Why almost every WordPress site uses cookies
WordPress itself relies on cookies for important logged-in behavior. The official WordPress
developer documentation explains that cookies are needed for login sessions, authentication,
and related admin behavior. Public sites can also use comment cookies when visitors leave
comments and choose to save their details.
The harder part is usually not WordPress core. Most commercial sites add more behavior through
plugins, themes, embedded media, forms, pixels, analytics tools, ecommerce features, and tag
managers. Those additions can introduce cookies from multiple providers and purposes.
When consent is needed in Sweden and the EU
Sweden's Post and Telecom Authority, PTS, explains that cookies generally require consent
before they are used, with an exception for necessary cookies. PTS also says consent must be
active, specific, informed, and possible to withdraw.
Necessary cookies are tied to a service the visitor requests. A cart cookie in a store, a login
session, or a cookie required for the site to function can be necessary. Analytics and marketing
cookies are different: they may be valuable for the business, but that does not automatically
make them necessary for the visitor's requested service.
Important: This article is practical product guidance, not legal advice.
Review your final banner, policy, and data flows with the people responsible for legal and
privacy decisions in your organization.
A practical cookie banner workflow for WordPress
1. Start from inventory, not assumptions
Before writing banner text, list the cookies, providers, scripts, and purposes that appear on
the site. The list should separate WordPress core behavior from plugin behavior and third-party
embeds. This gives the banner and policy real substance.
2. Give equal access to accept, reject, and customize
PTS is explicit that it should be as easy to say no as yes, and that passive behavior such as
continued browsing is not valid consent. A first-layer banner should therefore make the main
choices understandable without sending visitors through a maze.
3. Let visitors change their choice later
Consent is not a one-time design event. Visitors need a persistent way to reopen preferences,
inspect categories, and withdraw or change consent later.
How ACookies fits the WordPress workflow
ACookies is built around a review-first workflow inside WordPress: configure the banner, scan
the site, review AI-assisted cookie suggestions, publish policy text, and keep consent records
tied to policy version and language context.
A good first step is the free cookie policy generator.
It scans a public URL and drafts editable policy HTML that can be reviewed before publishing.
For installed WordPress sites, the AI cookie scanner helps
identify cookies, providers, domains, and script evidence, while ACookies
pricing explains the Free and Pro paths.
Pre-publish checklist
- Open the site in a fresh browser session and check what loads before consent.
- Confirm that non-necessary analytics or marketing tools do not run before the relevant choice.
- Check that accept and reject actions are equally visible and easy to use.
- Verify that the preference center can be reopened from a visible link or control.
- Review every cookie category and policy description before publishing.
FAQ
Do all WordPress sites need a cookie banner?
Not necessarily. The practical question is whether the site stores or reads non-necessary
cookies, such as analytics, marketing, or third-party embed cookies. Necessary cookies can be
treated differently, but they still need clear information.
Are analytics cookies always necessary?
No. PTS explains that necessary cookies are tied to a service the user requests, and
statistics is not automatically necessary just because it is useful to the site owner.
Can AI generate the cookie policy without review?
No. ACookies uses scanning and AI-assisted suggestions to speed up review, but the site owner
should check categories, descriptions, sources, and policy wording before publishing.
Sources and further reading
Start with the actual cookies on your site.
Scan a public URL and get a first editable policy draft before deciding what your banner
needs to say.
Try the free generator
