Disable Comment Cookies in WordPress for Better GDPR ComplianceWordPress sets some cookies which are not strictly necessary. Here is how to disable comment cookies for better GDPR compliance.
Earlier in 2012, the European Union introduced a directive requiring that websites obtain permission for setting all 'non-essential' cookies. In the UK, the details are provided by the ICO and basically, require that sites which set cookies that are not strictly necessary for the operation of the site ask permission from the user.
WordPress by default stores cookies on two occasions:
WordPress sets a cookie upon user login which is essential for users to allow access to the administration system and falls into the strictly necessary bucket. A simple message on the login page stating something along the lines of "by logging into this site you agree to cookies being stored on your computer" will suffice.
The other cookie is used to store the name and e-mail address of people leaving comments and is more of a convenience rather than a necessity. You could add a message similar to the one above to the comments form, or if you prefer, you can disable these cookies from being set altogether.
Since WordPress 3.4, there is a hook that you can use for setting comment cookies. This hook is called set_comment_cookies and you can disable comment cookies from being set by simply removing actions from it.
In your themes functions.php (or you can create a WordPress plugin) with this code:
remove_action( 'set_comment_cookies', 'wp_set_comment_cookies' );
Earlier versions of WordPress should be upgraded, but if this is not possible you have to edit one of the core files to disable cookies. Be careful when modifying core files as they can often break your site if not done correctly, and any changes you make will be overwritten when you upgrade to a newer version.
In 'comments-post.php' towards the bottom you will find a code block like this:
if ( !$user->ID ) {
$comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
}
Simply comment this out to disable cookies.