{"id":287005,"date":"2026-06-06T23:36:52","date_gmt":"2026-06-06T23:36:52","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/oven-cookie-consent\/"},"modified":"2026-06-07T00:14:15","modified_gmt":"2026-06-07T00:14:15","slug":"oven-cookie-consent","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/oven-cookie-consent\/","author":565388,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.10","stable_tag":"1.0.10","tested":"7.0","requires":"5.9","requires_php":"7.4","requires_plugins":null,"header_name":"Oven Cookie Consent","header_author":"Billy Wilcosky","header_description":"Cookie consent with detection, essential\/non-essential classification, and re-consent on policy changes. Uses CookieConsent library.","assets_banners_color":"a28c6f","last_updated":"2026-06-07 00:14:15","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wilcosky.com\/oven","header_author_uri":"https:\/\/wilcosky.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":44,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.10":{"tag":"1.0.10","author":"wilcosky","date":"2026-06-07 00:14:15"},"1.0.9":{"tag":"1.0.9","author":"wilcosky","date":"2026-06-06 23:53:34"}},"upgrade_notice":{"1.0.10":"<p>Fix preferences modal close icon and Cookie Settings block editor preview.<\/p>","1.0.9":"<p>Security hardening for WordPress.org plugin review.<\/p>","1.0.8":"<p>Security hardening for WordPress.org review (input sanitization and output escaping).<\/p>","1.0.7":"<p>Text domain and WordPress.org submission fixes (no functional changes for existing installs).<\/p>","1.0.6":"<p>Plugin Check and WordPress.org compatibility (text domain, readme headers, distribution files).<\/p>","1.0.5":"<p>Review fixes: contributor username, remove non-plugin files, sanitize decoded JSON consent data.<\/p>","1.0.4":"<p>Maintenance release: WordPress.org review compliance (enqueueing inline scripts, translations, Plugin URI, block apiVersion).<\/p>","1.0.3":"<p>Session cookie optimization, localStorage for guests, and fixes for regular users (save preferences, admin\/regular user switch).<\/p>","1.0.1":"<p>Cookie Settings block, consent history deduplication, and WordPress.org compatibility updates.<\/p>","1.0.0":"<p>Initial release of Oven Cookie Consent.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3563408,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3563408,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3563408,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3563408,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.10","1.0.9"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3563408,"resolution":"1","location":"assets","locale":"","width":1200,"height":900},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3563408,"resolution":"2","location":"assets","locale":"","width":1200,"height":900},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3563408,"resolution":"3","location":"assets","locale":"","width":1200,"height":900},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3563408,"resolution":"4","location":"assets","locale":"","width":1200,"height":900},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3563408,"resolution":"5","location":"assets","locale":"","width":1200,"height":900},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3563408,"resolution":"6","location":"assets","locale":"","width":1200,"height":900}},"screenshots":{"1":"The cookie preferences modal users see on the front end.","2":"Cookie consent history in each user profile (back end).","3":"Enable and auto detection settings (back end).","4":"Manually add cookies (back end).","5":"Cookies, ability to change from essential to non-essential and vice versa, and add descriptions (back end).","6":"Add cookies by pattern and see which non-essential cookie scripts will be blocked unless the user accepts them or you change the cookie to essential (back end)."}},"plugin_section":[],"plugin_tags":[20011,20272,389,131785,396],"plugin_category":[54],"plugin_contributors":[142985],"plugin_business_model":[],"class_list":["post-287005","plugin","type-plugin","status-publish","hentry","plugin_tags-consent","plugin_tags-cookie-banner","plugin_tags-cookies","plugin_tags-gdpr","plugin_tags-privacy","plugin_category-security-and-spam-protection","plugin_contributors-wilcosky","plugin_committers-wilcosky"],"banners":{"banner":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/banner-772x250.png?rev=3563408","banner_2x":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/banner-1544x500.png?rev=3563408","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/icon-128x128.png?rev=3563408","icon_2x":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/icon-256x256.png?rev=3563408","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/screenshot-1.png?rev=3563408","caption":"The cookie preferences modal users see on the front end."},{"src":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/screenshot-2.png?rev=3563408","caption":"Cookie consent history in each user profile (back end)."},{"src":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/screenshot-3.png?rev=3563408","caption":"Enable and auto detection settings (back end)."},{"src":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/screenshot-4.png?rev=3563408","caption":"Manually add cookies (back end)."},{"src":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/screenshot-5.png?rev=3563408","caption":"Cookies, ability to change from essential to non-essential and vice versa, and add descriptions (back end)."},{"src":"https:\/\/ps.w.org\/oven-cookie-consent\/assets\/screenshot-6.png?rev=3563408","caption":"Add cookies by pattern and see which non-essential cookie scripts will be blocked unless the user accepts them or you change the cookie to essential (back end)."}],"raw_content":"<!--section=description-->\n<p>Oven integrates the <a href=\"https:\/\/github.com\/orestbida\/cookieconsent\">CookieConsent<\/a> JavaScript library (v3.1.0) into WordPress to provide a compliant, accessible cookie consent experience.<\/p>\n\n<h4>Features<\/h4>\n\n<ul>\n<li><strong>Cookie consent banner<\/strong> \u2013 Shows a consent modal to visitors on first visit with Accept all, Essential only, and Manage preferences.<\/li>\n<li><strong>Automatic cookie detection<\/strong> \u2013 Enable \"Cookie detection mode\" in settings, then browse your site while logged in as an administrator. Cookies set during your visit are detected and added to the list.<\/li>\n<li><strong>Essential vs non-essential<\/strong> \u2013 WordPress core cookies (login, session, comments, settings) are classified as essential; third-party and analytics cookies as non-essential. Visitors see both categories in the preferences modal.<\/li>\n<li><strong>Revision and re-consent<\/strong> \u2013 When a new cookie is detected and added, the revision number is incremented. All visitors (including those who had previously accepted) must consent again.<\/li>\n<li><strong>Logged-in vs guest<\/strong> \u2013 For guests, consent is stored in a cookie so they are not prompted on every visit (until the revision changes). For logged-in users, consent is stored in the database (user meta) tied to their account.<\/li>\n<li><strong>Consent logging<\/strong> \u2013 For logged-in users, each consent choice is recorded in their profile. Admins and editors can view when a user accepted and which cookies they accepted (Users \u2192 edit user \u2192 Cookie consent).<\/li>\n<li><strong>Cookie descriptions<\/strong> \u2013 You can edit a short description for each cookie so visitors know what it does. Descriptions are shown in the preferences modal.<\/li>\n<li><strong>Privacy policy link<\/strong> \u2013 Optional privacy policy URL in settings is shown in the consent modal (recommended for GDPR).<\/li>\n<li><strong>Accessibility<\/strong> \u2013 Uses the CookieConsent library's built-in ARIA attributes and keyboard support.<\/li>\n<\/ul>\n\n<h4>Settings<\/h4>\n\n<ul>\n<li><strong>Settings \u2192 Oven<\/strong> \u2013 Enable cookie consent, enable cookie detection mode, set an optional privacy policy URL (recommended for GDPR), and view or edit the list of detected cookies and their descriptions.<\/li>\n<\/ul>\n\n<h4>GDPR and compliance<\/h4>\n\n<p>Oven is designed to support compliance with the GDPR and similar laws:<\/p>\n\n<ul>\n<li><strong>Consent before non-essential cookies<\/strong> \u2013 Non-essential cookies and scripts that set them are blocked until the user accepts. Essential cookies (e.g. login, session) are allowed without consent.<\/li>\n<li><strong>Clear information<\/strong> \u2013 Visitors see a list of cookies with names and descriptions (editable in settings). You can link to your privacy policy from the consent modal.<\/li>\n<li><strong>Granular choice<\/strong> \u2013 Users can accept all, essential only, or manage preferences and toggle individual non-essential cookies.<\/li>\n<li><strong>Withdraw consent<\/strong> \u2013 Users can reopen the preferences modal and change or withdraw consent at any time. Rejected non-essential cookies are cleared on each visit.<\/li>\n<li><strong>Re-consent when policy changes<\/strong> \u2013 When you add or reclassify cookies, the revision number increases and all visitors are asked to consent again.<\/li>\n<li><strong>Consent logging (logged-in users)<\/strong> \u2013 For registered users, consent choices and timestamps are stored in their profile. Admins and editors can view consent history under Users \u2192 [user] \u2192 Cookie consent. Guest consent is not logged (stored only in a cookie).<\/li>\n<li><strong>Transparency<\/strong> \u2013 Cookie detection mode helps you build an accurate cookie list; you can add cookies manually and describe what each one does.<\/li>\n<\/ul>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>PHP 7.4 or higher<\/li>\n<li>WordPress 5.9 or higher<\/li>\n<\/ul>\n\n<h3>Credits<\/h3>\n\n<ul>\n<li>CookieConsent (v3.1.0) by Orest Bida \u2013 https:\/\/github.com\/orestbida\/cookieconsent \u2013 MIT License.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>wp-content\/plugins\/<\/code>. The folder name (e.g. <code>Oven<\/code> or <code>oven<\/code>) is used in asset URLs; use the name that matches your server (case-sensitive on Linux).<\/li>\n<li>Activate the plugin.<\/li>\n<li>Go to <strong>Settings \u2192 Oven<\/strong> \u2013 enable \"Enable cookie consent\" and optionally \"Cookie detection mode\".<\/li>\n<li>If using detection mode, browse your site as an admin to detect cookies; they will be added to the list and shown to visitors.<\/li>\n<\/ol>\n\n<h4>Optional: Redirect wrong casing (Apache)<\/h4>\n\n<p>If your plugin folder is <code>Oven<\/code> (capital O) and you want requests to <code>...\/plugins\/oven\/...<\/code> to work, add this to <code>wp-content\/plugins\/.htaccess<\/code> (create the file if it doesn't exist):<\/p>\n\n<p>RewriteEngine On\nRewriteRule ^oven\/(.*)$ Oven\/$1 [L,R=301]<\/p>\n\n<p>If your folder is <code>oven<\/code> (lowercase), use the opposite rule to redirect <code>Oven<\/code> to <code>oven<\/code>.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"where%20is%20consent%20stored%20for%20logged-in%20users%3F\"><h3>Where is consent stored for logged-in users?<\/h3><\/dt>\n<dd><p>Consent is stored in user meta under the key <code>oven_cookie_consent<\/code>. For guests, it is stored in a cookie named <code>oven_cc<\/code>.<\/p><\/dd>\n<dt id=\"what%20happens%20when%20a%20new%20cookie%20is%20detected%3F\"><h3>What happens when a new cookie is detected?<\/h3><\/dt>\n<dd><p>When detection mode is on and you (as an admin) browse the site, any new cookie names are sent to the server, classified as essential or non-essential, and saved. The revision number is incremented so all visitors must re-accept the cookie policy.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.10<\/h4>\n\n<ul>\n<li>Fix preferences modal close (X) icon visibility; inject fallback close button using modal element from CookieConsent callbacks.<\/li>\n<li>Fix Cookie Settings block blank preview in the editor (editor script dependencies, editor styles, button markup).<\/li>\n<\/ul>\n\n<h4>1.0.9<\/h4>\n\n<ul>\n<li>Security: route all cookie reads through Consent_Sanitizer; sanitize block attribute text; sanitize localized cookie names for head scripts.<\/li>\n<\/ul>\n\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>WordPress.org security review: sanitize $_COOKIE and $_POST JSON on read; escape admin HTML output (wp_kses_post, literal section wrappers).<\/li>\n<li>Head bootstrap uses static JS files with wp_localize_script() instead of wp_add_inline_script().<\/li>\n<li>Inline consent scripts use canonical JSON from sanitized consent payloads only.<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Text domain set to oven-cookie-consent to match WordPress.org plugin slug.<\/li>\n<li>Plugin URI set to https:\/\/wilcosky.com\/oven (distinct from author URI).<\/li>\n<li>Plugin Check: nonce and input sanitization fixes in consent sanitizer and settings.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Text domain aligned with plugin slug (oven) for WordPress.org and Plugin Check.<\/li>\n<li>Plugin Check: prefixed block render variables, input sanitization helpers, delete_metadata on uninstall.<\/li>\n<li>readme.txt: Tested up to 7.0, five tags, shorter short description; exclude .DS_Store from distribution.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Contributors list uses the plugin owner's WordPress.org username (wilcosky).<\/li>\n<li>Removed Python locale build scripts from the plugin package; translations ship as .po\/.mo files only.<\/li>\n<li>Added Consent_Sanitizer: all json_decode consent and script-mapping input is validated and sanitized before use or storage.<\/li>\n<li>Consent history uses sanitized consentId and consentTimestamp from stored data, not raw POST payload.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>WordPress.org review: Inline head scripts use the Script API (wp_register_script, wp_enqueue_script, wp_add_inline_script; early wp_print_scripts keeps tracer \/ cookie-clear \/ logged-in bootstrap order).<\/li>\n<li>Rely on core translation loading for the plugin text domain on WordPress.org (removed load_plugin_textdomain).<\/li>\n<li>Plugin URI points to a valid URL (https:\/\/wilcosky.com).<\/li>\n<li>Cookie Settings block: apiVersion 3 for WordPress 7.0 editor compatibility.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Session cookie (oven_cc_sess) to avoid database reads on every request for logged-in users with consent.<\/li>\n<li>Session cookie tied to user ID so admin logout then regular user login does not reuse wrong consent.<\/li>\n<li>Clear session cookie after saving preferences so updated choices apply on next page load.<\/li>\n<li>LocalStorage for guests; sync from cookie or localStorage to database on login when possible.<\/li>\n<li>Preferences modal close button uses plugin SVG icon; secure cookie flag set from page protocol (HTTP\/HTTPS).<\/li>\n<li>Re-accept after login when consent was given as guest, with sync to user meta; no double banner for same state.<\/li>\n<li>Cookie_Manager: use wp_unslash when reading guest consent cookie for consistent parsing.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Cookie Settings Gutenberg block: add a block (Theme category) that shows a button to open the cookie preferences modal.<\/li>\n<li>Any element with the class <code>cookie-settings<\/code> now opens the preferences modal on click (block or custom links).<\/li>\n<li>Consent history on user profiles: prevent duplicate entries when the library fires multiple callbacks for one user action.<\/li>\n<li>Plugin naming and text domain aligned for WordPress.org (Plugin Name: Oven Cookie Consent; Text Domain: oven-cookie-consent).<\/li>\n<li>Readme and plugin header fixes: Tested up to 6.9; escape output and PHPCS adjustments.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>Cookie consent banner with CookieConsent 3.1.0.<\/li>\n<li>Cookie detection mode for administrators.<\/li>\n<li>Essential\/non-essential classification.<\/li>\n<li>Revision-based re-consent.<\/li>\n<li>User meta storage for logged-in users; cookie for guests.<\/li>\n<\/ul>","raw_excerpt":"Cookie consent for WordPress: detect cookies, classify essential vs non-essential, and re-prompt visitors when your cookie list changes.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/287005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=287005"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/wilcosky"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=287005"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=287005"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=287005"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=287005"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=287005"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=287005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}