WP Super Cache and Cookie Banners

More sites use cookie banners now that the GDPR is active but some are finding that their banners are misbehaving once they enable caching.

This is a similar issue to the one that happened to some page counter plugins in the past. The page counter wouldn’t increment.

When a cookie banner is clicked a cookie is set in the browser so the website knows this visitor has agreed to accept cookies. If the cookie is set then the cookie banner html is not sent to the browser.

I suspect the main issue is that the code that sets and checks if the cookie is set is PHP. Unfortunately because the page is cached then no PHP code is executed, and the cookie banner is displayed because it was originally cached that way.

Since WP Super Cache only knows about certain WordPress cookies it assumes everyone who doesn’t have those cookies is a first time “anonymous” visitor. It doesn’t know about your cookie banner cookie.

You have two options:

  1. Rewrite your cookie banner so it’s completely in Javascript. Do the cookie detection in Javascript and also set the cookie in Javascript. If the cookie banner has been clicked then you need to trigger an action, and other Javascript that is hooked on to that trigger will run and load the tracking cookies.
  2. Modify WP Super Cache so it knows about the cookie your cookie banner uses. Caching won’t work quite as well as before as it’ll be split between visitors who have clicked the cookie banner and those that haven’t. One cached file will display the cookie banner, and the other will not but it will have ad tracking Javascript.

Using Javascript completely is a better solution because it runs in the browser on every page load but that might not be possible every time.

Otherwise, use PHP to get WP Super Cache to play nicely with your existing code:

  1. You’ll need to write a WP Super Cache plugin.
  2. You need to hook into the wp_cache_get_cookies_values cacheaction and add the value of the cookie banner cookie to the end of that string.
  3. Caching can only be performed by simple caching now, unless you’re willing to edit mod_rewrite rules in your .htaccess file.

Something like this will do. Make sure you note the warning about $wp_cache_plugins_dir in the link above about writing these plugins.

function add_cookie_banner_to_cache_cookie( $string ) {
    if ( isset( $_COOKIE['cookie_banner'] ) ) {
        $string .= 'cb,';
    }
    return $string
}
add_cacheaction( 'wp_cache_get_cookies_values', 'add_cookie_banner_to_cache_cookie' );

Substitute the name of the cookie for your cookie name, change the name of the function, and the text it adds to the string. There is an intentional PHP fatal error in the code above to discourage copy/pasting.

Your cookie banner plugin could automate setting this up, but it may have unforeseen consequences if not done correctly. It should check if $wp_cache_plugins_dir is set already, and use that location, otherwise it will have to make a directory and update the WP Super Cache configuration, where ABC is the new location for the plugins.

wp_cache_setting( 'wp_cache_plugins_dir', ABSPATH . 'wp-content/ABC' );

The new code can be copied into a file in that directory. The files in the original WP Super Cache plugins directory (found at WPCACHEHOME . 'plugins') should be copied into that directory too and a warning shown to the user. They may need to set up one of those plugins again.

The reason it is this convoluted is because this code will run before all of WordPress loads. You can’t rely on blog options or most of the nice configuration tools WordPress provides.

When your plugin is uninstalled it should of course restore the plugins directory to the way it was before.

For future reference, since cookie banners will hopefully not be around forever, here’s what they looked like in the deep, distant past of 2018. 🙂

The LA Times just gave up and don’t show anything to EU visitors.

Please sir, can I have more?

A poor urchin goes up to the headmaster, “Please sir, can I have more comments?”
The headmaster looks down from his perch and with a grimace says, “Not before you show me your cookie!”

Well, the poor lad never did get any more comments. He didn’t have the right cookie, but you can. Just grab my Cookies For Comments plugin and anyone who leaves a comment on your blog will need the correct cookie. That will stop quite a bit of comment spam dead in it’s tracks.

It’s the first release and fairly simplistic, but it should give some comment spammers a headache for at least 10 minutes. It’s about time they upgraded their spamming tools anyway. According to my log file, it had stopped over 18,600 spam comments in the last week or so. The rest got handed to Akismet and it stopped several thousand more. They’ve been busy haven’t they?

So, should you use this instead of Akismet? Not a chance. This will only stop the brain dead comment spammers who use automated bots to post to the comment form. Trackback and pingback spam and spammers who either use poorly paid human slaves or browser based user agents will defeat this.

If you use a caching plugin such as WP Super Cache make sure you clear the cache after enabling this plugin. Also, I’m not sure what will happen with those plugins that merge CSS files together.

Thanks Dan for the idea!

Spy on your visitors with Blog Voyeur

Do you ever wonder what pages your regular visitors look at? Do they dig deep into your blog exploring old posts or do they sit in their feed reader and only read your latest posts?

By using my Blog Voyeur plugin you can find out.

This is the first release of the plugin. It appears to work well on the couple of blogs I tried but your mileage may vary. Download link is on the Blog Voyeur homepage above.

blogvoyeur screenshot