Cookies Policy

WordPress Cookies Policy

Does our WordPress website use Cookies?

Cookies are small text files that are stored in your device when you visit this website. They gather information to analyse our website functioning and if necessary, to track your activity for security reasons. Yes, our WordPress website uses cookies.

You can easily check which kind of cookies our website uses by visiting https://www.cookieserve.com

We also think that you should be aware of a new “browser-fingerprint” technique https://supercookie.me/workwise against which we have implemented counter-measures as described in one of our Blog posts, that you can find by clicking VPN.

What are the Cookies that WordPress Uses?

WordPress uses cookies for two purposes:

  1. Registered members need a cookie to be able to log in. This is “strictly necessary” as WordPress will not work without it.
  2. Visitors who leave a comment on a blog post will also have a cookie set on their device. This is not “strictly necessary” as it is a user preference, but we also do not allow comments on our website and in this case, we do not need your consent for these cookies because we do not use them, at all.

There are two types of cookies set by WordPress: Users Cookies and Commenters Cookies.

Without these cookies, WordPress will not be able to function without it. They are also session cookies as they expire once the user logs out or exits the webpage.

  • wordpress_[hash]: to store the authentication details on login.
  • wordpress_logged_in_[hash]: to indicate when you are logged in and who you are.
  • wordpress_test_cookie: to check if the cookies are enabled on the browser to provide appropriate user experience to the users.
  • wp-settings-{time}-[UID]: to customize the view of our admin interface and the front-end of the website (visible to you).

Since these cookies are strictly necessary without which the website will not function properly, we do not require any consent from the users who visit this website.

These cookies can also be classified as persistent cookies as they expire in almost a year after loading on the visitor’s system.

  • comment_author_[hash]: remembers the value entered into the comment form’s name field.
  • comment_author_email_[hash]: remembers the value entered into the comment form’s email field.
  • comment_author_url_[hash]: remembers the value entered into the comment form’s URL field.

The commenters cookies are only activated if the users give their consent to save the details by checking a checkbox available to them. Please remember that we do not use these cookies because we do not allow comments on our website.

CloudFlare Security Cookies

As we mentioned in our Privacy Policy, our website uses CloudFlare to protect itself from malicious attacks and CloudFlare will download cookies on your device for security purposes. These cookies are absolutely necessary for the protection of this website and server systems and if you are not happy about its use, you must leave this website immediately and clear the cookies on your device.

  • __cfduid: this cookie is used by the CloudFlare CDN services to identify individual clients behind an IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. This cookie is valid for one month.
  • __cf_bm: this cookie is used by CloudFlare to support a very sophisticated Bot Management & Protection service.

NOTE: CloudFlare deprecated the __cfduid cookie on the 10 May 2021 and will stop adding a “Set-Cookie” header on all HTTP responses. The last __cfduid cookies expired 30 days after that date, according to CloudFlare. The primary use of that cookie is for detecting bots on the Web. Malicious bots may disrupt a service that has been explicitly requested by an end user (through DDoS attacks) or compromise the security of a user’s account (through brute-force password cracking or credential stuffing). The value of the __cfduid cookie is derived from a one-way MD5 hash of the cookie’s IP address, date/time, user agent, hostname and referring website, which means that CloudFlare cannot correlate that cookie to a specific person.

Securing Cookies with Encryption

As you may know already, HTTP cookies are small packets of data stored in your browser. This data may contain sensitive data like passwords or user information and is therefore vulnerable to certain attacks. To drastically limit any vulnerability, Codexing.Art uses the Secure and HttpOnly and use_only_cookies parameters to make cookies more secure.

  • Secure – This parameter will make sure that our cookies are only sent over a secure SSL connection or https:// This will prevent any cookies being sent over http:// (not encrypted), thus securing cookies even more.
  • HttpOnly – The flag HttpOnly will tell the browser that the cookies can only be accessed by the server, thus preventing cross-site scripting (XSS). This will prevent requests from malicious JavaScript files trying to steal our cookies.
  • use_only_cookies – This parameter forces our website to only store session data in a cookie and not in any another way. This prevents attacks involving passing session IDs in URLs.
WordPress Cookies Policy follows GDPR

Codexing.Art Cookies Policy

Cookies Policy updated on November 1st, 2021.