WordPress Cookies
You’ve probably noticed that a lot of the websites you visit “remember” things about you. The information they store can be anything from your login credentials to items you’ve browsed, articles you’ve liked, and more.
To do that, websites use what are called “cookies.” Cookies on the web enable sites to store key information safely within visitors’ browsers. That way, they can provide a more personalized experience without putting user data at risk.
In this article, we’ll break down how cookies work and the ways WordPress in particular uses them. Then we’ll teach you how to set up custom cookies in WordPress. Let’s get to work!
What Are Cookies in WordPress?
Simply put, cookies are files that your website stores in visitors’ browsers, which contain information about them. Here are some common examples of cookie use throughout the web:
- Storing login credentials so users don’t have to re-enter them each time they visit your site
- Remembering specific pages that visitors have been looking at lately (i.e., “Recent products” on eCommerce sites)
- Noting specific user behavior, such as when they last visited your site
Cookies are everywhere on the web, to the extent that there’s even specific legislation that governs how you can use them in some parts of the world.
Overall, browsing the web would be a slower and less personal experience without cookies. Websites wouldn’t be able to remember any of the information that makes your life easier. That’s why WordPress is set up to use cookies out of the box.
How WordPress Uses Cookies
By default, WordPress generates two types of cookies unless you tell it to do otherwise. Those include:
- Session cookies. These are the ones that tell your browser: “Hey, we just logged into this site a while ago, so let’s not close the session just yet”. That saves you from having to log in over and over again on the same sites.
- Comments cookies. Whenever you comment on a WordPress website, it will save some of your details so you don’t have to re-enter them later on. That can include your username, email address, and more.
It’s important to reiterate that cookies reside within each user’s browser. That means they’re safe even if someone breaches the website’s security, which is exactly why they’re often used to handle sensitive information.
How WordPress Plugins Use Cookies
As you might imagine, WordPress plugins and other third-party tools also make extensive use of cookies. For example, if you use a related posts plugin, it probably takes advantage of cookies to store information about which pages users have viewed.
Likewise, analytics plugins tend to use cookies to store user behavior data. In most cases, these cookies are harmless. However, these days you might need to display a cookie notice on your website, depending on where you do business.
You’ve probably seen these cookie notices all around the web, and it’s no coincidence. People are more interested than ever in online privacy, so it only makes sense that many websites try to be as transparent as possible.
How to Set Cookies in WordPress (2 Steps)
You’ll need to use PHP to create and set up cookies in WordPress. Where you add the necessary code depends on whether you want to use your theme or a custom plugin. Let’s take a look at how the first method works.
Step 1: Open Your Theme’s functions.php File
In most cases, the theme approach is the easiest route to take. To set a new cookie, you’ll want to edit your active theme’s functions.php file.
First, access your website via FTP and navigate to the public_html/wp-content/themes directory. Inside, you’ll find individual folders for each theme that’s installed on your website.
Open your active theme’s folder, and look for the functions.php file inside. To add a custom cookie, you’ll need to include some additional code within this file. Before that, however, you need to understand what parameters you can use:
- The name of the cookie
- Its value
- How long until it expires (it can’t last forever!)
- Which pages the cookie will act on
- Your domain and/or subdomains
- Whether it should transfer over HTTP or HTTPS
We’re going to use most of these parameters within the next section, so don’t worry if you don’t fully understand what each of them does just yet.
Step 2: Add Your New Cookie’s Code
Once you open the functions.php file, you’ll be able to add custom code to it. Here’s an example of the code you’d use to add a new cookie:
function cookies_timestamp() {
$visit_time = date('F j, Y g:i a');
if(!isset($_COOKIE[$visit_time])) {
setcookie('visit_time', $current_time, time()+86400);
}
}
That code includes three of the parameters we laid out in the last section. There’s the cookie name (cookies_timestamp), its value (visit_time), and how long until it expires.
What this particular cookie does is generate a timestamp of the last time someone visited your site. You might then use the cookie to display a message such as, “Your last visit was on January 25th, 2019.” This lets users know if someone else has accessed their account.
As for the expiration time, you’ll notice that it uses seconds. We set the value for a day, which is pretty short by cookie standards. The rest of the parameters don’t matter as much, because the default options work well enough in almost every case.
When you’re done configuring your cookie, save the changes to functions.php and close it. Then, your cookie will start working right away!
How to Get a Cookie and Use it in WordPress
In the last section, we talked about how you can use cookies in web development to pull up relevant user-specific data. There’s a specific function you can use to ‘get’ cookies, so to speak.
To use it, you’ll need to edit your theme’s functions.php file once more. Here’s a quick example:
function get_cookie() {
$visit_time = date('F j, Y g:i a');
if(isset($_COOKIE['visit_time'])) {
function placeholder() {
}
}
}
In a nutshell, this creates a second function that checks to see if the visit_time cookie we created during the last section is there. If it is, then the code will execute a second function (the placeholder value), which we left blank for your benefit.
Deleting a Cookie in WordPress
Creating cookies is simple enough if you know what parameters to use. Plus, cookies expire with time (depending on the values you set). However, if there’s a situation where you want to edit a cookie or you don’t need it anymore, you can delete the original.
To delete a cookie, you’ll need to use the following code, which once again goes within your theme’s function.php file:
unset($_COOKIE['visit_time']);
As always, remember that we’re using placeholders in our example. You’ll want to modify that code depending on the specific cookie’s name. Once you unset the cookie, you’re free to replace it with a new version or leave it as is.
Cookies & the WP Engine Digital Experience
Cookies are one of the many ways modern websites can provide their users with a better experience. Using WordPress, you can configure cookies to personalize your site for each visitor.
If you want to learn about other techniques for improving the user experience, check out our developer resources, where you can find dozens of guides and tutorials. While you’re at it, improve your experience with a host specifically optimized for WordPress. Take a look at our plans—chances are you’ll find a great fit!