The reality is often messy: contact form plugins, analytics tools, social media feeds, and caching layers are likely loading what are tracking cookies in the background right now. These hidden cookies aren’t just technical debt. They are legal liabilities.

Under regulations such as GDPR and CCPA, you must know exactly what is tracking your visitors and disclose it before obtaining consent. This is where a cookie compliance audit helps you out.

The audit isn’t complicated, but it does require actually going through your site methodically and checking for scripts that might be adding cookies to your site.

In this guide, I’ll walk you through how to audit your WordPress site for cookie compliance and help you find every hidden cookie.

Why Perform Cookie Compliance Audits?

A cookie audit is the foundation of your privacy strategy. If you don’t know what scripts are running, you can’t control them. The basic reason for having regular audits is that compliance isn’t a one-time thing. GDPR and CCPA fines are real, and regulators are increasingly active.

But beyond avoiding penalties, auditing builds trust with your visitors and helps you catch problems before they become bigger issues.

1. Compliance is Specific

Privacy laws like GDPR require you to categorize cookies by purpose, such as Essentials, Statistics, and Marketing. You can’t just slap up a generic banner.

You need to list specific cookie names and who controls them. If you are selling data (or if your cookies are doing it for you), CCPA requires clear disclosure.

2. Google Consent Mode v2

As of March 2024, Google requires proper consent signals. If you don’t have this set up, your Analytics and Ads data stops populating correctly. This is a shift in how tracking data flows to Google.

Without a verified audit and proper consent implementation, you are flying blind on marketing metrics. Conversion tracking breaks, and remarketing audiences stop building. To learn more, you may want to see our guide on how to set up Google Consent V2 in WordPress.

3. Site Performance

This is the part most people miss: audits often reveal old, abandoned scripts from plugins you deactivated months ago. I have seen sites reduce page load times significantly just by cleaning up orphaned tracking scripts discovered during a simple audit.

4. Trust Signals

When you list exactly which cookies your site uses, visitors notice. Vague privacy policies make people suspicious. A detailed, honest audit shows you respect their privacy, which builds trust.

5. Configure Cookies from New Plugins

The most common situation I see is sites that were compliant when they first set up, but drifted over time.

For instance, you might have added a new chat widget, and no one thought about its cookies. Or a marketing plugin starts setting tracking cookies that bypass the consent tool. A WordPress update changes how scripts load.

These things accumulate, and without periodic checking, you won’t know which cookies are being added to your site until something goes wrong.

That said, let’s see how you can start a cookie compliance audit in WordPress.

WordPress Cookie Compliance Audit Process

Now, let me walk you through the audit process that you can follow for your WordPress website.

Finding What Cookies Your Site Actually Sets

The first step is finding out which cookies are actually set on your website. Start by opening an incognito or private browser window. This gives you a clean slate with no existing cookies or consent choices.

Simply visit your site, but don’t interact with the cookie banner yet. Before you click anything, open your browser’s developer tools. In Chrome, press F12, then go to the Application tab and click on Cookies.

Look at what cookies are present before you’ve made any consent choice. At this point, you should only see essential cookies. Things like session cookies, shopping cart cookies, or login-related cookies are fine.

But if you see _ga (Google Analytics), _fbp (Facebook Pixel), or cookies from advertising networks, you have a problem. Those shouldn’t be there until someone consents.

Now, make a note of every cookie you see and then accept all cookies in your banner and check again.

You should see your analytics and marketing cookies appear. Compare the before and after lists. The cookies that appeared after consent are the ones you’re blocking that are being handled correctly.

Any non-essential cookies that were there before consent are gaps in your compliance.

Pro Tip: Block Third-Party Cookies Using WPConset

Once you know the cookies that are being set on your site, you need to block them before consent. And the easiest way to do that is by using WPConsent.

It is the best WordPress cookie compliance plugin that helps scan your site for cookies, configure them, and set up a cookie banner without any technical knowledge or editing code. Unlike external tools that crawl your site from the outside, WPConsent lets you operate its scanner from within your WordPress dashboard.

WPConsent will scan your homepage by default. But you can also add other pages to the scanning process, such as the checkout page, contact us page, and more.

This is helpful in uncovering any third-party scripts that might be adding cookies and are not picked up by the scanner. Next, you will have a list of every cookie and script found on your website. Simply scroll down to the Detailed Report section. Here, WPConsent categorizes cookies automatically under different categories.

You can then select the ‘Prevent known scripts from adding cookies before consent is given’ checkbox and click the Automatically Configure Cookies button.

Testing Your Cookie Banner

Now let’s check that your consent interface works correctly. Clear your cookies again and visit your site fresh. Look at your banner critically.

Are the accept and reject options equally easy to find and click? Under GDPR, they need to be. If accept is a big colorful button and reject is tiny gray text hidden in a corner, that’s not compliant. The options should be genuinely equal.

Can visitors make granular choices? Best practice is letting people accept analytics but reject marketing, or vice versa. If your banner only offers “accept all” or “reject all” with no middle ground, consider updating it.

Is there a way to change preferences later? Look for a link in your footer or elsewhere that says something like “Cookie Settings” or “Privacy Preferences.” You can click it and make sure it actually lets you modify your choices.

Verifying That Blocking Actually Works

This is the crucial test, and it’s where most sites fail. Having a banner isn’t enough. The banner needs to actually control whether scripts run.

You can clear your cookies, visit your site, and reject all cookies in your banner. Then browse your site as usual, visit a few pages, click a few links, and spend a minute or two navigating. Then check your cookies again in developer tools.

If you rejected cookies and you still see analytics or marketing cookies, your blocking isn’t working.

This is where you can block custom scripts and iframes using WPConsent. The plugin allows you to manually add scripts or embedded iframe details, and ensure that cookies are blocked before consent.

Checking Your Documentation

Next, you can pull up your privacy policy and cookie policy. These need to accurately reflect what your site actually does.

Simply check that every cookie you found during your inventory is mentioned and explained. If you’re using Google Analytics, Facebook Pixel, or other specific services, they should be listed with a clear explanation of what they do and why you use them.

Pro Tip: WPConsent helps you create a cookie policy page instantly. The best part is that you don’t have to worry about manually listing cookies on this page, as the plugin does the heavy lifting.

Make sure your policy explains how visitors can change their cookie preferences. You can also include the actual steps, not just a vague statement about managing settings.

And check the “last updated” date. If it says 2021 and you’ve added multiple services since then, that’s a sign your documentation needs a refresh.

Testing User Scenarios

Run through a few realistic scenarios to make sure the whole experience works as expected.

For instance, accept all cookies, then browse your site and complete a typical action like adding something to a cart or filling out a contact form. Does everything work normally? It should.

Reject all cookies and do the same thing. Your site’s essential functions should still work. If rejecting cookies breaks checkout or makes forms fail, something is miscategorized as non-essential that’s actually necessary.

Accept cookies, use your site for a while, then find the cookie settings link and withdraw your consent. The non-essential cookies should be cleared or marked as withdrawn. Some sites don’t handle this correctly, and previously accepted marketing cookies keep tracking even after withdrawal.

Set Up Auto Scanning

Another benefit of using WPConsent is that you can enable auto-scanning and schedule scans regularly for your website.

This prevents you from falling out of compliance when you install new plugins later. For example, if you add a live chat widget or a new Facebook pixel, the scanner detects the new cookies and updates your banner automatically.

To enable auto-scanning, you can head to the WPConsent Settings page from your dashboard. Then scroll down and click the toggle to enable Auto Scanning. Next, you can choose the scan interval from daily, weekly, or monthly.

Common Problems and How to Fix Them

The most common issue I find is cookies appearing before consent. Usually, this happens because the consent tool isn’t properly blocking scripts, or because scripts are loading before the consent tool initializes.

The fix is usually configuration, making sure all tracking scripts are registered with your consent tool and set to block until consent.

Another common problem is unequal button prominence. This is usually a design issue in your consent tool’s settings. Look for options to customize button size, color, and placement, and make reject as visible as accept.

With WPConsent, you get complete control over how your cookie consent banner looks. You can customize its appearance and edit the buttons, change its position, and more.

Another issue is Cookie walls, where content is blocked until someone consents. If your banner prevents people from using your site until they click accept, remove that restriction. Visitors should be able to reject cookies and still access your content.

Outdated documentation is an easy fix, but it is often neglected. Quarterly, review your policies against your actual cookie inventory, remove cookies you no longer use, add new ones, and update the date.

When to Perform Cookie Compliance Audits

I recommend a quick check monthly. Open your site in incognito, verify the banner appears, reject cookies, and spot-check that nothing obvious is tracking before consent. This takes five minutes and catches obvious problems.

A full audit like the one described above should happen quarterly, or anytime you add significant new functionality to your site. New plugins, new integrations, major WordPress updates, and site redesigns all warrant a fresh audit.

If you’re in a regulated industry or handling sensitive data, consider an annual professional review that includes a legal assessment of your documentation and practices.

If Your Audit Finds Problems

Don’t panic. Most compliance issues are fixable quickly. If your current consent tool isn’t blocking correctly, you have two options: reconfigure it properly or switch to a tool that handles blocking automatically.

WPConsent includes a scanner that detects cookies on your site and automatic blocking for common services like Google Analytics and Facebook Pixel. If your audit revealed that your current setup isn’t actually blocking scripts, a switch might be the fastest path to compliance.

Once you’ve made fixes, run through the audit again to verify they worked. Compliance isn’t about having the right tool installed; it’s about that tool actually doing its job.

FAQs about Cookie Compliance Audit WordPress

Here are some common questions users have about cookie compliance audits.

1. How often should I audit cookie compliance?

Quick checks monthly, full audits quarterly. Also, audit after adding new plugins, integrating new services, or making significant changes to your site.

2. What if I find that my site is not compliant?

First, you’ll need to fix the specific issues you found. Usually, this means reconfiguring your consent tool or switching to one that handles blocking properly. This is where using a cookie management plugin like WPConsent comes in handy. It does the heavy lifting for you and helps configure cookies, so they don’t load before consent.

3. How often should I scan?

Scan whenever you change themes or add plugins. If you use WPConsent’s Auto Scanning, set it to weekly or monthly and let it run in the background.

4. Why does the scanner show different results than DevTools?

DevTools shows one page at one moment in time. An automated scanner crawls the whole site and aggregates the results. Use the scanner for the big picture and DevTools for spot-checking.

5. Can I block cookies manually without a plugin?

You can, but I don’t recommend it. You would need to wrap every script in conditional code that checks for consent. One plugin update could wipe your changes. It is better to use a tool that handles blocking at the infrastructure level.

I hope this article helped you learn how to audit your WordPress site for cookie compliance. You may also want to see our guide on WooCommerce cookie consent and how to implement IAB TCF in WordPress.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post How to Audit Your WordPress Site for Cookie Compliance first appeared on WPConsent.

Most people know about GDPR at this point, but the ePrivacy Directive is the regulation that specifically tells you what to do about cookies.

The confusion is understandable. There are multiple EU privacy laws that all seem to overlap, and the names don’t help.

But here’s what you need to know: if you have visitors from Europe and you use any kind of tracking on your site, the ePrivacy Directive applies to you. And understanding what it requires isn’t as complicated as the legal jargon makes it sound.

In this article, I’ll show you what the ePrivacy Directive is and what WordPress owners need to know. You can use the links below to jump ahead to your preferred section.

What is the ePrivacy Directive?

The ePrivacy Directive is an EU law from 2002, updated in 2009, that specifically governs electronic communications. While GDPR covers personal data broadly, ePrivacy focuses on things like cookies, email marketing, and the confidentiality of communications.

When people talk about “the cookie law,” this is what they mean. The ePrivacy Directive is the regulation that says you can’t just drop tracking cookies on someone’s browser without asking first. It’s why every website you visit now has a cookie banner.

The reason both GDPR and ePrivacy apply to cookies is that they approach the same issue from different angles. GDPR says you need a legal basis to process personal data, and tracking cookies collect personal data.

ePrivacy says you need consent before storing or accessing information on someone’s device, which is exactly what cookies do. So both laws apply, and complying with one doesn’t automatically mean you’re compliant with the other.

Now, let’s look at the difference between the ePrivacy Directive and GDPR.

How the ePrivacy Directive Differs from GDPR

The relationship between these two laws is confusing to many people, so let’s clarify.

GDPR is a regulation, which means it applies directly across all EU member states in the same way. ePrivacy is a directive, which means each EU country implements it through its own national law.

That’s why you might hear about CNIL in France, TTDSG in Germany, or the Garante in Italy. They’re all implementing the ePrivacy Directive, but with some local variations.

The practical result is that while the core requirement, consent before non-essential cookies, is the same everywhere, enforcement and specific interpretations vary by country.

France has been particularly aggressive about enforcing cookie rules. Germany requires very explicit consent. The Netherlands has strong enforcement. If your site has visitors from multiple EU countries, aiming for the strictest interpretation keeps you safe everywhere.

What the ePrivacy Directive Requires for Your Website

The core requirement is straightforward: before you set any non-essential cookies on a visitor’s device, you need their consent.

And consent under ePrivacy means the same thing it means under GDPR. Someone has to actively agree. They have to know what they’re agreeing to. And they have to be able to change their mind later.

This means a few things that you’ll need on your site:

• Does Your Site use Cookies? You need to show visitors a clear explanation of what cookies you use and why. This is where displaying a cookie policy comes in handy.
• Can Users Accept/Reject Cookies? You need to give them a real choice, where accepting and rejecting are equally easy.
• Can You Block Non-essential Cookies Before Consent? This is the part many sites get wrong. You need to actually block non-essential cookies from running until someone consents. Just showing a banner while your analytics and marketing tools are already tracking isn’t compliant.

On the other hand, there are exceptions. Strictly necessary cookies don’t require consent because your site can’t function without them. If someone puts something in a shopping cart, you need a cookie to remember that.

Similarly, if someone logs in, you need a cookie to keep them logged in. These essential cookies are fine without consent. But the moment you add Google Analytics, Facebook Pixel, or any third-party tracking, those require consent before they can run.

Now, let’s look at how you can comply with the ePrivacy Directive in WordPress.

Make Your Site Comply with the ePrivacy Directive

If you’re running a WordPress site with EU visitors, here’s what you need to do.

You need some kind of cookie consent system in place. That means a banner or popup that appears when someone first visits, explaining that you use cookies and giving them a genuine choice to accept or reject. You also need to block your tracking scripts until consent is given.

Next, you need to let visitors change their minds. Usually, this means a link in your footer to access cookie preferences. If someone accepted cookies last week and now wants to withdraw that consent, they should be able to do so easily.

And you should keep records of consent. If a regulator ever asks how you’re handling consent, having documentation helps. Most consent tools handle this automatically.

Here’s how you can implement all this on your WordPress website.

1. Use a WordPress Cookie Management Plugin

The ePrivacy Directive requires that you give visitors clear information about cookies and obtain their consent before any non-essential cookies are placed. Managing this manually is error-prone, so you’ll want a plugin that handles the technical side automatically.

That’s why I recommend using WPConsent for this process. It is the best cookie consent management plugin for WordPress, handling consent management, cookie blocking, consent banners, consent logs, and more, all of which directly map to ePrivacy Directive requirements.

What makes WPConsent different from other SaaS cookie notice solutions is that it is a self-hosted WordPress cookie consent plugin. This means you keep full control over your data and can run it on unlimited pages or pageviews, unlike other cookie software that charges based on traffic volume.

The plugin is very easy to set up and use, offering a setup wizard that guides you through every step of configuration.

You can get started with WPConsent Pro, which includes advanced features like a pre-built service library, multilingual support, geolocation rules, and a Do Not Sell add-on. There is also a free WPConsent Lite version available.

2. Scan Your Site for Cookies and Tracking Scripts

Before you can comply with the ePrivacy Directive, you need to know exactly which cookies your site is setting. The Directive requires that you disclose this information to users before they consent, so an accurate cookie audit is a critical first step.

WPConsent includes a built-in scanner that automatically detects cookies and tracking scripts across your site. During the setup wizard, WPConsent will perform an initial scan. You can also run it manually by going to WPConsent » Scanner in your WordPress dashboard and clicking Scan Your Website.

By default, the plugin scans your homepage, but you can select additional pages, such as your checkout page, contact page, or shopping cart, to make sure no cookies are missed.

Once the scan completes, you’ll see a detailed report with cookies organized by category. Under the ePrivacy Directive, this categorization is especially important:

• Essential Cookies — these are exempt from consent requirements, as they are essential for the site to function (like session cookies, shopping cart cookies).
• Statistics cookies — these require prior consent before being set (such as Google Analytics).
• Marketing cookies — these require prior, explicit consent before being set (like Facebook Pixel).

WPConsent automatically categorizes detected cookies into these groups, making it easy to see at a glance what requires consent.

3. Block Non-Essential Cookies From Loading Before Consent

This is the most critical technical requirement of the ePrivacy Directive: non-essential cookies must not be placed on a visitor’s device until they have actively given consent.

Pre-ticked boxes or implied consent are not sufficient. User consent must be a clear, affirmative action. WPConsent handles this automatically through its script blocking feature, which prevents non-essential scripts from loading until the visitor has explicitly consented.

Automatically Configure Cookie Blocking

In the Detailed Report section, scroll to the bottom and make sure the “Prevent known scripts from adding cookies before consent is given” checkbox is ticked.

Then click the Automatically Configure Cookies button. This ensures that analytics, advertising, and other non-essential scripts are held back until consent is granted.

For more details, please see our guide on how to block third-party cookies in WordPress.

Block Embedded Content Before Consent

The ePrivacy Directive also applies to embedded third-party content such as YouTube videos, Google Maps, and reCAPTCHA, all of which can set cookies the moment they load.

WPConsent’s Content Blocking feature prevents these iframes from loading until a visitor gives consent. For example, a YouTube video will display a placeholder instead of loading, and will only play once the visitor clicks to accept or consents via the cookie banner.

4. Set Up a Cookie Consent Banner

Under the ePrivacy Directive, your consent banner must meet specific requirements to be valid:

• Consent must be freely given — refusing cookies must be just as easy as accepting them.
• Consent must be informed — visitors must know what they’re consenting to before agreeing.
• Consent must be specific — users should be able to accept or decline different categories of cookies separately.
• Consent must be a clear affirmative action — pre-ticked boxes or “consent by scrolling” are not valid.

WPConsent makes it straightforward to build a banner that satisfies all of these requirements. It offers several pre-designed templates (long banner, floating banner, and modal banner) that you can position at the top or bottom of the page.

Critically, make sure your banner includes:

• A clear Accept button for all non-essential cookies.
• An equally prominent Reject or Decline button. This is a key ePrivacy requirement that many sites get wrong.
• A Manage Preferences option so visitors can consent to some cookie categories but not others.

You can customize the banner’s background color, text color, button styling, and messaging to match your site’s branding.

To learn more, please see our detailed guide on how to create a cookie consent banner in WordPress.

WPConsent also supports multi-language banners, which are especially useful if your site serves visitors from multiple countries. You can use the AI-powered auto translate feature to show the cookie banner and settings in your visitors’ native language.

5. Add a Cookie Policy Page

The ePrivacy Directive requires that you provide users with clear, accessible information about the cookies your site uses before they consent. A dedicated cookie policy page satisfies this requirement.

Your cookie policy should cover:

• What cookies your site uses and their names.
• The purpose of each cookie (strictly necessary, analytics, marketing, etc.).
• Whether the cookies are first-party or third-party.
• How long each cookie lasts (session vs. persistent).
• How users can withdraw their consent at any time.

WPConsent makes this easy. Go to WPConsent » Settings, scroll to the Cookie Policy section, and click Generate Cookie Policy Page. The plugin will automatically create a page listing all cookies detected during the scan, saving you significant time.

You should also make sure your existing Privacy Policy references your use of cookies and links to the cookie policy.

WordPress includes a built-in privacy policy tool under Settings » Privacy that provides a starter template you can customize.

6. Keep Records of User Consent

While record-keeping of consent is more explicitly emphasized under GDPR, it is also considered best practice under the ePrivacy Directive. And in many jurisdictions, regulators expect you to be able to demonstrate that valid consent was collected if challenged.

WPConsent automatically handles this through its consent logging system. You’ll first need to enable it by going to the Settings page.

Once that’s done, go to WPConsent » Consent Logs in your WordPress dashboard to view all consent data collected since activation, including timestamps and the specific choices each visitor made.

You can also export consent records as CSV files for compliance reporting or in response to any regulatory inquiry. This gives you a reliable audit trail showing that non-essential cookies were not placed without prior consent — the core obligation of the ePrivacy Directive.

Common Cookies That Need Consent

Google Analytics is probably the most common one. The _ga and _gid cookies it sets track visitor behavior, and that requires consent under ePrivacy. The same goes for Facebook Pixel with its _fbp cookie, Google Ads tracking, and any other analytics or advertising tools.

Third-party embeds often set cookies too. If you’ve embedded a YouTube, Dailymotion, or Vimeo video on your site, they may track that visitor.

Same with social media buttons, chat widgets, and embedded maps. These generally require consent because they’re from third parties, and they’re not strictly necessary for your site to function.

The cookies that don’t need consent are the ones truly essential for your site to work. Shopping cart cookies in WooCommerce, login session cookies, security cookies, and first-party cookies that remember user preferences like language settings. These are considered strictly necessary and can be set without consent.

The ePrivacy Regulation: What’s Coming

The EU has been working on an ePrivacy Regulation to replace the Directive. If it passes, it would be directly applicable across all EU countries like GDPR, with stricter requirements and GDPR-level penalties. It’s been delayed for years and may continue to be, but the direction is toward stricter enforcement, not looser.

What this means practically is that if you’re compliant now with proper opt-in consent, you’re in good shape. If you’re cutting corners, future regulations will likely catch up with you.

FAQs about the ePrivacy Directive

Here are some common questions about the ePrivacy Directive.

1. Is ePrivacy the same as GDPR?

No, they’re different laws. GDPR covers all personal data processing. ePrivacy specifically covers electronic communications, including cookies. Both apply to cookies, but from different angles. Complying with one doesn’t automatically mean you’re compliant with the other.

2. Do I need consent for all cookies?

No. Strictly necessary cookies that are essential for your website to function don’t require consent. Analytics and marketing cookies do require consent.

3. What happens if I don’t comply?

You risk fines from the data protection authority in whichever EU country takes action. Violations of ePrivacy often also count as GDPR violations, which can bring penalties up to €20 million or 4% of global revenue.

4. Does ePrivacy apply if I’m not in the EU?

ePrivacy applies if you’re targeting EU visitors or you’re established in the EU. If your site has visitors from Europe, you should comply regardless of where you’re located.

5. What’s the difference between ePrivacy Directive and ePrivacy Regulation?

The Directive is the current law, implemented through national legislation in each EU country. The Regulation is a proposed replacement that would apply directly across all EU countries with stricter requirements. The Regulation has been delayed, but is still expected eventually.

I hope this article helped you learn about the ePrivacy Directive and what WordPress site owners need to know. You may also want to see our guides on WordPress and CCPA compliance, and LGPD compliance for WordPress sites.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post ePrivacy Directive: What WordPress Site Owners Need to Know first appeared on WPConsent.

Google Ads scripts are designed to start tracking and collecting data immediately to help optimize your campaigns. However, under strict regulations like the GDPR, CCPA, ePrivacy Directive, and more, loading these tracking scripts before a visitor explicitly opts in is a compliance violation that can lead to significant fines.

The good news is that blocking these scripts does not mean losing your valuable advertising data. By utilizing Google Consent Mode, you can strictly comply with privacy laws while still preserving your conversion measurement. You just need a tool to ensure the scripts wait for permission.

In this tutorial, I will show you how to block Google Ads scripts until consent using WPConsent. You can simply click the links below to navigate through this guide.

What Google Ads Scripts Are and Why They Need Consent

Before jumping into the tutorial, it helps to understand exactly what you’re dealing with. When you install Google Ads tracking on your WordPress site, several scripts run in the background and set cookies on your visitors’ browsers.

These are not just harmless bits of data. Under GDPR and other privacy laws, they are classified as non-essential cookies that require explicit opt-in consent before they can load.

Here is a breakdown of the most common Google Ads cookies you will find on your site:

Every one of these cookies gets set the moment your Google Ads scripts execute, which under a default WordPress setup happens as soon as the page loads. That means every visitor, whether they are from Berlin, London, or Los Angeles, gets tracked before they have any say in the matter.

The legal landscape makes this a serious problem. Under the GDPR, you must block Google Ads cookies before they load or face fines of up to EUR 20 million or 4% of your global annual revenue.

The Digital Markets Act designates Google as a gatekeeper, requiring Consent Mode v2 for all EEA advertisers. California’s CCPA and CPRA also have requirements around tracking and data sharing. And the ePrivacy Directive reinforces cookie consent requirements across EU member states.

The good news is that you can stop Google Ads tracking before consent is given without losing your advertising data entirely. That said, let’s look at the steps for setting up Google Ads script blocking.

Blocking Google Ads Scripts Before Consent

The easiest way to set up Google Ads consent in WordPress is by using WPConsent.

It is the best cookie consent plugin for WordPress that helps you manage cookies without editing code or requiring technical knowledge.

WPConsent offers powerful features that allow you to automatically scan Google Ads cookies and block them. You also get prebuilt cookie banner templates, geolocation rules for popular privacy laws (CCPA, GDPR, LGPD), AI-powered auto translations, custom script and iframe blocking, and much more.

Besides that, here’s why I recommend WPConsent for Google Ads compliance:

• Automatic script blocking with a maintained database of known tracking scripts
• Built-in Google Consent Mode v2 support (one-toggle setup)
• IAB TCF verified and recognized by Google and major ad networks
• 100% self-hosted, so your consent data stays on your server
• Built by the WPBeginner team, trusted by millions of WordPress users

What You Will Need Before Getting Started

Before I dive in, let’s make sure you have everything in place. This tutorial assumes you already have Google Ads tracking installed on your WordPress site, whether through the Google tag (gtag.js), Google Tag Manager, or a plugin like MonsterInsights.

Here is what you need:

• A self-hosted WordPress website (WordPress.org, not WordPress.com)
• Google Ads conversion tracking or remarketing tags are already installed on your site
• Admin access to your WordPress dashboard
• The WPConsent plugin (I will walk you through installing it in Step 1)

Let’s get started!

Step 1: Install and Activate WPConsent

The first thing you will want to do is head over to the WPConsent website and choose a plan that fits your needs.

Once you have signed up and completed your purchase, log in to your WPConsent account and download the plugin ZIP file from your account downloads page.

Next, you will need to upload the plugin files to your WordPress site and install WPConsent.

Simply log into your WordPress admin dashboard and navigate to Plugins » Add Plugin. At the top of the page, you will see an Upload Plugin button. Go ahead and click it, then upload the WPConsent ZIP file you just downloaded.

If you need help with this, then please see this guide on how to install a WordPress plugin.

After activation, you will notice WPConsent appear in your admin sidebar menu. The plugin may also launch a quick setup wizard to help you get started.

For the purposes of this tutorial, I am going to walk through each setting manually, so you understand exactly what each option does and why it matters for your Google Ads cookie consent on WordPress.

Step 2: Run the Cookie Scanner

WPConsent comes with a powerful built-in cookie scanner that crawls your site and identifies every cookie and tracking script running on your pages. This is incredibly useful because most site owners have no idea just how many cookies their site sets, especially from third-party services like Google Ads.

To run the scanner, navigate to WPConsent » Scanner in your WordPress admin sidebar. You will land on the Website Scanner page with a Scan Your Website button. Go ahead and click it.

The scanner will take a moment to crawl your site. Once it finishes, you will see a detailed list of every cookie detected, organized by category.

Simply scroll down to the Detailed Report section and look for Google Ads under the Marketing category.

Next, you can click the Automatically Configure Cookies button. Make sure that the ‘Prevent known scripts from adding cookies before consent is given’ checkbox is selected.

This scan gives you a clear picture of the problem. Every one of those marketing cookies has been loading for all your visitors, regardless of whether they consented. Now it is time to fix that.

Step 3: Enable Automatic Script Blocking for Google Ads

With the scan complete, you know exactly which Google Ads scripts and cookies are on your site. Now let’s make sure they do not load until your visitors give their explicit consent.

You can navigate to WPConsent » Settings in your admin sidebar. You will land on the main Settings tab, where you will find a toggle labeled Script Blocking. Go ahead and turn this toggle ON.

What this does behind the scenes is powerful and elegant. WPConsent maintains a comprehensive database of known tracking scripts from services like Google Ads, Google Analytics, Facebook Pixel, Microsoft Clarity, and many others.

When you enable script blocking, WPConsent automatically detects these scripts on your pages and prevents them from executing until the visitor has consented to the appropriate cookie category.

This is what makes WPConsent such an effective Google Ads script blocking plugin: it handles detection and categorization for you, so you do not need to manually identify and configure each script.

The beauty of WPConsent’s automatic script blocking is that you do not need to manually identify and configure each script. If you have any custom scripts or iframes that are not automatically detected, you can add those manually, but for Google Ads, the automatic approach covers everything, including the remarketing tag.

An important thing to note is that with script blocking enabled, your Google Ads cookies will no longer load until consent is granted. As a result, Google will have less data to work with. In order to preserve your advertising data, you’ll need to enable the Google Consent Mode (GCM).

Let’s look at how you can do that in the next step.

Step 4: Enable Google Consent Mode

When Google Consent Mode is enabled, Google scripts are allowed to load but operate in restricted mode (no cookies, cookieless pings only). This helps safeguard your advertising data.

To enable this option, you can head to the WPConsent » Settings page, look for the Google Consent Mode toggle and turn it ON.

You might be wondering why you need this when you have already blocked the scripts.

Google Consent Mode is a framework that tells Google’s tags exactly how to behave based on your visitors’ consent choices. Without it, blocking Google Ads scripts means Google gets absolutely zero data from visitors who have not consented. With Consent Mode enabled, Google’s tags can adjust intelligently.

Here is how it works. Google Consent Mode v2 uses four key parameters to control data collection:

• ad_storage — Controls whether Google Ads cookies can be set
• ad_user_data — Controls whether user data can be sent to Google for advertising purposes
• ad_personalization — Controls whether data can be used for remarketing and ad personalization
• analytics_storage — Controls whether Google Analytics cookies can be set

When a visitor has not yet consented (or actively rejects cookies), all of these parameters default to “denied.” When they accept marketing cookies, the parameters flip to “granted,” and everything works as normal.

WPConsent communicates these consent signals to Google’s tags automatically, which means you do not need to write any custom gtag() calls or modify your tracking code. This is what makes WPConsent Google Ads consent mode setup so straightforward.

Many WordPress consent plugins require you to configure Consent Mode manually through Google Tag Manager or custom code. WPConsent handles it with a single toggle.

Google made Consent Mode v2 mandatory for advertisers targeting users in the European Economic Area, and WPConsent gives you full support with a single toggle.

Step 5: Configure Your Cookie Banner

Now that the technical backbone is in place, it is time to set up the banner that your visitors will actually see and interact with. Navigate to WPConsent » Banner Design in your admin sidebar.

This is where you can customize the appearance, style, and text of your cookie consent banner. WPConsent gives you full control over colors, positioning, and messaging so the banner fits naturally with your site’s design.

The most important thing from a compliance standpoint is that your banner includes three clear options: Accept All, Reject, and Preferences.

You can follow our complete guide on how to easily add a cookie consent banner to your WordPress website.

I also want to point out that WPConsent is one of the few WordPress consent plugins that has earned official IAB TCF verification, which means Google and other ad networks automatically recognize and trust your consent signals. This is particularly important for making your Google Ads WordPress setup GDPR compliant.

Take a few minutes to style the banner so it matches your site’s look and feel, then save your changes. With the banner configured, we are ready to test the whole setup.

Step 6: Test Your Setup

With everything configured, let’s make sure it all works together properly. Save all your changes in WPConsent, then open your site in an incognito or private browsing window.

You can use incognito mode because it starts with a clean slate, no cached cookies or previous consent choices that might interfere with testing.

When the page loads, you should see your cookie consent banner appear. Before you interact with it, take a moment to appreciate what is happening behind the scenes. Your Google Ads scripts are being held back. No marketing cookies are being set. Your site is compliant right out of the gate.

Now try clicking Accept All and refreshing the page. At this point, Google Ads scripts should load normally, and the associated marketing cookies should appear.

Verify Google Ads Scripts Are Actually Blocked

Trusting that everything is working is not enough. I recommend verifying your setup with your own eyes. Here are three methods you can use to confirm that Google Ads scripts are properly blocked until consent.

Method 1: Browser Developer Tools

This is the most direct and reliable verification method. Open your site in Chrome using an incognito window and press F12 (or right-click and choose Inspect) to open Developer Tools.

From here, you can click on the Application tab at the top of DevTools, then expand the Cookies section in the left sidebar and click on your site’s domain.

Before you interact with the consent banner, look through the list of cookies. You should not see _gcl_au, _gcl_aw, _gcl_dc, IDE, or any other Google Ads cookies listed here. If the list is clean, your script blocking is working.

You can also check the Network tab for extra verification. Filter the network requests by typing “googleads” or “gtag” in the filter box. Before consent, you should see no requests going out to Google’s advertising domains.

Now, go ahead and accept cookies through your consent banner. Once you refresh the page, check the Application tab again. This time, you should see the Google Ads cookies appearing, confirming that the scripts loaded properly after consent was given.

This before-and-after check is the gold standard for verification. I recommend running through it every time you update your tracking setup or make changes to your consent configuration.

Method 2: WPConsent Consent Logs

For ongoing monitoring, WPConsent keeps detailed records of every consent interaction.

Note: Consent Logs are disabled by default. If you do not see any consent entries, go to WPConsent » Settings and scroll down to find the Consent Logs toggle.

Go ahead and click on it to turn it ON and click Save Changes. New consent events will be recorded going forward.

To view them, simply navigate to WPConsent » Consent Logs in your WordPress admin to see a log of all visitor consent events.

Each entry shows when consent was given or denied, and which categories the visitor accepted. This is not just useful for verification. It is also your proof of compliance if a regulator ever comes knocking. Under GDPR, you are required to maintain records of consent, and WPConsent handles this automatically.

You can filter the logs by date range. If you notice that very few visitors are accepting marketing cookies, that is normal. Consent rates for marketing cookies typically range from 40-70%, depending on your audience and banner design. The important thing is that you are giving visitors the choice and recording their decisions.

How Google Consent Mode Preserves Your Ad Data

One of the biggest concerns you’ll hear from advertisers is that blocking scripts will destroy their conversion data.

When you enable Google Consent Mode through WPConsent, you are not just blocking scripts. You are setting up an intelligent system that preserves as much data as possible while staying compliant. There are two modes to understand.

1. Advanced Consent Mode

This is the default when you enable Consent Mode in WPConsent. In this mode, when a visitor denies consent, Google’s tags still send limited, cookieless pings to Google’s servers.

These pings do not contain personal data or set any cookies, but they do tell Google that a page view or interaction occurred. Google then uses machine learning, which they call conversion modeling, to estimate the conversions that likely happened among users who did not consent. This gives you a much more complete picture of your campaign performance.

2. Basic Consent Mode

This is stricter. In this mode, no data at all is sent when consent is denied. This is the safest approach from a compliance standpoint, but it means Google has less data to work with for modeling.

For most advertisers, Advanced mode strikes the right balance between compliance and data preservation. I have found that sites using Advanced Consent Mode typically see only a 5 to 15 percent reduction in reported conversions compared to unblocked tracking, because Google’s modeling fills in the gaps. That is a small price to pay for legal compliance and user trust.

The key takeaway is this: WPConsent handles the consent signal communication automatically. You do not need to write any custom code or configure complex tag settings. The plugin sends the right signals to Google’s tags based on each visitor’s consent choices, and Google’s systems take it from there.

You do not have to choose between compliance and conversion data. WPConsent gives you both with a single plugin — automatic script blocking, Google Consent Mode v2, and full consent logs for audits.

Troubleshooting Common Google Ads Consent Issues

Even with a straightforward setup, you might run into a hiccup or two. Here are the most common issues I see and how to fix them.

1. Google Ads Cookies Still Appearing Before Consent

If you are still seeing _gcl_au or other Google Ads cookies in DevTools before consenting, start by clearing your browser cache completely and testing in a fresh incognito window. Old cookies can persist and give you a false reading.

If the issue persists, check whether another plugin or your theme is loading Google Ads scripts independently of WPConsent. Some plugins inject tracking scripts directly into the page header, bypassing consent management entirely.

Head to WPConsent settings and make sure the Script Blocking toggle is ON, then run the scanner again to confirm WPConsent has detected all the relevant scripts.

2. Google Ads Conversions Dropped to Zero

If your conversion count falls off a cliff after enabling script blocking, the first thing to check is whether you also enabled Google Consent Mode. Script blocking alone without Consent Mode will cause this exact problem, because Google receives no data at all from visitors who have not consented.

Just confirm that scripts are firing correctly after a visitor accepts cookies. Use the DevTools verification method as described above. Give it 24 to 48 hours after enabling Consent Mode for Google’s conversion modeling to start filling in the gaps.

3. Scripts Blocked That Should Not Be

If WPConsent is blocking scripts that you need to load regardless of consent (like essential functionality scripts), navigate to WPConsent » Settings » Cookies tab. Here you can review the list of detected services and adjust their categorization.

Essential cookies and scripts are never blocked by WPConsent, but sometimes a script gets miscategorized. You can reclassify it or whitelist specific scripts as needed.

If you are still running into issues, WPConsent’s support team is available to help. Pro and Elite plan holders get priority support for faster resolution.

FAQs About Google Ads Consent

1. Does blocking Google Ads scripts until consent affect my ad campaigns?

When you use WPConsent with Google Consent Mode enabled, Google can still model conversions from visitors who denied consent. Most advertisers see minimal impact on their reported conversion data. The scripts fire normally for visitors who accept marketing cookies, so your remarketing audiences and conversion tracking continue to work for consenting users.

2. Is blocking Google Ads scripts required by GDPR?

Yes. Under the GDPR, you must block Google Ads cookies before they load because cookies like _gcl_au and _gcl_aw are classified as non-essential marketing cookies. They require explicit opt-in consent before they can be set on a visitor’s browser.

3. What is Google Consent Mode v2 and how does WPConsent support it?

Google Consent Mode v2 is a framework that lets Google tags adjust their behavior based on a visitor’s consent status. It uses parameters like ad_storage, ad_user_data, ad_personalization, and analytics_storage to control what data is collected and when. WPConsent has built-in Google Consent Mode v2 support that automatically communicates your visitors’ consent choices to Google tags.

4. Does WPConsent block Google Ads scripts automatically or do I need to configure each one manually?

WPConsent’s automatic script blocking detects and blocks Google Ads scripts, including gtag.js, the conversion linker, and remarketing tags, without any manual configuration.

5. Will blocking Google Ads scripts slow down my WordPress site?

Quite the opposite, actually. For visitors who have not consented, your site will load faster because fewer third-party scripts are executing on the initial page view. Unlike cloud-based consent platforms, WPConsent is 100% self-hosted, so there are no external API calls slowing down your site, and you maintain full ownership of your consent data.

6. Do I need to block Google Ads scripts for visitors from the United States?

While the GDPR primarily applies to visitors in the EU and EEA, California’s CCPA and CPRA also have requirements around tracking and data sharing that may affect your Google Ads setup. WPConsent offers geolocation-based consent, which means you can show consent banners only to visitors in regions where privacy laws require it.

7. What happens if a visitor changes their mind after accepting or rejecting cookies?

WPConsent includes a preferences panel that visitors can access at any time to update their consent choices. If someone initially accepted marketing cookies but later decides to revoke that consent, Google Ads scripts will be blocked again on their next page load, and the relevant cookies will be cleared from their browser.

Blocking Google Ads scripts until consent is no longer optional if you are advertising to visitors in the EU, UK, or even California. The good news is that with WPConsent, the entire process takes just a few minutes and does not require any technical expertise.

I hope this article helped you learn how to block Google Ads script until consent in WordPress. You may also want to see our guides on how to stop reCAPTCHA before consent on your WordPress website and how to block Google Maps widget before consent in WordPress.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post How to Block Google Ads Scripts Until Consent in WordPress first appeared on WPConsent.

While WPConsent’s scanner can easily detect that you are using GTM, it often hits a wall and cannot see the specific scripts loaded in the container. This means a lot of manual steps for configuring cookies.

But that’s about to change today!

I am thrilled to introduce a powerful improvement to the WPConsent scanner that solves this issue once and for all. You’ll now be able to scan and see inside the GTM container for scripts.

Let’s look at the details.

Automatically Scan GTM Container for Scripts

WPConsent’s scanner makes it very easy to uncover any script or service that might be adding cookies to your site and configure them for compliance.

But we wanted the scanner to be more powerful and frictionless than ever before. We didn’t want just a “workaround”; we wanted a true solution.

So starting today, our scanner will automatically analyze your Google Tag Manager container to detect the scripts living inside it.

Instead of just telling you that you use GTM, WPConsent will now identify the specific services you are running and suggest them for auto-configuration.

You can simply head to the Scanner page in WPConsent from your WordPress dashboard and scan your site for scripts and cookies.

After the scan is complete, you can scroll down to the Detailed Report section.

Here, you can see Google Tag Manager in the list.

How Does it All Work?

Behind the scenes, here’s what’s happening and how the enhanced scanner works:

• Intelligent ID Detection: First, our scanner detects the GTM container on your page and instantly identifies the specific Container ID.
• Zero-Setup Parsing: We automatically load and parse the container details using the public URL generated by your website. This is crucial because it means no setup is required on your end, no API keys, no login credentials, just instant analysis.
• Library Matching: We don’t just dump a list of raw code. We analyze the tags and match them against our extensive library of known scripts to tell you exactly which Google services (or custom tags) are present.
• Noise Filtering: Our system is smart enough to recognize the status of your tags. If you have paused a tag in GTM, we ignore it, ensuring your report only reflects what is actually active on your site.

What Does This Mean for You?

This means less manual guesswork and a much faster compliance setup.

You get a crystal-clear view of every service that sets cookies on your site, even those managed dynamically through GTM.

Here is the best part: This feature is available right now.

Because this is an enhancement to our scanning feature, you do not need to update the plugin. This improvement is fully backwards compatible and works immediately with your current version of WPConsent.

If you are a Premium WPConsent user, simply run a new scan from your dashboard and easily configure scripts inside your Google Tag Manager container.

So go ahead and give it a try and let us know what you think! Get started with WPConsent premium plans today to automatically detect and configure every service running inside your tag manager.

As always, thank you for helping us make WPConsent better with your feedback. If you have any questions, feel free to reach out!

The post Introducing Improved WPConsent Scanner: Automatically Scan GTM Container for Scripts first appeared on WPConsent.

However, under California’s Consumer Privacy Act (CCPA), sharing user data with these third-party services often counts as selling personal information.

If your WordPress site receives traffic from California and uses any form of tracking or advertising, you likely need a “Do Not Sell or Share My Personal Information” page. This page is a legal requirement that gives your visitors a clear way to opt out of having their data shared with third parties.

In this guide, I will walk you through how to create a CCPA-compliant “Do Not Sell” page using WPConsent. Here’s a quick overview of everything covered in this guide. Go ahead and click the links to move to your preferred section:

Disclaimer: This article provides general information about CCPA compliance and is not legal advice. For specific legal guidance, we recommend consulting with a privacy attorney.

What Is a Do Not Sell Page (And Why Does CCPA Require One)?

Most WordPress site owners think “selling data” means handing over a database in exchange for a check. That’s not how California law sees it.

Under the CCPA and its updated version, the California Privacy Rights Act (CPRA), “selling” personal information includes disclosing, sharing, or transferring user data to a third party for monetary or other valuable consideration.

That’s a much broader definition than most people expect, and it catches a lot of common WordPress setups. For example, if you run Google Analytics on your site, you’re sending visitor behavior data to Google. If you’ve installed the Facebook Pixel, you’re sharing browsing activity with Meta so they can target ads.

Since January 2023, the CPRA expanded the requirement even further. The law now covers “sharing” data for cross-context behavioral advertising, even if no money changes hands. So the official language is now “Do Not Sell or Share My Personal Information.”

So, who actually needs a CCPA Do Not Sell page?

Under the CCPA, you must comply if your business meets any one of these thresholds. Your annual gross revenue exceeds $25 million, buying, selling, or sharing personal information of 100,000 or more California consumers or households per year, or deriving 50% or more of annual revenue from selling or sharing personal data.

Now, you might be thinking your small blog or online store doesn’t hit those numbers. That might be true. But here’s something worth considering: if your site is publicly accessible (and most WordPress sites are), California residents can visit it. Several other states, including Colorado, Connecticut, and Virginia, have passed similar privacy laws with opt-out requirements.

Setting up a Do Not Sell page now is a smart way to future-proof your site and protect your visitors’ consumer rights.

Plus, the penalties for non-compliance are real. The California Attorney General or the California Privacy Protection Agency can enforce fines of $2,500 per unintentional violation and $7,500 per intentional violation. Those add up fast when each affected consumer counts as a separate violation.

What Must a CCPA Do Not Sell Page Include?

Before you jump into the setup, let’s look at what the CCPA actually requires your Do Not Sell page to have. This way, you’ll know exactly what we’re building toward.

Your CCPA Do Not Sell page must include these elements to be legally compliant:

1. A clear opt-out explanation at the top of the page, telling visitors why they can opt out and what steps to follow
2. A description of the types of personal information your site sells or shares with third parties
3. A web form for submitting opt-out requests (this is mandatory as one method)
4. At least one additional opt-out method beyond the web form, such as an email address, phone number, or mailing address
5. A link to your privacy policy so visitors can review your full data practices
6. Information about authorized agents, explaining that consumers can designate someone to submit a request on their behalf

There are also a few important rules about how the page works. You cannot require visitors to create an account just to opt out. You cannot ask them to verify their identity for opt-out requests (that’s different from data deletion requests, which can require verification).

And starting in 2026, new CCPA regulations require you to display a clear confirmation message when someone submits their opt-out request.

Your Do Not Sell page also needs to be easy to find. The law requires a clear and conspicuous link on your homepage, typically in the footer.

The link should also appear in your privacy policy and on any pages where you collect personal information. The link text should read “Do Not Sell or Share My Personal Information.”

With those requirements in mind, let’s set everything up.

Create a Do Not Sell Page in WordPress

The easiest way to set up a do not sell page is by using WPConsent. I recommend it because it handles the entire workflow: the opt-out form, request management, data storage, and even Global Privacy Control support.

WPConsent is built by the same team behind WPBeginner (the largest free WordPress resource site), trusted by over 100,000 websites, and is IAB TCF verified. The best part about the cookie consent plugin is that everything stays self-hosted on your own WordPress site, which is important for privacy compliance.

Its Do Not Sell addon gives you a dedicated opt-out form with built-in request management, all without touching a line of code. Instead of piecing together multiple plugins, custom forms, and manual processes, the addon gives you:

• A ready-made opt-out form (no coding required)
• Built-in request management dashboard
• CSV export for compliance audit trails
• Global Privacy Control (GPC) support
• Everything is self-hosted on your WordPress site

Now, let’s go through all the steps you need to follow to set up a do not sell page.

Step 1: Install and Set Up WPConsent

You can start by visiting the WPConsent website and signing up for an account. You’ll need the Plus plan or higher to access the Do Not Sell addon.

Once you’re logged in, go to the ‘Downloads’ tab and click the Download WPConsent button to save the plugin ZIP file to your computer.

Next, you will need to upload the plugin files to your site and install them. If you need help with this, then please see this guide on how to install a WordPress plugin.

Once activated, WPConsent will launch its setup wizard. The wizard walks you through a quick cookie scan and basic configuration. Go ahead and complete it, as it sets up your cookie consent banner and script blocking, which work alongside your Do Not Sell page for full privacy compliance.

Step 2: Install the Do Not Sell Addon

With WPConsent active, you’ll notice a “Do Not Sell” item in the WPConsent menu on the left side of your WordPress dashboard. Go ahead and click on it.

You’ll see a screen with an option to install the Do Not Sell addon. Simply click the Install Do Not Sell Addon button, and the addon will download and activate automatically in just a few seconds.

This addon is what creates the opt-out form functionality. It handles form submissions, stores requests in your local database, and gives you a management dashboard for processing them. All data stays on your own server, so nothing is sent to third-party services.

Step 3: Create Your Do Not Sell Page

Now let’s create the actual page. After the addon installs, click on the Configuration tab. You’ll see an option to select an existing page or generate a new one.

I recommend clicking Generate Do Not Sell Page. This creates a new WordPress page with the shortcode [wpconsent_do_not_sell_form] already embedded, giving you a ready-made opt-out page in WordPress. It saves you the step of creating a page manually and adding the shortcode yourself.

If you prefer to use an existing page, you can select it from the dropdown instead. Just make sure to add the shortcode [wpconsent_do_not_sell_form] to the page content, wherever you want the form to appear.

Step 4: Configure the Opt-Out Form Fields

Next, you can stay on in the Configuration tab and scroll down to the form field settings. This is where you choose what information to collect from visitors who submit an opt-out request.

WPConsent requires first name, last name, and email address on every submission. These three fields are always enabled and cannot be disabled, since you’ll need them to identify and process the request.

You’ll also notice a Submit Button Text field where you can customize what the form button says. The default is “Submit Request,” which works well for most sites.

You can also enable additional optional fields like address, ZIP code, city, state, country, and phone number. Whether you need these depends on your business.

If you sell physical products and need a mailing address to match customer records, enable those fields. For most sites, the default name and email fields are sufficient.

For spam protection, WPConsent offers integration through WPForms.

If you have WPForms installed on your site and have reCAPTCHA set up, then you can enable spam protection for the opt-out form to prevent bots from flooding it with fake requests.

Step 5: Add Required Page Content

With the form set up, it’s time to add the legally required content to your Do Not Sell page. Go to Pages in your WordPress dashboard and find the page WPConsent generated (or the existing page you selected).

Open it in the editor. You’ll see the form shortcode already in place. Above it, you need to add several elements to meet CCPA requirements.

Here’s a sample structure you can customize for your site:

Right to Opt-Out Explanation (add at the top of the page):

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to opt out of the sale or sharing of their personal information. We respect your privacy rights and provide this page as a way for you to exercise that right.

Types of Personal Information:

We may share the following categories of personal information with third-party partners for advertising, analytics, and site improvement purposes: identifiers (such as IP address and cookie identifiers), internet activity (such as browsing history and search history), and geolocation data.

Alternative Opt-Out Method:

You may also submit your opt-out request by emailing us at [email protected]. Please include “Do Not Sell Request” in the subject line.

Privacy Policy Link:

For more information about our data practices, please see our Privacy Policy.

Authorized Agent Information:

You may designate an authorized agent to submit a request on your behalf. Authorized agents must provide proof of authorization to act on your behalf.

Feel free to adjust this language to match your specific data practices. The key is that all six required elements are present on the page.

Step 6: Link the Page in Key Locations

Your Do Not Sell page needs to be easy for visitors to find. The CCPA requires a clear and conspicuous link, so let’s add it to the right places.

For instance, you can add it to the footer navigation of your site. This way, users can scroll to the bottom of a page or post and view the form.

You should also add a link to this page in your privacy policy. This way, users who go through the policy have an option to opt out using the form. You add a sentence like: “To opt out of the sale or sharing of your personal information, visit our Do Not Sell or Share My Personal Information page.”

Finally, if you have WPConsent’s cookie consent banner active, you can add a link to the Do Not Sell page within the banner itself. This is especially useful for California visitors who see the banner.

Step 7: Enable Global Privacy Control (GPC) Support

This step is one that most competing guides skip entirely, but it’s increasingly important.

Global Privacy Control (GPC) is a browser-based signal that automatically tells websites the visitor wants to opt out of data sales and sharing. Under the latest CCPA regulations, businesses must honor GPC as a valid opt-out signal.

The great news is that WPConsent supports GPC out of the box, and this feature is available even in the free version.

To enable it, you can head over to WPConsent » Settings from the admin panel and then click the Advanced tab.

Next, you can scroll down to the Advanced Settings section.

Now, look for the Respect Global Privacy Controls toggle and make sure it’s turned on.

When GPC is enabled, WPConsent automatically blocks non-essential cookies (statistics and marketing categories stay blocked), the consent banner is suppressed since the visitor has already communicated their preference, and a toast notification briefly appears confirming their GPC signal is being honored.

This works alongside your Do Not Sell page, not instead of it. GPC handles the automatic, browser-level opt-out. The Do Not Sell page handles manual opt-out requests with a form submission. Together, they cover both scenarios.

For more details, please check out our WPConsent GPC documentation.

Manage Do Not Sell Requests in WordPress

Once your page is live, you’ll start receiving opt-out requests. WPConsent makes managing do not track requests straightforward.

Simply head over to WPConsent, then Do Not Sell in your WordPress dashboard. You’ll see a list of all submitted requests, with each entry showing the request ID, the person’s name, email address, location, submission date, and current status.

To process a request, review the details and take the necessary actions on your end. Then mark the request as processed. You can do this individually or use the bulk action to mark multiple requests at once, which is helpful if you’re processing a batch.

You’ll also want to set up email notifications, so you know right away when someone submits a request. Simply go to the Notifications tab in the Do Not Sell settings.

From here, toggle on email notifications and add the email addresses that should receive alerts when new requests come in. This way, you won’t miss any incoming opt-out requests.

WPConsent also includes an export feature. You can click on the Export tab to access it.

You can set a date range and export all requests as a CSV file. There’s an option to export only unprocessed entries, and another to automatically mark exported entries as processed, which keeps your dashboard clean.

I recommend exporting regularly and keeping the CSV files on record, as they serve as your audit trail if you ever need to prove compliance. This built-in audit trail feature is something you would typically need a separate compliance management tool for.

All request data is stored locally in your WordPress database. Nothing gets sent to external servers, which is exactly what you want from a privacy perspective.

Pro Tip: WordPress also has a built-in personal data erasure tool under Tools » Erase Personal Data. If a consumer requests full data deletion (which is a separate right under CCPA), you can use this alongside WPConsent’s request management.

What to Do After Receiving an Opt-Out Request

Getting the request is just the first step. Here’s the workflow you should follow to stay compliant:

1. Confirm receipt immediately. Send an acknowledgment to the consumer letting them know you’ve received their request. This can be an automated email or a manual response.

2. Process within 15 business days. The CCPA gives you 15 business days to stop selling or sharing the consumer’s personal information. This means disabling any tracking or data sharing associated with that individual.

3. Notify third parties. If you’ve shared the consumer’s data with any third parties (including data brokers) in the past 90 days, you need to notify those parties about the opt-out. This might include your advertising partners, analytics providers, or data brokers.

4. Update your records. Document the opt-out in your compliance records. WPConsent’s export feature makes this easy. Keep a record of when the request was received, when it was processed, and what actions you took.

5. Respect the opt-out for at least 12 months. You cannot ask the consumer to re-authorize data sales for at least 12 months from the date of their request.

One important note: unlike data access or deletion requests, the CCPA specifically says you cannot require identity verification for opt-out requests. If someone fills out the form, you process it. You also can’t require them to create an account.

Do Not Sell Page Compliance Checklist

Before running through this checklist, you may want to audit your WordPress site for cookie compliance to identify all the cookies and scripts your site currently uses.

Here’s a quick checklist you can use to make sure everything is in order:

• Do Not Sell page created with an opt-out web form
• Right to opt-out explanation included at the top of the page
• Types of personal information subject to sale/sharing are described
• At least one alternative opt-out method is listed (email, phone, or mail)
• Link to your privacy policy on the page
• Authorized agent information included
• “Do Not Sell or Share My Personal Information” link in your site footer
• Link added to your privacy policy
• Link placed on any pages that collect personal information
• Global Privacy Control (GPC) enabled in WPConsent
• Confirmation message displayed when opt-out is submitted (2026 requirement)
• Spam protection is enabled on the form
• Email notifications are configured for new requests
• Request management workflow documented
• Third-party notification process established
• Exporting and record-keeping process in place

FAQs about Do Not Sell Pages in WordPress

1. What is a “Do Not Sell My Personal Information” page?

It’s a page required by the California Consumer Privacy Act (CCPA) that gives visitors a way to opt out of having their personal data sold or shared with third parties. The page must include a web form, an alternative opt-out method, and links to your privacy policy.

2. Does my WordPress site need a Do Not Sell page?

You need one if you sell or share personal information of California residents and meet at least one CCPA threshold: $25 million or more in annual revenue, data from 100,000 or more California consumers, or 50% or more of your revenue from selling data. If you use Google Analytics, Facebook Pixel, or ad networks, you may be “selling” data without realizing it.

3. Does “selling” data just mean selling it for money?

No. Under the CCPA and CPRA, “selling” includes sharing data for any valuable consideration, not just cash. Running targeted advertising, sharing browsing data with analytics platforms, or providing user data to ad networks all qualify, even when no money directly changes hands.

4. What is Global Privacy Control (GPC), and do I still need a Do Not Sell page?

GPC is a browser-based signal that automatically communicates a visitor’s opt-out preference to websites. Under CCPA, businesses must honor it as a valid opt-out. However, GPC does not replace the need for a Do Not Sell page because not all browsers support it, and some visitors prefer to submit a manual request.

5. What are the penalties for not having a Do Not Sell page?

The California Attorney General and the California Privacy Protection Agency can enforce fines of $2,500 per unintentional violation and $7,500 per intentional violation. Each affected consumer can count as a separate violation, so fines can add up quickly.

6. How long do I have to process a Do Not Sell request?

You must confirm receipt immediately and complete processing within 15 business days. The opt-out must be respected for at least 12 months before you can ask the consumer to reconsider.

7. Do I need a Do Not Sell page if my business is not in California?

Your business location doesn’t matter. If you serve California residents and meet the CCPA thresholds, you must comply. Since most websites are accessible to anyone in the United States, this effectively applies to many WordPress site owners nationwide.

8. How is a Do Not Sell page different from a cookie consent banner?

A cookie consent banner asks for permission before setting cookies, which is primarily required by the GDPR for European visitors. A Do Not Sell page provides an opt-out mechanism for data sales and sharing, which is required by the CCPA for California visitors. They address different legal requirements, but many sites need both. WPConsent handles both scenarios from a single plugin. If you’re new to this topic, start with our guide on what cookie consent is and why it matters.

Creating your Do Not Sell page is an important step toward complete privacy compliance.

I hope this guide helped you learn how to create a Do Not Sell page for your WordPress site. You may also want to see our guide on how to block cookies on your WordPress website and a comparison between WPConsent vs. Complianz.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post How to Create a Do Not Sell Page in WordPress (CCPA) first appeared on WPConsent.

He had Google Analytics, Facebook Pixel, and a handful of other marketing tools running, and he never thought twice about it. Turns out, that’s a problem if you have customers from Europe or California.

If you’re running a WooCommerce store, you’re probably in the same boat. You’ve got analytics to track what’s working, retargeting pixels to bring shoppers back, and maybe some email marketing tools to recover abandoned carts.

All of these use cookies, and under laws like GDPR and CCPA, you need to ask for permission before dropping them in someone’s browser. The good news? Setting this up isn’t as complicated as it sounds.

In this guide, I’ll walk you through exactly how to add proper cookie consent to your WooCommerce store, step by step. And to help you navigate this guide, you can click the links below to jump ahead to any section:

Why Your WooCommerce Store Needs Cookie Consent

Here’s the thing that most store owners don’t realize: WooCommerce itself uses cookies that are totally fine. Cart cookies, login sessions, and currency preferences are essential for your store to work, and you don’t need permission for them.

But the moment you add Google Analytics to see how people navigate your store? That requires consent. Facebook Pixel to run retargeting ads? Consent. That abandoned cart plugin that tracks shoppers? You guessed it, consent.

The consequences of ignoring this aren’t just theoretical. GDPR fines can reach €20 million or 4% of your annual revenue, whichever is higher.

CCPA violations run $2,500 to $7,500 per incident. And beyond the legal stuff, there’s the trust factor. Shoppers are increasingly aware of privacy, and they notice when a store doesn’t ask permission.

Understanding What Cookies Your Store Uses

Before you set anything up, it helps to know what you’re working with. WooCommerce stores typically use three types of cookies.

1. Essential Cookies

Essential cookies keep your store functioning. When someone adds a product to their cart, WooCommerce stores that in a cookie so the cart doesn’t empty when they browse to another page.

The same applies to keeping customers logged in, remembering their shipping country, and handling the checkout process. These cookies don’t require consent because they’re necessary for basic store operations.

2. Statistics Cookies

Statistics cookies help you understand how visitors interact with your store. Google Analytics cookies like _ga and _gid track visitor behavior and provide insights into traffic patterns, popular products, and user journeys.

Tools like Hotjar and Microsoft Clarity also fall into this category. While these cookies improve your understanding of customer behavior, they require explicit consent under GDPR.

3. Marketing Cookies

Marketing cookies enable advertising and retargeting campaigns. Facebook’s _fbp cookie powers retargeting ads, while Google Ads conversion tracking uses _gcl cookies.

Email marketing platforms and other advertising tools also set marketing cookies to track conversions and build audiences. These require consent under GDPR before they can be activated.

That said, let’s look at a simple way of adding cookie consent for your WooCommerce store.

Setting Up WooCommerce Cookie Consent

When it comes to setting up WooCommerce privacy compliance, the best solution is WPConsent.

It’s the best cookie consent plugin for WooCommerce stores that is super easy to use and trusted by over 100,000 websites.

What makes WPConsent special is that self-hosted, which means your customer consent data stays on your own server rather than being sent to some external service. There are no pageview limits, which matters when you’re running a store that might see traffic spikes during sales.

It includes geolocation features so you can show different consent options to visitors from different regions, automatically displaying GDPR-style opt-in consent for European visitors and CCPA-style options for California shoppers.

And if you’re running Google Ads, WPConsent is IAB TCF certified, which is now required for personalized advertising in Europe. Besides that, you also get AI-powered auto translations to convert your cookie banner text and settings into 70+ languages.

Now, here’s how to set it up.

Step 1: Install and Activate WPConsent

First, you will need to head to the WPConsent website and sign up for an account.

Note: I’ll be using the WPConsent Pro version because it includes the eCommerce automatic setup feature. It will automatically configure cookie information for WooCommerce. Besides that, it also offers advanced features like IAB TCF, geolocation rules, and more. There is also a WPConsent Lite version available for free, which helps configure your site for basic compliance.

Next, you can go to the Downloads tab and then click the ‘Download WPConsent’ button to save the plugin ZIP file to your computer.

Now, you’ll need to upload the ZIP file to your WordPress website and install the plugin. If you need help, then please see this guide on how to install a WordPress plugin.

Once you activate the plugin, you’ll see the setup wizard. Go ahead and click the ‘Let’s Get Started’ button and follow the onscreen instructions.

Step 2: Install the WP Consent API Plugin

After installing WPConsent, I also recommend installing the WP Consent API plugin.

This is a free WordPress plugin that acts as a bridge between Consent Management Platform (CMP) plugins WPConsent and WooCommerce. It standardizes the communication of accepted consent categories between plugins.

WooCommerce uses a script called SourceBuster. It loads if you have the Order Attribution option enabled in the WooCommerce settings, which uses cookies. If you install the WPConsent plugin and the WP-Consent-API, Sourcebuster will be handled better based on consent.

To get started, you can head to Plugins » Add Plugin from your WordPress dashboard. From here, search for the WP Consent API plugin and then click the Install Now button.

Once the plugin is installed, you can activate it. If you need help with this, then please see this guide on how to install a WordPress plugin.

Step 3: Scanning Your Store for Cookies

When you run the setup wizard, it will automatically scan your site and detect WooCommerce cookies. However, you can also run the Scanner by going to WPConsent in your sidebar, then clicking Scanner.

WPConsent will always scan your homepage, but you can add more pages like the checkout page, cart, or shop pages. This way, you ensure no cookies are missed during the scanning process.

From here, you can click the Scan Your Website button and let it work through your site.

The scanner automatically detects WooCommerce cookies on your site. It will also detect common services like Google Analytics, Facebook Pixel, Google Ads, and other essential cookies added by WordPress.

After performing the scan, you can scroll down to the Detailed Report section and view WooCommerce, along with other servicesthat add cookies to your site.

Step 4: Configuring Script Blocking

This is the crucial part that many store owners miss. It’s not enough to just show a cookie banner. You need to actually block those tracking scripts from running until someone consents.

Simply select the ‘Prevent known scripts from adding cookies before consent is given’ checkbox and then click the Automatically Configure Cookies button.

After that, you will see a popup open, confirming to automatically configure cookies.

Go ahead and click the Yes button.

Once this is done, you will see a success message.

Go ahead and click Ok to close the popup message.

Step 5: Create a Cookie Consent Banner

Now the next step is to set up a cookie consent banner for your website using WPConsent. This lets your users know about WooCommerce cookies and allows them to give consent.

To start, simply head to WPConsent » Banner Design from the WordPress dashboard. Here, you can choose from different layouts for your banner. The plugin also lets you choose the position of the banner.

Besides that, WPConsent also lets you edit the style of the banner and the text that appears in it. For more details, please see our guide on how to add a cookie consent banner in WordPress.

After adding a cookie consent banner, you can visit your website and open Preferences.

In the Cookie Preference popup, you should see the WooCommerce cookies.

For instance, if you expand the Essential cookies tab, you will see WooCommerce listed there. You can further expand WooCommerce to uncover the cookies it adds to your site.

Step 6: Create or Update Your Cookie Policy Page

Transparency is key for eCommerce and adding a cookie policy is a great way to get started.

With WPConsent, you can easily create one with a click of a button. Simply go to WPConsent » Settings and scroll to the Cookie Policy section.

From here, click the Generate Cookie Policy Page button, and WPConsent will automatically add the WooCommerce cookies to the list.

You can learn more by following our guide on how to create a cookie policy in WordPress.

Step 7: Setting Up Google Consent Mode

If you’re using Google Analytics to track user behavior on your WooCommerce store or Google Ads to promote your products, you’ll want to enable Google Consent Mode v2.

This is a feature that lets Google still gather some anonymized data even when users decline cookies, so you don’t lose all your analytics when someone clicks reject.

Simply go to the WPConsent Settings page from your WordPress dashboard. Here, you will see the option for Google Consent Mode v2.

I’ve written a detailed guide on setting up Google Consent Mode if you want to understand exactly how this works.

Step 8: Manage WooCommerce Consent Logs

It’s always good practice to keep consent records and ensure your site complies with different privacy laws. Under strict privacy regulations like the GDPR in Europe and the CCPA in California, simply displaying a banner isn’t enough. You are actually required to demonstrate that consent was freely given.

These logs serve as your “digital proof.” If your business is ever audited or questioned about data practices, you can easily export this data to prove that you obtained permission before loading tracking scripts.

It effectively protects your business from potential fines and gives you total peace of mind while you focus on selling your products.

To start, head over to WPConsent » Consent Logs from your WordPress dashboard to keep an eye on how your shoppers are interacting with your banner. This gives you peace of mind knowing you have a record of compliance if you ever need it.

Testing Your WooCommerce Cookie Consent

Before you consider this done, you need to test everything. I’ve seen too many stores where the banner shows up, but the cookies aren’t actually being blocked.

To start, open a private browsing window in Chrome or Firefox. This gives you a clean slate with no existing cookies or consent choices. Next, you can visit your store, and you should see the cookie consent banner appear.

Now, before interacting with the banner, open your browser’s developer tools. In Chrome, you can press F12, then go to the Application tab, then Cookies. Look at what cookies are present.

You should only see essential WooCommerce cookies (woocommerce_cart_hash or wp_woocommerce_session_) at this point.

Next, you can click reject on the cookie banner and browse around your store. Add something to your cart, go through a few pages. Check the cookies again. Still no tracking cookies? Good.

Finally, clear your cookies and try again, this time accepting all cookies. Now you should see the tracking cookies appear in the developer tools.

One more test: go through your checkout process with cookies rejected. Make sure the cart works, the checkout loads properly, and you can complete a purchase. Essential cookies should be working regardless of consent choices.

Handling Specific WooCommerce Integrations

If you’re using WooCommerce with other common integrations, here’s what you need to know.

For payment processors like Stripe and PayPal, the cookies they set are generally considered essential because they’re necessary for processing transactions and preventing fraud. You don’t need consent for these, but you should mention them in your privacy policy.

For YouTube or Vimeo product videos, these embeds set tracking cookies. WPConsent can block these and show a placeholder until the visitor consents. It’s a small inconvenience for users who reject cookies, but it keeps you compliant.

For email marketing tools, whether you’re using Mailchimp, Klaviyo, ConvertKit, or something else, the tracking scripts these services use for monitoring email campaign performance need to be blocked until consent. Some tools also offer server-side tracking as an alternative that doesn’t require cookies.

Keeping Your Store Compliant Long-Term

Setting up cookie consent isn’t a one-time thing. Every time you add a new plugin, marketing tool, or analytics service, you potentially add new cookies that need to be managed.

I recommend running the WPConsent scanner monthly, or anytime you add something new to your store. It only takes a minute and catches new cookies before they become a compliance issue. WPConsent also lets you schedule scanning your site. You can simply enable the Auto Scanning feature in its settings and select whether you’d like it to scan daily, weekly, or monthly.

You should also keep your privacy policy updated. Any time you change what cookies you use or add new third-party services, that should be reflected in your documentation.

FAQs about WooCommerce Cookie Consent

1. Do I need cookie consent if I only sell in the US?

If any of your customers are from California, yes. CCPA requires you to give shoppers the ability to opt out of data collection. And practically speaking, if you’re running a WooCommerce store with any kind of marketing, you’ll have visitors from all over. It’s easier to set up consent properly than to try to filter by location.

2. Will cookie consent hurt my conversion rate?

Some shoppers will decline cookies, which means you’ll track fewer people. But the alternative is potential fines and loss of customer trust. From what we’ve seen, most visitors either accept cookies or don’t care enough to reject them. Your conversion rate on actual purchases shouldn’t be affected since the checkout process works the same either way.

3. What if someone doesn’t make a choice on the banner?

Under GDPR, no choice means no consent. You should only set non-essential cookies after someone actively clicks accept. WPConsent handles this correctly by default.

4. Do WooCommerce cart cookies need consent?

No. Cart cookies, session cookies, and other cookies that are strictly necessary for your store to function don’t require consent. You couldn’t run a store without them, and privacy laws recognize that.

I hope this article helped you learn about WooCommerce cookie consent. You may also want to see our guide on how to stop Google Maps from loading before consent and how to manage cookie consent data in WordPress.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post WooCommerce Cookie Consent: Complete Compliance Guide (2026) first appeared on WPConsent.

Suddenly, they realize that the little piece of tracking code they installed has been dropping cookies on every visitor without asking permission. And under European privacy law, that’s a problem.

The frustrating part is that Facebook Pixel is genuinely useful. It tracks conversions so you know which ads are working, builds audiences for retargeting, and helps Facebook optimize your campaigns. But it also sets marketing cookies, and under GDPR, those require explicit consent before they touch a visitor’s browser.

So what do you do? Block the Pixel and lose your tracking data? Or keep running it and risk fines that can reach €20 million? Fortunately, there’s a middle ground that lets you stay compliant while keeping most of your tracking intact.

In this article, I’ll show you how to set up Facebook pixel consent mode in WordPress. Here’s a quick overview of everything covered in this guide. Simply click the links below to jump to any section:

Why Facebook Pixel Needs Cookie Consent?

Facebook Pixel, which Meta now officially calls Meta Pixel, works by setting cookies on your visitors’ browsers.

These cookies track what pages people visit, what products they look at, whether they complete a purchase, and dozens of other actions. Facebook uses this data to show your ads to people who are more likely to convert and to help you understand what’s working.

The problem is that all of this tracking falls into the “marketing” category under privacy regulations. Under GDPR, you can’t set marketing cookies without getting clear, affirmative consent first. The same principle applies under CCPA for California visitors, though the requirements are slightly different.

If you’re running Pixel without consent, you’re taking on real risk. GDPR fines can be substantial, and Facebook itself has started cracking down on advertisers who don’t properly manage consent.

Beyond the legal issues, there’s also the trust factor. Visitors are increasingly aware of tracking, and they notice when a site doesn’t ask permission.

The Real Concern: Losing Ad Data

Let’s address what you’re probably worried about. If you block Facebook Pixel until someone consents, and a decent chunk of your visitors decline, you’re going to lose tracking data. Your retargeting audiences will shrink. Your conversion numbers won’t match reality. Your ad optimization will suffer.

This is a legitimate concern, and I am not going to pretend otherwise. Some data loss is inevitable when you implement proper consent.

But there are ways to minimize the impact, and the combination of client-side blocking with server-side tracking through Facebook Conversions API can help you maintain most of your tracking effectiveness while staying compliant.

That said, let’s look at how you can set up Facebook pixel consent in WordPress.

Setting Up Facebook Pixel Consent in WordPress

When it comes to configuring Facebook Pixel consent in WordPress, you need a solution that is both powerful enough to handle complex tracking scripts and simple enough to set up without a developer.

That’s why I recommend WPConsent because it automatically detects tracking scripts and makes blocking them straightforward.

WPConsent is the best cookie consent plugin for WordPress that’s trusted by over 100,000 websites. It’s IAB TCF verified, self-hosted, so your consent data stays on your server, and it includes geolocation features so you can show GDPR-style consent to European visitors and CCPA-style options to California shoppers.

Besides that, the plugin automatically scans your site to detect and block third-party scripts, including the Facebook Pixel, Google Analytics, and YouTube, until a user gives consent.

With WPConsent, you also get powerful features like AI-powered auto-translations. You can automatically translate your cookie consent banner and other settings in 70+ languages.

Now, let’s look at how you can set up everything on your site.

Step 1: Install and Activate WPConsent

To start, you will need to head to the WPConsent website and sign up for an account.

Note: I’ll be using the WPConsent Pro version because it includes advanced features like IAB TCF, advanced display rules for cookie banner, auto translations, geolocation rules, and more. There is also a WPConsent Lite version available for free, which helps configure your site for basic compliance.

Once you’re logged in, go to the Downloads tab and click the Download WPConsent button to save the plugin ZIP file to your computer.

Now, you’ll need to upload the ZIP file to your WordPress website and install the plugin. If you need help, then please see this guide on how to install a WordPress plugin.

Upon activation, you’ll see a setup wizard that walks you through the initial configuration. Go ahead and click the ‘Let’s Get Started’ button and follow the onscreen instructions.

For most sites with Facebook ads, you’ll want to select both EU and US regions since you likely have visitors from both. Choose a banner style that fits your site’s design, pick your colors, and move through the steps.

Step 2: Running the Cookie Scanner

Once you go through the setup wizard, WPConsent will automatically scan and detect the Facebook Pixel on your site.

However, you can also run the scanner by going to WPConsent » Scanner from your WordPress dashboard. From here, go ahead and click the ‘Scan Your Website’ button.

WPConsent will always scan your homepage, but you can also add other pages to the scanning process. This is helpful in uncovering any third-party scripts that might be adding cookies but may not be picked up during the scan.

The scanner will now automatically detect common tracking scripts, including Facebook Pixel. When it finishes, you can scroll down to the Detailed Report section to see a list of what it found.

Facebook Pixel should appear in the results, categorized as Marketing. If, for some reason, it doesn’t show up, it might be because your Pixel is loaded through a tag manager or a plugin that might be hiding the script. In that case, you can add it manually in the Script Blocking section.

Step 3: Configuring Script Blocking

Now, let’s make sure the Pixel is properly configured for blocking, so it only runs when a user gives consent.

To do that, make sure that the ‘Prevent known scripts from adding cookies before consent is given’ checkbox is selected. After that, simply click the Automatically Configure Cookies button.

Next, a popup will open, confirming to automatically configure cookies.

Go ahead and click the Yes button.

Once this is done, you will see a success message.

Simply click Ok to close the popup message.

What happens behind the scenes is that WPConsent prevents the Pixel code from running until someone clicks accept on your cookie banner.

If they decline or just ignore the banner, the Pixel never fires. If they accept marketing cookies, the Pixel loads normally and starts tracking.

Step 4: Customize Your Consent Banner

After configuring the cookies on your site, you also need to allow users to accept or reject them by placing a cookie consent banner.

With WPConsent, that’s super easy because it offers pre-built templates and lots of customization options for setting up a cookie banner. For instance, you get to select a layout, choose its position, edit the style, and change the text that appears in the banner.

To learn more, please see our guide on how to add a cookie consent banner in WordPress.

Besides that, WPConsent also offers geolocation rules that let you setup location based cookie consent in WordPress. This way, you can set up custom rules or select pre-built templates for major privacy laws, and display the banner to users from specific regions.

Step 5: Manage and Review Consent Logs

Just like with your store data, keeping proof of consent for advertising is vital.

Advertising platforms like Meta are under increasing pressure to ensure data is collected legally. If you are using features like Conversions API or advanced matching, having a solid log of consents ensures you aren’t feeding non-consented data into your ad account.

This protects your business from regulatory fines and helps keep your ad account in good standing, ensuring you only target users who are actually willing to be tracked.

To view your consent logs, simply go to WPConsent » Consent Logs. Here you can view the full history of user choices with timestamps and anonymized IPs.

Step 6: Testing Your Implementation

This step is important because you need to verify that blocking is actually working.

To start, you can open an incognito or private browser window so you start with a clean slate. Now, visit your site, and you should see the cookie consent banner.

Before you interact with the banner at all, open your browser’s developer tools. In Chrome, press F12, go to the Network tab, and search for “Facebook”. You shouldn’t see any Facebook requests at this point. If you do, something isn’t configured correctly.

Finally, clear your cookies (or open a fresh incognito window), visit your site again, and this time accept marketing cookies.

Now, check the Network tab again, and you should see Facebook Pixel requests appearing.

Set Up Facebook Conversions API

You might be wondering, what impact will consent have on your tracking data?

When you implement proper consent, some things will change. Your retargeting audiences will be smaller because only consenting visitors get tracked. Your reported conversions may be lower because non-consenting purchases won’t be attributed. Your ad optimization might be slightly less effective because Facebook has less data to work with.

Here’s where you can recover some of the tracking data that you’d otherwise lose. Facebook Conversions API sends event data from your server rather than from the visitor’s browser.

The advantage is that you can track conversions even when visitors decline cookies or use ad blockers. The data goes directly from your server to Facebook, bypassing the browser entirely. Combined with client-side Pixel for visitors who consent, you get much better overall tracking coverage.

If you want to learn more about how to generate and add the conversion API, then please see this guide on how to add Facebook Pixel to a WordPress site.

Limited Data Use for California Visitors

If you have visitors from California, you need to handle CCPA compliance as well. Facebook provides a feature called Limited Data Use that restricts how they process data from California users.

To enable it, you add a line of code before your Pixel base code that tells Facebook to limit data processing.

If you’re using WPConsent with geolocation, you can configure this to apply automatically to visitors detected as being from California. This gives you CCPA compliance without manually managing regional differences.

Common Issues and How to Fix Them

I’ve seen a few problems come up repeatedly when people set up Facebook Pixel consent.

One of the most common issues is Facebook Pixel firing before consent when configured through Google Tag Manager (GTM). You need to set up the Facebook Pixel differently so it follows the user consent on your WordPress site.

This is where WPConsent can help you out. For instance, when a user saves their preferences using the WPConsent banner, the plugin pushes a custom event to the GTM Data Layer.

You can use this event, along with the consent choices for both broad categories (like marketing) and specific services (like Facebook Pixel), to create precise firing rules for your tags, ensuring you remain compliant with privacy regulations like GDPR.

The process involves three main steps:

• Configuring Your Tags to use the new trigger and variables as firing conditions.
• Creating a Custom Event Trigger to listen for the consent event.
• Creating Data Layer Variables to read the user’s specific choices.

You can follow all the steps in this guide on how to trigger Google Tag Manager tags based on user consent.

What to Expect with Your Facebook Ads

Let’s be realistic about the impact. When you implement proper consent, some things will change.

Your retargeting audiences will be smaller because only consenting visitors get tracked. Your reported conversions may be lower because non-consenting purchases won’t be attributed. Your ad optimization might be slightly less effective because Facebook has less data to work with.

Facebook compensates for some of this through modeled conversions, where they estimate missing data based on patterns. They also offer Aggregated Event Measurement for privacy-preserving measurement. And if you implement Conversions API, you’ll recover a significant portion of the tracking you’d otherwise lose.

The practical advice I give to advertisers is to focus on first-party data. Build your email list, use customer lists for audiences, and don’t rely solely on Pixel-based tracking. Consent-based advertising is the direction everything is moving, and adapting now puts you ahead.

FAQs about Facebook Pixel Consent

1. Does Facebook Pixel require cookie consent?

Yes. Facebook Pixel sets tracking cookies for advertising purposes, which requires consent under GDPR and similar laws. You need to block the Pixel from running until visitors consent to marketing cookies.

2. What happens to my Facebook ads if users don’t consent?

Users who decline won’t be tracked by Pixel, so your retargeting audiences will be smaller and some conversions won’t be reported. Facebook uses modeling to estimate missing conversions, and implementing the Conversions API helps recover server-side tracking.

3. Can I use Facebook Pixel without cookies?

The Pixel itself relies on cookies. However, Facebook Conversions API sends event data server-side without using browser cookies. Combining both gives you the best coverage while respecting consent.

4. Is Facebook Conversions API GDPR compliant?

Conversions API can be configured to respect consent, but it does send user data to Facebook, so you need a legal basis for that transfer. The safest approach is to honor user preferences about marketing data even when using server-side tracking.

5. Will blocking Facebook Pixel hurt my ad performance?

Some impact is expected since you’ll have less tracking data. However, the combination of Pixel for consenting users plus Conversions API for server-side events maintains most of your tracking effectiveness. Many advertisers see only a modest decrease after proper implementation.

I hope this article helped you learn how to set up Facebook Pixel consent mode in WordPress. You may also want to see our guide on how to implement IAB TCF in WordPress and how to set up Google Consent V2 Mode in WordPress.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post How to Set Up Facebook Pixel Consent Mode in WordPress (2026) first appeared on WPConsent.

But with dozens of cookie consent plugins available, how do you choose the right one?

I tested and researched the most popular options, analyzing real user reviews from WordPress.org and Trustpilot to help you make an informed decision. After comparing all the options, I recommend WPConsent as the best cookie consent plugin.

In this article, I’ll compare the best WordPress cookie consent plugins and help you select the best option for your business.

Quick Pick – Best Cookie Consent Plugins

Plugin	Best For	Rating	Active Installs	Price
WPConsent	Best Overall	4.8/5	100,000+	Free / $49.50/yr
CookieYes	Multilingual Sites	4.8/5	1,500,000+	Free / $10/mo
Complianz	Multi-Region Compliance	4.8/5	1,000,000+	Free / $59/yr
Cookie Notice	Simple Setup	4.8/5	1,000,000+	Free / Paid
GDPR Cookie Compliance	Local Data Storage	4.6/5	300,000+	Free / Paid
Real Cookie Banner	German Market	4.9/5	100,000+	Free / Paid

What We Looked For in a Cookie Plugin

To find the best solution, I evaluated each cookie consent plugin based on these criteria:

• Compliance Coverage: Does it support GDPR, CCPA, and other major privacy laws?
• Ease of Setup: How quickly can you get a working cookie banner?
• Customization: Can you match the banner to your site’s design?
• Performance: Does it slow down your website?
• Pricing Transparency: Are there hidden costs or pageview limits?
• User Reviews: What do real users say about their experience?

That said, let’s dive into the details and take a closer look at the best cookie plugin for WordPress.

1. WPConsent – Best Overall Cookie Consent Plugin

WPConsent is an all-in-one privacy compliance and cookie consent management plugin for WordPress. It helps you comply with GDPR, CCPA, LGPD, and other privacy laws, so you can focus on running your business.

Built by the team behind WPBeginner, it keeps your consent data on your own server instead of sending it to external services.

What I really liked about WPConsent is how easy it is to use. It removes the complexity of scanning your site for cookies and configuring them manually. The plugin automatically blocks scripts for Google Analytics, Facebook pixel, WooCommerce, Comments, and more.

Another feature that sets WPConsent apart from the rest is its customizable cookie consent banners.

You can choose from prebuilt layouts, choose its position, edit the look and feel, and change the message shown in the banner.

Besides that, WPConsent offers geolocation rules for your cookie banner, with built-in templates for major privacy laws like GDPR, CCPA, and LGPD.

You can also create custom rules for different regions, select whether to set up an opt-in or opt-out, edit the text in the cookie banner, and more.

Another factor that puts WPConsent above other plugins on this list is its AI-powered auto translations. The plugin supports over 70 different languages, which allows you to show cookie banner text in your visitors’ native language.

The best part is that this intelligent translation happens in the background while you simply navigate through your website settings. Unlike other solutions that force you to manually translate every single field, the AI does all the heavy lifting for you.

Why We Recommend It: Most cookie consent plugins use a SaaS model where your visitor consent data is stored on their servers. WPConsent takes a different approach, as everything stays on your WordPress installation. This means better privacy for your visitors, no dependency on external services, and no pageview limits forcing you into expensive upgrades. Learn more about why self-hosted GDPR plugins are better.

Key Features:

• Customizable cookie banners with multiple layouts and positions
• Automatic script blocking for Google Analytics, Facebook Pixel, and more
• Built-in compliance scanner that detects cookies and services on your site
• AI-powered automatic translations (70+ languages supported)
• Google Consent Mode v2 support for accurate analytics
• Smart content blocking for YouTube, Vimeo, and Google Maps embeds
• IAB TCF verified for advertising compliance
• Geolocation-based banner display with built-in rules
• Block custom scripts and iframes

Ratings: WPConsent has a 4.8/5 rating on WordPress.org with over 100,000 active installations. Users consistently praise its WordPress native approach and the credibility of having the WPBeginner team behind it.

Pros:

• Self-hosted – consent data never leaves your server
• No pageview limits or surprise pricing
• WordPress-native design (not a generic SaaS widget)
• Backed by the trusted WPBeginner team
• IAB TCF verified
• Robust free version

Cons:

• Requires WordPress (not for non-WP sites)

Pricing: Free version includes all essential features. Pro version available for advanced customization and priority support, with prices starting from $49.50/year.

Best For: WordPress site owners who want complete control over their consent data and prefer a self-hosted solution over SaaS dependencies. Plus, its geolocation rules and AI-powered translation make it the best solution for cookie consent.

Get Started with WPConsent → Free version available, no credit card required.

2. CookieYes – Best for Multilingual Sites

CookieYes is one of the most popular cookie consent plugins for WordPress, with over 1.5 million active installations. It uses a SaaS model with cloud-based consent storage and offers extensive language support.

While testing, I was really impressed with its multilingual support. You can choose from over 40 different languages and use the auto-translate feature to convert the text in the cookie consent banner to your visitors’ native language.

Besides that, I found that it offers pre-built templates for the cookie consent banner. You can also customize different sections of the banner, like the cookie notice appearance or preference center details.

Why It’s a Good Option: If you serve visitors in many different languages, CookieYes auto-translates your cookie banner into 40+ languages. This saves significant time compared to manually translating consent text.

Key Features:

• Automatic cookie scanning and categorization
• Google Consent Mode v2 integration
• 40+ language auto-translations
• Preference center for granular consent
• WCAG/ADA accessibility compliance
• Built-in cookie and privacy policy generators
• Revisit the consent button

Ratings: CookieYes maintains a 4.8/5 rating from over 3,181 reviews on WordPress.org and 4.8/5 from 273 reviews on Trustpilot. Users praise its customer support and ease of setup.

Pros:

• Massive user base proves reliability
• Excellent multilingual support (40+ languages)
• Strong accessibility compliance
• Good free tier for small sites
• Fast, responsive support

Cons:

• SaaS model means data is stored externally
• Pageview limits on free and lower tiers
• Premium features require a subscription

Pricing: Free version available with limits. Premium starts at $10/month/domain.

Best For: Multilingual websites that need automatic translation of consent banners.

3. Complianz – Best for Multi-Region Compliance

Complianz is a comprehensive WordPress cookie consent plugin with over 1 million downloads. It’s known for its wizard-based setup and extensive coverage of privacy regulations across different regions.

During the setup process, I liked the question-answer-based setup process. The plugin also automatically changes the questions and settings based on the default privacy law setting you use for your site. However, it can be complicated and overwhelming for beginners, who need to answer different privacy based question.

Another feature that caught our eye was document creation capabilities. Besides a cookie policy, Complianz also allows you to add a privacy statement, imprint, and a disclaimer across your website.

Why It’s a Good Option: If you serve visitors from multiple countries, create different privacy documents, and need to comply with different regional laws (GDPR in the EU, CCPA in California, LGPD in Brazil), Complianz handles this automatically with geolocation detection.

Key Features:

• Region-specific consent notices (EU, UK, US, Canada, Australia, Brazil, South Africa)
• Automatic visitor location detection
• Wizard-based Cookie Policy generator
• Script Center for granular cookie control
• Third-party blocking for Google Maps, Facebook, and YouTube
• WCAG Level AA and ADA compliant
• Integrations with WooCommerce, Elementor, WPForms

Ratings: Complianz has a 4.8/5 rating from 1,590 reviews on WordPress.org. Users appreciate the detailed wizard that guides them through setup.

Pros:

• Comprehensive multi-region coverage
• Wizard walks you through the setup
• Automatic geolocation-based banners
• Strong integration ecosystem
• Active development

Cons:

• Can feel complex for simple sites
• Many settings to configure
• Premium required for A/B testing and some geo features

Pricing: Free version available. Premium starts at $59/year.

Best For: International websites serving visitors from multiple countries with different privacy laws and privacy document creation.

4. Cookie Notice & Compliance – Best for Simple Setup

Cookie Notice & Compliance for GDPR/CCPA is one of the oldest cookie plugins, with over 1 million downloads. It offers a straightforward approach to adding a cookie consent banner in WordPress.

Unlike other plugins on our list, Cookie Notice doesn’t offer pre-built layouts to choose from. You can simply change the message in the cookie notice, edit the button text, enable privacy policy, and select the position, animation, and color of the banner.

One thing I noticed while testing the plugin is that it also offers a fully featured Consent Management Platform (CMP) called Cookie Compliance. It offers advanced features like automatic script blocking, Google Consent Mode, and a default configuration for GDPR and CCPA. However, it is included in its paid plans.

Why It’s a Good Option: If you want a simple, no-fuss cookie banner that just works, Cookie Notice delivers. It’s been around since 2013 and has a proven track record.

Key Features:

• Customizable consent banner message
• Multiple consent triggers (click, scroll, close)
• Privacy Policy page linking
• WPML and Polylang compatible
• Consent per category (with compliance add-on)
• Google and Facebook Consent Mode
• 31 languages supported

Ratings: Cookie Notice has a 4.8/5 rating from 3,020 reviews on WordPress.org.

Pros:

• Very simple to set up
• Lightweight performance
• Long track record (since 2013)
• Large user community
• Good free version

Cons:

• Advanced features require a separate compliance add-on
• Dashboard notifications can be excessive
• Some plugin compatibility issues have been reported

Pricing: Free cookie consent plugin with optional Cookie Compliance web app for advanced features.

Best For: Simple WordPress sites that need a basic, reliable cookie banner without complexity.

5. GDPR Cookie Compliance – Best for Local Data Storage

GDPR Cookie Compliance by Moove Agency is a privacy-focused plugin that stores all consent data locally on your WordPress installation, similar to WPConsent’s approach.

I really liked how easy to use the plugin was while testing. Although it doesn’t offer advanced customization features or automatic script blocking, the free plugin is great for setting up a basic cookie banner.

Why It’s a Good Option: Like WPConsent, this plugin keeps all user data on your server rather than sending it to external services. If local data storage is a priority, but you want an alternative option, this is worth considering.

Key Features:

• Local data storage (no external servers)
• Google Consent Mode v2 support
• 22 languages included
• WCAG & ADA compliant
• GTM, Google Analytics, and Meta Pixel integration
• Compatible with all major caching plugins
• Customizable design (logo, colors, fonts)

Ratings: GDPR Cookie Compliance has a 4.6/5 rating from 204 reviews.

Pros:

• Local data storage
• Simple, quick setup
• Good free version
• Works with major caching plugins
• Developer-friendly

Cons:

• Smaller user base than competitors
• Fewer reviews to reference
• Less comprehensive than some alternatives

Pricing: Free version with optional premium add-on.

Best For: Users who want local data storage but are looking for alternatives to WPConsent.

6. Real Cookie Banner – Best for German Market

Real Cookie Banner is a German-developed plugin with a strong focus on DSGVO (German GDPR) compliance. It has the highest rating of any cookie plugin on WordPress.org at 4.9/5.

While testing, I found that it offers an automatic cookie scanner. This was interesting because most SaaS based tools on our list included this feature in their premium plans.

On the downside, the plugin has a lot of settings, but it can be overwhelming for beginners. I experienced this while using the Real Cookie Banner plugin to configure cookies on my test site. Once the plugin had scanned for all the scripts, I had to individually set them up and ensure the information about the service was accurate. This was a time-consuming and complicated process.

Why It’s a Good Option: If your primary audience is in Germany or German-speaking countries, Real Cookie Banner is built specifically with DSGVO compliance in mind. It’s also excellent for developers with its comprehensive API.

Key Features:

• 160+ service templates (PRO)
• Content blocker for scripts and embeds
• 200+ design customization options
• WCAG 2.2 Level AA compliant
• Automatic service scanner
• 17+ EU languages with human translations
• TCF support (PRO)
• Developer-friendly API

Ratings: Real Cookie Banner has an impressive 4.9/5 rating from 480 reviews.

Pros:

• Highest rated cookie plugin (4.9/5)
• Excellent German/DSGVO compliance
• Great documentation
• Developer-friendly with full API
• Fast, competent support

Cons:

• German market focus may not suit all users
• Best features require the PRO version
• Smaller English-speaking community
• Complicated and time-consuming configuration process

Pricing: Free version available. PRO for advanced features.

Best For: German websites or developers who need extensive customization via API.

Our Recommendation – Best Cookie Consent Plugin

After testing and comparing multiple plugins, the best WordPress cookie consent plugin is WPConsent.

Here’s why I recommend it over the other options:

• Self-hosted data storage – Your consent data stays on your server, not external SaaS platforms
• No pageview limits – Unlike CookieYes and other SaaS options, you won’t face surprise upgrade requirements
• Transparent pricing – No hidden fees or sudden price increases
• WordPress-native – Built specifically for WordPress, not a generic widget
• Robust free version – More features in free tier than most competitors’ paid plans
• Trusted team – Backed by WPBeginner, a name millions of WordPress users trust
• IAB TCF verified – Advertising compliance built in

Other Options Worth Considering

If WPConsent isn’t the right fit for your specific situation, then here are some options worth considering:

• Complianz – A solid choice if you need extensive multi-region compliance with automatic geolocation detection across many countries, and need help creating privacy documents.
• CookieYes – Worth considering if you need auto-translation into 40+ languages and don’t mind the SaaS model.

FAQs About Cookie Consent Plugins

1. What is a cookie consent plugin?

A cookie consent plugin displays a banner or pop-up on your WordPress site asking visitors for permission before you track them with cookies. This is required by privacy laws like GDPR (Europe), CCPA (California), and others. The plugin typically blocks tracking scripts until the visitor consents.

2. Do I need a cookie consent plugin?

If your website uses cookies for analytics, advertising, or any tracking, and you have visitors from Europe, California, or other regions with privacy laws, then yes, you legally need cookie consent. Even if you only use Google Analytics, you need consent from EU visitors under GDPR.

3. What’s the best free WordPress cookie consent plugin?

WPConsent offers the best free cookie consent plugin for WordPress. Unlike other “freemium” options that limit pageviews or lock essential features behind paywalls, WPConsent’s free version includes self-hosted data storage, automatic script blocking, Google Consent Mode v2, and a compliance scanner, all with no pageview limits.

4. Is cookie consent required by law?

Yes, in many regions. GDPR requires consent for non-essential cookies in the EU and UK. CCPA requires disclosure and opt-out options in California. Similar laws exist in Brazil (LGPD), Canada (PIPEDA), and many other countries. The specific requirements vary by region, which is why geolocation features are valuable.

5. What’s the difference between self-hosted and SaaS cookie consent?

Self-hosted plugins like WPConsent store consent data on your own WordPress server. You have full control, no external dependencies, and better privacy for visitors.

SaaS plugins like CookieYes store consent data on the provider’s servers. Setup may be easier, but your data leaves your server, you may face pageview limits, and you depend on their service availability.

6. How do I set up a cookie consent plugin?

1. Install and activate the plugin from your WordPress dashboard
2. Configure your banner design and message
3. Set up cookie categories (necessary, analytics, marketing, etc.)
4. Add scripts to the appropriate categories for blocking
5. Test that scripts are blocked until consent is given
6. Publish and monitor compliance

Most plugins like WPConsent include a setup wizard that walks you through these steps.

I hope this article helped you learn about the WordPress cookie consent plugins. You may also want to see our guides on how to set up Microsoft Clarity consent mode in WordPress and how to allow users to manage consent by services in WordPress.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post 6 Best WordPress Cookie Consent Plugins (2026 Compared) first appeared on WPConsent.

That’s why I am thrilled to introduce WPConsent 1.1.3!

This update is special because the powerful ‘Do Not Track’ addon is now the ‘Do Not Sell’ addon, which also offers email notifications.

Plus, you can now target Canadian provinces in the geolocation feature, an important GPC update for the new CCPA regulations for 2026, and a mix of highly requested updates and improvements.

Let’s dive into details!

The “Do Not Track” Addon is Now “Do Not Sell”

In WPConsent 1.13, the Do Not Track addon is getting a new name: “Do Not Sell.”

After receiving valuable feedback from many of you, we realized the name was causing a bit of confusion regarding what the tool actually accomplished.

So, you asked for clarity, and we delivered.

The Do Not Sell addon helps you manage “Do Not Sell My Personal Information” requests as required by regulations like the CCPA.

Get Email Notifications for Do Not Sell Requests

The Do Not Sell addon didn’t just get a name change. It also got a lot more powerful.

You can now configure the addon to send an email alert immediately whenever a user submits a request via the form on your site.

You can send these notifications to your admin email or a specific compliance team address, ensuring you never miss a time-sensitive request.

Targeting Canadian Provinces with Geolocation

For our users with traffic from Canada, WPConsent 1.1.3 brings a major improvement for you.

Our Geolocation settings have been expanded. You can now add a custom rule and target specific Canadian provinces rather than just targeting the country as a whole.

This allows for much more granular control over which consent banners show up for your visitors in regions like Alberta, British Columbia, Quebec, or Ontario.

Better Global Privacy Control (GPC) Visibility

With new CCPA regulations coming into play in 2026, transparency is more important than ever. WPConsent now adds a new notification for visitors who use the Global Privacy Control (GPC) in their browser.

Now, if a visitor arrives on your site with the GPC signal enabled (often via a browser extension or privacy-focused browser), they will see a specific message in the bottom corner stating ‘GPC Signal Honored.’

This confirms that WPConsent has automatically detected the signal and respected the user’s privacy preferences.

Improved Records of Consent

To ensure your audit trails are rock solid, WPConsent improves how it stores the timestamps for Records of Consent.

What this means for you is that when you update to version 1.1.3, you may see a notice under the Consent Logs section.

It will ask you to run a migration and will see a message saying: WPConsent Database Update Required.

Don’t worry—this is a normal part of the update process. Simply click the button to update your database, and your existing records will be optimized automatically.

Easier Preference Management

Want to add a “Cookie Preferences” link to your footer or navigational menu?

You no longer need custom code!

With WPConsent 1.1.3, you can now simply add the class .wpconsent-open-preferences to any link or button on your site, and it will automatically open the preferences panel.

This way, if a user closes the cookie consent banner but still wants to access the cookie preferences, then they can easily view them by clicking a link or a button.

Besides that, WPConsent 1.1.3 also rolls out several other improvements to keep your site compliant and running smoothly.

These new features and updates are available right now. I highly recommend updating WPConsent to version 1.1.3 and the Do Not Sell addon to version 1.0.3 to ensure you have the latest compliance features and fixes.

As always, thank you for helping us make WPConsent better with your feedback. If you have any questions, feel free to reach out!

The post [NEW] WPConsent 1.1.3: “Do Not Sell” Addon, Canadian Geolocation, and Other Critical Updates first appeared on WPConsent.

Among them are two popular contenders, WPConsent and Complianz. Both offer lots of features, help add a cookie banner to your site, scan for scripts, and more. But choosing between them can be tough.

That’s why I put both the plugins to the test and compared them for their ease of use, cookie scanning and blocking capabilities, cookie banner customization options, and overall compliance features.

In this guide, I share my personal experience using both plugins and compare WPConsent vs. Complianz to help you decide which one fits your needs better.

To get you started, here’s a quick comparison of the two plugins:

Feature	WPConsent	Complianz
Ease of Setup	Simple	Complex wizard
WordPress Rating	4.8/5	4.8/5
Active Installs	100,000+	1,000,000+
Data Storage	Self-hosted	Self-hosted
Google Consent Mode v2	Yes	Yes
IAB TCF	Verified	Premium only
Free Version	Full-featured	Good, some limits
Premium Price	$49.50/year	$59.00/year
Backed By	WPBeginner	Really Simple Plugins

To help you navigate this post, you can click the links below to jump ahead to any section:

1. Plugin Overview

Before diving into the comparison between WPConsent vs Complianz, here’s a quick introduction of the 2 plugins.

WPConsent

WPConsent is the best WordPress cookie consent management plugin on the market, created by the team behind WPBeginner. It is a self-hosted solution, which means it keeps your compliance data directly on your website server instead of sharing it externally.

With over 100,000 users trusting WPConsent with their website cookie management, the plugin is designed for speed and simplicity. Besides that, it is IAB TCF verified and offers powerful features.

WPConsent makes it simple to add a cookie banner to your WordPress site and keep track of user permissions. But it is more than just a pop-up. It acts as a complete cookie management solution for your website that scans for cookies and automatically blocks tracking scripts from loading until your visitor grants consent.

It comes with a library of services and cookies that get automatically configured when setting a cookie consent banner. This means that you don’t have to manually track down each script and then configure it before a user gives consent.

You also get advanced features like geolocation cookie consent rules for privacy laws like GDPR, CCPA, and LGPD. Besides that, you can block custom scripts and iframes, content embeds from YouTube, Google Maps, Vimeo, and more.

Complianz

Complianz is known as a “Privacy Suite” because it handles both cookie banners and legal documents. It connects to an external service called CookieDatabase.org to automatically find and describe the cookies used on your site.

This plugin is a strong choice for websites that need detailed legal pages. It can generate a customized Cookie Policy, Privacy Policy, and other required documents based on your answers in the setup wizard. It also offers region-specific control, allowing you to show different banners to visitors from the EU, US, or UK.

Now, let’s look at a detailed comparison between the two plugins.

2. Ease of Use and Setup Process

Most cookie management plugins make you feel like you need a law degree just to add a simple banner. If you click the wrong button, you might accidentally block your own login page or break how your site looks.

Setting up a privacy plugin should be straightforward. You want a tool that configures the basics correctly without asking a hundred confusing questions.

I tested the setup process for both plugins to see which one is easier for a beginner to use.

WPConsent – Ease of Use

WPConsent is a beginner-friendly WordPress cookie consent management plugin. Managing cookies on your website and staying compliant with different data privacy laws can be overwhelming, especially for beginners.

This is where WPConsent shines, as it helps WordPress users to easily set up a cookie consent banner on their site, scan for scripts, keep track of consent logs, and build trust with their audience. And the best part is that you don’t have to touch a single line of code or hire a developer.

To show you how easy it is to use, as soon as I activated WPConsent, the setup wizard launched automatically. I really liked this because I didn’t have to hunt for settings menus to get started.

The wizard immediately offered to scan my website for cookies. I clicked one button, and it found the tracking scripts I was using, like Google Analytics, WordPress comments, and organized them into groups for me.

The best part was the ‘Auto-Configure Selected’ feature. Instead of making me choose technical settings, it automatically sets up the blocking rules based on what it found.

Besides that, the wizard also shows you a preview of the cookie consent banner on your site. This entire process takes just a few minutes, without any complicated setup.

Other than that, using WPConsent is a walk in the park. You can find all the settings and feature options with ease when using the plugin. It shows that the plugin was created with ease of use in mind and helps every website owner to manage their cookie consent without any hassle. 

Complianz – Ease of Use

The Complianz wizard also opened right away, but it felt much different. It was very detailed and asked me a long list of specific legal questions.

I had to choose which privacy laws I wanted to follow and select the specific regions where my visitors live. It also asked complex questions about whether visitors have log-in access to restricted website areas.

While this is very thorough, I felt a bit overwhelmed. It felt more like I was filling out a tax form than setting up a WordPress plugin.

It took me about 30 minutes to finish the wizard because I had to read every question carefully to make sure I didn’t make a legal mistake.

Our Verdict

Both plugins guide you through the process, but WPConsent is much faster. I loved that it handled the technical work for me so I could finish quickly.

Complianz is a powerful tool, but it requires you to know a lot more about privacy laws to answer its questions correctly. If you want a “set it and forget it” solution, then WPConsent is the better choice.

3. Cookie Scanning and Script Blocking

Finding cookies on your website is like looking for loose change in your couch. You know it is there, but you can’t always see it.

Both plugins offer scanners to find these hidden trackers, but they work quite differently. Let’s compare them in depth.

WPConsent – Automated Scanning

WPConsent offers a powerful scanner that looks for scripts on your site while keeping things simple. It comes with a library of services/cookies that you can automatically configure on your site.

To start, it would scan your website when you go through the setup wizard. However, there is also an option to scan your website for scripts that add cookies. To test this, I went to WPConsent » Scanner from the WordPress dashboard and clicked the ‘Scan Your Website’ button.

The scanner quickly found my cookies and sorted them into groups like Essential, Analytics, and Marketing.

It felt very fast because its scanner doesn’t drag down your server resources. You get a clear report showing exactly which services are adding cookies to your site.

Another feature that sets WPConsent apart is that you can select which pages to include while scanning. By default, it will scan your homepage, but you can also specify other pages. For example, including pages like checkout or cart ensures that no services are missed during the scan.

Besides that, WPConsent also connects to the CookieLibrary.org website. It’s an open-source library of website cookies and helps discover which cookies are tracking you online. You can simply enter the name of a service and find out the type of cookies they add to a website.

Complianz – Automated Scanning

When I tested Complianz, it used a hybrid approach. It scans your site and then checks an external library called CookieDatabase.org.

This is really helpful because it automatically writes the descriptions for your cookies. You don’t have to manually type out what every single tracking file does.

Besides that, Complianz also offers a scanner that scans several pages of your site and looks for cookies and scripts.

By following the steps in the wizard, I was able to automatically configure the cookies and third-party scripts.

For example, for Statistics cookies, the plugin asks for the analytics and tracking tool you’re using and walks you through the wizard to configure them. Complianz will then add the correct snippets and handle consent automatically, so you don’t have to configure everything manually.

One of the features that caught my attention during the comparison was that it routinely scans your site and updates your documents with any new or modified cookies it discovers.

This is really great to have, as you don’t have to manually update all your privacy pages, like the cookie policy page.

WPConsent – Blocking Unwanted Scripts

Scanning is only half the battle. You also need to stop those scripts from running until a visitor says it is okay.

I was very impressed with how WPConsent handles this. It has an automatic script blocking feature that works right out of the box. During the setup, I simply enabled the option to ‘Prevent known scripts from adding cookies before consent is given’ and clicked the Automatically Configure Cookies button.

It automatically detected and blocked popular services like Google Analytics, WooCommerce, Facebook Pixel, and more without touching any code.

Besides that, WPConsent also allows you to add a service from its library and add pre-configured services that add cookies, which might not be caught by the scanner. Once you select the service, it will also add additional details like cookie name, ID, description, and duration.

It also has a powerful Content Blocking feature that stops embedded content from loading until the user gives consent.

You can block embedded content from YouTube, ReCaptcha, Google Maps, Vimeo, and Dailymotion from loading before consent.

Besides that, another thing that makes WPConsent a top cookie management plugin is its custom script and iframe blocking.

This gives you the flexibility to prevent any custom script or an embedded iframe from loading before consent.

Complianz – Blocking Unwanted Scripts

Complianz also does a very good job at handling third-party unwanted scripts in WordPress.

I tested the plugin to see which services it blocks by default. By answering the question in the wizard that your site uses third-party services, I was able to see a list of services. Some of these include Google Maps, Google Fonts, YouTube, Vimeo, Active Campaign, PayPal, Twitch, and more.

Other than that, Complianz also blocks social media pixels, buttons, and videos from Facebook, X (formerly Twitter), LinkedIn, TikTok, and more.

Complianz also handles script blocking through its “Script Center.” It is very powerful and gives you deep control over every script. It intercepts script tags and rewrites them so they don’t fire early.

While this is great for technical users, I found the Script Center a bit more complex to configure than WPConsent’s simple toggle. If you want a “one-click” solution to stop tracking scripts, WPConsent is the easier choice. If you need granular control over every single line of code, Complianz gives you that power.

Our Verdict

After testing both plugins extensively, for most WordPress users, WPConsent comes out on top. It strikes the perfect balance between being easy to use and keeping your site compliant by blocking scripts. I really appreciated how it handled script blocking automatically without asking me complex questions.

While Complianz is incredibly powerful, it often feels like overkill for a standard blog or business site. It gives you a granular Script Center that rewrites code, which is powerful but technical.

4. Compliance Features

Keeping up with privacy laws feels like walking through a minefield. You have strict rules like GDPR in Europe and entirely different rules like CCPA in California.

If you show a strict European banner to a visitor in Texas, you might annoy them unnecessarily. I looked at how both plugins handle these complex rules so you don’t have to guess.

WPConsent Compliance Tools

I found that WPConsent tries to automate the hard technical work for you. When I tested the Pro version, I went to WPConsent » Geolocation to handle visitors from different countries.

I saw pre-made templates for major laws like GDPR, CCPA, and LGPD. By simply clicking ‘Add GDPR Location Template,’ it automatically configured the strict “Opt-in” settings for my European visitors.

This made me feel safe because I didn’t have to manually figure out which legal box to check.

Another huge feature I tested was Google Consent Mode v2. This is absolutely required if you want your Google Ads and Analytics to keep working properly.

I went to WPConsent » Settings and was surprised to see it was already active by default. I didn’t have to touch a single line of code to get it running, which is a big relief.

For legal documents, WPConsent focuses specifically on your cookies. I clicked a button to ‘Generate Cookie Policy Page,’ and it created a list of all the tracking files my scan had found.

If you display ads on your website to make money, you might need something called IAB TCF support. This is a standard that ad networks use to verify user consent.

It also supports IAB TCF v2.2, which is great if you run ads on your site. You can enable these standards with a single click.

Complianz Compliance Tools

Complianz takes a slightly different approach by acting like a digital lawyer. Its biggest strength is generating full legal documents for you.

During the setup wizard, it offered to write a complete Privacy Policy and even an Imprint for my test site. This is incredibly useful if you have visitors from Germany or Austria, where an Imprint is required by law.

However, I noticed that Geo-Targeting works differently here. In the free version of Complianz, you usually have to pick one set of rules for the whole world.

If you want to show different banners to different countries, you must upgrade to their Premium version.

For Google Consent Mode v2, Complianz supports it fully. I found options to integrate it directly with the Google Site Kit plugin. It works well, but I felt it required a few more manual steps to configure compared to WPConsent.

Just like WPConsent, Complianz is also a verified consent management platform (CMP) for the TCF IAB framework. And you can select which framework to use by following the setup wizard.

Our Verdict

When it comes to offering compliance features, both plugins are equally matched.

WPConsent is the winner if you’re looking for advanced features in the free version. For example, I really liked how it handles Google Consent Mode v2 work out of the box in the Lite version, which is a massive advantage.

However, you should choose Complianz if you need help writing your legal pages. If you don’t have a privacy policy or cookie policy yet and don’t want to hire a lawyer, their document generator is very powerful.

5. Customization and User Experience

No one wants a huge, ugly pop-up blocking their content. I have spent years designing websites, and I know that if a banner looks bad, visitors will leave immediately.

You need a plugin that blends in with your brand while still following the law. I tested the design tools in both plugins to see which one was easier to style.

WPConsent Customization

When I tested WPConsent, I found the customization process to be very visual and fast. It offers pre-built templates that look modern right out of the box. I could easily switch between different layouts, like a floating bar or a long banner.

I changed the banner style by editing the background colors, button styles, and fonts to match my theme without writing any code.

The overall experience was pleasing, and the plugin was very easy to use. It felt like decorating a room where the furniture is already assembled for you.

I also noticed that WPConsent supports multiple languages, which is great for user experience. If you have international visitors, WPConsent works with popular translation plugins to show the banner in their native language.

What’s more interesting is that it offers an AI-powered auto-translation option. It supports over 70 different languages, so you can easily show a location-based cookie consent banner and display cookie details in your visitors’ native language.

Most importantly, I found that WPConsent is very light on performance. Since it is self-hosted, it runs entirely on your own server and doesn’t wait for an external API to load the banner.

Complianz Customization

Complianz takes a more functional approach to its design. While it has styling options, it doesn’t offer a pre-built template that you can choose from and customize.

Instead, you can see a preview of the cookie banner and edit its appearance, colors, and text.

If you use their Premium version with TCF v2.2 support, the banner becomes very standardized. This ensures you meet strict advertising rules, but it gives you less freedom to make the banner look unique.

For the user experience, Complianz is very good at handling consent revocation. It automatically injects a floating “Manage Consent” button or adds a tab to your policy page so users can change their minds easily.

However, because Complianz is a full “Privacy Suite” that scans your site from the backend, it feels heavier than WPConsent. It does a lot of work behind the scenes, which can sometimes impact resource usage on smaller hosting plans.

Our Verdict

In my opinion, WPConsent is the winner for design and performance. It allows you to create a good-looking banner quickly, and its self-hosted nature keeps your site loading fast.

It is the best choice if you want a “bloat-free” experience that doesn’t annoy your visitors.

You should choose Complianz if you need a strictly standardized look for ad networks. If you are required to use the rigid TCF v2.2 layout for programmatic advertising, Complianz handles that professional look very well.

6. Pricing Comparison

Pricing for privacy tools can be tricky. I have seen many services that look cheap at first, but get very expensive once your traffic grows.

Some tools charge you based on how many “pageviews” or “sessions” you get. It feels like being punished for having a popular website.

I checked the pricing models for both WPConsent and Complianz to see which one offers better value for money without hidden costs.

WPConsent Pricing and Value

The biggest selling point for WPConsent is its self-hosted model. Because it runs on your own server, they do not charge you based on how many people visit your site.

I found that the WPConsent Lite version is surprisingly generous. It includes essential features like automatic script blocking, cookie banner templates, and even Google Consent Mode v2 right out of the box.

If you upgrade to WPConsent premium plans, then you pay a flat yearly license fee. There are 4 pricing plans to choose from, starting from $49.50/year. And the best part is that you get a 14-day money-back guarantee.

The Pro version unlocks advanced tools like Geolocation to show different banners to different countries, and the Do Not Sell addon. You get unlimited pageviews and scans without ever worrying about hitting a hidden limit or getting a surprise bill.

Complianz Pricing and Value

Complianz also offers a free version for WordPress. It is quite powerful, but I noticed it has some significant limits compared to the paid version.

In the free version, you cannot use the dynamic geolocation feature. This means you have to pick one set of rules (like strict GDPR) and force it on every visitor worldwide, which might be overkill for US visitors.

To get the full “Privacy Suite,” you need Complianz Premium. This unlocks the legal document generator, which can write your Privacy Policy and Imprint for you. It is also the only way to get TCF v2.2 support if you run ads on your site. While the features are excellent, the cost is tied to unlocking these specific premium capabilities.

That said, Complianz offers 3 premium pricing plans, which start from $59/year. One of the things that stand out compared to WPConsent is that Complianz comes with a 30-day money-back guarantee.

Our Verdict

If you are running a high-traffic site or plan to grow, then WPConsent is the better value. Since it doesn’t charge by the pageview, your costs stay predictable even as your business gets bigger. Plus, you get a lot of powerful features, which make it super easy to manage cookies in WordPress.

Complianz is worth the extra money if you specifically need the legal document generator. It saves you the cost of hiring a lawyer to draft a privacy policy, which can be quite expensive.

WPConsent vs Complianz: Which Should You Choose?

After spending hours configuring both plugins, the right choice really depends on what you value most.

You should pick WPConsent if you want a fast, ‘set it and forget it’ solution. It is perfect for bloggers, small businesses, and agencies who want to be compliant without slowing down their site.

I found it to be the best option for blocking third-party scripts automatically without needing to touch any code. Plus, if you want to keep your costs predictable and your data on your own server, this is the winner.

On the other hand, you should pick Complianz if you have a complex site operating across many conflicting jurisdictions and need help writing your legal documents.

FAQs – WPConsent vs Complianz

1. Is Complianz better than WPConsent?

It depends on your needs. Complianz offers more configuration options and detailed legal documents, but WPConsent is simpler to use and includes features like IAB TCF that Complianz locks behind a premium. For most users, WPConsent is the better choice.

2. Is Complianz free?

Complianz has a free version with good features. However, advanced features like geolocation-based banners and IAB TCF compliance require Complianz Premium ($59/year).

3. Does WPConsent work with Complianz?

You should only use one cookie consent plugin at a time. Using both would create conflicts and confuse visitors with multiple banners.

4. Which plugin is better for GDPR compliance?

Both WPConsent and Complianz support GDPR compliance. WPConsent is easier to set up correctly, while Complianz offers more detailed configuration. Either can make your site GDPR compliant.

5. Can I switch from Complianz to WPConsent?

Yes. Deactivate Complianz, install WPConsent, and run through the setup wizard. Your previous consent records won’t transfer, but visitors will be prompted to consent again (which is normal when changing consent plugins).

I hope this article helped you learn the comparison between WPConsent vs Complianz. You may also want to see our guide on how to set up Microsoft Clarity consent mode in WordPress and beginners guide to PDPL compliance for WordPress.

If you liked this article, then please follow us on X (formerly known as Twitter). You can also leave a comment below if you need any assistance.

The post WPConsent vs Complianz: Which Plugin is Right for You? first appeared on WPConsent.