Are you GDPR compliant on WordPress?Like most, you probably know that you need consent from the customer to sign them up for your newsletter. You might also know that you need to be careful about how you treat emails with sensitive information. But how do you handle unknown visitors? Are you allowed to track them on your website without consent? On the one hand, you want to stay compliant with the European laws, but on the other hand, you want to keep using your beloved tools like Google Analytics and Hotjar. You also want to keep tracking important marketing KPIs like your top 10 SEO KPIs. Don’t worry, you can do both! And, you don’t need to spend thousands on consultant fees to do it. Just keep reading! In this article, we are going through the steps needed to become GDPR compliant on WordPress. In other words, you want to make your WordPress website handle cookies correctly.
Cookies? No thanks, I’m not hungryOf course, your website needs to have a cookie consent warning if you are using cookies. And you will definitely have some of those if you are using a CMS system like WordPress! But how do you know what cookies your website is placing on your users’ devices? To make things even more complicated, how do you know which cookies are placed by third parties like the providers of the plugins you use? These are really important questions if you want to become GDPR compliant on WordPress. It is time for the first trick in the GDPR-book: a tool for showing the cookies placed by your website – your browser. That’s right, you don’t need any fancy plugins or websites to know which cookies there are on your website. In Google Chrome, you simply go to your website and click the lock in the upper left corner next to the address bar. It will reveal the cookies placed by the site.
How do I give my users a choice?The GDPR cookie directive implies that the user should
- Be presented with the cookies used by a website and the purpose of them
- Be given a choice that is not based on a consent for using the service
Remove unnecessary cookiesIt might sound easy, but in fact, it can be a struggle to control cookies from third parties. That’s why the easiest is to try to limit the number of cookies coming from third-party plugins. Start by looking at the plugins that place cookies and see if you can find alternative plugins that don’t do it. An example could be some of the social media plugins for sharing your blog posts. Many of the free ones place a tracking cookie on your users’ computers. This way the companies behind them collect user data as their “payment”. The data might then be sold for advertising purposes among other things. But, there are often free open source alternatives that will not place any tracking cookies. Those will make your job as a cookie compliant company a lot easier, and therefore, it will help you become GDPR compliant on WordPress.
Now deal with the existing cookiesWhen all unnecessary cookies are gone, then what do you do with the cookies placed by your favorite tools? The tools where you would never consider using an alternative, e.g. Google Analytics or Hubspot. These tools are a necessity from a business point of view, yet they aren’t from a customer’s point of view. Therefore, users need a way to be able to decline them. Well, here comes the tricky part. You need a way to show the content of your page before placing tracking cookies on your users’ computers. But, you also want to preserve the valuable knowledge that you get about how the users use your page. There are different ways to solve this issue. An easy way is to buy a plugin or tool that takes care of handling the cookies and consent. These tools are called consent management platforms. Yet, a recent study shows that only 11.8% of these platforms comply with European laws. So, not only are these tools expensive, but some of them are not even enough to avoid the GDPR fees. But don’t worry, you can continue reading and learn how to do it yourself for free.
Adding HotjarIf you are using the official Hotjar plugin for WordPress, you’ll want to change to a more old fashioned way of installing it. This is despite the recommendation by Hotjar, but it is much easier to control. This way, you’ll know when tracking cookies are placed and you’ll be able to control them. And yes, you might want to grab your best developer friend at this point or pay close attention, because things are going to get a bit technical.
Disable or remove the Hotjar plugin from your WordPress site. We are going to use a snippet of code instead to set up Hotjar.
Get the tracking code from insights.hotjar.com/site/list. Click the little “Tracking Code” button. It should look something like this:
Instead of pasting the code into the header section of the website as explained in Hotjar, you need to go to the “Integrations” sub-menu of the Complianz menu. Then, paste the code into the part called “Scripts to add services, for example, Facebook Pixel, Hotjar, etcetera.”. This section of code will only run when you get the needed consent from the user.That’s it. Wasn’t that bad, right?