WordPress.org

Make WordPress Core

Opened 5 weeks ago

Closed 3 weeks ago

#44097 closed enhancement (duplicate)

Introduce cookie consent & management to core

Reported by: danieliser Owned by:
Milestone: Priority: normal
Severity: major Version:
Component: Privacy Keywords: gdpr
Focuses: Cc:

Description

Cookie consent is going to be one of the biggest hurdles for most sites. There are more than a dozen plugins attempting to do this in various ways, but I think that is inevitably going to be a nightmare.

Consider it from both site owner and plugin developer perspectives:

Site owner:

Plugin A support Cookie consent plugin 1 Plugin B support Cookie consent plugin 2

Do I install both cookie consents, or uninstall one of my needed plugins and maybe find a replacement that also uses consent plugin 1?


Plugin developer:

Do I really need to build and maintain long term support for dozens of 3rd party cookie consent plugins. There won't be time for anything else.


I propose this needs to be core functionality, a centralized point of registering cookies in a dynamic way under several predefined categories.

Any other way leads to major issues for the entire ecosystem.

There are several general categories: Necessary Preferences Statistics Marketing

Other could be a possible one as well.

Each plugin can then dynamically define cookie name, label & description for each cookie which could look something like this (adapted from #44010):

<?php
add_filter( 'wp_consent_cookie_list', function ( $cookies = array() {
    $cookies['cookie_name'] = [
        'category' => 'necessary',
        'group'    => __( 'Plugin Name' ), // Allows for logical grouping within each category
        'label'    => __( 'Cookie Label' ),
        'reason'   => __( 'Used for reason x, y & z' ),
    ];

    return $cookies;
});

Alternatively, it could be done via a register_cookie_for_consent() function but I think a filter is most versatile.


Next would come a front end consent overlay on first visit, maybe a method of reopening this modal in the future to manage them again as well.

It should likely show each category and a way to enable disable by category as a whole or on per cookie basis to some extent as required by law.


Last part that needs to be there is a way to test if consent for a particular cookie has been granted or denied. This is paramount as plugins such as analytics need to check for consent prior to loading the analytics js which will track the user.

I don't pretend to have all this worked out but I will be happy to contribute as much time as needed to get something to this effect in place as it ultimately saves me and my users thousands of collective hours in fixing compatibility with many different consent plugins.

Change History (5)

#1 @desrosj
5 weeks ago

  • Keywords gdpr added

#2 @desrosj
5 weeks ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

#4 follow-up: @danieliser
4 weeks ago

@iandunn - Is that planned or purely conceptual? Honestly, I think its an imminent need. I need another plugin like I need another chargeback. Just a little ecommerce humor there.

That said I think this ticket goes well with that solution, also I think there is an older ticket that was more conceptual and less overview of what needed to be done (#44043) which you may decide to close one, your call.

#5 in reply to: ↑ 4 @iandunn
3 weeks ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Replying to danieliser:

Is that planned or purely conceptual? Honestly, I think its an imminent need.

I haven't worked on that particular idea, but I'm guessing it's still in the early stages. Everything starts out that way, though, it just needs people working on it to advance it. It'd be great to get your input on #44043 to help move it forward.

Note: See TracTickets for help on using tickets.