Implement Age Verification & COPPA
Determine whether COPPA applies to your site and implement age verification if it does.
Most businesses don’t need full COPPA compliance. If you’re not specifically targeting children under 13 or knowingly collecting their data, you likely just need a simple age gate.
This guide covers: Who needs COPPA compliance, how to add a basic age gate, and what full compliance requires for sites that actually serve kids.
What this covers: When COPPA actually applies, how to add an age gate for restricted content using plugins or custom code, and what full compliance requires for sites that specifically target children under 13.
Who it’s for: Site owners selling age-restricted products or running sites that may attract users under 13 who need to determine their compliance obligations.
Key outcome: You’ll have a working age verification gate on your site (or know you don’t need one), with clear understanding of whether full COPPA compliance applies to your business.
Time to read: 7 minutes
Part of: Privacy & Compliance series
Do You Need COPPA Compliance?
COPPA (Children’s Online Privacy Protection Act) applies if:
- Your website or app specifically targets children under 13
- You knowingly collect personal data from children under 13
You probably don’t need full COPPA compliance if:
- Your site is general audience (blog, e-commerce, B2B)
- You don’t target kids specifically
- You don’t ask for age during signup/checkout
“But I have Google Analytics”: General analytics on a general audience site doesn’t trigger COPPA. COPPA kicks in when you knowingly collect data from kids, not when a kid might visit your site.
Age-Restricted Content (Alcohol, Gambling, Adult)
If you sell age-restricted products or content, you need an age gate—but that’s not COPPA. That’s industry regulation.
For WordPress:
- Age Gate (free) – Simple modal with age verification
- AgeChecker.Net ($29+/month) – ID verification for strict compliance
- Install your chosen plugin
- Set minimum age (18 or 21 depending on content)
- Configure which pages require verification
- Test in incognito
For Shopify:
- Blockify Age Verification by AAM ($4.99/month)
- Age Verification Popup ($4.95/month)
Time: 30 minutes for basic setup.
For strict verification (gambling, cannabis): Use AgeChecker.Net or Veratad, which verify against ID databases. More expensive ($0.25-1.00 per verification) but legally defensible.
Full COPPA Compliance (Sites That Target Kids)
If you run a site for children under 13 (games, education, entertainment), you need:
1. Verifiable Parental Consent
Before collecting any data from a child, you must get consent from a parent or guardian. Methods include:
- Signed consent form (email or physical)
- Credit card verification (small charge that proves adult access)
- Call to a toll-free number
- Video conference with parent
2. Privacy Policy for Kids
Your privacy policy must specifically address:
- What data you collect from children
- How you use it
- How parents can review/delete their child’s data
- That you don’t condition participation on data collection
3. Data Minimization
- Only collect data necessary for the activity
- No behavioral advertising to children
- No selling children’s data
- Delete data when no longer needed
4. Parental Rights
Parents can request:
- Review of their child’s data
- Deletion of their child’s data
- Opt-out of future data collection
Penalties: FTC enforces COPPA with fines up to $50,000 per violation. Major cases have resulted in multi-million dollar settlements.
Custom Code (If Not Using a Plugin)
If you have a developer or prefer a custom solution, here’s a basic age gate implementation.
Where to place this code:
- JavaScript: Add to your theme’s main JS file, or in a
<script>tag just before the closing</body>tag - HTML (age gate modal): Add just after the opening
<body>tag
The HTML (place after <body>):
<div id="age-gate" style="display:none; position:fixed; inset:0; background:rgba(0,0,0,0.9); z-index:9999; align-items:center; justify-content:center;">
<div style="background:white; padding:2rem; border-radius:8px; text-align:center; max-width:400px;">
<h2>Age Verification Required</h2>
<p>Please enter your birth year to continue.</p>
<input type="number" id="birth-year" placeholder="1990" min="1900" max="2026" style="padding:0.5rem; font-size:1rem; width:100px;">
<button onclick="ageGate.verify(document.getElementById('birth-year').value)" style="padding:0.5rem 1rem; margin-left:0.5rem;">Verify</button>
</div>
</div>The JavaScript (place before </body>):
<script>
const ageGate = {
init() {
if (!this.hasVerified()) this.showGate();
},
hasVerified() {
return localStorage.getItem('age_verified') === 'true';
},
verify(birthYear) {
const age = new Date().getFullYear() - parseInt(birthYear);
if (age >= 18) {
localStorage.setItem('age_verified', 'true');
this.hideGate();
} else {
this.denyAccess();
}
},
showGate() {
document.getElementById('age-gate').style.display = 'flex';
document.body.style.overflow = 'hidden';
},
hideGate() {
document.getElementById('age-gate').style.display = 'none';
document.body.style.overflow = 'auto';
},
denyAccess() {
window.location.href = 'https://google.com';
}
};
// Initialize on page load
document.addEventListener('DOMContentLoaded', () => ageGate.init());
</script>Testing: Clear localStorage (DevTools → Application → Local Storage → Clear), reload page, verify gate appears. Enter an underage year, verify redirect. Enter a valid year, verify access granted.
Testing Your Age Gate
For age-restricted content:
- Age gate appears before restricted content
- Underage users are blocked or redirected
- Verification persists across sessions (cookie or localStorage)
For COPPA compliance (sites targeting kids):
- Parental consent flow is implemented and tested
- Privacy policy addresses children specifically
- Data collection is minimized to what’s necessary
- Parents can request data review/deletion
Sources
Age Verification & COPPA Questions Answered
At what age does COPPA apply?
COPPA applies to the collection of personal information from children under 13 years old. If your website or app is directed at children under 13, or you have actual knowledge that a user is under 13, you must obtain verifiable parental consent before collecting any personal data.
What counts as “personal information” under COPPA?
COPPA defines personal information broadly: it includes name, email, phone number, physical address, screen name, photos, video, audio, geolocation, and persistent identifiers like cookies or device IDs that can track a child across websites. Even IP addresses qualify when collected from children.
What is the fine for COPPA violations?
The FTC can impose penalties of up to $50,120 per violation (adjusted annually for inflation). The largest COPPA enforcement action — the 2019 YouTube case — resulted in a $170 million settlement. Smaller cases typically settle in the hundreds of thousands. Each instance of unauthorized data collection from a child counts as a separate violation.
Is an age gate checkbox sufficient for COPPA compliance?
A simple “I am 13 or older” checkbox is not sufficient for COPPA compliance. The FTC requires “verifiable parental consent” mechanisms such as signed consent forms, credit card verification, government ID checks, or knowledge-based authentication. The method must be reasonably calculated to ensure the consenting person is actually the parent.
✓ Your Age Gate and COPPA Protections Are Live
- An age verification gate appears before any age-restricted content is accessible
- No personal data is collected from users who indicate they are under 13
- Verifiable parental consent mechanism is in place and functioning for any under-13 data collection
- Your privacy policy explicitly addresses children’s data collection practices
- Age verification state persists correctly across sessions without storing unnecessary PII
Test it: Open your site in a private browser window, enter a birthdate under 13, and confirm you are blocked from content and that no cookies or personal data were stored.