This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

WP DoNotTrack


WP DoNotTrack stops plugins and themes from adding 3rd party tracking code and cookies to your blog to protect both your visitor’s privacy, your own security (in the admin-pages) and offering performance gains (limiting requests executed in the browser to render your pages).

This plugin can be useful if you want to:

  • make your WordPress blog/ site honour visitors who request not to be tracked, even if the 3rd parties you include do not (conditional privacy)
  • stop tracking by 3rd parties for all your visitors (absolute privacy)
  • protect your blog from rogue plugins that dynamically add malicious code to your wp-admin pages (security)
  • limit the number of external servers that are called from your blog (performance)
  • make your blog more compliant with the EU Cookie Law as implemented in a.o. the UK and Holland (with other EU countries to follow) using conditional privacy

WP DoNotTrack uses (a slightly modified) version of jQuery AOP to catch and inspect elements (images, iframes and scripts) that are about to be added to the DOM and renders these harmless if the black- or whitelist say so. You can block 3rd party tracking for all you visitors, or just for those that have navigator.doNotTrack set to “1” or based on a browser cookie.

The “forced” and “SuperClean” modes use WordPress’s output buffering to change the HTML slightly (“forced”) or thoroughly (“SuperClean”). SuperClean uses Simple HTML DOM Parser to filter unwanted 3rd party code from the HTML.

Feedback is welcome; see info in the faq for bug reports/ feature requests and feel free to rate and/or report on compatibility on


Just install form your WordPress “Plugins|Add New” screen and all will be well. Manual installation is very straightforward as well:

  1. Upload the zip-file and unzip it in the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Configure on the admin-page


How does WP DoNotTrack help me comply with the EU Cookie Law?

Most solutions for Cookie Law compliance focus on alerting the user of the fact that cookies are needed and on allowing or disallowing 1st party cookies (i.e. from your own site) from being set. WP DoNotTrack takes a different (and complementary) approach, with the ability to act on user preference as configured in the browser or an opt-out cookie being present (see below) to conditionally stop javascript-initiated 3rd party tracking.

Which browsers support conditional tracking based on browser setting?

Both Internet Explorer 9 and Firefox 9 and up offer full-fledged support for “DoNotTrack” (both in HTTP header & javascript). Apple’s Safari has this option hidden in the “Develop” menu and Opera 12 (in beta now) also offers DNT-support. In fact, only Google Chrome does not have this feature at all (Google, after all, sells personalized advertising, so this touches their core business), although support is supposed to land before the end of the year.

How can I make my users choose not to be tracked and/or integrate with Civic Cookie Control?

Starting with version 0.8.0, WP DoNotTrack supports conditional tracking based on cookies. There currently are two approaches to do this:

  • display a message asking your user to allow (or OK) tracking. If the user does not want to allow this, simply set a cookie (in JavaScript or PHP) with name “dont_track_me” and value “1” and WP DoNotTrack will pick up on that much in the same way it works with the browsers DNT-flag.
  • alternatively, WP DoNotTrack can also rely on the Civic Cookie Control cookie as implemented by the Cookie Control WordPress plugin.
Should I run WP DoNotTrack in black- or whitelist mode?

Although whitelist is more robust and future-proof, it might break things in both frontend and wp-admin. If you don’t want to test extensively and you’re not sure to begin with, start out going blacklist first.

How should I create my blacklist?
  • Check what requests the browser makes when not logged in (look at a couple of different pages) and add the hostname of URL’s you deem unfit to the blacklist
  • Disable any caching- or javascript-aggregating plugin while testing/ making changes
  • Try an external service like to make sure you’re seeing a real anonymous user’s view
How should I create a whitelist?
  • Whitelisting is somewhat more impacting, as it’ll stop anything you don’t explicitely allow. Be sure to study requests for both visitors and logged in users in wp-admin. In general you’d want to allow known hosts such as e.g.
  • Make sure to test extensively after enabling the whitelist and tweak until everything works to your satisfaction.
  • Disable any caching- or javascript-aggregating plugin while testing/ making changes
  • Try an external service like to make sure you’re seeing a real anonymous user’s view
Can WP DoNotTrack stop all 3rd party tracking?

Yes, but No. When running in Normal or Forced mode, WP DoNotTrack stops most javascript-initiated 3rd party code inclusion. When running in SuperClean Mode, WP DoNotTrack will also filter the HTML. There are, however, circumstances in which tracking is unavoidable or invisible to WP DoNotTrack:

  • some widgets (in the broad sense) only work with tracking enabled (e.g. Facebook Like button or Google Analytics tracking)
  • some trackers use Flash, which is simply out of reach of what WP DoNotTrack currently can do
Why would I need “forced” mode?

Javascript (and CSS/ HTML) optimizing plugins such as W3 Total Cache and Autoptimize change the way JavaScript is loaded (by combining, minimizing and loading at the end of the page), which can break or limit WP DoNotTrack’s functionality.

Why use “SuperClean” mode?

By default DoNotTrack is used to stop javascript trackers, which typically only add the tracking stuff to your pages when executed in the browser. Some widgets/ plugins/ themes might also add tracking to the HTML (as a hidden image, iframe or with javascript). “SuperClean” mode checks the HTML before it is sent to the browser to stop that kind of tracking. Be warned that SuperClean is pretty invasive functionality, so do test extensively!

Why can’t I select “SuperClean” mode?

Superclean is not yet available if you’re only enabling WP DoNotTrack for people who configured their browsers to do so (conditional filtering based on the donottrack-header) or who opted out with a cookie. This might become available in the future, but there’s caching plugins to take into account when combining conditional filtering with SuperClean.

Any bugs/ issues should I know about?
  • After installing or when making changes to the WP DoNotTrack configuration, you might have to clear the caches of caching plugins you might be using (e.g. WP Super Cache or W3 Total Cache). Consider it “best practice” to disable caching & javascript-aggregating plugins while testing new black- or whitelists
  • ClourFlare seems to interfere with the way the plugin gets loaded and the way it functions. You can solve the problem by disabling “Rocket Loader” and/or “Auto Minify” alltogether.
  • Not a bug, but still an known issue; as WP DoNotTrack is also active in the wp-admin-pages, it will -when in whitelist mode- impact plugins that (for whatever reason) pull in javascript from elsewhere in their option-pages. This very plugin for instance, depends on to render a rss-widget.
I found a bug/ I would like a feature to be added!

Just tell me, I like the feedback and in general I’ll reply within a couple of hours. Use the Contact-page on my blog, leave a comment in a post about DoNotTrack or post about it on the plugin forum

How you can help


October 30, 2019
Some plugins do this: adding code and track activity without letting you know. This is not acceptable anymore with GDPR rules. So thanks for this plugin, making it easy to get rid of all that stuff!
May 20, 2019
This plugin is essential if you want to speed up your site! A lot of free services we use adds a huge number of tracking scripts in the background that are slowing our sites. This plugin does what brave browser does basically. You can also use Brave to find out the additional scripts to add to this plugin domain blacklist.
February 8, 2017
Hi, I had no way to blog the dynamically generate URL: This plugin gave me a valid way to do it and then to protect my website. used to make many other redirects 302 to other external domains for tracking. I changed all the files of my websites without finding the origin of this URL. No malware scan service has marked them as a problem. Even google said that my website was ok. But these URLs were always there. I added in the blacklist the domain: Now, those rules are no more there. Thank you very much, WP DoNoTrack. I have found WP DoNoTrack from this post: 🙂 Kind regards G. Aloe
Read all 12 reviews

Contributors & Developers

“WP DoNotTrack” is open source software. The following people have contributed to this plugin.


“WP DoNotTrack” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “WP DoNotTrack” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.




  • no wp donottrack when in amp (as one should not have JS in amp-pages)


  • improvement: better support for WP installs that do not have /wp-content/
  • correction in changelog for 0.8.5: JS will also be inlined when in “forced” mode


  • improvement: when in superclean or forced mode, the js by default will be inlined (you can override by doing an add_filter for wp_donottrack_inline_js, returning false)
  • confirm working with WordPress 4.0


  • bugfix: fix notice as reported by Josef Seidl
  • confirm working with WordPress 3.9


  • bugfix: wp donottrack did not act on trackers in admin-screens (there’s no output buffering in /wp-admin/*, so revert to “normal” mode type of enforcement in that case). hat tip to iltrev from for reporting!
  • bugfix in options.php to stop php warnings from being generated
  • cleaned up code to avoid having to juggle with json and arrays that much.


  • fix: the HTTPS-check in versions prior to 0.8.2 did not function correctly in Microsoft’s IIS, as reported by Geoff Beaumont of


  • fix: 0.8.0 broke Google AdSense, reported by Perun due to a regex failing horribly.


  • new: conditional filtering based on presence of the “Civic Cookie Control” cookie (thus providing integration with the Cookie Control WordPress plugin)
  • new: can alternatively also act on a cookie with name “dont_track_me” and value “1”
  • new: “forced” mode now default
  • bugfix: re-introduced the bugfix for whitelist mode that was rollbacked in 0.7.2
  • bugfix: conflict with prototype which caused wysiwyg editing of Wysija newsletter templates to break


  • quick rollback to previous version of donottrack(-min).js, due to bugs in 0.7.1-version, hope to sort problems out and push 0.7.3 one of the following days. sorry for the trouble!


  • misc. bugfixes for SuperClean mode (based on initial feedback from Paul Martinus)
  • bugfix for whitelist mode (where an URL which is not on the whitelist is still allowed due to the querystring containing a whitelisted URL)


  • non-default “SuperClean” mode to parse HTML to stop tracking from within, do provide me with feedback if you’re using this!
  • improved support for conditional tracking (to cover differences in browser implementation of navigator.doNotTrack)
  • tested with wordpress 3.4 (beta)


  • fix for mixed HTTP/HTTPS resources in HTTPS admin-page (as reported by Paul Martinus)


  • non-default “force” mode to solve incompatibilities with html/js/css optimizers such as Autoptimize, W3 Total Cache (which rearrange javascript)




  • choose between white- and blacklist (default)
  • define the content of you white- or blacklist (default: &
  • have WP DoNotTrack stop tracking only when browser sends DNT-flag or always (default)


  • Initial version