Legal pages on WordPress: Create your Legal Notice, Privacy Policy and Cookie Policy step by step
Does your website collect a visitor’s name or email? ⚖️ You need a Privacy Policy.
Do you have an online store or carry out a professional activity? 📄 You need a Legal Notice.
Do you use Google Analytics or social plugins? 🍪 You need to manage cookies and have a Cookie Policy.
This is not just a formality. Complying with the General Data Protection Regulation (GDPR) and other laws is mandatory to operate in the EU and many other countries, and it avoids costly penalties. Furthermore, transparency generates trust in your users and improves the perception of your brand.
In this comprehensive guide, I will explain how to create, configure, and link these essential pages in your WordPress, optimizing the entire process for better SEO.
📝 1. Creation and content of legal pages
Before configuring anything in WordPress, you need the content for your pages. You don’t have to draft them from scratch.
🛡️ Page: Privacy Policy
This is the most important document. It must clearly inform about the data you collect and how you use it.
What should it include? Based on best practices, your policy should contain:
Identity and contact: Your name/company name and contact details to exercise rights.
Data collected: E.g., name, email, IP, browsing data.
Purpose of processing: To contact, send newsletters, analyze traffic?
Legal basis: User consent, legitimate interest, etc.
Recipients of the data: Do you share data with third parties (e.g., hosting, email service)?
User rights: How they can access, rectify, or delete their data.
Cookie Policy: Information about the cookies used or a link to a separate policy.
🔧 How to generate it:
WordPress Generator: Go to
Settings > Privacy. WordPress offers to create a page with a pre-established template that you just need to customize. It’s the ideal starting point.Free templates: You can find free templates by searching online.
Online generators: Services like iubenda or Termly create personalized documents after a questionnaire.
- Download from Mentazen.com: you can download legal texts below. They are standard texts that work for practically any website. You just need to change the data appearing with ###### to the client’s website data.
Legal advice: For high-risk projects or if you collect sensitive data such as religion, sexuality, politics, etc., consulting with a lawyer is highly recommended.
⚖️ Page: Legal Notice
This page identifies the owner of the website and establishes the terms of use.
What should it include?
Identifying information: Full name, company name, Tax ID, registered address.
Professional contact details: Email, phone.
Registration details: Registration in the Mercantile Registry, if applicable.
Website domain name.
Rules of use: Basic rules of conduct for users.
Intellectual and industrial property: Statement on the rights to the content.
Disclaimer of liability: Regarding external links or published information.
Applicable law and jurisdiction.
🔧 How to generate it: As in the previous case, you can use specific online generators, download it from mentazen.com, or, again, consult with a professional to ensure it meets the requirements of your activity and country.
🍪 Page: Cookie Policy
Informs about the cookies (small data files) that your site stores on the user’s browser.
What should it include?
What cookies are and what they are used for.
Types of cookies you use (technical, analytical, advertising, etc.).
List of specific cookies: Name, provider (first or third party), duration, and purpose. E.g.:
_ga(Google Analytics, 2 years, analysis).How to manage or disable cookies from the browser.
Consequences of disabling them (e.g., some functions may not be available).
🔧 How to generate it: Downloading the file from mentazen.com gives you a base text. To complete it, the most effective way is to use a consent plugin like CookieYes, which scans your website and automatically generates a list of detected cookies, greatly facilitating the creation of this policy.
⚙️ 2. Legal topic configuration in WordPress
2.1 Create and designate the pages
Create the pages: Go to
Pages > Add New. Create three separate pages with the legal content:“Privacy Policy”
“Legal Notice”
“Cookie Policy”
Designate the Privacy Policy (Important): Go to
Settings > Privacy. Here you can select an existing page on your site as the official policy or create a new one. This is crucial because some themes and plugins (like form plugins) can automatically detect this page.
2.2 Link them correctly on your website
The standard and most effective location is the footer, as it appears on all pages.
Easy method (via Menus):
Go to
Appearance > Menus.Create a new menu (e.g., “Legal”).
Add the legal pages you have created.
In the Theme locations section, assign this menu to the Footer area or equivalent.
- Recommended method (via Widget):
- From
Appearance > Widgets, in the left ⬅️ area, use a Text Widget (if you DON’T know HTML) or an HTML Widget (if you know HTML), dragging and dropping one of those widgets, moving it to the Footer or equivalent area that appears in the right ➡️ column (there may be several footers depending on the number of columns in the footer, it depends on the Theme).
- From
📋 3. Configure “I accept the Privacy Policy” in Contact Form 7
To comply with the GDPR, your forms must request explicit consent. This is achieved by adding a mandatory checkbox field asking the user to accept the terms, offering a direct link to the “privacy policy”.
Let’s add this acceptance field:
Edit your form: Go to
Contact > Contact Formsand edit the desired form.Add the acceptance field:
In the fields tab, click the “Acceptance” button to add the field.
A configuration box will open.
Configure the field:
Uncheck the option: “This checkbox is optional”. (To make it mandatory to accept)
Field name: “acceptance-acceptance” (or similar, without spaces or special characters), it’s for you to identify it.
- Conditions: Here copy and paste the text with the HTML link to YOUR privacy policy URL. Example:
I have read and accept the <a href="http://localhost/xxxxxxx/privacy-policy/">Privacy Policy</a>.Make sure to change the URL to that of your page.
Place the field in the form (generally, just before the Submit button) and save the form.
Our checkbox will now appear before the “Send” button, asking the user to mandatorily accept the “Privacy Policy”.
🍪 4. Install and configure CookieYes for the Cookie Law
CookieYes is a popular plugin to manage cookie consent validly. It allows us to:
- Analyze all cookies on our website.
- Block and structure our cookies by category (essential, advertising, tracking, etc.).
- Show a popup to the user to accept or not accept the desired cookies.
There are 2 ways to connect the plugin to our website:
- Direct connection with the CookieYes website (full) (recommended).
- You need to register the website on the https://cookieyes.com service with an email and password, it’s free.
- Without connection to the CookieYes website (more limited).
- No user account needs to be created, but it may not block cookies correctly.
🔍 Plugin Mode connected to CookieYes services (free and recommended)
| Step | Action | Description | Where it’s done |
|---|---|---|---|
| 1 | Installation | Search for “CookieYes” in Plugins > Add New. Install and activate it. | WordPress |
| 2 | Connection (Recommended) | After activating it, go to CookieYes > Dashboard. Connect the plugin to the CookieYes website (creating a free or paid account) to access all functions. | WordPress Plugin |
| 3 | Customize Banner | On the CookieYes website, go to Cookie Banner. Here you can: • Law: Choose GDPR. • Design: Choose between Banner, Box, or Pop-up. • Content: Edit the text and buttons (Accept, Reject, Customize). • Colors: Adapt them to your website. | CookieYes Website |
| 4 | Cookie Scan | Go to Cookie Manager > Scan Site. CookieYes will detect most cookies and list them by category (Necessary, Analytics, etc.). For it to work, you will need to validate the account registration email by clicking the link in the email they send you. | CookieYes Website |
| 5 | Prior Blocking | Activate prior consent (pre-blocking) in the settings. This prevents non-necessary cookies from loading until the user gives their consent, a key GDPR requirement. | CookieYes Website |
| 6 | Link Policies in the Banner | In the banner configuration, activate the “Learn more/Read more” link and copy and paste the URL of your Cookie Policy or Privacy Policy page. | CookieYes Website |
| 7 | Publish Changes | Click “Publish changes” on the CookieYes website. | CookieYes Website |
This way, the plugin will analyze the cookies on our website, take the data we have configured on the CookieYes website, and block non-essential cookies until the user accepts them in the banner that will appear on our website, usually at the bottom.
🔍 Plugin Mode without connecting to CookieYes services (more limited, does not block all cookies)
If you prefer not to use the previous mode, you can configure the basics from CookieYes > Dashboard within WordPress, indicating that you don’t want to connect, just “offline” configuration, although with limited functions.
📌 Key Points of Legal Compliance
Prior Consent: Do not load analytical or marketing cookies until the user accepts.
Real Choice: The user must be able to “Reject all” cookies as easily as accepting them.
Consent Record: Some laws require you to keep proof of consent. Tools like CookieYes offer consent logs.
By following this guide, you not only legally protect your project but also build a foundation of trust with your audience and improve the technical structure of your site for search engines.
