What “cookie-free analytics” actually means
Standard web analytics tools — Google Analytics, Matomo in its default configuration, Hotjar — use browser cookies to identify and track visitors across sessions. A small text file is written to the visitor’s browser, and that cookie is sent back to the analytics platform with each subsequent visit to recognize the returning user.
Cookie-free analytics takes a different approach: visitor identification is done without writing anything to the browser. Instead, session continuity is managed server-side, typically using a combination of anonymized data points (approximate IP location, browser family, viewport size) that are immediately hashed and never stored in identifiable form.
The result: visitor sessions are tracked accurately, but no persistent identifier is stored on the user’s device. There’s nothing to “consent” to from a browser-storage standpoint.
Why this matters for your WordPress site
Consent banner removal (or significant simplification)
The ePrivacy Directive and PECR require user consent before storing cookies or other persistent identifiers on a user’s device. Cookie-free analytics doesn’t store anything on the device, so these consent requirements don’t apply to your analytics — removing the need for a cookie consent banner specifically for tracking purposes.
Note: if your WordPress site uses other cookies (embedded YouTube, WooCommerce session, advertising pixels), you may still need a banner for those specific purposes. But you can remove the analytics consent layer, which is often the most complex part.
Complete traffic data
When visitors decline analytics cookies, they vanish from your data. Research consistently shows that 40–60% of European visitors decline when given a real choice. Cookie-free analytics captures all of them. Your traffic numbers reflect reality, not a filtered subset.
Simpler compliance posture
Several EU national data protection authorities (Austria, France, Italy) have ruled that even “consent-based” Google Analytics implementations may violate GDPR due to data transfers to US servers. Cookie-free analytics stored on your own server sidesteps this issue entirely — there’s no third-party data transfer to audit or justify.
How to set up cookie-free analytics on WordPress
Here’s the complete setup process using FPAI — a free WordPress plugin available on WordPress.org.
Step 1: Install and activate FPAI
In your WordPress admin, go to Plugins → Add New Plugin and search for “FPAI” or “First Party AI Analytics”. Click Install Now, then Activate.
Alternatively, visit WordPress.org directly, download the plugin zip file, and upload it via Plugins → Add New Plugin → Upload Plugin.
Step 2: Verify the tracking script is loading
After activation, visit your site’s front-end and open your browser’s developer tools (F12). Go to the Network tab and look for a request to fpai-tracker.js. If you see it loading, the plugin is active and tracking is already running.
You don’t need to add any tracking code manually — FPAI injects its script automatically via WordPress’s wp_footer hook.
Step 3: Check the FPAI dashboard
In your WordPress admin, look for FPAI Analytics in the left sidebar. The dashboard shows live data — it may take a few minutes for your first session to appear if your site has light traffic.
Step 4 (optional): Configure exclusions
By default, FPAI excludes logged-in WordPress admin users from tracking. You can configure additional exclusion rules under FPAI Analytics → Settings: specific IP ranges, user roles, or URL patterns you want to exclude.
What gets tracked — and what doesn’t
Understanding the data model is useful:
FPAI tracks:
- Page URL and page title
- Session start time and duration
- Referrer / traffic source
- Device type (mobile, desktop, tablet)
- Browser family
- Country (from IP geolocation, IP is not stored)
- Click events, scroll depth, form submissions
- Custom conversion events you define
FPAI does not store:
- Full IP addresses (these are never written to the database)
- Browser cookies of any kind
- Any personally identifiable information
- Cross-site tracking data
Where does the data go?
All FPAI data is stored in your WordPress MySQL database — the same database your posts and users live in. Specifically, FPAI creates its own tables (prefixed wpXX_fpai_) to store session and event data.
Nothing is sent to any external server. There is no Anthropic server, no FPAI cloud, no analytics platform receiving your data. It stays on your hosting infrastructure.
This means: you can export it freely as CSV, back it up with your normal database backups, and query it directly if you’re comfortable with SQL.
Can you remove your cookie consent banner?
If your only tracking mechanism was GA4 or another cookie-based analytics tool, and you replace it with FPAI, then yes — you can remove the analytics portion of your consent banner. If your banner was only for analytics cookies, you may be able to remove it entirely.
If you still have other cookie-setting elements on your site (Google Fonts loaded via external CDN, YouTube embeds, Google Ads, social share buttons), those still require disclosure and potentially consent depending on your jurisdiction. FPAI doesn’t change the consent requirements for those.
When in doubt, consult your legal advisor — this article is technical guidance, not legal advice.
Summary
Cookie-free analytics on WordPress is a one-plugin install: FPAI tracks all your visitors without cookies, stores everything in your own database, and requires no external accounts or configuration. The immediate benefits are a complete traffic picture (not filtered by consent), simplified compliance, and data you fully own and control.
FPAI is a free WordPress plugin for cookie-free analytics. Install in minutes, no account needed. Download free →