WordPress.org
Get WordPress
WordPress.org

Plugin Directory

fepo — GDPR Cookie Scanner

fepo — GDPR Cookie Scanner

By fepo
Download

Description

fepo GDPR Cookie Scanner is a diagnostic plugin that checks whether your cookie consent banner is really effective — or whether trackers fire before a visitor clicks “Accept”.

It is not a cookie banner. It is a diagnostic tool that audits whatever cookie banner you already have, independent of which cookie management platform you use.

What the plugin checks:

  • Which Cookie Management Platform (CMP) is active (Cookiebot, Usercentrics, Borlabs, Complianz, CookieYes, and more).
  • Which third-party trackers (Google Analytics, Meta Pixel, HotJar, …) are present in the page source.
  • Whether those trackers are visible in the static HTML before any consent is given — a sign that the CMP integration may be misconfigured.
  • A CMP-specific remediation guide pointing to the vendor’s official documentation.

What the plugin does NOT do:

  • It does not install, configure, or modify your cookie banner.
  • It does not change any files on your site.
  • It does not collect any data from your visitors.

Scan modes:

The plugin uses a PHP-based quick-scan (Stufe A) that works on every WordPress host — no Headless Chrome, no Node.js, no extra dependencies. For JS-injected trackers (e.g. Google Tag Manager tags) and a full three-phase Reject-Path test, an optional full scan via dsgvochecker.de is available as an upsell.

This plugin only diagnoses — it makes no changes to your site.

External services

The scan itself runs entirely on your own server. The tracker-definition list is
bundled with the plugin — no external request is made to perform a scan.

The plugin uses one optional external service:

dsgvochecker.de (operated by fepo) — an optional, paid full scan.

The result page shows an optional “Run three-phase scan” button. The plugin works
fully without it; nothing is sent unless you click the button.

  • What it is: a deeper cookie/consent scan (JS-injected trackers + reject-path
    test) run by dsgvochecker.de.
  • What data is sent and when: only if you click the button, a new browser tab
    opens at dsgvochecker.de with your site URL passed as a URL parameter, so the
    external service can analyse that page. Nothing is sent in the background.
  • Terms of service: https://dsgvochecker.de/agb
  • Privacy policy: https://dsgvochecker.de/datenschutz

Screenshots

Scan page — the homepage URL and the "Check now" button, in native WP-Admin style.
Scan page — the homepage URL and the “Check now” button, in native WP-Admin style.
Scan result — traffic-light verdict, the detected cookie banner with its setup guide, and the trackers found in the source code.
Scan result — traffic-light verdict, the detected cookie banner with its setup guide, and the trackers found in the source code.

Installation

  1. Upload the plugin via “Plugins Add New Upload” or install from the WordPress plugin directory.
  2. Activate the plugin.
  3. In WordPress admin, click “fepo GDPR Scanner” in the sidebar.
  4. Click “Check now” — the scan runs on your server.

No account, no API key, no credit card required.

FAQ

Does the plugin modify my website?

No. This plugin is purely diagnostic. It does not write to any files, install anything, modify CSS/JS, or change any WordPress settings.

Does it work on every WordPress host?

Yes. The PHP quick-scan (Stufe A) works on every host — shared hosting, managed WordPress, VPS, all fine. No external dependencies beyond PHP 7.4.

What is the difference between the quick-scan and the full scan?

The quick-scan (Stufe A) fetches your homepage’s raw HTML via PHP and checks for tracker domains and CMP signatures in the static source. It cannot detect trackers injected purely via JavaScript (e.g. GTM tags). For that, the full scan on dsgvochecker.de uses a headless Chromium and includes a three-phase Reject-Path test.

Is this plugin GDPR compliant itself?

Yes. No visitor data is collected and the scan runs entirely on your own server. The tracker-definition list is bundled with the plugin, so no external request is made to scan. No site URL is transmitted.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“fepo — GDPR Cookie Scanner” is open source software. The following people have contributed to this plugin.

Contributors

Translate “fepo — GDPR Cookie Scanner” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.1

  • Tracker-definition list is now bundled with the plugin — the scan no longer makes any external request.
  • Documentation clarified (external services, neutral wording).

1.0.0

  • First public release.
  • PHP-based quick scan: detects tracker scripts in the raw HTML source before consent.
  • Cookie banner / CMP detection with per-CMP setup guides linking to vendor documentation (13 cookie banners).
  • Bilingual: English by default + German translation (de_DE).
  • Optional full three-phase scan via dsgvochecker.de (reject-path test).

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Support

Got something to say? Need help?

View support forum