Creating a website that people trust starts with protecting their personal information.
Privacy laws like GDPR and CCPA are designed to help with that, but they can feel confusing when you’re just trying to do the right thing.
Many of these rules ask you to add a ‘Do Not Sell My Info’ page to your site, and it’s not always clear where to start. I’ve been there myself.
After trying several different approaches, I found a step-by-step method that actually works for beginners.
In this guide, I’ll walk you through the exact process I use to build a professional ‘Do Not Sell My Info’ page in WordPress. I’ll also show you how to handle incoming requests, so you can protect your visitors’ privacy and stay compliant with international data laws.
⚠️ The term ‘Do Not Sell My Info’ comes directly from the California Consumer Privacy Act (CCPA).
Adding this page to your site also helps you follow Europe’s General Data Protection Regulation (GDPR). This is because you’re giving visitors a way to stop their personal data from being processed, which meets the GDPR’s Right to Object requirement.
However, the GDPR does not specifically say you must add a ‘Do Not Sell My Info’ page to WordPress.
Why Do You Need a ‘Do Not Sell My Info’ Page?
A ‘Do Not Sell My Info’ page gives your visitors a clear way to say they don’t want their personal data shared or sold to outside companies. In many cases, this is required by law, and it’s also a great way to build trust with your audience.
People care more about privacy than ever, especially when visiting blogs, websites, and online businesses.
In response, many countries have created laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
As a website owner, it’s important to follow these laws and give your visitors real control over their data. While each regulation is different, most require you to let users opt out of having their personal information shared or sold to third parties.
This type of page is a specific requirement under the CCPA. Even though the GDPR doesn’t mention it by name, adding this page can help meet its requirement to give users control over how their data is used.
If you skip this step, you could end up violating privacy laws—even ones that don’t mention this page directly. That can lead to legal trouble, fines, or damage to your website’s reputation.
But this isn’t just about legal compliance.
By giving people an easy way to share their preferences, you’re also showing respect and building trust.
When visitors see that you take privacy seriously, they’re more likely to stick around, sign up for your email newsletter, make a purchase from your online store, or take other actions that grow your site.
In short, a ‘Do Not Sell My Info’ page helps you meet privacy expectations and makes your website more trustworthy in the process.
How to Create a Do Not Sell My Info Page in WordPress
With privacy regulations getting stricter all the time, creating a ‘Do Not Sell My Info’ page is no longer just a good idea. It’s often also a legal requirement.
In this guide, I’ll walk you through the process of creating a ‘Do Not Sell My Info’ page on your WordPress website step-by-step. I’ll also show you how to manage user requests effectively, so you stay on the right side of the law.
Step 1. Set Up WPConsent
The easiest way to add a Do Not Sell My Info page in WordPress is by using WPConsent. This is the best privacy compliance plugin that helps you meet key privacy standards by giving users more control over their personal data.
WPConsent includes helpful features like cookie banners, privacy policy generators, and a consent log to track user permissions, which are all useful if you’re ever audited.
It also offers a Do Not Track addon, which lets you create a dedicated form page in just a few clicks. Visitors can fill out this form to tell you not to sell their personal information.
These requests are stored locally in a custom table on your site, so you can review and respond to them right away.
⭐ We use WPConsent to manage user consent and display cookie banners across all our websites, including WPBeginner. This firsthand experience has shown us how effective and straightforward WPConsent is to use.
Want to learn more about our direct experiences with WPConsent? Then be sure to check out our in-depth WPConsent review.
If you’re working with a limited budget, there’s also a free version of WPConsent available on WordPress.org.
It includes many essential features to help you comply with laws like the GDPR.
To use the Do Not Track addon, you’ll need the premium version. If you need help upgrading, take a look at our guide on how to install a WordPress plugin.
Once the plugin is active, you’ll see a quick onboarding wizard that walks you through setup, usually in under five minutes.
When you’re ready, click the ‘Let’s Get Started’ button to begin.
This setup wizard will guide you through several important tasks, such as scanning your site for third-party scripts and creating a cookie popup.
Completing these steps will help you comply with crucial privacy laws like the Personal Data Protection Law (PDPL), so I encourage you to go through the entire onboarding process.
After you’ve finished the setup, WPConsent will take you back to the WordPress dashboard.
Step 2: Create a WordPress Page
WPConsent lets you add a Do Not Sell My Info form to any page or post on your WordPress site. However, to keep things simple, I suggest creating a new page especially for this important form.
In your WordPress dashboard, head over to Pages » Add Page.
You can now give this page a clear title, something like ‘Do Not Sell My Info.’ You can also add any other information you think is important, such as an introduction explaining what the form is for and why someone might want to use it.
When you’re happy with how the page looks, save it as a draft for now.
Step 3: Install the Do Not Track Addon
WPConsent includes tools to help you follow major privacy laws right away. But if you want to add a Do Not Sell My Info page, then you’ll need to install an extra addon.
In your WordPress dashboard, go to WPConsent » Do Not Track. When that screen loads, just click the ‘Install Do Not Track Addon’ button.
After a moment, WPConsent will automatically install and activate the addon for you.
Step 4: Create the ‘Do Not Sell My Info’ Form
Next, you need to head over to WPConsent » Do Not Track, and open the ‘Configuration’ tab.
Here, you’ll be able to choose where the form should appear.
Simply open the ‘Do Not Track Page’ dropdown and select the page you created earlier. This will automatically add a basic form to that page.
By default, the form includes a few essential fields:
- First Name
- Last Name
These are needed to identify the visitor, so WPConsent won’t let you remove them.
That said, you can update the labels if you want to use different wording—just change the text in the ‘Field Label’ box.
If you need more details from your users, you can also enable extra fields like:
- Address
- ZIP Code
- City State
- Country
- Phone
To include one, just check the box that says ‘Enable this field.’
These extra fields are optional by default.
But if there’s something you want to make mandatory, you can check the ‘Make this field required’ box.
Just like before, you’re free to update any of the field labels to match your site’s tone.
Once everything looks the way you want, scroll to the bottom and click the ‘Save Changes’ button.
Step 5: Adding the Form to Your Page
Now, you’re ready to add this form to the page you created earlier. In your WordPress dashboard, open that page for editing.
Find the spot where you want to add the form and click the + icon.
In the box that appears, start typing ‘Shortcode’ to find the right block.
When the shortcode block appears, click on it to add it to the page.
You can now paste the following shortcode into the block:
[wpconsent_do_not_track_form]
With that done, simply publish the page as you normally would.
You can now visit your WordPress blog or website to see the ‘Do Not Sell My Info’ page in action.
Step 6: Add Links to Key Areas
Now that you’ve created a ‘Do Not Sell My Info’ page, it’s important to make it easy for visitors to find.
One way to do this is by adding a link to your site’s Privacy Policy. You might also consider placing it in a prominent spot like your navigation menu or your cookie policy.
These small steps can go a long way in building trust. When visitors see that you’re open about your data practices, they’re more likely to feel confident browsing your site.
Step 7: Manage Incoming Requests
Now that everything is set up, WPConsent will automatically log each request and display it in your WordPress dashboard. This makes it easier to stay on top of privacy requests as they come in.
To check your current requests, go to WPConsent » Do Not Track and make sure the ‘Requests’ tab is selected. You’ll see a list of all submissions along with key details for each one.
How you respond depends on how you manage customer information. For example, you might add a note to your CRM tool to mark the user as opted out.
You can also export your list of requests as a CSV file. This can be helpful for recordkeeping or auditing.
To do that, just open the ‘Export’ tab under WPConsent » Do Not Track.
First, click the ‘From’ field and choose a start date.
Then, select the end date by clicking the ‘To’ field.
By default, WPConsent includes all requests, both processed and unprocessed.
If you only want to see requests that still need attention, it’s a good idea to check the box that says ‘Export only “not processed” entries.’
Planning to act on those requests right away?
You might also want to check the box that says ‘Mark exported data as processed.’ That way, WPConsent will automatically update the status in your dashboard.
If you do that, make sure to follow through and complete each request. That helps keep your dashboard accurate.
Once everything’s ready, simply click the ‘Export’ button to download your CSV file.
If you didn’t mark them as processed automatically, you’ll need to close each one manually. To do that, hover over the request in your dashboard and click the ‘Mark as processed’ link.
Processed requests will be clearly labeled, so you can quickly see which ones are still open.
Proving Your Data Compliance
It’s not enough to simply follow privacy laws like GDPR and CCPA. You also need to be able to prove that you’re compliant.
With that in mind, if you’re ever audited, then you’ll need to show that you’re honoring any Do Not Sell requests you receive. Fortunately, you can use WPConsent’s Export tool to create a complete record of all processed requests.
To do this, simply head over to WPConsent » Do Not Track, and select the ‘Export’ tab.
You can now enter a From and To date for the export, following the instructions I shared in the previous step. Once you’ve set the dates, make sure the ‘Export only “not processed” entries’ box has not been selected.
Then, go ahead and click the ‘Export’ button.
This will create a record where all completed requests are clearly marked as ‘Processed.’
While auditors may request additional proof that you have actually completed these requests, this provides a strong starting point for showing that you honor ‘Do Not Sell’ requests.
Do Not Sell My Info Pages: FAQs
Data compliance is a serious topic, so it’s understandable if you still have some questions.
To help you out, I’ve collected all the most frequently asked questions about setting up a ‘Do Not Sell My Info’ page in WordPress.
What is WPConsent, and why should I use it?
WPConsent is a comprehensive plugin designed to help WordPress website owners comply with various privacy regulations, such as the Lei Geral de Proteção de Dados (LGPD), CCPA, and GDPR.
WPConsent makes it easier to create and manage essential privacy pages and features on your site, allowing you to meet legal requirements and build trust with your audience.
How does a ‘Do Not Sell My Info’ page differ from other privacy pages?
A ‘Do Not Sell My Info’ page serves a specific purpose: it lets users opt out of the sale of their personal data. This is required by various privacy laws, including the California Consumer Privacy Act (CCPA).
Typically, your website will have other privacy-related pages, but they won’t offer this particular function.
Can I use other privacy plugins alongside WPConsent for enhanced compliance?
Yes, you can use WPConsent with other privacy and security tools. For example, you might use WPConsent to manage your ‘Do Not Sell’ requests. At the same time, you might use a plugin like Sucuri to check your site for security weaknesses that could cause a data breach.
What should I do when a user sends me a ‘do not sell’ request?
Once you receive a request, you need to make sure you honor it properly. This means updating your internal data handling practices in order to reflect the user’s wishes.
For example, you might need to:
- Update your records: Mark the user’s profile in your database or CRM system. For example, you could add a ‘Do Not Sell’ tag to their contact record in your CRM software. This makes it clear to your team that their data should not be sold.
- Notify relevant teams: Ensure everyone involved in data processing knows about the request. After that, they can avoid any actions that would violate the user’s preferences.
- Review data flows: If you share data with third parties, then confirm this user’s data is no longer included in those transfers.
- Document the action: Keep a clear record of when you received the request and how it was processed. This documentation will also help you demonstrate compliance if you’re ever audited. The good news is that some tools log all user requests automatically, such as WPConsent.
If you don’t honor these requests, then you could face legal penalties, including significant fines and serious damage to your website’s reputation.
With that in mind, it’s essential that you take immediate action every time you get a ‘Do Not Sell’ request.
Is it important to regularly update the ‘Do Not Sell My Info’ page?
Absolutely. Regular updates are vital to ensure you’re complying with the latest legal requirements.
Privacy laws can evolve over time, and new regulations might come into effect. By keeping your page up-to-date, you can avoid potential penalties and other legal issues.
You also need to ensure your compliance reflects any changes you make in how you handle data. For example, if you start collecting new types of data or partnering with new third parties, then your ‘Do Not Sell My Info’ page should reflect those changes.
When it comes to reviewing and updating your ‘Do Not Sell My Info’ page, I recommend adding this task to your website maintenance checklist.
Additional Resources for Privacy Compliance
Navigating data privacy can be complex, but having the right resources to hand makes things much easier.
With that said, here’s a list of extra articles and guides to help you continue your compliance journey:
I hope this guide has helped you add a Do Not Sell My Info page to your WordPress website. Next, you may want to see our expert picks for the best WordPress security plugins or our ultimate WordPress security guide.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.