Browser cookies set by WP Cerber
When WP Cerber is installed on your website it can generate and set several browser cookies with the sole purpose of securing your website by detecting and mitigating malicious activity. All these cookies have randomly generated names and contain randomly generated values. No personal or sensitive data is stored in the cookies.
Those cookies allow WP Cerber to distinct logged in users and non-logged in visitors as well as search engine bots and spammers. Based on the set of cookies in a request, WP Cerber restricts access to protected areas, the login form, and the WordPress dashboard.
What data cookies contain
Cookies contain randomly generated alphanumeric values. No personal data is used.
How many cookies WP Cerber sets
The number is random and in general, it depends on the plugin configuration. Usually, it’s 2 to 6 cookies.
How to identify cookies set by WP Cerber
If an applicable privacy law or a user consent policy requires you to list cookies, specify the unique cookies’ prefix in the plugin settings, and use it as a unique cookies identifier.
Cookie prefix
You can specify any alphanumeric prefix for WP Cerber cookies you need. For instance “alpha_”. The configuration setting is located on the Main Settings admin page in the “Site-specific settings” section.
Displaying WP Cerber cookies on a website page
To get your website fully compliant with GDPR, you might need to display all cookies on a cookie consent page. Using a WordPress shortcode you can display a list of browser cookies set by WP Cerber. See several examples below. All attributes are optional. You can use any combination of them.
[wp_cerber_cookies] |
[wp_cerber_cookies type="comma" id="html_id"] |
[wp_cerber_cookies type="table" style="background-color:gray; color:white;"] |
[wp_cerber_cookies type="list" id="list_of_cookies" text="Any text to display above the list. It is shown if WP Cerber sets cookies."] |
No user consent is necessary
You don’t need to obtain user consent because WP Cerber’s cookies are strictly necessary and no natural person is associated with the cookies.
How to be in compliance with data privacy laws
The features below give you full control of personal data if it was logged by WP Cerber and help your organization to be in compliance with data privacy laws such as GDPR in Europe or CCPA in California.
Exporting personal data
Deleting personal data
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.
How to limit the number of concurrent user sessions in WordPress
WP Cerber Security 8.8
I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.
Very helpful information – could you perhaps still say something about the retention period of these cookies, which I would like to add to my privacy declaration?
Different cookies have different retention periods. It’s either one hour or the WordPress user session expiration time. In the last case, the value depends on the configuration of your website and what option was chosen by a user on the login form. If a user clicks “Remember Me”, it’s 14 days; if not, it’s 48 hours. These are the default WordPress values.
There will be a shortcode in the upcoming version of WP Cerber that will display WP Cerber’s cookie names plus their expiration time. You will be able to use this shortcode on a privacy policy or a cookie consent page.
Thank you very much for your reply, Gregory. And that such a feature is planned is great.
Cookie Pre-fix
I can’t find where I can set the Site Specific settings.
Where is the ‘Main Settings Admin page’ located in the WordPress Dashboard?
It’s WP Cerber’s settings page. You need to open the WP Cerber admin menu to get access to the plugin settings.
Thanks for this plugin, it’s really great!
I have one Question:
I read somewhere that if you disable the Spam Protection, Cerber won’t set any cookies. Is that still true? I’m just testing a website with Cerber Antispam disabled. It looks like there are cookies set only if I’m logged in, these are cerber_groove and cerber_groove_x_randomString.
Is that right or am I missing something? Thanks for your help.
These are user authentication cookies. They are set when a valid WordPress user logs into the website. If a visitor has never logged in, no cookies are set.