Google in 2022 for making cookie rejection harder than acceptance.

Beyond the EU, cookie consent laws exist in the UK (PECR), Brazil (LGPD), South Africa (POPIA), and several US states. A proper WP cookie consent setup protects you across these jurisdictions.

How WordPress Cookies Work

Before configuring consent, you need to understand what cookies your WordPress site actually sets.

WordPress Core Cookies

WordPress itself sets a limited number of cookies:

  • wordpress_logged_in_[hash]: Authenticates logged-in users
  • wordpress_sec_[hash]: Authentication cookie for secure admin areas
  • wp-settings-[UID]: Stores user interface customisation preferences
  • comment_author, comment_author_email, comment_author_url: Remembers commenter details (set only when someone leaves a comment)

These are generally classified as strictly necessary or functionality cookies. They do not require consent because they are essential for the site to operate as expected.

Plugin and Theme Cookies

The real compliance challenge comes from plugins and themes. Common sources of non-essential cookies include:

  • Google Analytics (analytics cookies: _ga, _gid, _gat)
  • Google Ads and Tag Manager (marketing cookies: _gcl_au, IDE, NID)
  • Facebook Pixel (marketing cookies: _fbp, fr)
  • YouTube embeds (marketing cookies: VISITOR_INFO1_LIVE, YSC)
  • WooCommerce (functionality cookies for cart and sessions)
  • Social sharing plugins (various third-party cookies)
  • Caching plugins (functionality cookies)

A thorough cookie audit is the first step toward compliance. You can run a manual audit using browser developer tools, or use a scanning tool to identify all cookies and scripts loading on your pages.

Choosing a WP Cookie Consent Plugin

Several WordPress plugins handle cookie consent. Here is a comparison of the most established options.

WP Cookie Consent (by flavor)

The plugin that shares the "WP Cookie Consent" name directly. It offers a free tier with basic banner functionality and a premium version with automatic cookie scanning, granular consent categories, and consent logging. It supports Google Consent Mode v2 out of the box.

CookieYes

One of the most widely installed cookie consent plugins for WordPress, with over one million active installations. CookieYes provides automatic cookie scanning, a customisable banner, consent logging, and support for multiple regulations. The free plan covers basic needs, while the premium plan adds geo-targeting and advanced analytics.

Complianz

A comprehensive privacy suite that goes beyond cookie consent to include a cookie policy generator, privacy policy integration, and region-specific consent configurations. Complianz detects cookies automatically and integrates with popular page builders. It also handles US state privacy laws.

Real Cookie Banner

A privacy-focused option built in Germany. Real Cookie Banner takes a conservative approach by blocking all non-essential content and scripts by default until consent is given. It includes a content blocker that replaces embeds with placeholder notices, visual customisation tools, and TCF 2.2 support.

Key Features to Evaluate

When selecting a WP cookie consent plugin, prioritise these capabilities:

  1. Automatic cookie scanning to detect cookies without manual configuration
  2. Script blocking that prevents non-essential cookies before consent
  3. Granular consent categories (necessary, analytics, marketing, functionality)
  4. Consent logging with timestamped records for compliance documentation
  5. Google Consent Mode v2 integration for maintaining analytics functionality
  6. Geo-targeting to show consent banners only where legally required
  7. Customisable design that matches your site's branding
  8. Regular updates reflecting changes in regulations and browser behaviour

Setting Up WP Cookie Consent Step by Step

This section walks through a general setup process that applies to most WP cookie consent plugins. Specific menu names and settings vary by plugin.

Step 1: Install and Activate the Plugin

  1. Navigate to Plugins > Add New in your WordPress admin
  2. Search for your chosen cookie consent plugin
  3. Click Install Now, then Activate
  4. Open the plugin's settings page (usually under Settings or a dedicated menu item)

Step 2: Run a Cookie Scan

Most modern WP cookie consent plugins include an automatic scanner. Run it to identify all cookies your site sets. The scanner typically:

  • Visits your site's pages programmatically
  • Records all cookies set during the visit
  • Categorises cookies based on a known database
  • Flags unknown cookies for manual review

Review the scan results carefully. Unidentified cookies need manual categorisation. Assign each cookie to one of the standard categories: strictly necessary, functionality, analytics, or marketing.

Step 3: Configure Consent Categories

Set up the consent categories your banner will present to visitors:

  • Strictly necessary: Always active, no consent required. Includes session cookies, security tokens, and load balancers.
  • Functionality: Enhances user experience but is not essential. Includes language preferences, video player settings, and chat widgets.
  • Analytics: Measures site usage. Includes Google Analytics, Matomo, and heatmap tools.
  • Marketing: Tracks users for advertising. Includes Facebook Pixel, Google Ads, retargeting pixels, and ad network cookies.

Write clear, plain-language descriptions for each category. Avoid legal jargon. Visitors should understand what each category does and why you use it.

Step 4: Design the Cookie Banner

Configure the visual appearance of your consent banner:

  • Match colours and typography to your site's design
  • Position the banner at the bottom of the page or as a centred modal
  • Include an Accept All button, a Reject All button, and a Manage Preferences link
  • Keep the text concise but informative
  • Link to your cookie policy

The reject option must be equally prominent as the accept option. Hiding the reject button behind a secondary menu or using dark patterns (such as a bright green "Accept" next to a grey "Manage") has been specifically called out by data protection authorities as non-compliant.

Step 5: Link Your Cookie Policy

Your cookie banner should link to a detailed cookie policy that lists every cookie your site uses, its purpose, duration, and category. This policy can be a standalone page or a section within your privacy policy.

A complete cookie policy includes:

  • What cookies are and how your site uses them
  • A table of all cookies with name, provider, purpose, type, and expiry
  • How users can control cookies through browser settings
  • How users can withdraw consent
  • Contact details for privacy enquiries

Step 6: Enable Script Blocking

This is the most technically important step. Your WP cookie consent plugin must prevent non-essential scripts from executing until the user grants consent. There are two common approaches:

  • Script wrapping: The plugin modifies script tags to change their type attribute (for example, from text/javascript to text/plain) until consent is recorded
  • Tag manager integration: The plugin sends consent signals to Google Tag Manager or another tag manager, which controls script firing based on consent state

Test thoroughly after enabling script blocking. Verify that analytics, marketing pixels, and embedded content only load after consent is given. Use your browser's developer tools to check the Network tab before and after granting consent.

Step 7: Test and Verify

After configuration, test your WP cookie consent setup:

Cookie Policy Generator

Create a cookie policy for GDPR compliance. Create yours in minutes with TermsBox.

Generate Now
  1. Clear all cookies and visit your site in a private browser window
  2. Check that no non-essential cookies are set before interacting with the banner
  3. Click "Reject All" and verify no analytics or marketing cookies appear
  4. Clear cookies again, revisit, and click "Accept All," then verify expected cookies load
  5. Test the "Manage Preferences" flow: accept some categories, reject others
  6. Verify that consent choices persist across pages and return visits
  7. Check the consent log in the plugin's admin panel

Google Consent Mode v2 and WordPress

Google Consent Mode v2 became required in March 2024 for sites using Google services in the EEA and UK. It communicates user consent status to Google tags, allowing them to adjust behaviour based on whether consent was granted or denied.

The two required signals are:

  • ad_storage: Controls cookies for advertising purposes
  • analytics_storage: Controls cookies for analytics purposes

When a user denies consent, Google Consent Mode tells Google tags to operate without cookies. Google Analytics still collects aggregated, cookieless data through modelling, preserving some measurement capability while respecting the user's choice.

Most modern WP cookie consent plugins include built-in Google Consent Mode v2 support. During setup:

  1. Enable Google Consent Mode in the plugin settings
  2. Map your consent categories to the appropriate Google signals
  3. Set default consent states (typically "denied" for EU/UK visitors)
  4. Verify the implementation using Google Tag Assistant

Common WP Cookie Consent Mistakes

Avoid these frequent errors when implementing cookie consent on WordPress:

Consent Banner Without Script Blocking

Displaying a cookie banner without actually blocking cookies before consent is the most common mistake. The banner alone provides no legal protection if cookies are already set when the page loads. Always verify that non-essential scripts are blocked until consent is received.

Missing Reject Option

Every cookie consent banner must offer a way to reject non-essential cookies that is as easy as accepting them. A banner with only "Accept" and "Manage Preferences" does not meet this standard. Include a visible "Reject All" button.

Cookie Wall (Take It or Leave It)

Blocking access to your site unless the visitor accepts all cookies violates GDPR consent requirements in most cases. The European Data Protection Board has stated that cookie walls generally do not provide freely given consent. Allow access to your content regardless of consent choice.

Ignoring Plugin and Theme Updates

Cookie consent plugins require regular updates as regulations change and new browser privacy features are introduced. An outdated plugin may fail to block newly added scripts or may not support current standards like Google Consent Mode v2. Keep your consent plugin updated and re-scan your site after installing or updating any plugin.

Not Logging Consent

GDPR Article 7(1) requires you to demonstrate that the user consented. Without consent logs that record the timestamp, consent choices, and user identifier, you cannot prove compliance if questioned by a supervisory authority.

WP Cookie Consent and Your Privacy Policy

Cookie consent does not exist in isolation. Your WordPress site also needs a comprehensive privacy policy that covers all personal data processing, including cookie-based tracking. The cookie consent banner and cookie policy handle the specific requirements of the ePrivacy Directive, while your privacy policy addresses the broader GDPR obligations.

Ensure consistency between your documents. If your cookie policy lists Google Analytics as an analytics cookie requiring consent, your privacy policy should mention Google Analytics as a data processor and explain the legal basis for processing.

For WordPress sites, TermsBox provides a cookie policy generator that creates a policy covering standard WordPress cookies, plugin cookies, and third-party services. Pair it with a compliance scanner to identify what your site actually loads, so your policy matches reality.

Advanced WP Cookie Consent Configuration

Once the basics are in place, consider these additional configurations for a more robust setup.

Geo-Targeting

Not all jurisdictions require cookie consent. If a significant portion of your traffic comes from regions without cookie consent laws, geo-targeting allows you to show the consent banner only to visitors from regulated jurisdictions. This reduces friction for visitors who are not covered by consent requirements while maintaining compliance where it matters.

Premium versions of most WP cookie consent plugins support geo-targeting based on the visitor's IP address. Configure it to show the full consent banner to EU, UK, and Brazilian visitors while showing a simplified notice or no banner to visitors from other regions.

Consent Renewal

Consent does not last forever. Best practice is to re-request consent periodically, typically every 6 to 12 months. Configure your plugin to expire consent records and show the banner again after a set period. This ensures your consent records remain current and reflect any changes to your cookie usage.

Integration With Caching

WordPress caching plugins can interfere with cookie consent by serving cached pages that bypass the consent mechanism. If you use a caching plugin:

  • Exclude cookie consent plugin scripts from caching and minification
  • Configure your caching plugin to serve different cached versions based on consent cookies
  • Test that the consent banner appears correctly on cached pages
  • Verify that script blocking works after a page is served from cache

Accessibility

Your cookie consent banner must be accessible to users with disabilities. Ensure the banner:

  • Can be navigated and operated using only a keyboard
  • Has sufficient colour contrast (WCAG 2.1 AA minimum, 4.5:1 for text)
  • Uses proper ARIA labels and roles
  • Is announced to screen readers
  • Does not trap keyboard focus

Frequently Asked Questions

Do I need a cookie consent banner on my WordPress site?

Yes, if your WordPress site uses non-essential cookies such as analytics, advertising, or social media cookies and you have visitors from the EU, UK, or other jurisdictions with cookie consent laws. The GDPR and ePrivacy Directive require prior consent before placing non-essential cookies.

What is the best WP cookie consent plugin?

The best plugin depends on your needs. WP Cookie Consent (by flavor), CookieYes, Complianz, and Real Cookie Banner are popular options. Look for features like automatic cookie scanning, granular consent categories, consent logging, and Google Consent Mode v2 support.

Does WordPress set cookies by default?

WordPress core sets a small number of cookies for logged-in users and commenters, but does not set tracking cookies by default. However, most WordPress sites use plugins and themes that load third-party scripts such as Google Analytics, Facebook Pixel, or embedded videos, all of which set cookies.

How do I block cookies before consent in WordPress?

Most WP cookie consent plugins offer script blocking that prevents non-essential cookies from loading until the user grants consent. This typically works by wrapping script tags or using a tag manager integration. Some plugins also support automatic script detection and blocking.

Related Tools

Cookie Policy Generator

Create a cookie policy for GDPR compliance

Related Articles

Tutorials

WordPress Cookie Consent Plugin: The Complete Guide

Find the best WordPress cookie consent plugin for GDPR and ePrivacy compliance. Covers free and paid options, setup steps, and legal requirements.

April 4, 202612 min read
Tutorials

WordPress GDPR Plugin: The Complete Setup Guide

Find the best WordPress GDPR plugin for your site. This guide covers features to look for, setup steps, and how to achieve full GDPR compliance.

April 4, 202614 min read
Tutorials

How to Write a Disclaimer: Step-by-Step Tutorial

Learn how to write a disclaimer for your website or business. Covers legal requirements, disclaimer types, examples, and a step-by-step writing process.

April 3, 202613 min read

Ready to Create Your Legal Documents?

Generate professional privacy policies, terms of service, and more in minutes. Free to start, no credit card required.

View All Generators

On This Page

  • Why Your WordPress Site Needs Cookie Consent
  • How WordPress Cookies Work
  • WordPress Core Cookies
  • Plugin and Theme Cookies
  • Choosing a WP Cookie Consent Plugin
  • WP Cookie Consent (by flavor)
  • CookieYes
  • Complianz
  • Real Cookie Banner
  • Key Features to Evaluate
  • Setting Up WP Cookie Consent Step by Step
  • Step 1: Install and Activate the Plugin
  • Step 2: Run a Cookie Scan
  • Step 3: Configure Consent Categories
  • Step 4: Design the Cookie Banner
  • Step 5: Link Your Cookie Policy
  • Step 6: Enable Script Blocking
  • Step 7: Test and Verify
  • Google Consent Mode v2 and WordPress
  • Common WP Cookie Consent Mistakes
  • Consent Banner Without Script Blocking
  • Missing Reject Option
  • Cookie Wall (Take It or Leave It)
  • Ignoring Plugin and Theme Updates
  • Not Logging Consent
  • WP Cookie Consent and Your Privacy Policy
  • Advanced WP Cookie Consent Configuration
  • Geo-Targeting
  • Consent Renewal
  • Integration With Caching
  • Accessibility
  • Frequently Asked Questions
TermsBox

Scan your website, auto-generate legal documents, add a consent banner, and stay compliant. One platform for everything.

Product

  • Cookie Scanner
  • Consent Banner
  • Cookie Policy Generator
  • Pricing

Generators

  • Privacy Policy Generator
  • Terms and Conditions Generator
  • EULA Generator
  • Disclaimer Generator
  • Return and Refund Policy Generator

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
GDPR
ePrivacy
CCPA
LGPD
Google Consent Mode v2
IAB TCF 2.2
© 2026 TermsBox. All rights reserved.