What Is a Cookie Consent Banner?

10 December 2025

Sean Horton

In Brief

A cookie consent banner is a popup that asks website visitors for permission before your site stores cookies on their device

UK law requires you to get consent before using non-essential cookies like analytics or marketing trackers

Your banner must offer clear accept and reject options with equal prominence

Fines for non-compliance can reach £17.5m or 4% of your annual turnover

Free WordPress plugins like CookieYes and Complianz make adding a compliant banner straightforward

If you run a WordPress website, you will have seen those popup boxes asking visitors to accept cookies. You might be wondering whether your site needs one too.

The short answer is yes, if your website uses cookies that aren’t strictly necessary for it to function.

UK privacy laws require website owners to get consent before placing most cookies on visitors’ devices.

This isn’t just about following rules. The Information Commissioner’s Office actively enforces these requirements and can issue fines of up to £17.5 million for serious breaches.

This guide explains what cookie consent banners are, why UK businesses need them, and how to add one to your WordPress site. By the end, you’ll understand the basics of cookie compliance and the steps to get your website up to standard.

What Is a Cookie Consent Banner?

A cookie consent banner is a popup or notification that appears when someone first visits your website.

It tells visitors that your site uses cookies and asks for their permission before those cookies are placed on their device.

You’ve seen these banners on almost every website you visit. They usually appear at the bottom or top of the screen, or sometimes as a central popup.

The banner gives visitors a choice:

they can accept all cookies, reject non-essential ones, or customise which types they allow.

What Are Website Cookies?

Cookies are small text files that websites store on your visitors’ browsers.

They help websites remember useful information like login details, shopping basket contents, and language preferences.

Not all cookies work the same way.

Essential cookies are needed for your website to work properly. These include cookies that remember items in a shopping basket or keep users logged in. You don’t need consent for these because they serve the visitor directly.

Non-essential cookies are different.

These include analytics cookies that track how visitors use your site, marketing cookies that follow users across websites for advertising, and social media cookies that enable sharing buttons. UK law says you must get consent before using any of these.

What Do Cookies Do?

Cookies perform several practical jobs on your website. They remember login details so visitors don’t need to sign in every time they return. They store shopping basket contents while customers browse your products.

They save preferences like language settings or display options.

Beyond helping visitors, cookies also help you understand your audience.

Analytics cookies track which pages people visit, how long they stay, and where they came from. Marketing cookies build profiles of visitor interests so advertisers can show relevant ads. These functions benefit your business, which is why they need consent.

Why Do UK Websites Need a Cookie Consent Banner?

If your business is based in the UK or you have visitors from the UK, you need to follow UK cookie law. Two main pieces of legislation apply.

UK Cookie Law Explained

The Privacy and Electronic Communications Regulations (PECR) set the rules for cookies in the UK. PECR states that you must tell visitors clearly what cookies you use and why. You must also get their consent before placing any non-essential cookies on their devices.

The UK GDPR works alongside PECR. It defines what counts as valid consent.

Under UK GDPR, consent must be freely given, specific, informed, and unambiguous. This means visitors must actively choose to accept cookies. Simply continuing to browse your site doesn’t count as consent.

Pre-ticked boxes or hidden settings don’t meet the standard either. Your visitors need to take a clear action, like clicking an accept button, before you can use non-essential cookies.

What Happens If You Don’t Comply?

The Information Commissioner’s Office (ICO) enforces UK cookie law. In January 2025, the ICO reviewed the top 200 UK websites and found that 134 of them failed to meet compliance standards.

The Data (Use and Access) Act 2025 increased the maximum fines under PECR to match UK GDPR levels. Serious breaches can now result in penalties of up to £17.5 million or 4% of your annual worldwide turnover, whichever is higher.

For small businesses, even lower fines can be damaging. Beyond the financial penalty, non-compliance can harm your reputation and erode trust with your customers.

What Should a Compliant Cookie Banner Include?

Your cookie banner needs several features to meet UK legal requirements. First, it must clearly explain what cookies you use and why.

Don’t hide this in complex legal language.

Write it so any visitor can understand.

You need to offer both accept and reject options. These buttons must be equally easy to find and use. Hiding the reject option in a submenu or making it less visible than the accept button doesn’t meet the standard.

Your banner should also let visitors choose which categories of cookies to allow. For example, they might accept analytics cookies but reject marketing ones. Include a link to your full cookie policy for those who want more detail.

Finally, give visitors an easy way to change their preferences later. Many banners include a small icon or link that stays visible on the website for this purpose.

Common Mistakes to Avoid

Many websites make the same compliance errors. Pre-ticked boxes that automatically consent to all cookies are not allowed. Visitors must actively opt in, not opt out.

Making the reject button hard to find is another common problem. If accept is a big coloured button and reject is small grey text, that’s not equal prominence.

Cookie walls that block access to your website until visitors accept all cookies are also non-compliant. Users must be able to access your basic content while rejecting non-essential cookies.

How to Add a Cookie Consent Banner to WordPress

Adding a cookie banner to your WordPress site is straightforward and of course there are several plugins to help you. Several free options can get you compliant quickly.

Choosing a WordPress Cookie Plugin

Popular free cookie consent plugins for WordPress include:

  • CookieYes
  • GDPR Cookie Compliance
  • Complianz

Each offers the features you need for UK compliance.

When choosing a plugin, look for ones that scan your website to identify cookies automatically. Check that they support UK GDPR and PECR requirements specifically, not just EU GDPR. The plugin should let you customise the banner design to match your site and store records of consent in case you need proof later.

Read recent reviews to check the plugin is actively maintained and works with the latest WordPress version.

Setting Up Your Cookie Banner

Once you’ve chosen a plugin, installation follows the same pattern for most options. In your WordPress dashboard, go to Plugins, then Add New. Search for your chosen plugin and click Install Now, then Activate.

Most cookie plugins include a setup wizard that guides you through configuration. You’ll need to specify that you’re targeting UK visitors, set your consent preferences, and customise the banner text and design.

After setup, test your banner thoroughly.

Visit your site in a private browsing window to see it appear. Check that accept and reject buttons work correctly and that your cookie preferences are being respected.

What Are WordPress Plugins?

Essential vs Non-Essential Cookies

For the purpose of consent, cookies are split in to two groups.

Essential cookies are strictly necessary for your website to function.

If you run an online shop, the cookie that remembers items in a customer’s basket is essential. So is the cookie that keeps someone logged into their account. These cookies serve the visitor directly, and you don’t need consent to use them.

Non-essential cookies serve your business interests rather than the visitor’s immediate needs.

Google Analytics cookies fall into this category because they track behaviour for your benefit, not theirs. The same applies to Facebook Pixel, advertising trackers, and cookies from embedded YouTube videos.

The test is simple: would your website break without this cookie, or would the visitor lose functionality they’ve requested? If the answer is no, you need consent.

Not sure what cookies your site uses?

Most cookie plugins include a scanning feature that identifies cookies on your website and categorises them for you. This takes the guesswork out of the process.

How to Add Google Analytics to WordPress

Taking Action

Cookie consent banners protect both your visitors’ privacy and your business from potential fines. UK law requires you to get permission before using non-essential cookies, and the ICO is actively increasing enforcement.

For most WordPress sites, a free plugin like CookieYes or Complianz will provide everything you need. Installation takes about 15 minutes, and the guided setup makes configuration simple.

Frequently Asked Questions

If your website only uses strictly necessary cookies, you don’t need consent for those specific cookies. However, you should still inform visitors about their use in your privacy policy. Most websites use some non-essential cookies like analytics, so check carefully before assuming you’re exempt.

No. UK law requires you to offer visitors a genuine choice. Your banner must include both accept and reject options with equal prominence. Visitors should be able to decline non-essential cookies as easily as they can accept them.

PECR sets the specific rules about cookies and when you need consent. UK GDPR defines what counts as valid consent and how personal data must be handled. Both laws work together, and you need to comply with both when using cookies that collect personal information.

Most cookie consent plugins include a scanning feature that automatically identifies cookies on your website. CookieYes, Complianz, and similar plugins can scan your site and list all cookies found, along with their purposes and categories.

Yes. Free versions of popular plugins like CookieYes or GDPR Cookie Compliance provide the core features needed for UK compliance. Premium versions add extras like advanced analytics and geo-targeting, but free versions work well for most small business websites.

Review your cookie settings whenever you add new plugins, change analytics providers, or update your website significantly. Any new cookies need to be included in your consent system. A quarterly review is good practice for most small business websites.

Yes. While your cookie banner provides a summary, you should have a detailed cookie policy page that lists all cookies used, their purposes, and how long they last. Most cookie plugins can generate this page for you.

About the author

Sean has been building, managing and improving WordPress websites for 20 years. In the beginning this was mostly for his own financial services businesses and some side hustles. Now this knowledge is used to maintain and improve client sites.

Read more articles

Do you want more exposure online?

Our services can improve your SEO, gain increased AI search visibility and enhance your E-E-A-T.

GET FOUND IN MORE PLACES

Contact Us

Respect Experts
321-323 High Rd
Romford
RM6 6AX

0330 030 5050

info@respectexperts.co.uk

About Us

What We Do

Articles

FAQ

FAQ

© Respect Experts is a trading style of Respect Digital Limited.

Registered office: Office 3357 321-323 High Rd, Romford, Essex RM6 6AX

AI Info Cookie Policy Privacy Policy Terms of Service