Why does cookie policy show iThemes login and Elementor cookies?

  • Resolved Monique23

    (@monique23)


    4 years, 9 months ago

    Hi there,

    I am investigating on using a proper cookie banner and cookie policy creator and found your plugin. So far I like it a lot. However, the cookie policy shows a few placed cookies that I really doubt if these should be placed in the cookie policy. These are:

    • iThemes Security: cookie itsec-hb-login-*. I expect this is used for WordPress login page (hide wp-login.php). This doesn’t seem relevant at all for visitors of the website…
    • Elementor: elementor. Also here, whatever information Elementor is collecting doesn’t seem to have anything to do with the visitors of the website. So also here it doesn’t seem relevant.

    Or am I overlooking something here?

    Is it possible to delete these cookies from the cookie policy page?

    Please advise.

    Thanks & best regards,
    Monique

    • This topic was modified 4 years, 9 months ago by Monique23. Reason: Changed url

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hoi Monique,

    The first cookie is: itsec-hb-login-*, which is a token by iThemes to hide the login URL for website visitors. As you can see here, it has not yet been described by our moderators: https://cookiedatabase.org/cookie/ithemes-security/itsec-hb-login/

    I will make this a priority to research. Because we don’t know if iThemes uses this token to differentiate between users, and in which way. I would suggest leaving it as is, and we will update Cookiedatabase.org soon, and a resync will add new information.

    I thought Elementor was described as an admin cookie, you can remove this from the cookie policy, by going to Cookies > Used Cookies > Elementor > Uncheck: Show on Cookie Policy.

    Hope this helps, if you need more help. Let me know!

    Groeten Aert

    Thread Starter Monique23

    (@monique23)

    Hi Aert,

    Thanks for your quick reply.

    Re. iThemes. As far as I know iThemes Security will only block the url for the standard wp-login page and gives access to admin through a “url/choose-your-own-name”. So basically this url is only known by the owner/admin of the website. In this way it is made very difficult for ‘people with malicious intent’ to access the login page. Obviously iThemes Security stores a cookie for that. I assume they will be able to tell what type of cookie this exactly is. Perhaps this is an admin cookie – like the Elementor cookie? I understand you will investigate this. Is it possible you’ll inform me when you have the outcome?

    Re. Elementor. With your instructions I was able to hide the Elementor notice in the cookie policy. Happy ??

    Thanks a lot!

    Groeten Monique

    Plugin Contributor Leon Wimmenhoeve

    (@leonwimmenhoeve)

    Hallo @monique23,

    After some further investigation on our side, we have to revise the statement of this Elementor cookie. If you visit your website logged out and incognito you can also detect this cookie in your browser. It contains values for pageviews and sessions.

    Elementor communicates the following on her site:
    “It does leverage the browser’s local storage to track your visitor habits or patterns in order to trigger the Popup.”

    This means two things:

    1. It is not an administrators cookie
    2. It should be categorized as a statistics cookie (and should be mentioned on your cookie policy)

    We corrected this on cookiedatabase.org and I would advise you not to hide it on your cookie policy.

    Our apologies for the confusion :-).

    Kind regards,
    Leon

    Thread Starter Monique23

    (@monique23)

    Hi Leon,

    Wow, that is some unexpected behaviour from Elementor… I am not really sure if I understand why this is necessary then. I am not using any Popups on that site at all. Strange. Anyway it is better to have too many information on the cookies pages than too little. If it would be the only cookie to need consent I would want to delete it completely…

    Thanks & best regards,
    Monique

    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @monique23,

    We are looking into it, if our moderators find something it will sync automatically to your cookie policy, with the updated description.

    Thanks for your valuable feedback ??

    regards Aert

    Thread Starter Monique23

    (@monique23)

    And thank you Aert for all your help!

    Regards,
    Monique

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Why does cookie policy show iThemes login and Elementor cookies?’ is closed to new replies.