WordPress privacy policy
ThemeIsle content is free. When you purchase through referral links on our site, we earn a commission. Learn More

Lately, it seems like all the talk online has been about privacy, consent for data tracking, and related topics. The introduction of the new General Data Protection Regulation (GDPR) has a lot to do with that. Among other things, it’s left many website owners wondering: “How can I add a WordPress privacy policy to my site?”

A privacy policy has always been useful, but it’s now a requirement for most sites. You’ll want to be very clear about what data you collect from your visitors, along with how it’s stored and used. Fortunately, putting together this type of policy is now easier than it’s ever been, thanks to a handy new WordPress feature.

In this post, we’ll briefly discuss why you need a WordPress privacy policy for your website.

Then we’ll walk you through how to create one. Let’s jump right in!

Why your site needs a privacy policy

The General Data Protection Regulation (GDPR) went into effect not long ago, and made some changes that affect just about every website owner. In fact, if any of your site’s visitors are from the EU, you’ll need to be sure you comply with the GDPR’s rules.

We’ve described how the GDPR works at length elsewhere, so we won’t repeat ourselves here. Suffice it to say that this regulation introduces new rules regarding privacy and transparency online. All your website’s visitors now have the right to know what data you’re collecting about them and how it’s used, and even to have their information deleted.

There are a number of ways you can make your site GDPR-compliant. However, perhaps the most important step is putting together a clear WordPress privacy policy:

An example of a WordPress privacy policy.

This is how you’ll inform visitors about all the key information they need to know. While it may take a little effort on your part to get your policy just right, the basic steps involved aren’t difficult.

How to create a website privacy policy in WordPress (in 3 steps)

Before we get started here, we need to make a disclaimer. We’re not legal experts, nor are we aiming to provide that sort of advice. What follows is a walk-through on how to put together a privacy policy in WordPress, and some of the elements you’ll want to include. However, you may still want to consult your lawyer or legal team on the finer details.

With that out of the way, let’s get to work!

Step 1: Create a new page for your privacy policy

Until recently, you had to build a WordPress privacy policy completely from scratch. In fact, you can still do that – simply create a new page and start writing. However, WordPress now offers a feature to help you get started, which we highly recommend you check out.

As long as your site is updated to the most recent version (which it should be!), you’ll find this option under Settings > Privacy:

Creating a WordPress privacy policy.

Here, you can select an existing page to designate as your privacy policy. This can be useful if you already have a policy in place that just needs to be updated. However, you’ll most likely want to start by selecting Create New Page.

This will take you straight to the WordPress editor you’re familiar with, where you can start adding content to the page. It will have some headings and information already included:

The WordPress privacy policy template.

This can serve as the template for your privacy policy. All you have to do is fill in the blanks.

Step 2: Add in your website-specific information

If you look through the template WordPress has provided you with, you’ll see a number of sections. This is a useful outline letting you know what type of information you need to explain to your visitors.

A few of the sections already have some text filled in. This describes data that all WordPress sites gather by default, as well as how long it’s stored, and similar details.

You’ll likely want to leave all of this as-is. However, it’s worth reading through to see if any of the functionality described is altered on your specific site (for example, due to a change you’ve made to the settings, an installed plugin, or some custom code):

Default information in a WordPress privacy policy.

After familiarizing yourself with what’s already there, you’ll want to go through each section of the template.

When adding information, it’s best to provide as much detail as you can. There’s a WordPress privacy policy guide that can help you fill in some of the gaps, which is linked to at the top of the page. It even provides some suggested text you can use. You’ll likely also want to refer to the GDPR guidelines themselves, and to the legal advice we mentioned earlier.

What to include in your privacy policy

While this isn’t an exhaustive list, here are some of the points you’ll need to make sure are covered in your WordPress privacy policy:

  • What kind of data your site collects from visitors (names, email addresses, payment details, etc).
  • What features or elements of your site gather data (such as contact and opt-in forms, social media buttons, and comments sections).
  • Why you collect this data and what the data is used for in a general sense.
  • How the data is stored (and for how long it’s stored).
  • Who the data is shared with, such as external parties like cloud storage services and payment processors.
  • How you protect the data, including what procedures are in place to keep it safe and to respond quickly in the event of a breach.
  • What rights visitors have over their data. This should include the right to know all of the above, to ask for a copy of their data, and to request that it’s deleted at any time.

This may seem like a lot, but it’s best to be comprehensive. While it’s true that most people aren’t likely to read through the whole thing, you’ll want to be able to prove (if needed) that you’ve made all this information available and easily accessible.

Finally, don’t make the mistake of leaving something out of your privacy policy because it seems obvious. Even if it would be hard for a visitor to mistake that your email opt-in form clearly collects names and emails, you still need to clarify the facts in a permanent format.

Step 3: Display your WordPress privacy policy on your site

Once you’re happy with your new privacy policy, you need to make it available to your website’s visitors. Publishing the page will make it live, but that isn’t enough. People shouldn’t have to go hunting for this information – it should be easy to access.

The best way to do this is usually to display a link to your policy on every page of your site. Most people will add this to their sites’ footers. However, you can use a sidebar or even your main navigation menu if you want to ensure that it’s as visible as possible.

For example, you could open up Appearance > Widgets in your dashboard, drag a new Text widget into your theme’s footer, and include a simple text prompt and link:

Adding a WordPress privacy policy to your site with a widget.

Another way to add your privacy policy is via the free Orbit Fox plugin, which includes a built-in module to help you add a privacy policy notice as a dismissable bar that appears on the bottom of your site:

Orbit Fox Privacy Module

Here’s an example of what that bar looks like:

Orbit Fox Privacy Policy Bar

Finally, it’s not a bad idea to also include a link to your WordPress privacy policy in places where you deliberately collect user data. This can include on your forms, sign-up pages, and/or payment screens.

With that, your WordPress privacy policy is up and running! Just remember that it should be a living document. Every time you make a significant change to your site, such as adding a new form or installing a plugin, make sure to update your policy as relevant. The same applies to any major WordPress updates, since they may introduce changes to the way your site gathers data behind the scenes.


A simple but comprehensive privacy policy can do a lot of things for your website. It helps to ensure compliance with the GDPR and similar regulations (such as the Cookie Law). Plus, it provides peace of mind for your visitors, since they’ll know exactly what kind of details you’re gathering from them and how you’re using that data.

In order to create a WordPress privacy policy, all you have to do is follow the above process. Alternatively, you can also use a privacy policy generator. Here’s the steps for building a WordPress privacy policy page on your own:

  1. Create a new page for your privacy policy.
  2. Add in your website-specific information.
  3. Display your WordPress privacy policy on your site.

Do you have any questions about how to write up your privacy policy? We’re not legal experts, but we’ll do our best to help in the comments section below!

Free guide

5 Essential Tips to Speed Up
Your WordPress Site

Reduce your loading time by even 50-80%
just by following simple tips.

Download free guide

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!