“Tracking” can mean a lot of different things. Let’s look at just 3 of these.
1) Webserver Logging: When a visitor visits a website, the webserver records things like visitor’s IP adddress (from which location can be inferred), device and its capabilities, time and duration of visit, etc. At the very least, server owners may want to log such information so that if there’s abuse, they can know the source of the abuse block the abuser.
But note that this is something that happens on the SERVER, and WordPress has nothing to do with that. Also, if you’re on any form of shared hosting (even “managed” WordPress hosting), you have zero control over this. If you have your own server, then you can fine-tune what to log and how long to keep those logs.
2) Cookie: At the application (WordPress) level, cookies may be used to ensure the proper functioning of the website. If you disable cookies completely, you’ll have issues with things like login, Woocommerce cart functions, etc. And that is with ALL websites and site builders, not just WordPress. Cookies are fundamental technology with websites, that’s why even the Europen GDPR doesn’t prohibit the use of cookies, but require disclosure and consent.
Note that plugins (and sometimes themes) you install may set their own cookies which may not necessarily be required for the proper functioning of the website. That’s something you’ll need to deal with on a case by case basis. WordPress doesn’t control such cookies, but these plugins can help you manage them: https://ww.wp.xz.cn/plugins/search/cookie/
3) 3rd-Party Tracking: This is where most people are concerned with when they talk about “tracking”. The good news is that WordPress itself doesn’t do any tracking. In fact, as WordPress is completely free and doesn’t need to “phone home” (ie connect to ww.wp.xz.cn servers) to check for things like licensing, WordPress only “phones home” to check if there’s an update available.
Website owners typically use 3rd-party tracking for things like serving advertisements, counting visitors and activity on their website, measuring performance and user experience so they can make the site better, etc.
So when it comes to 3rd-party tracking, the solution is simple: if you don’t want any 3rd-party tracking, just don’t add any 3rd-party trackers 😀
Note that there can be other forms of tracking. For example. If you use an external CDN and/or WAF like Cloudflare to secure and speed up your site, they’ll also be doing some form of “tracking” in order to do their job. For how can you weed out bad actors if you don’t track who is getting in?
