Disable Comment Cookies in WordPress for Better GDPR Compliance

WordPress sets some cookies which are not strictly necessary. Here is how to disable comment cookies for better GDPR compliance.

By Tim TrottWordPress • September 28, 2012
Disable Comment Cookies in WordPress for Better GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union to protect personal data and the privacy of individuals, ensuring data subjects' rights and imposing strict rules on data handling and protection by organizations. It came into effect on May 25, 2018.

Earlier in 2012, the European Union introduced a directive requiring that websites obtain permission to set all 'non-essential' cookies. In the UK, the details are provided by the ICO, which states that sites that set cookies that are not strictly necessary for the site's operation must ask permission from the user.

WordPress, by default, stores cookies on two occasions:

WordPress sets a cookie upon user login, which is essential for users to allow access to the administration system and falls into the strictly necessary bucket. A simple message on the login page stating, "By logging into this site, you agree to cookies being stored on your computer" will suffice.

The other cookie is used to store the name and e-mail address of people leaving comments and is more of a convenience rather than a necessity. You could add a message similar to the one above to the comments form, or if you prefer, you can disable these cookies from being set altogether.

Since WordPress 3.4, there has been a hook that you can use to set comment cookies. This hook is called set_comment_cookies, and you can turn off comment cookies by simply removing actions from it.

In your themes functions.php (or you can create a WordPress plugin) with this code:

php
remove_action( 'set_comment_cookies', 'wp_set_comment_cookies' );

Earlier versions of WordPress should be upgraded, but if this is not possible, you have to edit one of the core files to turn off cookies. Be careful when modifying core files, as they can often break your site if not done correctly, and any changes you make will be overwritten when you upgrade to a newer version.

In comments-post.php towards the bottom, you will find a code block like this:

php
if ( !$user->ID ) {
  $comment_cookie_lifetime = apply_filters('comment_cookie_lifetime', 30000000);
  setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
  setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
  setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
}

Comment this out to turn off cookies.

About the Author

Tim Trott is a senior software engineer with over 20 years of experience in designing, building, and maintaining software systems across a range of industries. Passionate about clean code, scalable architecture, and continuous learning, he specialises in creating robust solutions that solve real-world problems. He is currently based in Edinburgh, where he develops innovative software and collaborates with teams around the globe.

Related ArticlesThese articles may also be of interest to you

How to Determine Paged Comments in WordPress
How to Use Custom Gravatars Icons in WordPress
Re-Enable a Greyed out WordPress Publish or Update Button

CommentsShare your thoughts in the comments below

My website and its content are free to use without the clutter of adverts, popups, marketing messages or anything else like that. If you enjoyed reading this article, or it helped you in some way, all I ask in return is you leave a comment below or share this page with your friends. Thank you.

This post has 3 comments. Why not join the discussion!

New comments for this post are currently closed.