Categories
WordPress

WP Super Cache and Cookie Banners

EDIT: Updated for WP Super Cache 1.6.3 and newer.

More sites use cookie banners now that the GDPR is active but some are finding that their banners are misbehaving once they enable caching.

This is a similar issue to the one that happened to some page counter plugins in the past. The page counter wouldn’t increment.

When a cookie banner is clicked a cookie is set in the browser so the website knows this visitor has agreed to accept cookies. If the cookie is set then the cookie banner html is not sent to the browser.

I suspect the main issue is that the code that sets and checks if the cookie is set is PHP. Unfortunately because the page is cached then no PHP code is executed, and the cookie banner is displayed because it was originally cached that way.

Since WP Super Cache only knows about certain WordPress cookies it assumes everyone who doesn’t have those cookies is a first time “anonymous” visitor. It doesn’t know about your cookie banner cookie.

You have two options:

  1. Rewrite your cookie banner so it’s completely in Javascript. Do the cookie detection in Javascript and also set the cookie in Javascript. If the cookie banner has been clicked then you need to trigger an action, and other Javascript that is hooked on to that trigger will run and load the tracking cookies.
  2. Modify WP Super Cache so it knows about the cookie your cookie banner uses. Caching won’t work quite as well as before as it’ll be split between visitors who have clicked the cookie banner and those that haven’t. One cached file will display the cookie banner, and the other will not but it will have ad tracking Javascript.

Using Javascript completely is a better solution because it runs in the browser on every page load but that might not be possible every time.

Otherwise, use PHP to get WP Super Cache to play nicely with your existing code. You basically need to run do_action( 'wpsc_add_cookie', 'cookie_name' ); after init so WP Super Cache adds the cookie name to it’s cookie list. This only needs to be done once but you can leave it run all the time because it will only ever add the cookie name once. This also ensures the name is added again if the WP Super Cache configuration file is ever reset or deleted.

  1. Create a PHP script in wp-content/mu-plugins/ (or in to your own plugin).
  2. Add the cookie by using the wpsc_add_cookie action in a function that loads on “init”.
  3. Reload any uncached page and the cookie name will be added to the cookie list.
  4. Caching can only be performed by simple caching now, unless you’re willing to edit mod_rewrite rules in your .htaccess file.
/*
 * Tell WP Super Cache to cache requests with the cookie "eucookie" separately
 * from other visitors.
 */
function add_wpsc_cookie_banner() {
    do_action( 'wpsc_add_cookie', 'eucookie' );
}
add_action( 'init', 'add_wpsc_cookie_banner' );

Substitute the name of the cookie (eucookie) for your cookie name.

When your plugin is uninstalled it should remove your cookie with the following:

do_action( 'wpsc_delete_cookie', 'eucookie' );

For future reference, since cookie banners will hopefully not be around forever, here’s what they looked like in the deep, distant past of 2018. 🙂

The LA Times just gave up and don’t show anything to EU visitors.
Categories
WordPress

Please sir, can I have more?

A poor urchin goes up to the headmaster, “Please sir, can I have more comments?”
The headmaster looks down from his perch and with a grimace says, “Not before you show me your cookie!”

Well, the poor lad never did get any more comments. He didn’t have the right cookie, but you can. Just grab my Cookies For Comments plugin and anyone who leaves a comment on your blog will need the correct cookie. That will stop quite a bit of comment spam dead in it’s tracks.

It’s the first release and fairly simplistic, but it should give some comment spammers a headache for at least 10 minutes. It’s about time they upgraded their spamming tools anyway. According to my log file, it had stopped over 18,600 spam comments in the last week or so. The rest got handed to Akismet and it stopped several thousand more. They’ve been busy haven’t they?

So, should you use this instead of Akismet? Not a chance. This will only stop the brain dead comment spammers who use automated bots to post to the comment form. Trackback and pingback spam and spammers who either use poorly paid human slaves or browser based user agents will defeat this.

If you use a caching plugin such as WP Super Cache make sure you clear the cache after enabling this plugin. Also, I’m not sure what will happen with those plugins that merge CSS files together.

Thanks Dan for the idea!

Categories
WordPress

Spy on your visitors with Blog Voyeur

Do you ever wonder what pages your regular visitors look at? Do they dig deep into your blog exploring old posts or do they sit in their feed reader and only read your latest posts?

By using my Blog Voyeur plugin you can find out.

This is the first release of the plugin. It appears to work well on the couple of blogs I tried but your mileage may vary. Download link is on the Blog Voyeur homepage above.

blogvoyeur screenshot