How to Add a Privacy Policy to Your WordPress Website (Step by Step)

how to add privacy policy to WordPress Website

Do you want to make a WordPress privacy policy page?

Maybe you’ve heard of GDPR lately, a European regulation to protect the privacy of EU residents, and want to create a GDPR-compliant privacy notice on your website. In fact, many advertising programs, like Google Adsense, ask the participating websites to include a privacy policy page on their websites.

In this article, we’ll show you how to add a privacy policy page in WordPress.

Disclaimer: We are not lawyers. Nothing on this website should be considered legal advice.

What Is a Privacy Policy Page?

A privacy policy page is a statement from you, disclosing the information you collect on your website about visitors. This includes information you collect through cookies, registration, comments, subscription forms, etc. Usually, site owners collect this information by installing web analytics software such as Google Analytics, or stats counters. Users also voluntarily provide information by filling out their information in comments, registration, and subscription forms.

A privacy policy page is also a statement disclosing how you use this information. For example, website owners serving advertisements through third-party websites, are usually sharing this information with their advertising partners. If you are building an email list, then you need to ensure users that their email addresses will not be sold or shared with any third-party websites.

Do You Need to Create a Privacy Policy Page on Your Website?

In many countries (including the United States), websites are required by law to disclose the information they collect about their visitors and how this information is used.

Additionally, the European Union’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. This regulation requires website owners like you to be transparent about how you collect, use, and share personal data of EU residents no matter where your business is located. If your business isn’t in compliance with GDPR requirement, then you may face large fines up to 4% of the company’s annual global revenue OR €20 million (whichever is greater).

Some ways a typical WordPress website collects user information are:

WordPress comments: If commenting is enabled on your site, you’re also collecting personal data like name and email address of your users. After commenting on a website, personal data is also saved in browser cookies, so commenters don’t have to resubmit them next time. This makes commenting more convenient on WordPress websites.

Google Analytics: If you use Google Analytics on WordPress site to track user interactions, chances are you’re collecting personal data like IP addresses, user IDs, and cookies for behavior profiling.

Contact forms: If you store contact form entries in WordPress or use the data for marketing purposes, you might want to get explicit consent from users to do so.

Advertisement: If you serve advertisements through third party websites, like Google AdSense, then you’re likely sharing user behavioral information with your advertising partners.

That means if you’re running a website, then, most likely, you’re also collecting some personal data of your users. As you’re collecting user data, it goes without saying that you need to have a privacy policy page published on your website. It protects your business from legal issues and also helps foster user trust.

Now that you know why you need a privacy policy page on your website, it’s worth taking a moment to learn about GDPR and how to make your website compliant with it.

What Is GDPR Regulation?

The General Data Protection Regulation (GDPR) is a European Union (EU) law, which takes effect on May 25, 2018. It requires companies and site owners to reveal how they collect, use, and share personal data of their users. The goal is to give EU citizens more access and choice when it comes to how their own personal data is collected, used, and shared.

Keep in mind that while GDPR is a European regulation, it’s applicable to all websites and online businesses around the world that collect, store, and process personal data about EU residents no matter where the business is located.

Of course, this law applies to you as well if your site attracts visitors from European Union countries.

For more details, check out the ultimate guide to WordPress and GDPR compliance.

What Should You Include in a Privacy Policy Page?

A simple WordPress privacy policy page should contain this information:

  • The details about the data you collect on your site.
  • Explain how you collect the data. For example, it could be through site logs, cookies, web beacons, signup/registration forms, comment forms, etc.
  • If you use third-party ad networks like Google AdSense, you may also be serving cookies and web beacons on your website to serve targeted ads.
  • Explain why you collect this information. This could be for improving your website, improving user experience, etc.
  • Explain if your users could opt-out of these cookies. If so, then you might add the links to opt-out pages on your site and third-party advertiser websites.
  • Finally, tell your users how they should contact you if they have any questions or concerns regarding the privacy policy.

You can find dozens of WordPress privacy policy generator or templates that let you easily create a WordPress privacy policy page. All you have to do is enter your own site name, business name and other details. While a privacy policy template or generator gives you a head start for creating a privacy notice, you might also enhance it by providing more details about data usage by different plugins you use.

WordPress 4.9.6 comes bundled with a privacy policy generator, which allows you to quickly create a privacy policy page on your website. Before you dive in, you can check out our privacy policy page for inspiration.

When you’re ready, follow our step-by-step guide to create a privacy policy page on your site.

How to Create a GDPR Compliant Privacy Notice (Step by Step)

Step 1: Update Your WordPress

WordPress 4.9.6 is a privacy and maintenance release that comes bundled with a privacy policy generator. It encourages you to update your sites to take advantage of the new privacy features.

If you’re using an older version of WordPress on your site, make sure to update your WordPress core files before you begin.

Below are a few new features of WordPress that you’ll find useful to make your website compliant with international laws including GDPR.

The Privacy Policy Page Generator

Quickly build a privacy policy page by navigating to Settings » Privacy. (We’ll explain more on this in the next step)

WordPress Comments

By default, personal details like name and email address will no longer be saved in browser cookies. Users are given a choice whether they want to save the data in a browser cookie for convenient commenting.

gdpr compliant WordPress comments

Data Handling

Site owners can now export a zip file containing users’ personal data, including the data collected by WordPress and participating plugins. You can also erase personal data of individual users.

export personal data

Step 2: Create a Privacy Policy Page

You can create a privacy policy page in 2 ways: either by using the default WordPress privacy policy generator or by using a plugin such as Auto Terms of Service and Privacy Policy.

If you want to use the default privacy policy generator, navigate to Settings » Privacy. You can now select an existing page or create a new page to display your privacy policy.

WordPress privacy policy generator

If you want to create a new privacy policy page, then simply click on Create New Page. This will automatically generate a privacy policy template on your new page.

In the post edit screen, you’ll see a notice directing you to a privacy policy guide. It includes extra help and suggestions for what to add to your policy page.

Privacy Policy editor notice

The new page will have prefilled data by default. However, it is your sole responsibility to provide the information that your privacy policy requires, and to keep that information current and accurate.

The privacy policy page comprises several sections including:

  • Who we are: In this section, your website URL is specified automatically. You’ll have to add any additional information you want to display on your own.
  • What personal data we collect and why we collect it: In this section, you can find several subsections such as comments, media, contact forms, cookies, embedded content from other websites, and analytics.
  • Where we send your data
  • And a lot more.

privacy policy sample with sections

Let’s get a better understanding on that.

Step 3: Understand What Data You Collect on Your WordPress Website

Now that you’ve built a basic WordPress privacy policy page, the next thing you need to do is enhance your privacy policy by providing more information it requires.

By default, the WordPress privacy policy generator explains what personal data the WordPress core software collects on your website and why it collects it. For example, you can find the data usage policy for WordPress comments, media, cookies, and embedded content in your newly-created privacy policy.

Similarly, you’ll have to write what other information your website collects through your WordPress theme, plugins, and third-party services you use on your website.

The data you collect on each website may vary based on the WordPress plugins and tools you use. However, below are a few essential data usage policies you’ll need to explain on your WordPress website no matter what plugins you use.

  • Analytics data usage policy
  • Contact forms data usage policy
  • Ads data usage policy

Step 4: Enhance Your Privacy Policy by Providing More Details on Data Usage

Now you have an idea of what data your website collects through your WordPress plugins and third-party tools. In order to stay GDPR-compliant, it’s recommended to use WordPress plugins and tools that are compliant with GDPR.

Let’s take a detailed look at how to remain GDPR compliant while using Google Analytics, contact forms, and Google AdSense ads on your website. We’ll also explain what information you need to include in your privacy policy in each case.

Google Analytics

If you’re like most website owners, then you’re likely using Google Analytics to track and collect user interactions on your website. For behavior profiling, Google Analytics extensively collects personal data including IP addresses, user IDs, and cookies.

To be GDPR compliant, you need to do one of the following:

  1. Anonymize the data before storage and processing begins
  2. Add an overlay to the site that gives notice of cookies and ask users for consent prior to tracking

Both of these are difficult to implement if you’re not an Analytics expert or a WordPress developer. And this is why we always recommend you to install Google Analytics through a plugin rather than manual installation.

If you’re using MonsterInsights, the best Google Analytics plugin for WordPress, it’s easy to stay GDPR-compliant. All you have to do is install the EU compliance addon that helps automate the above process. Once you installed the addon, you’ll be given a choice to anonymize IP addresses, disable UserID tracking, disable author tracking, etc.

eu compliance

For more details, refer to this GDPR and MonsterInsights article.

Based on the options you choose, in your privacy policy page, you may want to explain how you remain compliant with international laws when it comes to Analytics data usage.

Contact Forms

If you are using a contact form on your WordPress site, and store the form entries or use the data for marketing purposes, then you may want to add extra transparency measures on your site.

A few ways to remain compliant with international laws, including GDPR, when it comes to using your WordPress forms are:

  • Get explicit consent from users to store their information and use them for marketing purposes.
  • Disable cookies, user-agent, and IP tracking for forms.
  • If you are using a SaaS form solution, then make sure you have a data-processing agreement with your form providers.

To make your WordPress forms GDPR-compliant, simply adding a required consent checkbox with clear explanation should be good enough.

With WPForms, the easiest contact form WordPress plugin, you can easily add a GDPR consent field on your forms. You can also disable user cookies, disable user IP collection, and disable entries with a single click.

gdpr compliant contact form

In your privacy policy, you may also want to explain how you remain compliant with international laws when it comes to data collection and usage with your contact forms.


If you’re serving ads using third-party ad networks like Google AdSense, you might want to get users consents of the use of cookies and/or web beacons to collect data in the ad serving process.

You can do this by using a plugin like Cookie Notice.

Check out our article on best GDPR plugins for WordPress

Step 4: Add a Link to Your Privacy Policy Page in WordPress

You can add a link to your privacy policy by editing the footer area of your WordPress website. If you have a widget area in the footer of your theme, then you can drag and drop a text widget to add a link to your privacy policy.

Alternatively, you can also create a new menu by visiting Appearance » Menus. Add links to your about, contact, terms and conditions, and privacy policy pages in this menu and then save it.

add privacy policy to navigation menu

Then, head over to Appearance » Widgets and drag and drop the Custom Menu widgets to your footer sidebar. Select the menu you just created and save your widget.

add privacy policy to footer

That’s it!

We hope this guide helped you create a WordPress privacy policy page, which will come handy when you are starting your website or building your blog.

You may also check out our guide on the best Google Analytics plugins for WordPress.

Comments   Leave a Reply

  1. Where’s your cookie consent policy? Why are you using Facebook pixel?

  2. Whenever I published my private policy from termly it always said that we collect personal information such like password,? Why I pressed not to collect personal information on the answer thought! Yes I am affiliated program I understand that mean I collect personal information for the third party. Why is different policy from another affiliate program

  3. How do I know what plugins I use are collecting data? If I have links to social medias sites do they place cookies and collect data? Should I have them as third parties in my privacy policy?

    1. Shahzad Saeed March 7, 2019 at 2:21 pm

      Asking the plugin authors is the best way to understand what data they collect. Alternatively, you can only use GDPR compliant plugins on your site.

  4. Hello, I have a question.

    I want to create a blog that will basically just be a way for me to backlink users to my website.

    I will not enable comments on my blog. I will not have a “contact us” form on my blog.
    I will not conduct advertisement on my blog (at least for the beginning) and I will not use Google Analytics for my blog.

    So for my blog, do I need a privacy policy?

    It will basically just be a blog where I write articles with a few backlinks to my website.
    For my website, yes, I do have Google Analytics, and I already have a privacy policy.

    1. The choice is up to you, Alexandre. No matter why you blog, I believe, it’s essential to have Google Analytics installed on it, so you can better understand your audience.

      Check out some of the best Google Analytics plugins for WordPress.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WordPress Launch Checklist

The Ultimate WordPress Launch Checklist

We've compiled all the essential checklist items for your next WordPress website launch into one handy ebook.
Yes, Send Me the Free eBook!