Title: Oven Cookie Consent Author: Billy Wilcosky Published: June 6, 2026 Last modified: June 7, 2026 --- Search plugins ![](https://ps.w.org/oven-cookie-consent/assets/banner-772x250.png?rev=3563408) ![](https://ps.w.org/oven-cookie-consent/assets/icon-256x256.png?rev=3563408) # Oven Cookie Consent By [Billy Wilcosky](https://profiles.wordpress.org/wilcosky/) [Download](https://downloads.wordpress.org/plugin/oven-cookie-consent.1.0.10.zip) * [Details](https://wordpress.org/plugins/oven-cookie-consent/#description) * [Reviews](https://wordpress.org/plugins/oven-cookie-consent/#reviews) * [Installation](https://wordpress.org/plugins/oven-cookie-consent/#installation) * [Development](https://wordpress.org/plugins/oven-cookie-consent/#developers) [Support](https://wordpress.org/support/plugin/oven-cookie-consent/) ## Description Oven integrates the [CookieConsent](https://github.com/orestbida/cookieconsent) JavaScript library (v3.1.0) into WordPress to provide a compliant, accessible cookie consent experience. #### Features * **Cookie consent banner** – Shows a consent modal to visitors on first visit with Accept all, Essential only, and Manage preferences. * **Automatic cookie detection** – Enable “Cookie detection mode” in settings, then browse your site while logged in as an administrator. Cookies set during your visit are detected and added to the list. * **Essential vs non-essential** – WordPress core cookies (login, session, comments, settings) are classified as essential; third-party and analytics cookies as non- essential. Visitors see both categories in the preferences modal. * **Revision and re-consent** – When a new cookie is detected and added, the revision number is incremented. All visitors (including those who had previously accepted) must consent again. * **Logged-in vs guest** – For guests, consent is stored in a cookie so they are not prompted on every visit (until the revision changes). For logged-in users, consent is stored in the database (user meta) tied to their account. * **Consent logging** – For logged-in users, each consent choice is recorded in their profile. Admins and editors can view when a user accepted and which cookies they accepted (Users edit user Cookie consent). * **Cookie descriptions** – You can edit a short description for each cookie so visitors know what it does. Descriptions are shown in the preferences modal. * **Privacy policy link** – Optional privacy policy URL in settings is shown in the consent modal (recommended for GDPR). * **Accessibility** – Uses the CookieConsent library’s built-in ARIA attributes and keyboard support. #### Settings * **Settings Oven** – Enable cookie consent, enable cookie detection mode, set an optional privacy policy URL (recommended for GDPR), and view or edit the list of detected cookies and their descriptions. #### GDPR and compliance Oven is designed to support compliance with the GDPR and similar laws: * **Consent before non-essential cookies** – Non-essential cookies and scripts that set them are blocked until the user accepts. Essential cookies (e.g. login, session) are allowed without consent. * **Clear information** – Visitors see a list of cookies with names and descriptions( editable in settings). You can link to your privacy policy from the consent modal. * **Granular choice** – Users can accept all, essential only, or manage preferences and toggle individual non-essential cookies. * **Withdraw consent** – Users can reopen the preferences modal and change or withdraw consent at any time. Rejected non-essential cookies are cleared on each visit. * **Re-consent when policy changes** – When you add or reclassify cookies, the revision number increases and all visitors are asked to consent again. * **Consent logging (logged-in users)** – For registered users, consent choices and timestamps are stored in their profile. Admins and editors can view consent history under Users [user] Cookie consent. Guest consent is not logged (stored only in a cookie). * **Transparency** – Cookie detection mode helps you build an accurate cookie list; you can add cookies manually and describe what each one does. #### Requirements * PHP 7.4 or higher * WordPress 5.9 or higher ### Credits * CookieConsent (v3.1.0) by Orest Bida – https://github.com/orestbida/cookieconsent– MIT License. ## Screenshots * [[ * The cookie preferences modal users see on the front end. * [[ * Cookie consent history in each user profile (back end). * [[ * Enable and auto detection settings (back end). * [[ * Manually add cookies (back end). * [[ * Cookies, ability to change from essential to non-essential and vice versa, and add descriptions (back end). * [[ * Add cookies by pattern and see which non-essential cookie scripts will be blocked unless the user accepts them or you change the cookie to essential (back end). ## Installation 1. Upload the plugin folder to `wp-content/plugins/`. The folder name (e.g. `Oven` or `oven`) is used in asset URLs; use the name that matches your server (case-sensitive on Linux). 2. Activate the plugin. 3. Go to **Settings Oven** – enable “Enable cookie consent” and optionally “Cookie detection mode”. 4. If using detection mode, browse your site as an admin to detect cookies; they will be added to the list and shown to visitors. #### Optional: Redirect wrong casing (Apache) If your plugin folder is `Oven` (capital O) and you want requests to `.../plugins/ oven/...` to work, add this to `wp-content/plugins/.htaccess` (create the file if it doesn’t exist): RewriteEngine On RewriteRule ^oven/(.*)$ Oven/$1 [L,R=301] If your folder is `oven` (lowercase), use the opposite rule to redirect `Oven` to` oven`. ## FAQ ### Where is consent stored for logged-in users? Consent is stored in user meta under the key `oven_cookie_consent`. For guests, it is stored in a cookie named `oven_cc`. ### What happens when a new cookie is detected? When detection mode is on and you (as an admin) browse the site, any new cookie names are sent to the server, classified as essential or non-essential, and saved. The revision number is incremented so all visitors must re-accept the cookie policy. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Oven Cookie Consent” is open source software. The following people have contributed to this plugin. Contributors * [ Billy Wilcosky ](https://profiles.wordpress.org/wilcosky/) [Translate “Oven Cookie Consent” into your language.](https://translate.wordpress.org/projects/wp-plugins/oven-cookie-consent) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/oven-cookie-consent/), check out the [SVN repository](https://plugins.svn.wordpress.org/oven-cookie-consent/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/oven-cookie-consent/) by [RSS](https://plugins.trac.wordpress.org/log/oven-cookie-consent/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.10 * Fix preferences modal close (X) icon visibility; inject fallback close button using modal element from CookieConsent callbacks. * Fix Cookie Settings block blank preview in the editor (editor script dependencies, editor styles, button markup). #### 1.0.9 * Security: route all cookie reads through Consent_Sanitizer; sanitize block attribute text; sanitize localized cookie names for head scripts. #### 1.0.8 * WordPress.org security review: sanitize $_COOKIE and $_POST JSON on read; escape admin HTML output (wp_kses_post, literal section wrappers). * Head bootstrap uses static JS files with wp_localize_script() instead of wp_add_inline_script(). * Inline consent scripts use canonical JSON from sanitized consent payloads only. #### 1.0.7 * Text domain set to oven-cookie-consent to match WordPress.org plugin slug. * Plugin URI set to https://wilcosky.com/oven (distinct from author URI). * Plugin Check: nonce and input sanitization fixes in consent sanitizer and settings. #### 1.0.6 * Text domain aligned with plugin slug (oven) for WordPress.org and Plugin Check. * Plugin Check: prefixed block render variables, input sanitization helpers, delete_metadata on uninstall. * readme.txt: Tested up to 7.0, five tags, shorter short description; exclude . DS_Store from distribution. #### 1.0.5 * Contributors list uses the plugin owner’s WordPress.org username (wilcosky). * Removed Python locale build scripts from the plugin package; translations ship as .po/.mo files only. * Added Consent_Sanitizer: all json_decode consent and script-mapping input is validated and sanitized before use or storage. * Consent history uses sanitized consentId and consentTimestamp from stored data, not raw POST payload. #### 1.0.4 * WordPress.org review: Inline head scripts use the Script API (wp_register_script, wp_enqueue_script, wp_add_inline_script; early wp_print_scripts keeps tracer / cookie-clear / logged-in bootstrap order). * Rely on core translation loading for the plugin text domain on WordPress.org ( removed load_plugin_textdomain). * Plugin URI points to a valid URL (https://wilcosky.com). * Cookie Settings block: apiVersion 3 for WordPress 7.0 editor compatibility. #### 1.0.3 * Session cookie (oven_cc_sess) to avoid database reads on every request for logged- in users with consent. * Session cookie tied to user ID so admin logout then regular user login does not reuse wrong consent. * Clear session cookie after saving preferences so updated choices apply on next page load. * LocalStorage for guests; sync from cookie or localStorage to database on login when possible. * Preferences modal close button uses plugin SVG icon; secure cookie flag set from page protocol (HTTP/HTTPS). * Re-accept after login when consent was given as guest, with sync to user meta; no double banner for same state. * Cookie_Manager: use wp_unslash when reading guest consent cookie for consistent parsing. #### 1.0.1 * Cookie Settings Gutenberg block: add a block (Theme category) that shows a button to open the cookie preferences modal. * Any element with the class `cookie-settings` now opens the preferences modal on click (block or custom links). * Consent history on user profiles: prevent duplicate entries when the library fires multiple callbacks for one user action. * Plugin naming and text domain aligned for WordPress.org (Plugin Name: Oven Cookie Consent; Text Domain: oven-cookie-consent). * Readme and plugin header fixes: Tested up to 6.9; escape output and PHPCS adjustments. #### 1.0.0 * Initial release. * Cookie consent banner with CookieConsent 3.1.0. * Cookie detection mode for administrators. * Essential/non-essential classification. * Revision-based re-consent. * User meta storage for logged-in users; cookie for guests. ## Meta * Version **1.0.10** * Last updated **4 hours ago** * Active installations **Fewer than 10** * WordPress version ** 5.9 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Tags * [consent](https://wordpress.org/plugins/tags/consent/)[cookie banner](https://wordpress.org/plugins/tags/cookie-banner/) [cookies](https://wordpress.org/plugins/tags/cookies/)[GDPR](https://wordpress.org/plugins/tags/gdpr/) [privacy](https://wordpress.org/plugins/tags/privacy/) * [Advanced View](https://wordpress.org/plugins/oven-cookie-consent/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/oven-cookie-consent/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/oven-cookie-consent/reviews/) ## Contributors * [ Billy Wilcosky ](https://profiles.wordpress.org/wilcosky/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/oven-cookie-consent/)