THIS POST IS OLD OUT OF DATE. Due to personal circumstances I am no longer able to support the CCA plugin mentioned in this article.
Under EU GDPR regulations/law your site must seek prior consent before allowing cookies to be served to visitors from the EU/EEA (even if your site is located outside the EU).
On visiting a site with a “cookie consent” notice, I don’t feel empowered just irritated.
However; it is possible to limit cookie consent notices to EU visitors ONLY, sparing your NON-EU visitors this annoyance (and partially functioning cookie-less pages).
Make your WordPress Site only display Cookie Consent options to visitors located in the EU
If you are using a caching plugin read this first
1. Install the Cookie Notice and Category Country Aware WordPress (CCA) plugins.
The CCA plugin identifies your visitor’s location, and tells Cookie Notice when to display the EU Cookie Law bar. Cookie Notice displays your customized bar.
2. Configure Cookie Notice to display the bar with your choice of text and options in an appropriate style and position for your site.
Dashboard->Settings->Cookie Notice customise and save settings.
3. Set the CCA plugin to control Cookie Notice output.
Dashboard->Settings->Category Country Aware
(On first use of CCA plugin only: go to the “General” tab and check the “Intialize GeoIP” box and Save Settings. then:)
Open the “Countries” tab, scroll down, enable Cookie Notice check box and save settings. If you wish you can also edit the list of “EU country codes”.
*** Job Done***
4. A quick test to ensure its working:
Just add or remove the country code for your location from the list of countries and save settings, and go to one of your posts. If the list includes your country code the bar will be displayed, otherwise it won’t.
After testing: Don’t forget to change the list of counties back to its original setting and, if using WPSC or Comet caching, clear cache.
Other “EU” functionality provided by the CCA plugin (advanced users)
The CCA plugin provides 2 shortcodes that can be used in posts and shortcode enabled widgets (like the “CCA Text/HTML and RSS” widget):
[cca_is_EU]text/Javascript/other shortcodes for visitors from EU[/cca_is_EU]
[cca_not_EU]some text/JS/other shortcodes included if non-EU visitor[/cca_not_EU]
You are [cca_not_EU]NOT [/cca_not_EU]from the EU.
Live example: You are NOT from the EU.
EU visitor detection function for use in your own PHP code (or by other plugins):
cca_is_EU() returns TRUE if visitor is from the EU; or false otherwise.
An API is also provided which enables plugin authors and coders to obtain visitor country/EU location via Ajax for use in their own javascript.
N.B. Your list of “EU” countries (see image above) is used to determine whether or not the visitor is “from the EU”.
If you are using a caching plugin
Using caching plugins other than Comet Cache and WP Super Cache?
Then you shouldn’t use this solution (although you can contact me re possibility of a custom solution). At a later date country/EU caching may also be provided for Rocket Cache and W3TC – subject to my workload.
Caching plugins do not usually work with server geo-location; they take a “snapshot” (cache) of a page when it is first visited and all subsequent visitors see the same snapshot. If the first visitor was from Germany then the snapshot will include the cookie bar and your visitor from US will be served this snapshot and also see the cookie bar.
Using Comet Cache or WP Super Cache:
If you are using Comet Cache you can install and configure this Country Caching extension to make caching country (and EU) aware. Likewise; for WP Super Cache you can install this WPSC extension. In CC extension settings enable “group caching”, by default the group should contains all EU country codes but it is probably best to copy and paste it from your EU list on CCA’s settings.
Category Country Aware plugin and use with new version of Cookie Notice for GDPR
GDPR applies to EEA countries as well as EU. If you are a previous user of CCA you should add 3 EEA countries (,IS,LI,NO) to you “EU” List (image below). For new users the latest version of CCA will automatically include these in the list.
- You can test by adding and removing your own country from CCA’s “EU list” – use a browser where you can check and delete cookies (e.g. use “developer” setting on Chrome or Opera)
- With Cookie Notice the first page someone visits is not served cookies. When they click on accept Cookie Notice reloads the page downloading cookies. Cookie Notice allows you to choose whether on not first landing page is refreshed. No reload means cookies will not be set for that page but will be for all other pages visited. CCA uses your choice CN reload setting to decide whether to refresh the first page of non-EU visitors, but does it earlier before the page starts to display so it is unnoticeable.
Related articles
Adding GDPR soft opt-in to Cookie Notice
Cookie Notice & Google Analytics – a partial fix for CN’s reload problem
More about the CCA plugin
I’m the author. Most of the sidebar content on this page is provided by CCA widgets, what is displayed depends upon the category of the page and where you are from (if you view my posts on Chinese Phablets you will see different sidebar content).
You can also have responsive ads within posts that only appear on small devices. and much much more. More on its capabilities in this post.
.
Thank-you so much for this. My blog has mostly US visitors and a minority of EU visitors. I was looking for a solution to geo-target EU visitors, so as to comply with Google’s adsense policy. Yours worked perfectly.
Any caching options for W3 Total cache users? I love how simple this work around is. Loathe that the 99% of my users in the US would have to see a stupid cookies pop-up that doesn’t even apply to them.
Edit: I have looked at recent versions of W3TC and for versions 0.9.6 on I think a solution is possible – however whether I have the opportunity to write a country caching extension for W3TC depends on my workload.
Sorry, only WPSC and Comet Cache. If you are lucky with PHP 7 you may find your site is fast enough without caching. PHP 7 vastly speeds up the building of pages and, for many, makes caching no longer necessary. On my uncached WP sites page speed times reduced by 30 to 50%.Totally agree with you. Both as a surfer and site admin I find the EU law a pain – and things are just about to get worse! Sites will have to comply with new GDPR regs as from May 2018. Cookie Notice (even blocking cookies by default) will not be enough (by itself) positive consent for data storage e.g. email addresses on comments; and right to request info on what info is held are also part of GDPR.
I wholeheartedly second Leah’s suggestion and request for the additional development of caching options to support W3 Total Cache.
Edit: at some point this may happen, see my updated answer to Leah.
WPSC and Comet Cache both provide interfaces for other plugins to use AND “clear” (or at least understandable) documentation on creating the interface. I’ve not found similar for W3TC. It also takes many (unpaid) man hours to develop and test these caching extensions; so even if W3TC provided what was needed I couldn’t produce an extension plugin for W3TC any time soon. Now my sites run on PHP 7 I don’t use any caching plugin except to test updates to WPSC or Comet country caching extensions.
Thankyou: your plugin (combined with Cookie Notice) is perfect for websites like mine that only have a few European visitors but need a cookie banner to comply with the GDPR. Its great to be able to show the cookie banner only to those people who legally HAVE to see it (rather than inflict it on everybody!).
Where can I get help with this solution (i.e. someone to add a banner or help me block EU citizens) for a static WP site? I don’t use GA or know anything about the cookies that might be at play in the background, or more than the most generic things about the front end of WP. I will gladly remove my form and social media buttons. The site is literally just for storing content that I point people to directly, so it only just now struck me that GDPR might relate to me.
Sounds like you won’t need a banner then (if you replace your contact form with an ’email me!’ link and remove social media sharing buttons). Just add a cookie and privacy statement stating that your website only uses functional cookies and that you don’t collect any data. But remember to add that any personal data that a visitor sends you via email may be used to … (send them a reply / add to your CRM / whatever you do with the data). You can download those kind of generic statements from various places online, for free.
Can CCA be easily adapted for use with other cookie consent plugins?
In particular, Ginger already has the new GDPR requirements built in with blocking available for common 3rd party cookies.
CCA can work with any GDPR Cookie plugin that has a hook to bypass consent banner and cookie blocking (for the current visitor). CCA contains the code for Cookie Notice’s hook. For other GDPR plugins you’d have to create a custom filter in functions.php (or your site’s own functions plugin) e.g.
add_filter( 'the_GDPR_filter_name', 'only_for_EU', 99);
function only_for_EU( $unfilteredGDPRpluginValue ) {
if ( cca_is_EU() ) return $unfilteredGDPRpluginValue;
return 'value that ensures cookies allowed and no banner for consent';
}
But I don’t know which plugins other than Cookie Notice provide such a hook.
You could ask Ginger either to provide a hook; or (better, no need for code by you) Ginger to use the CCA function mentioned in the article. It would require them to add a couple of lines of code.
if ( function_exists('cca_is_EU') && ! cca_is_EU() ):
// if CCA plugin is running and visitor not from EU
// Ginger does nothing
else:
// Ginger's code for Cookie consent/allow/block
endif;
Not tested, but I assume it will work. Get them to let me know if they do this and I’ll modify the article to highlight it being “built in” to Ginger.
The updated continent / country codes for GDPR would actually be:
EU,AT,BE,BG,HR,CY,CZ,DK,EE,FI,FR,DE,GR,HU,IS,IE,IT,LV,LI,LT,LU,MT,NL,NO,PL,PT,RO,SK,SI,ES,SE,GB
This feedback is based on page 15 of “The GDPR: new opportunities, new obligations — What every business needs to know about the EU’s General Data Protection Regulation” resource PDF provided by the European Commission (https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-sme-obligations_en.pdf), which states:
“The GDPR applies to the European Economic Area (EEA), which includes all EU countries plus Iceland, Liechtenstein and Norway.”
Hope this helps! 🙂
Thanks April. Yes GDPR is also applicable to 3 EEA countries not in EU. I am intending to include these in the default “EU list” when I next update CCA plugin. In the meantime users can manually add “,IS,LI,NO” to the list via CCA’s settings.
So I’m a trying to implement this and everything works beautifully.
But the GDPR rules seem to state that you can’t load the tracking unless someone accepts the Cookie (not implied consent).
When you only display the cookie banner in the EU countries the Script blocking function of Cookie Notice plugin – if ( function_exists(‘cn_cookies_accepted’) && cn_cookies_accepted() ) {
// Your third-party non functional code here
}
won’t then get the “cookies accepted” for the non-EU countries that don’t display the cookie banner.
Or am I missing something?
When I tested it, my Facebook Pixel doesn’t load in the US.
Hi Andrea
The current version of CN (like many others) is not yet GDPR complant. On the support site they say a GDPR compliant version will be released by 25 May.
Pre GDPR: It is/was only necessary to provide a “we use Cookies OK” notice to EU/EEA visitors and not provide option to reject cookies. So (since 2015) the CCA plugin has identified whether it is an EU visitor and if so tells CN not to display the banner. I’m not sure if it is the case with the last release (2 months ago); but the CN option to reject cookies was “opt out” – so even if switched on it would not be available to or affect non-EU visitors.
When the GDPR compliant version of CN is released: Your analysis is spot on and I have already raised this and asked on their forum how I will need to modify CCA.
Update 26 May 18: Updated GDPR version of CN released and updated compatible version of CCA released.
I’ve also looked at other GDPR plugins they all seem to be difficult to set up. I have started to write a consent plugin myself, that will be EU visitor only. One plus is that it could work with caching plugins other than WPSC and Comet via a javascript API request to CCA on the WordPress site. An aside: if a “GDPR” plugin uses a JS API to get the country from a 3rd party Geolocation info provider it is likely to make your cookie situation worse – the script cannot be blocked and will set cookies giving the visitor’s device an identifying UID, and may additionally gather info to store on their own servers without any user consent.
I’m trying this setup for google analytics, the javascript code needs to load in the header. How do I do that with your plugin?
I have to strip the code out of the theme files so that it’s not loading for EU users (and then when they prompt yes with Cookie Notice, the code loads). Since the code is stripped from the theme files, I need a way to have that load for visitors from the rest of the world. How do I do that? In functions.php?
I’m not an advanced coder as you can tell and I haven’t slept for a few days so I may be making this more complicated that necessary 😉 Thanks for any help you can give.
Hi Terry
A CCA plugin update will hopefully be released later to day so users can update.
A new (GDPR) version of Cookie Notice was released last night. I am beta testing a new version of the CCA plugin to be compatible with it.
I am nothing to do with Cookie Notice, but you will need to add your code to “Script blocking” text box in Cookie Notice settings and update CCA (when available). I relocated my Google Analytics code to CN’ script box – and the test version of CCA is setting cookies fine for non-EU users.
Thank you AW, I think we have a winner! I’ve updated the plugin and it seems like everything is working great. Thank you! I’m sure I’ve tried every cookie plugin out there and nothing is quite a 100% just yet.
Now the problem I have with Cookie Notice is that it creates a new URL when cookies are accepted ( ie. ?cn-reloaded=1 appended to page url) which analytics and the search engines will consider as a separate page from the original (without the cn-reloaded=1). This is going to cause problems with duplicate content penalties so it’s something I’m going to have to figure out.
Glad the new version of CCA has sorted the Google Analytics issue you reported. Yes, as I mentioned at the bottom of this post Cookie Notice cache busts (I think) the first page visited by adding a querystring for the reload. For your non-EU visitors this won’t be a problem as CCA does not need to provide a querystring on reload – but its early days and I may find a querystring is needed in some circumstances.
As GDPR CN was so late in arriving and I did not know whether it would be possible for CCA to still interface I started writing my own GDPR plugin. I may continue work on it as I think due to its design, acceptance of cookies would be higher and it should work with “all” caching plugins (not just Country Caching WPSC and Comet). It also has no need to cache bust and cause problems to analytics.
We’re in the middle of testing this plugin and I’m using Opera’s VPN set to “Europe” and CCA is not detecting my location properly — or at least I’m not seeing the cookie bar when I should be. Would it not be more in the spirit of GDPR to show Cookie Notice by default if country/location information can not be determined by CCA. Thoughts?
Hi Connor,
Maxmind2 identifies Opera VPN as “EU” which is fine. I assume you are using Cloudflare which shows Opera VPN as “XX”. XX does not mean Europe; it is a bucket code CF uses for the small number of IP address it can’t identify (Opera VPN America & Asia are also “XX”). Maxmind’s bucket code is “” and CCA follows this convention (XX may at some point be allocated by ISO) and so converts Cloudflare “XX” internally to “”.
However the CCA plugin is designed to be flexible. If you want ALL unidentified IPs to be treated as EU then you can use example 2 in the documentation for customizing CCA geolocation . I’ve yet to complete this documentation, but from your email address I assume you are in IT, and you can just cut and paste example 2 (I’ve tested it with Opera VPN and it works).
You may also find the Diagnostics available on the Testing tab of CCA’s Settings of some use.
Thanks for the update, Andy.
The aforementioned code snippet on that page is missing the closing brace in the PHP function though. It was erroring out when we dumped it in to our install as-is. With the bracket, it works perfectly!
Glad it worked. I’ve corrected the typo in the example snippet, thanks for pointing it out.
After adding cookie conset, it badly affect my website loading speed.
Not timed, but no noticeable difference on my sites. Any GDPR compliant cookie plugin requires additional transmission and processing; and CN may require reload on first page visit. Unfortunately I haven’t found any GDPR plugin that matches my wish list – so I’m trialing one of my own on a site and possibly will publish it.
How can revoke cookies be only displayed in EU countries? It seems revoke cookies will be shown despite setting
Thanks for pointing this out. I wasn’t aware of this; as on my sites (with the previous version of CN had a bug and the revoke button didn’t display at all on my sites) – with the new CN release I have the same problem as you.
1. If you are using the default Cooke Notice setting of “automated” for “Revoke cookies” :
I’ve tested a fix and included in the next release of CCA – now published (CCA version 1.2.3)
2. If you have set Cooke Notice “Revoke cookies” to “manual” and are using the
[cookies_revoke]shortcode:You can (already) prevent display of a “revoke” button to non-EU visitors by surrounding your CN shortcode like so
[cca_is_EU][cookies_revoke][/cca_is_EU]is there any option that load GA code or even adsense code or some other plugin like page view counter, only after consent accepted. if user set to decline then GA and relevant code should not be load. however, this thing can be achieved by blocking with if..else condition everywhere but that not power solution isn’t ?
I’m unclear what you are asking. Javascript code you enter under Cookie Notices Script Blocking option will only be loaded after consent (or when using CCA plugin, if non-EU visitor). You may get a better understanding of how it works in this post on fixing Cookie Notice for Google Analytics. If you are talking about serving alternative code depending on whether cookies are accepted or not then you could add an else clause to the example code in that post to “insert” different code when the visitor has not accepted cookies.
I installed all three plugins (because I use WP Super Cache), emptied the cache, and tested it by putting “US” into the country list of where to display it. But I’m not getting a cookie notice. Am I doing something wrong?
Hi JK, I’ve emailed you. Hopefully this is just an issue with testing.
I suspect you previously visited the site from US before adding it to your EU group list for testing. If so then a “cookies accepted” cookie will have already been set so Cookie Notice will not display the cookie bar. Every time you change settings for testing you should either view site in a new Private Browser window (e.g. Incognito mode in Chrome) or use browser’s developer tools to delete the cookie “cookie_notice_accepted”.
(by email) “Thank you so much, Andy! Sorry for the delay, but I haven’t had time to try out your solution until today. It was just the testing – I use Firefox, and didn’t realize all the different ways things were being cached even with their “private” window option (which is not the same as Chrome’s Incognito). I really appreciate the detailed and quick response! “
SUPER helpful! Thank you!
Nice article thanx for sharing good knowledge