WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Darwin Cookie Consent

Darwin Cookie Consent

By Darwin Digital
Download

Description

Darwin Cookie Consent shows visitors a clear cookie banner, lets them choose what to accept, and sends those choices to your analytics and marketing tools through Google Consent Mode v2. No tracking runs until consent is given.

The plugin includes admin controls for legal links, appearance, integrations, localized frontend messaging, and privacy-safe reporting.

Key Features

  • GDPR cookie consent banner and settings modal
  • Google Consent Mode v2 support
  • Editable localized content for English, French, German, and Spanish
  • Automatic content selection by WordPress site locale
  • WordPress editor support for the banner message and modal intro
  • Configurable legal page links for privacy, terms, and cookie policy
  • Integration controls for Google Tag Manager, GA4, Matomo, Facebook Pixel, LinkedIn Insight Tag, and Pardot
  • Separate Ad Personalization consent handling
  • Required Strictly Necessary Cookies row always enabled in the popup
  • Aggregate admin metrics for recent banner views and accepts
  • Resettable metrics counters with no personal data stored in the metrics table

Consent Categories

  • Strictly Necessary Cookies: always required and always enabled
  • Analytics: used for analytics tools such as Google Analytics and Matomo
  • Marketing: used for marketing-related tracking integrations
  • Ad Personalization: handled separately from general marketing consent

Privacy and Data Handling

  • Localized content is stored in WordPress options
  • Consent metrics store aggregate daily counts only — no personal identifiers are stored in the metrics table
  • The consent log table stores a SHA-256 hash of the visitor IP address and the browser user agent alongside the encoded consent payload; no plain-text IP addresses are stored
  • Consent Mode signals are updated based on saved user choices
  • No data is transmitted to the plugin author or any third-party service by this plugin itself

External Services

This plugin can load scripts from third-party services when those integrations are configured in the plugin settings. No external requests are made unless the corresponding integration is enabled by the site administrator.

Google Tag Manager

When a GTM container ID is provided, this plugin loads the Google Tag Manager script from googletagmanager.com. Google Consent Mode defaults are applied before GTM loads so that no tracking occurs without user consent.

  • Data sent: page URL and GTM container ID as part of the script request.
  • When: on every frontend page load, only if a GTM container ID is configured.
  • Service provider: Google LLC — Terms of Service | Privacy Policy

Google Analytics (GA4)

When a GA4 measurement ID is provided and GTM is not in use, this plugin loads the gtag.js script from googletagmanager.com. The script only fires after measurement consent is granted.

  • Data sent: page URL and measurement ID as part of the script request.
  • When: on every frontend page load after measurement consent is granted, only if a GA4 ID is configured.
  • Service provider: Google LLC — Terms of Service | Privacy Policy

Google Fonts

When the default plugin font is selected, this plugin loads the Roboto typeface from Google Fonts. The stylesheet is fetched from fonts.googleapis.com and the font files are served from fonts.gstatic.com. A preconnect resource hint is also added for both domains.

  • Data sent: browser and referrer information as part of the font request (standard browser HTTP headers).
  • When: on every frontend page load when the default font option is active.
  • Service provider: Google LLC — Terms of Service | Privacy Policy

Facebook Pixel

When a Facebook Pixel ID is provided, this plugin loads the Facebook Pixel script from connect.facebook.net. The script only fires after marketing consent is granted.

  • Data sent: page URL and pixel ID as part of the script request.
  • When: on every frontend page load after marketing consent is granted, only if a Pixel ID is configured.
  • Service provider: Meta Platforms, Inc. — Terms of Service | Privacy Policy

LinkedIn Insight Tag

When a LinkedIn Partner ID is provided, this plugin loads the LinkedIn Insight Tag from snap.licdn.com. The script only fires after marketing consent is granted.

  • Data sent: page URL and partner ID as part of the script request.
  • When: on every frontend page load after marketing consent is granted, only if a Partner ID is configured.
  • Service provider: LinkedIn Corporation — Terms of Service | Privacy Policy

Salesforce Pardot

When Pardot account and campaign IDs are provided, this plugin loads the Pardot tracking script from pi.pardot.com. The script only fires after marketing consent is granted.

  • Data sent: page URL and account/campaign IDs as part of the script request.
  • When: on every frontend page load after marketing consent is granted, only if Pardot IDs are configured.
  • Service provider: Salesforce, Inc. — Terms of Service | Privacy Policy

Matomo

When a Matomo URL and site ID are provided, this plugin loads the Matomo tracking script from the configured Matomo instance. The script only fires after measurement consent is granted.

  • Data sent: page URL and site ID to the configured Matomo instance.
  • When: on every frontend page load after measurement consent is granted, only if Matomo is configured.
  • Service provider: InnoCraft Ltd — Terms of Service | Privacy Policy

Privacy Policy

This plugin stores data locally in your WordPress database only. No data is transmitted to the plugin author or any third-party service by this plugin itself.

Data stored locally

  • Consent log table ({prefix}darwin_gdpr_consent_log): When a visitor saves their consent choices, the plugin records a SHA-256 hash of the visitor’s IP address, the browser user-agent string, and the encoded consent payload. No plain-text IP addresses are stored. Entries are automatically deleted after the configured retention period (default: 180 days).
  • Aggregate metrics table ({prefix}darwin_gdpr_metrics): Stores daily totals of banner views and consent accepts as integer counts. No visitor identifiers of any kind are stored in this table.
  • Plugin options: Localized content strings and appearance settings are stored in the WordPress options table. These contain no visitor data.

Third-party service data

When optional integrations are configured by the site administrator, scripts from third-party services are loaded in the visitor’s browser. Those services may collect data as described in their respective privacy policies, which are linked in the External Services section above. No data is sent to those services until the visitor grants the relevant consent category.

Site administrators should ensure their own privacy policy reflects the data practices described above, particularly the storage of hashed IP addresses and user-agent strings in the consent log.

Screenshots

General settings screen with legal links, integrations, retention, and consent metrics.
General settings screen with legal links, integrations, retention, and consent metrics.
Appearance settings screen for typography, colors, and layout.
Appearance settings screen for typography, colors, and layout.
Content settings screen with localized banner and modal copy.
Content settings screen with localized banner and modal copy.
Consent metrics dashboard with 7, 30, and 90 day summaries, trend chart, and reset actions.
Consent metrics dashboard with 7, 30, and 90 day summaries, trend chart, and reset actions.
Frontend cookie consent banner on a live site.
Frontend cookie consent banner on a live site.

Installation

  1. Upload the plugin files to the /wp-content/plugins/darwin-cookie-consent directory, or install the plugin through the WordPress plugin screen directly.
  2. Activate the plugin through the Plugins screen in WordPress.
  3. Open Darwin Cookie Consent in the WordPress admin menu.
  4. Configure legal links, integrations, content, and appearance settings.
  5. Review the frontend banner and modal on your site after saving changes.

FAQ

Does the plugin support multiple languages?

Yes. The plugin ships with English, French, German, and Spanish defaults and lets administrators edit frontend content per language.

How is the active language selected?

The plugin automatically selects the content set based on the WordPress site locale, with English used as the fallback.

Can I edit the banner text with the WordPress editor?

Yes. The banner message and modal intro are both editable with the WordPress editor in the plugin Content screen.

Can users decline strictly necessary cookies?

No. Strictly Necessary Cookies are required for core site operation and are always enabled in the consent popup.

Do “Marketing” and “Ad Personalization” use separate consent signals?

Yes. Ad Personalization is stored as a separate consent value and mapped independently for Google Consent Mode.

Does the plugin store any personal data?

No. The metrics panel stores only aggregate daily counts for banner views and accepts.

Can administrators reset the metrics?

Yes. The metrics counters can be reset from the plugin Settings page.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Darwin Cookie Consent” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Darwin Cookie Consent” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.3.3

  • Applied sanitize_text_field() before json_decode() on cookie and POST data in the consent controller so raw input is sanitized at the point of reading, not deferred
  • Applied esc_url_raw() directly at the point of reading $_POST URL fields in general settings instead of deferring sanitization to the validation block
  • Wrapped the inline CSS string with wp_strip_all_tags() before passing to wp_add_inline_style() to prevent any HTML tag injection into the style block
  • Added load_plugin_textdomain() call so bundled .mo translation files are loaded at runtime
  • Added Plugin URI, Requires at least, Requires PHP, and Tested up to headers to the plugin file
  • Updated Google Fonts External Services entry in readme.txt to document the fonts.gstatic.com domain used for font file delivery
  • Added is-dismissible class to admin error notices for consistent WordPress UX

1.3.2

  • Removed CSS rules that suppressed third-party admin notices and hid the WordPress admin footer
  • Scoped global textarea CSS rule to plugin admin pages only to prevent unintended style leakage
  • Removed commented-out HTML blocks from all admin templates (PHP inside HTML comments was still executing)
  • Removed redundant global $wpdb declaration from plugin root file scope
  • Added Privacy Policy section to readme.txt documenting local data storage
  • Removed donate link from readme.txt (pointed to company homepage rather than a donation page)
  • Added docs/, .idea/, .claude/ to .distignore to exclude development-only directories from distribution
  • Cleaned up commented-out CSS properties in admin stylesheet
  • Eliminated redundant double sanitization on URL fields in general settings
  • Replaced current_time(‘Y-m-d’) with wp_date(‘Y-m-d’) in metrics increment so write and read paths use the same timezone function
  • Moved metrics table install check from init to admin_init so upgrade.php is never loaded on frontend page requests
  • Added version guard to maybe_sync_defaults() so legacy content migration runs only on install or plugin upgrade, not on every request
  • Set content sync version flag during plugin activation so the first post-activation request does not redundantly re-run migration
  • Moved consent log fallback cleanup from init to admin_init to prevent synchronous DB deletes on frontend page loads
  • Changed URL fields (privacy, terms, cookie policy, Matomo) in general settings to sanitize with esc_url_raw() at point of input rather than sanitize_text_field(), which can corrupt percent-encoded characters
  • Removed redundant sanitize_text_field() calls from settings-general.php validation block; $posted values are already sanitized at assignment
  • Added darwin_gdpr_content_synced_version to uninstall cleanup

1.3.1

  • Fixed nonce verification to occur before any $_POST data is read on all settings pages
  • Replaced phpcs:ignore sanitization suppression with explicit map_deep sanitization on content input
  • Removed redundant wp_strip_all_tags() wrapper from inline CSS; CSS values are already escaped individually at source with esc_attr() and integer casts
  • Removed suppress_other_notices() which was incorrectly suppressing all WordPress and third-party admin notices
  • Wrapped plugin bootstrap in plugins_loaded hook to avoid non-prefixed global variable
  • Fixed JSON consent payload handling in both AJAX and cookie reads to use wp_unslash() only; normalize_consent_payload() validates all values
  • Removed orphaned legacy banner.js file (referenced wrong WPGDPR namespace and non-existent AJAX actions)
  • Removed orphaned reopen-popup-icon.php template that was no longer included anywhere
  • Replaced deprecated current_time(timestamp) with time() in lifecycle and metrics controller
  • Replaced get_file_data() disk reads in admin pages and frontend modal with DARWIN_GDPR_PLUGIN_VERSION constant
  • Removed no-op plugin_row_meta filter callback
  • Fixed duplicate condition in ad_personalization consent normalization
  • Added missing options to uninstall cleanup
  • Added esc_attr() to all dynamic class attribute output

1.3.0

  • Added support for Spanish language in the localized content settings
  • Included default Spanish translations for the cookie banner and settings modal
  • Updated admin UI to include Spanish in the content editor tabs

1.2.0

  • Added separate banner typography controls for heading, description, and banner text color
  • Added dedicated popup typography and color controls for popup heading, popup subheading, and popup body text
  • Kept banner and popup typography settings independent so each surface can be styled separately
  • Made Google Consent Mode v2 permanently enabled in the plugin and removed its user toggle from Settings
  • Set both functionality_storage and security_storage to granted by default in Google Consent Mode
  • Improved popup toggle styling so checked disabled items appear lighter and clearly locked
  • Updated activation defaults and uninstall cleanup for the new appearance settings
  • Refined admin copy and content ordering to better match the frontend consent flow

1.1.0

  • Refactored the Content screen to use consolidated consent copy for banner, modal, necessary cookies, analytical cookies, marketing tracking cookies, and advertising personalization cookies
  • Added reset actions for the current language and all supported languages on the Content screen
  • Separated marketing tracking consent from advertising personalization consent
  • Improved Google Consent Mode behavior with immediate client-side consent updates for Tag Assistant testing
  • Updated localized default content for English, French, and German
  • Added a dedicated Metrics admin page with 7/30/90 day summaries, a trend chart, daily totals table, and reset action
  • Added consent log management on the Metrics page with an explicit delete-all action for consent log entries
  • Added fallback consent log cleanup so retention rules still run when WP-Cron is unreliable
  • Reduced repeat-visit frontend output by skipping full banner rendering when consent has already been saved

1.0.0

  • Initial plugin release
  • GDPR consent banner and modal
  • Google Consent Mode v2 support
  • Appearance settings for the frontend consent UI
  • Localized content editing for English, French, and German
  • Separate Ad Personalization consent handling
  • Aggregate admin metrics for recent views and accepts
  • Included plugin documentation and changelog pages

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum