Cookiesentry

Platform guide

WordPress cookies

Core WordPress cookies typically support logged-in sessions, comment preferences, and admin functionality. GDPR risk usually comes from the plugin ecosystem layered on top of that foundation.

Cookie entries

Consent required

Case-by-case review

How to audit WordPress

WordPress core cookies may be exempt when they support authentication or requested features, but plugins frequently introduce non-essential analytics, social, or marketing cookies that need consent.

Audit not only the WordPress core cookies but also every plugin, theme, embedded form, analytics snippet, and marketing script added by editors or agencies.

Audit checklist

Separate core WordPress cookies from plugin-generated cookies in your policy.
Scan key templates such as homepage, blog, contact forms, and logged-in areas.
Review plugin changelogs and staging deployments before new scripts reach production.
Test whether consent rejection actually prevents analytics and marketing plugins from firing.

Where GDPR risk usually starts

A single plugin update can silently add new third-party requests and cookies.
Cookie banners on WordPress often block front-end scripts but miss plugin or iframe behavior on specific templates.
Multilingual, caching, and form plugins frequently add preference or tracking cookies that are poorly documented.

Provider mix on this platform

WordPress2 cookies

Essential Functional

WordPress cookie reference

wordpress_logged_in_<hash>EssentialNo consent required

Set when a user logs in to WordPress. Used by the WordPress interface to keep the user signed in.

Expires: Session or 14 days (with Remember Me)

WordPress Foundation

WordPress

wp-settings-<user_id>FunctionalCase-by-case

Persists logged-in WordPress users' admin interface preferences (e.g., dashboard layout).

Expires: 1 year