cookies

Pressidium Cookie Consent plugin review

by
Screenshot of the home page for the Pressidium WordPress cookie consent plugin

Someone anonymously emailed me recently to advise that my cookie consent banner was not compliant with current privacy regulations, and so I’ve swapped it for the Pressidium Cookie Consent WordPress plugin.

To date, I’ve been using the cookie consent banner component of the Toolbelt plugin (my review). As much as I like Toolbelt, it’s getting a bit old and it’s been almost five years since its cookie consent module was updated. As such, it basically says that ‘this site uses cookies, deal with it’, rather than giving users a choice to opt-out.

I’m a relatively privacy conscious person, to the extent that I tend to browse the web in Firefox with Enhanced Tracking Protection enabled alongside Privacy Badger. This extends to this web site – where possible, I avoid using third-party services. Indeed, the only cookies that you should experience are session cookies whilst browsing, that are deleted when you close your web browser, and Pressidium’s own cookie to remember your consent. For analytics, I use Koko Analytics (my review), which doesn’t need to set any third-party cookies.

Setting up Pressidium Cookie Consent

I deliberately went for this cookie consent plugin because it’s lightweight, and doesn’t need to use a third party web application. I’ve previously tried the CookieYes WordPress plugin, which is much more powerful and will auto-detect cookies to add to its consent forms. But it’s a big plugin designed for big sites that use lots of third-party tracking scripts. And as mentioned, I don’t.

Once installed, Pressidium Cookie Consent is relatively easy to set up and configure. You get a moderate amount of control over how the pop-up appears, and in turn the Cookie Settings box that users can view if needed. I like that it defaults to ‘accept all’ and ‘accept necessary’ – it annoys me when sites make you go through settings to reject all cookies and have you ‘object to legitimate interests’. In terms of its appearance, you can have it appear as a box or a strip, and control the colours.

In terms of specifying the cookies that users can consent to, this is where you’ll need to spend some time browsing your site in Private Browsing with Developer Tools open. Unlike the aforementioned CookieYes plugin, there isn’t a way of automatically detecting the cookies your site uses. Cookies can fit into four categories: necessary, analytics, targeting and preferences. Unfortunately, you can’t hide these categories, even if your site doesn’t use targeting cookies, for example.

If you use Google Tag Manager, then you can integrate this – I don’t. You can also include translations of the cookie consent popup and settings, and if you have API keys for OpenAI or Google Gemini, then it can use AI to generate these for you.

Free and open source

As it runs locally on your own WordPress instance, Pressidium Cookie Consent is free with no premium tier. The source code is on GitHub under the GPL 2.0 licence, and it’s in active development with a recent release for compatibility with the latest WordPress 6.9 release. Whilst it might not be as powerful as some WordPress cookie plugins, it should at least make your site compliant with GDPR and the like.

Knowing how the cookie crumbles

by
Screenshot of the privacy policy page

I’ve made two minor changes to the site today:

  1. There is now a privacy policy available to view
  2. The first time you visit this site from today, you will be asked for permission to store cookies on your computer

These come about because of my participation with Google AdSense – all EU sites must obtain user consent for cookies with effect from the end of September. This is the so-called ‘EU Cookie Directive’.

As you may guess from my tone, I’m not particularly happy about this. I accept the need for a privacy policy and I should have probably had one already, but I hate the popup cookie consent messages that sites use. There’s a lack of consistency, they offer a particularly poor user experience to mobile users (obstructing a large part of the page) and I bet almost nobody actually reads the privacy policies anyway.

The privacy policy is adapted from this example, and I’m using the Cookie Law Info WordPress plugin to generate the messages. The plugin is really simple and you can set it up in a few minutes. There’s no need to edit any templates, but you can still customise it.

P3P

I really wish that, following the EU Directive that mandated consent for cookies, that there had been some collaboration between web site owners and web browser vendors to come up with a more graceful solution. Whilst I accept that it’s best if users are able to consent to cookies being stored on individual web sites, this could have been done in a standardised way as a function of the user’s web browser.

Years ago, the W3C proposed P3P, which used HTTP headers and machine-readable privacy policies to allow users to select a level of privacy that they were comfortable with. Anything else, such as third-party cookies, would be blocked if desired. Ironically for a web standard, the only current web browser that supports P3P is Microsoft’s Internet Explorer, which has done since version 6. It remains an opt-in and rarely-used standard and the W3C paused all work on it ages ago.

I haven’t researched P3P enough to know whether it could be developed further, so that web sites can use it for EU Cookie Directive compliance. If it could, and if Google, Mozilla, Apple, Opera and others all agreed to implement it, then the web could become a less annoying place. Especially if there was an option to implicitly accept all cookies from all first-party web sites, for example.